Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stop checkov "300" error through code #5133

Closed
SteveLinden opened this issue Oct 3, 2023 · 7 comments
Closed

Stop checkov "300" error through code #5133

SteveLinden opened this issue Oct 3, 2023 · 7 comments
Assignees
@dms1981
Labels
bug Something isn't working

Comments

@SteveLinden
Copy link
Contributor

Expected Behavior

At present we have the following in place on the modernisation-platform-terraform-s3-bucket in two places #checkov:skip=CKV_AWS_300: "Ensure S3 lifecycle configuration sets period for aborting failed uploads"

We want to add the code to remove this skip

Actual Behavior

At present an error for the top section
"Check: CKV_AWS_300: “Ensure S3 lifecycle configuration sets period for aborting failed uploads”
FAILED for resource: aws_s3_bucket_lifecycle_configuration.default
File: /main.tf:49-113"
appears. A similar one appears for the lower section.

With the skip in place this stops the check being undertaken and the error does not appear.

There is code in place on the "top" section (line 67 -76) but it does not appear to work currently. This needs to be fixed or replaced.

Steps to Reproduce the Problem

To reproduce the error the skips would need to be reviewed and a PR raised. It's not advisable to do this!

Version

No response

Modules

No response

Account

No response
@SteveLinden SteveLinden added the bug Something isn't working label Oct 3, 2023
@SteveLinden SteveLinden mentioned this issue Oct 4, 2023
Closed
3 tasks
@dms1981
Copy link
Contributor

dms1981 commented Oct 4, 2023

This doesn't need to be fixed does it? It looks like a known issue in Checkov: bridgecrewio/checkov#5363

You can see it being handled in code like so:

      abort_incomplete_multipart_upload {
        days_after_initiation = lookup(rule.value, "abort_incomplete_multipart_upload_days", "7")
      }

https://github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket/blob/main/main.tf#L52

@dms1981
Copy link
Contributor

dms1981 commented Oct 4, 2023

That being the case I'd say this just needs a skip statement. Maybe with a comment to review it later.

@SteveLinden
Copy link
Contributor Author

SteveLinden commented Nov 1, 2023
edited
Loading

Replaced the comment (fits on one line on my resolution) with this and noted the above URL below

#checkov:skip=CKV_AWS_300: "Ensure S3 lifecycle configuration sets period for aborting failed uploads - There is a known checkov error needs to be checked for resolution"
"# URL for error bridgecrewio/checkov#5363"

Added quotes around the second comment in here to prevent the URL listing the site

@SteveLinden SteveLinden self-assigned this Nov 1, 2023
@SteveLinden SteveLinden moved this from To Do to In Progress in Modernisation Platform Nov 1, 2023
@SteveLinden
Copy link
Contributor Author

Did not make the above changes as the current fix requirement cannot be satisfied. We should maybe review this when a fix is implemented on checkov for this feature.

@SteveLinden
Copy link
Contributor Author

Moved into backlog

@SteveLinden SteveLinden moved this from In Progress to To Do in Modernisation Platform Nov 3, 2023
@SimonPPledger
Copy link
Contributor

Looks like this has now been resolved, so we can remove the 'skip'

@SteveLinden SteveLinden removed their assignment Jan 8, 2024
@dms1981
Copy link
Contributor

dms1981 commented Jan 8, 2024

Agreed @SimonPPledger - I've checked the Chekov issue and it's resolved, so any future failures may be legit. I'll close this issue.

@dms1981 dms1981 closed this as completed Jan 8, 2024
@github-project-automation github-project-automation bot moved this from To Do to Done in Modernisation Platform Jan 8, 2024
@dms1981 dms1981 self-assigned this Jan 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dms1981 dms1981

Labels
bug Something isn't working
Projects
Modernisation Platform
Archived in project
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dms1981 @SteveLinden @SimonPPledger