add cmd to format examples

Signed-off-by: Nikita Pivkin <[email protected]>
aquasecurity · Oct 15, 2024 · 9c789af · 9c789af
1 parent 3f0a2ab
commit 9c789af
Show file tree

Hide file tree

Showing 220 changed files with 4,166 additions and 3,975 deletions.
diff --git a/Makefile b/Makefile
@@ -13,7 +13,7 @@ fmt-rego:
 
 .PHONY: test-rego
 test-rego:
- go run ./cmd/opa test --explain=fails lib/ checks/
+ go run ./cmd/opa test --explain=fails lib/ checks/ --ignore '*.yaml'
 
 .PHONY: bundle
 bundle: create-bundle verify-bundle
@@ -49,4 +49,8 @@ verify-bundle:
  rm scripts/bundle.tar.gz
 
 build-opa:
- go build ./cmd/opa
+ go build ./cmd/opa
+
+.PHONY: fmt-examples
+fmt-examples:
+ go run ./cmd/fmt-examples
diff --git a/avd_docs/aws/apigateway/AVD-AWS-0001/CloudFormation.md b/avd_docs/aws/apigateway/AVD-AWS-0001/CloudFormation.md
@@ -2,19 +2,20 @@
 Enable logging for API Gateway stages
 
 ```yaml
-AWSTemplateFormatVersion: 2010-09-09T00:00:00Z
+AWSTemplateFormatVersion: "2010-09-09T00:00:00Z"
 Description: Good Example of ApiGateway
 Resources:
- GoodApi:
- Type: AWS::ApiGatewayV2::Api
- GoodApiStage:
- Properties:
- AccessLogSettings:
- DestinationArn: gateway-logging
- Format: json
- ApiId: GoodApi
- StageName: GoodApiStage
- Type: AWS::ApiGatewayV2::Stage
+ GoodApi:
+ Type: AWS::ApiGatewayV2::Api
+ GoodApiStage:
+ Properties:
+ AccessLogSettings:
+ DestinationArn: gateway-logging
+ Format: json
+ ApiId: GoodApi
+ StageName: GoodApiStage
+ Type: AWS::ApiGatewayV2::Stage
+
 ```
 
 
diff --git a/avd_docs/aws/athena/AVD-AWS-0006/CloudFormation.md b/avd_docs/aws/athena/AVD-AWS-0006/CloudFormation.md
@@ -3,14 +3,15 @@ Enable encryption at rest for Athena databases and workgroup configurations
 
 ```yaml
 Resources:
- GoodExample:
- Properties:
- Name: goodExample
- WorkGroupConfiguration:
- ResultConfiguration:
- EncryptionConfiguration:
- EncryptionOption: SSE_KMS
- Type: AWS::Athena::WorkGroup
+ GoodExample:
+ Properties:
+ Name: goodExample
+ WorkGroupConfiguration:
+ ResultConfiguration:
+ EncryptionConfiguration:
+ EncryptionOption: SSE_KMS
+ Type: AWS::Athena::WorkGroup
+
 ```
 
 
diff --git a/avd_docs/aws/athena/AVD-AWS-0007/CloudFormation.md b/avd_docs/aws/athena/AVD-AWS-0007/CloudFormation.md
@@ -3,15 +3,16 @@ Enforce the configuration to prevent client overrides
 
 ```yaml
 Resources:
- GoodExample:
- Properties:
- Name: goodExample
- WorkGroupConfiguration:
- EnforceWorkGroupConfiguration: true
- ResultConfiguration:
- EncryptionConfiguration:
- EncryptionOption: SSE_KMS
- Type: AWS::Athena::WorkGroup
+ GoodExample:
+ Properties:
+ Name: goodExample
+ WorkGroupConfiguration:
+ EnforceWorkGroupConfiguration: true
+ ResultConfiguration:
+ EncryptionConfiguration:
+ EncryptionOption: SSE_KMS
+ Type: AWS::Athena::WorkGroup
+
 ```
 
 
diff --git a/avd_docs/aws/cloudfront/AVD-AWS-0010/CloudFormation.md b/avd_docs/aws/cloudfront/AVD-AWS-0010/CloudFormation.md
@@ -3,19 +3,20 @@ Enable logging for CloudFront distributions
 
 ```yaml
 Resources:
- GoodExample:
- Properties:
- DistributionConfig:
- DefaultCacheBehavior:
- TargetOriginId: target
- ViewerProtocolPolicy: https-only
- Enabled: true
- Logging:
- Bucket: logging-bucket
- Origins:
- - DomainName: https://some.domain
- Id: somedomain1
- Type: AWS::CloudFront::Distribution
+ GoodExample:
+ Properties:
+ DistributionConfig:
+ DefaultCacheBehavior:
+ TargetOriginId: target
+ ViewerProtocolPolicy: https-only
+ Enabled: true
+ Logging:
+ Bucket: logging-bucket
+ Origins:
+ - DomainName: https://some.domain
+ Id: somedomain1
+ Type: AWS::CloudFront::Distribution
+
 ```
 
 
diff --git a/avd_docs/aws/cloudfront/AVD-AWS-0011/CloudFormation.md b/avd_docs/aws/cloudfront/AVD-AWS-0011/CloudFormation.md
@@ -3,20 +3,21 @@ Enable WAF for the CloudFront distribution
 
 ```yaml
 Resources:
- GoodExample:
- Properties:
- DistributionConfig:
- DefaultCacheBehavior:
- TargetOriginId: target
- ViewerProtocolPolicy: https-only
- Enabled: true
- Logging:
- Bucket: logging-bucket
- Origins:
- - DomainName: https://some.domain
- Id: somedomain1
- WebACLId: waf_id
- Type: AWS::CloudFront::Distribution
+ GoodExample:
+ Properties:
+ DistributionConfig:
+ DefaultCacheBehavior:
+ TargetOriginId: target
+ ViewerProtocolPolicy: https-only
+ Enabled: true
+ Logging:
+ Bucket: logging-bucket
+ Origins:
+ - DomainName: https://some.domain
+ Id: somedomain1
+ WebACLId: waf_id
+ Type: AWS::CloudFront::Distribution
+
 ```
 
 
diff --git a/avd_docs/aws/cloudfront/AVD-AWS-0012/CloudFormation.md b/avd_docs/aws/cloudfront/AVD-AWS-0012/CloudFormation.md
@@ -3,20 +3,21 @@ Only allow HTTPS for CloudFront distribution communication
 
 ```yaml
 Resources:
- GoodExample:
- Properties:
- DistributionConfig:
- DefaultCacheBehavior:
- TargetOriginId: target
- ViewerProtocolPolicy: https-only
- Enabled: true
- Logging:
- Bucket: logging-bucket
- Origins:
- - DomainName: https://some.domain
- Id: somedomain1
- WebACLId: waf_id
- Type: AWS::CloudFront::Distribution
+ GoodExample:
+ Properties:
+ DistributionConfig:
+ DefaultCacheBehavior:
+ TargetOriginId: target
+ ViewerProtocolPolicy: https-only
+ Enabled: true
+ Logging:
+ Bucket: logging-bucket
+ Origins:
+ - DomainName: https://some.domain
+ Id: somedomain1
+ WebACLId: waf_id
+ Type: AWS::CloudFront::Distribution
+
 ```
 
 
diff --git a/avd_docs/aws/cloudfront/AVD-AWS-0013/CloudFormation.md b/avd_docs/aws/cloudfront/AVD-AWS-0013/CloudFormation.md
@@ -3,21 +3,22 @@ Use the most modern TLS/SSL policies available
 
 ```yaml
 Resources:
- GoodExample:
- Properties:
- DistributionConfig:
- DefaultCacheBehavior:
- TargetOriginId: target
- ViewerProtocolPolicy: https-only
- Enabled: true
- Logging:
- Bucket: logging-bucket
- Origins:
- - DomainName: https://some.domain
- Id: somedomain1
- ViewerCertificate:
- MinimumProtocolVersion: TLSv1.2_2021
- Type: AWS::CloudFront::Distribution
+ GoodExample:
+ Properties:
+ DistributionConfig:
+ DefaultCacheBehavior:
+ TargetOriginId: target
+ ViewerProtocolPolicy: https-only
+ Enabled: true
+ Logging:
+ Bucket: logging-bucket
+ Origins:
+ - DomainName: https://some.domain
+ Id: somedomain1
+ ViewerCertificate:
+ MinimumProtocolVersion: TLSv1.2_2021
+ Type: AWS::CloudFront::Distribution
+
 ```
 
 
diff --git a/avd_docs/aws/cloudtrail/AVD-AWS-0014/CloudFormation.md b/avd_docs/aws/cloudtrail/AVD-AWS-0014/CloudFormation.md
@@ -3,14 +3,15 @@ Enable Cloudtrail in all regions
 
 ```yaml
 Resources:
- GoodExample:
- Properties:
- IsLogging: true
- IsMultiRegionTrail: true
- S3BucketName: CloudtrailBucket
- S3KeyPrefix: /trailing
- TrailName: Cloudtrail
- Type: AWS::CloudTrail::Trail
+ GoodExample:
+ Properties:
+ IsLogging: true
+ IsMultiRegionTrail: true
+ S3BucketName: CloudtrailBucket
+ S3KeyPrefix: /trailing
+ TrailName: Cloudtrail
+ Type: AWS::CloudTrail::Trail
+
 ```
 
 
diff --git a/avd_docs/aws/cloudtrail/AVD-AWS-0015/CloudFormation.md b/avd_docs/aws/cloudtrail/AVD-AWS-0015/CloudFormation.md
@@ -3,15 +3,16 @@ Use Customer managed key
 
 ```yaml
 Resources:
- GoodExample:
- Properties:
- IsLogging: true
- IsMultiRegionTrail: true
- KmsKeyId: alias/CloudtrailKey
- S3BucketName: CloudtrailBucket
- S3KeyPrefix: /trailing
- TrailName: Cloudtrail
- Type: AWS::CloudTrail::Trail
+ GoodExample:
+ Properties:
+ IsLogging: true
+ IsMultiRegionTrail: true
+ KmsKeyId: alias/CloudtrailKey
+ S3BucketName: CloudtrailBucket
+ S3KeyPrefix: /trailing
+ TrailName: Cloudtrail
+ Type: AWS::CloudTrail::Trail
+
 ```
 
 #### Remediation Links

diff --git a/avd_docs/aws/cloudtrail/AVD-AWS-0016/CloudFormation.md b/avd_docs/aws/cloudtrail/AVD-AWS-0016/CloudFormation.md
@@ -3,15 +3,16 @@ Turn on log validation for Cloudtrail
 
 ```yaml
 Resources:
- GoodExample:
- Properties:
- EnableLogFileValidation: true
- IsLogging: true
- IsMultiRegionTrail: true
- S3BucketName: CloudtrailBucket
- S3KeyPrefix: /trailing
- TrailName: Cloudtrail
- Type: AWS::CloudTrail::Trail
+ GoodExample:
+ Properties:
+ EnableLogFileValidation: true
+ IsLogging: true
+ IsMultiRegionTrail: true
+ S3BucketName: CloudtrailBucket
+ S3KeyPrefix: /trailing
+ TrailName: Cloudtrail
+ Type: AWS::CloudTrail::Trail
+
 ```
 
 
diff --git a/avd_docs/aws/cloudtrail/AVD-AWS-0161/CloudFormation.md b/avd_docs/aws/cloudtrail/AVD-AWS-0161/CloudFormation.md
@@ -3,17 +3,18 @@ Restrict public access to the S3 bucket
 
 ```yaml
 Resources:
- GoodExampleBucket:
- Properties:
- AccessControl: Private
- BucketName: my-bucket
- Type: AWS::S3::Bucket
- GoodExampleTrail:
- Properties:
- IsLogging: true
- S3BucketName: my-bucket
- TrailName: Cloudtrail
- Type: AWS::CloudTrail::Trail
+ GoodExampleBucket:
+ Properties:
+ AccessControl: Private
+ BucketName: my-bucket
+ Type: AWS::S3::Bucket
+ GoodExampleTrail:
+ Properties:
+ IsLogging: true
+ S3BucketName: my-bucket
+ TrailName: Cloudtrail
+ Type: AWS::CloudTrail::Trail
+
 ```
 
 
diff --git a/avd_docs/aws/cloudtrail/AVD-AWS-0162/CloudFormation.md b/avd_docs/aws/cloudtrail/AVD-AWS-0162/CloudFormation.md
@@ -3,11 +3,12 @@ Enable logging to CloudWatch
 
 ```yaml
 Resources:
- GoodExampleTrail:
- Properties:
- CloudWatchLogsLogGroupArn: arn:aws:logs:us-east-1:123456789012:log-group:CloudTrail/DefaultLogGroup:*
- TrailName: Cloudtrail
- Type: AWS::CloudTrail::Trail
+ GoodExampleTrail:
+ Properties:
+ CloudWatchLogsLogGroupArn: arn:aws:logs:us-east-1:123456789012:log-group:CloudTrail/DefaultLogGroup:*
+ TrailName: Cloudtrail
+ Type: AWS::CloudTrail::Trail
+
 ```