Prancer Test

This page talks about the process of creating a compliance test for Git repositories on Prancer, which involves adding a container, a connector configuration file, a snapshot configuration file, and a compliance configuration file. The container is created using the steps available in the collection. The connector configuration file has information about connecting to various providers to get data. The snapshot configuration file defines individual resources in a target environment. The compliance configuration file contains the rule field, which specifies the snapshot by SnapshotId. Once all the files are created, they can be uploaded to the Prancer infrastructure using the steps provided on the platform. Running the compliance generates a report that shows the results of the compliance.

1. Add the Container:

  • Add Container named git_container. You can get steps for add container from here.
  • Newly created Container will show in the list of containers.

2. Add Connector Configuration File:

  • The Connector configuration file has information about connecting to various providers to get data.
  • Create the Git connector Configuration file (ex. git_connector.json).
  • Also define the type of connector (ex. type: filesystem) and filetype of connector (ex. fileType: structure).
    {
        "fileType": "structure",
        "type": "filesystem",
        "companyName": "prancer-test",
        "gitProvider": "https://github.com/prancer-io/prancer-tests",
        "branchName": "master",
        "httpsUser": null,
        "httpsPassword": null,
        "sshKeyfile": null,
        "private": false,
        "sshUser": "git"
    }
  • After creating the connector, you need to upload that connector Configuration file. You can get steps for add connector from here.

3. Add Snapshot Configuration File:

  • The Snapshot configuration file defines individual resources in a target environment.
  • Create the Snapshot configuration file (ex. git_snapshot.json).
  • Also, define the filetype of the snapshot (ex. filetype: snapshot), and type of snapshot (ex. type: git)
  • Also, provide the source of the snapshot. The source must be the same as the uploaded connector name (ex. source: git_connector).
    {
        "fileType": "snapshot",
        "snapshots": [
            {
                "source": "git_connector",
                "testUser": "git",
                "branchName": "master",
                "type":"git",
                "nodes": [
                    {
                        "snapshotId": "1",
                        "type": "json",
                        "collection": "security_groups",
                        "path": "devops/cf/mytemplate.json",
                        "status": "active"
                    }
                ]
            }
        ]
    }
  • After creating a snapshot, the User needs to upload that snapshot. Here are the steps to upload a Snapshot from here.

4. Add Compliance Configuration File:

  • Compliance cases are unique resources that work with the Snapshot configuration file.
  • Create the Compliance configuration file (ex. git_test.json).
  • Also, define the filetype of Compliance (ex. filetype: test).
  • Also, provide the snapshot name same as we have uploaded snapshot (ex. snapshot: git_snapshot). The Compliance configuration file rule field contains the snapshot by SnapshotId.
  • Here in below example, in the rule "exist({1}.Resources.PrancerTutorialSecGroup.Properties.SecurityGroupIngress['FromPort'=80])" field, the {1} is the snapshotId which was uploaded before.
    {
        "fileType": "test",
        "snapshot": "git_snapshot",
        "testSet": [
            {
                "testName": "Ensure port 80 and 443 rules exists",
                "version": "0.1",
                "cases": [
                    {
                        "testId": "1",
                        "rule" : "exist({1}.Resources.PrancerTutorialSecGroup.Properties.SecurityGroupIngress['FromPort'=80])", 
                        "title" : "Security Group Ingress should contain port 80", 
                        "description" : "If 80 port exist in properties then test will pass.", 
                        "tags" : [
                            {
                                "cloud" : "git", 
                                "compliance" : [
                                    "CUSTOM"
                                ], 
                                "service" : [

                                ]
                            }
                        ]
                    },
                    {
                        "testId": "2",
                        "rule" : "exist({1}.Resources.PrancerTutorialSecGroup.Properties.SecurityGroupIngress['FromPort'=443])", 
                        "title" : "Security Group Ingress should contain port 43", 
                        "description" : "If 43 port exist in properties then test will pass.", 
                        "tags" : [
                            {
                                "cloud" : "git", 
                                "compliance" : [
                                    "CUSTOM"
                                ], 
                                "service" : [

                                ]
                            }
                        ]
                    }
                ]

            },
            {
                "testName": "Ensure port 22 rule exists and is only open to internal",
                "version": "0.1",
                "cases": [
                    {
                        "testId": "3",
                        "rule" : "exist({1}.Resources.PrancerTutorialSecGroup.Properties.SecurityGroupIngress[])", 
                        "title" : "Security Group Ingress is exist in properties", 
                        "description" : "If SecurityGroupIngress exist in Properties then test will pass.", 
                        "tags" : [
                            {
                                "cloud" : "git", 
                                "compliance" : [
                                    "CUSTOM"
                                ], 
                                "service" : [

                                ]
                            }
                        ]
                    },
                    {
                        "testId": "4",
                        "rule" : "{1}.Resources.PrancerTutorialSecGroup.Properties.SecurityGroupIngress['FromPort'='22'].CidrIp='172.16.0.0/16'", 
                        "title" : "Enabled port 22 and CidrIp is '172.16.0.0/16' in SecurityGroupIngress", 
                        "description" : "If SecurityGroupIngress contains object with port 22 and CidrIp is '172.16.0.0/16' then test will pass.", 
                        "tags" : [
                            {
                                "cloud" : "git", 
                                "compliance" : [
                                    "CUSTOM"
                                ], 
                                "service" : [

                                ]
                            }
                        ]
                    },
                    {
                        "testId": "5",
                        "rule" : "{1}.Resources.PrancerTutorialSecGroup.Properties.SecurityGroupIngress['FromPort'='22'].CidrIp='172.16.0.0/24'", 
                        "title" : "Enabled port 22 and CidrIp is '172.16.0.0/24' in SecurityGroupIngress", 
                        "description" : "If SecurityGroupIngress contains object with port 22 and CidrIp is '172.16.0.0/24' then test will pass.", 
                        "tags" : [
                            {
                                "cloud" : "git", 
                                "compliance" : [
                                    "CUSTOM"
                                ], 
                                "service" : [

                                ]
                            }
                        ]
                    }
                ]
            }
        ]
    }
  • After creating Compliance User need to upload that Compliance. You can get steps for uploading Compliance from here.

5. Run the Compliance:

  • You can get steps for Run the Compliance from here.
  • After running the Compliance, a report will generate, which shows the result of the Compliance.