Check¶
A check is the "Smallest unit of Execution" within the framework. Any python class can turn into a Check if it inherits the Check Abstract Base Class. Once you inherit the Check class you simply need to implement the execute method that returns a CheckReport.
Metadata File¶
A check class holds a reference to its CheckMetadata that provides all required fields post its execution.
Metadata and Check - File Names & Location
The file name for the check and the metadata except for its extension should be the same and they should exist right next to each other in the same directory.
Eg.
Location - library/<PROVIDER>/checks/
Check File Name - iam_root_hardware_mfa_enabled.py
Metadata File Name - iam_root_hardware_mfa_enabled.yaml
Return CheckReport¶
Every check file should implement an execute function that returns an instance of CheckReport class. The execute method is called by the provider for which the check belongs to.
The TevicoFramework class handles the collection of this CheckReport and generates the overall report.
Create New Check¶
The Project provides an easy way to create entities like a Check. To create a new check simply use the command given below -
# Structure around create command.
./main create <ENTITY> <NAME>
# Eg:
./main create check network_acl_allow_ingress_any_port --options=service:ec2,some:other_config --provider=aws
The --provider flag in this create command is mandatory.
Best Practices¶
- Be On Point - The check should not digress from its purpose. It should be concise and on point.
- Extensive - The check should cover every edge case possible.
- Efficient - The check's code should be as efficient enough to scan through all resources and ideally return a response in <10s.
- Naming Convention - The check should follow the naming convention pattern of
service_purpose.py. Eg.ec2_ebs_volume_encryption
Example¶
Some examples of checks are given below -