tfsec
Ansible Role: tfsec
Role to install (by default) tfsec
on Debian/Ubuntu and EL systems. tfsec is a static analysis (security based) for scanning terraform code. originally developed by Liam Galvin.
Requirements
None.
Role Variables
Available variables are listed below (located in defaults/main.yml
):
Variables list:
tfsec_app: tfsec
tfsec_version: 1.28.6
tfsec_os: "{{ ansible_system | lower }}"
tfsec_architecture_map:
amd64: amd64
arm: arm64
x86_64: amd64
armv6l: armv6
armv7l: armv7
aarch64: arm64
32-bit: "386"
64-bit: amd64
tfsec_dl_url: https://github.com/aquasecurity/{{ tfsec_app }}/releases/download/v{{ tfsec_version }}/{{ tfsec_app }}-{{ tfsec_os }}-{{ tfsec_architecture_map[ansible_architecture] }}
tfsec_bin_path: "/usr/local/bin/{{ tfsec_app }}"
tfsec_file_owner: root
tfsec_file_group: root
tfsec_file_mode: '0755'
Variables table:
Variable | Description |
---|---|
tfsec_app | Defines the app to install i.e. tfsec |
tfsec_version | Defined to dynamically fetch the desired version to install. Defaults to: 1.28.6 |
tfsec_os | Defines os type. Used for obtaining the correct type of binaries based on OS type. |
tfsec_architecture_map | Defines os architecture. Used to set the correct type of binaries based on OS System Architecture. |
tfsec_dl_url | Defines URL to download the tfsec binary from. |
tfsec_bin_path | Defined to dynamically set the appropriate path to store tfsec binary into. Defaults to (as generally available on any user's PATH): /usr/local/bin/tfsec |
tfsec_bin_permission_mode | Defines the permission mode level for the file. |
tfsec_file_owner | Owner for the binary file of tfsec. |
tfsec_file_group | Group for the binary file of tfsec. |
tfsec_file_mode | Mode for the binary file of tfsec. |
Dependencies
None
Example Playbook
For default behaviour of role (i.e. installation of tfsec) in ansible playbooks.
- hosts: servers
roles:
- darkwizard242.tfsec
For customizing behavior of role (i.e. specifying the desired tfsec version) in ansible playbooks.
- hosts: servers
roles:
- darkwizard242.tfsec
vars:
tfsec_version: 0.18.0
For customizing behavior of role (i.e. placing binary of tfsec package in different location) in ansible playbooks.
- hosts: servers
roles:
- darkwizard242.tfsec
vars:
tfsec_bin_path: /bin/
License
Author Information
This role was created by Ali Muhammad.
About
Installs/Uninstalls 'tfsec', which was developed by Liam Galvin to perform static security analysis of terraform code.
Install
ansible-galaxy install darkwizard242/ansible-role-tfsec
License
mit
Downloads
3765
Owner
Senior DevOps/CloudOps Engineer.
Dedicated to Automating everything I come across.
Love to work on and learn new technologies/tools everyday!