spaceforge 1.1.6__tar.gz → 1.2.0__tar.gz

{spaceforge-1.1.6/spaceforge.egg-info → spaceforge-1.2.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: spaceforge
-Version: 1.1.6
+Version: 1.2.0
 Summary: A Python framework for building Spacelift plugins
 Author-email: Spacelift <support@spacelift.io>
 Maintainer-email: Spacelift <support@spacelift.io>
@@ -34,6 +34,7 @@ Requires-Dist: pytest-cov; extra == "dev"
 Requires-Dist: black; extra == "dev"
 Requires-Dist: isort; extra == "dev"
 Requires-Dist: mypy; extra == "dev"
+Requires-Dist: pylint; extra == "dev"
 Requires-Dist: types-PyYAML; extra == "dev"
 Requires-Dist: setuptools-scm[toml]>=6.2; extra == "dev"
 Requires-Dist: autoflake; extra == "dev"

spaceforge-1.2.0/linting/__init__.py

@@ -0,0 +1 @@
+"""Custom linting tools for Spaceforge plugins."""

spaceforge-1.2.0/linting/spaceforge_checker.py

@@ -0,0 +1,75 @@
+"""Custom pylint checker for Spaceforge plugin conventions."""
+
+import os
+from typing import TYPE_CHECKING
+
+from pylint.checkers import BaseChecker
+
+if TYPE_CHECKING:
+    from pylint.lint import PyLinter
+
+
+class SpaceforgePluginChecker(BaseChecker):
+    """Checker for Spaceforge plugin naming conventions."""
+
+    name = "spaceforge-plugin"
+    msgs = {
+        "E9001": (
+            "Plugin name '%s' should start with a capital letter",
+            "plugin-name-not-capitalized",
+            "The __plugin_name__ attribute must start with a capital letter for consistency.",
+        ),
+        "E9002": (
+            "Plugin class '%s' must have a docstring",
+            "plugin-missing-docstring",
+            "All plugin classes extending SpaceforgePlugin must have a docstring explaining what the plugin does.",
+        ),
+    }
+
+    def visit_classdef(self, node):
+        """Check class definitions that extend SpaceforgePlugin."""
+        # Skip test files
+        filename = os.path.basename(node.root().file)
+        if filename.startswith("test_") or filename == "conftest.py":
+            return
+
+        # Check if this class extends SpaceforgePlugin
+        if not any(
+            base.name == "SpaceforgePlugin"
+            for base in node.bases
+            if hasattr(base, "name")
+        ):
+            return
+
+        # Check if the plugin class has a docstring
+        # In astroid, docstrings are stored in the doc_node attribute
+        if not node.doc_node:
+            self.add_message(
+                "plugin-missing-docstring",
+                node=node,
+                args=(node.name,),
+            )
+
+        # Look for __plugin_name__ attribute in the class body
+        for item in node.body:
+            if (
+                hasattr(item, "targets")
+                and len(item.targets) == 1
+                and hasattr(item.targets[0], "name")
+                and item.targets[0].name == "__plugin_name__"
+            ):
+                # Get the value of __plugin_name__
+                if hasattr(item.value, "value") and isinstance(item.value.value, str):
+                    plugin_name = item.value.value
+                    if plugin_name and not plugin_name[0].isupper():
+                        self.add_message(
+                            "plugin-name-not-capitalized",
+                            node=item,
+                            args=(plugin_name,),
+                        )
+                break
+
+
+def register(linter: "PyLinter") -> None:
+    """Register the checker with pylint."""
+    linter.register_checker(SpaceforgePluginChecker(linter))

{spaceforge-1.1.6 → spaceforge-1.2.0}/plugins/checkov/plugin.py

@@ -1,88 +1,84 @@
-"""
-Checkov Security Scanner Plugin
+import json
+import os
 
-This plugin runs Checkov security scanning on Terraform/OpenTofu configurations
-during the after_plan hook and reports findings with detailed resource-level
-information.
+from spaceforge import Context, Parameter, Policy, SpaceforgePlugin, Variable
 
-## Features
 
-- Executes Checkov against Terraform/OpenTofu configurations
-- Parses and categorizes security findings by severity (when available)
-- Generates detailed Markdown reports organized by severity level
-- Adds scan results to policy input for OPA policy enforcement
-- Supports configurable additional arguments for filtering and customization
+class CheckovPlugin(SpaceforgePlugin):
+    """
+    This plugin runs Checkov security scanning on Terraform/OpenTofu configurations
+    during the after_plan hook and reports findings with detailed resource-level
+    information.
 
-## Configuration
+    ## Features
 
-### Parameters
+    - Executes Checkov against Terraform/OpenTofu configurations
+    - Parses and categorizes security findings by severity (when available)
+    - Generates detailed Markdown reports organized by severity level
+    - Adds scan results to policy input for OPA policy enforcement
+    - Supports configurable additional arguments for filtering and customization
 
-- **Additional Arguments**: Optional command-line arguments to pass to Checkov
-  (e.g., `--check HIGH,CRITICAL` or `--skip-check CKV_AWS_123`)
+    ## Configuration
 
-### Severity Support
+    ### Parameters
 
-Severity levels (CRITICAL, HIGH, MEDIUM, LOW) are available when using Checkov
-with a Bridgecrew/Prisma Cloud API key. To enable severity data:
+    - **Additional Arguments**: Optional command-line arguments to pass to Checkov
+      (e.g., `--check HIGH,CRITICAL` or `--skip-check CKV_AWS_123`)
 
-```
---bc-api-key YOUR_API_KEY
-```
+    ### Severity Support
 
-Without an API key, the plugin still works but findings are not categorized by
-severity in the report.
+    Severity levels (CRITICAL, HIGH, MEDIUM, LOW) are available when using Checkov
+    with a Bridgecrew/Prisma Cloud API key. To enable severity data:
 
-## Usage
+    ```
+    --bc-api-key YOUR_API_KEY
+    ```
 
-The plugin automatically runs after the plan phase and:
+    Without an API key, the plugin still works but findings are not categorized by
+    severity in the report.
 
-1. Scans your Terraform/OpenTofu code with Checkov
-2. Reports failed security checks in a formatted Markdown report
-3. Organizes findings by severity level (CRITICAL, HIGH, MEDIUM, LOW) when available
-4. Provides check details, resource names, file locations, and remediation links
-5. Adds comprehensive scan data to policy input for OPA evaluation
+    ## Usage
 
-## Example OPA Policy
+    The plugin automatically runs after the plan phase and:
 
-An example Plan policy is included that denies runs based on severity thresholds.
-You can customize the max_critical, max_high, max_medium, and max_low values:
+    1. Scans your Terraform/OpenTofu code with Checkov
+    2. Reports failed security checks in a formatted Markdown report
+    3. Organizes findings by severity level (CRITICAL, HIGH, MEDIUM, LOW) when available
+    4. Provides check details, resource names, file locations, and remediation links
+    5. Adds comprehensive scan data to policy input for OPA evaluation
 
-```rego
-package spacelift
+    ## Example OPA Policy
 
-import rego.v1
+    An example Plan policy is included that denies runs based on severity thresholds.
+    You can customize the max_critical, max_high, max_medium, and max_low values:
 
-# Configure maximum allowed findings by severity
-max_critical := 0
-max_high := 0
-max_medium := 50
-max_low := 100
+    ```rego
+    package spacelift
 
-checkov_data := input.third_party_metadata.custom.checkov
+    import rego.v1
 
-deny contains sprintf("Found %d CRITICAL severity Checkov security checks", [checkov_data.summary.critical]) if {
-    checkov_data.summary.critical > max_critical
-}
+    # Configure maximum allowed findings by severity
+    max_critical := 0
+    max_high := 0
+    max_medium := 50
+    max_low := 100
 
-deny contains sprintf("Found %d HIGH severity Checkov security checks", [checkov_data.summary.high]) if {
-    checkov_data.summary.high > max_high
-}
-```
-"""
+    checkov_data := input.third_party_metadata.custom.checkov
 
-import json
-import os
-
-from spaceforge import Context, Parameter, Policy, SpaceforgePlugin, Variable
+    deny contains sprintf("Found %d CRITICAL severity Checkov security checks", [checkov_data.summary.critical]) if {
+        checkov_data.summary.critical > max_critical
+    }
 
-__plugin_name__ = "checkov"
-__author__ = "Spacelift"
-__version__ = "1.0.1"
-__labels__ = ["security", "terraform"]
+    deny contains sprintf("Found %d HIGH severity Checkov security checks", [checkov_data.summary.high]) if {
+        checkov_data.summary.high > max_high
+    }
+    ```
+    """
 
-
-class CheckovPlugin(SpaceforgePlugin):
-    """Checkov security scanner plugin for Spacelift."""
+    __plugin_name__ = "Checkov"
+    __author__ = "Spacelift"
+    __version__ = "1.0.3"
+    __labels__ = ["security", "terraform"]
 
     __parameters__ = [
         Parameter(
@@ -90,6 +86,7 @@ class CheckovPlugin(SpaceforgePlugin):
             id="checkov_additional_args",
             description="Additional command-line arguments to pass to Checkov (e.g., --check HIGH,CRITICAL or --skip-check CKV_AWS_123)",
             default="",
+            type="string",
             required=False,
         )
     ]

{spaceforge-1.1.6 → spaceforge-1.2.0}/plugins/checkov/plugin.yaml

@@ -1,11 +1,81 @@
-name: SpaceforgePlugin
-version: 1.0.0
-description: Checkov security scanner plugin for Spacelift.
-author: Spacelift Team
-labels: []
+name: Checkov
+version: 1.0.3
+description: |-
+  This plugin runs Checkov security scanning on Terraform/OpenTofu configurations
+  during the after_plan hook and reports findings with detailed resource-level
+  information.
+
+  ## Features
+
+  - Executes Checkov against Terraform/OpenTofu configurations
+  - Parses and categorizes security findings by severity (when available)
+  - Generates detailed Markdown reports organized by severity level
+  - Adds scan results to policy input for OPA policy enforcement
+  - Supports configurable additional arguments for filtering and customization
+
+  ## Configuration
+
+  ### Parameters
+
+  - **Additional Arguments**: Optional command-line arguments to pass to Checkov
+    (e.g., `--check HIGH,CRITICAL` or `--skip-check CKV_AWS_123`)
+
+  ### Severity Support
+
+  Severity levels (CRITICAL, HIGH, MEDIUM, LOW) are available when using Checkov
+  with a Bridgecrew/Prisma Cloud API key. To enable severity data:
+
+  ```
+  --bc-api-key YOUR_API_KEY
+  ```
+
+  Without an API key, the plugin still works but findings are not categorized by
+  severity in the report.
+
+  ## Usage
+
+  The plugin automatically runs after the plan phase and:
+
+  1. Scans your Terraform/OpenTofu code with Checkov
+  2. Reports failed security checks in a formatted Markdown report
+  3. Organizes findings by severity level (CRITICAL, HIGH, MEDIUM, LOW) when available
+  4. Provides check details, resource names, file locations, and remediation links
+  5. Adds comprehensive scan data to policy input for OPA evaluation
+
+  ## Example OPA Policy
+
+  An example Plan policy is included that denies runs based on severity thresholds.
+  You can customize the max_critical, max_high, max_medium, and max_low values:
+
+  ```rego
+  package spacelift
+
+  import rego.v1
+
+  # Configure maximum allowed findings by severity
+  max_critical := 0
+  max_high := 0
+  max_medium := 50
+  max_low := 100
+
+  checkov_data := input.third_party_metadata.custom.checkov
+
+  deny contains sprintf("Found %d CRITICAL severity Checkov security checks", [checkov_data.summary.critical]) if {
+      checkov_data.summary.critical > max_critical
+  }
+
+  deny contains sprintf("Found %d HIGH severity Checkov security checks", [checkov_data.summary.high]) if {
+      checkov_data.summary.high > max_high
+  }
+  ```
+author: Spacelift
+labels:
+- security
+- terraform
 parameters:
 - name: Additional Arguments
   description: Additional command-line arguments to pass to Checkov (e.g., --check HIGH,CRITICAL or --skip-check CKV_AWS_123)
+  type: string
   sensitive: false
   required: false
   default: ''
@@ -18,97 +88,93 @@ contexts:
     value_from_parameter: checkov_additional_args
     sensitive: false
   mounted_files:
-  - path: /mnt/workspace/plugins/spaceforgeplugin/requirements.txt
+  - path: /mnt/workspace/plugins/checkov/requirements.txt
     content: |-
       checkov==3.2.489
     sensitive: false
-  - path: /mnt/workspace/plugins/spaceforgeplugin/plugin.py
+  - path: /mnt/workspace/plugins/checkov/plugin.py
     content: |-
-      """
-      Checkov Security Scanner Plugin
-
-      This plugin runs Checkov security scanning on Terraform/OpenTofu configurations
-      during the after_plan hook and reports findings with detailed resource-level
-      information.
-
-      ## Features
+      import json
+      import os
 
-      - Executes Checkov against Terraform/OpenTofu configurations
-      - Parses and categorizes security findings by severity (when available)
-      - Generates detailed Markdown reports organized by severity level
-      - Adds scan results to policy input for OPA policy enforcement
-      - Supports configurable additional arguments for filtering and customization
+      from spaceforge import Context, Parameter, Policy, SpaceforgePlugin, Variable
 
-      ## Configuration
 
-      ### Parameters
+      class CheckovPlugin(SpaceforgePlugin):
+          """
+          This plugin runs Checkov security scanning on Terraform/OpenTofu configurations
+          during the after_plan hook and reports findings with detailed resource-level
+          information.
 
-      - **Additional Arguments**: Optional command-line arguments to pass to Checkov
-        (e.g., `--check HIGH,CRITICAL` or `--skip-check CKV_AWS_123`)
+          ## Features
 
-      ### Severity Support
+          - Executes Checkov against Terraform/OpenTofu configurations
+          - Parses and categorizes security findings by severity (when available)
+          - Generates detailed Markdown reports organized by severity level
+          - Adds scan results to policy input for OPA policy enforcement
+          - Supports configurable additional arguments for filtering and customization
 
-      Severity levels (CRITICAL, HIGH, MEDIUM, LOW) are available when using Checkov
-      with a Bridgecrew/Prisma Cloud API key. To enable severity data:
+          ## Configuration
 
-      ```
-      --bc-api-key YOUR_API_KEY
-      ```
+          ### Parameters
 
-      Without an API key, the plugin still works but findings are not categorized by
-      severity in the report.
+          - **Additional Arguments**: Optional command-line arguments to pass to Checkov
+            (e.g., `--check HIGH,CRITICAL` or `--skip-check CKV_AWS_123`)
 
-      ## Usage
+          ### Severity Support
 
-      The plugin automatically runs after the plan phase and:
+          Severity levels (CRITICAL, HIGH, MEDIUM, LOW) are available when using Checkov
+          with a Bridgecrew/Prisma Cloud API key. To enable severity data:
 
-      1. Scans your Terraform/OpenTofu code with Checkov
-      2. Reports failed security checks in a formatted Markdown report
-      3. Organizes findings by severity level (CRITICAL, HIGH, MEDIUM, LOW) when available
-      4. Provides check details, resource names, file locations, and remediation links
-      5. Adds comprehensive scan data to policy input for OPA evaluation
+          ```
+          --bc-api-key YOUR_API_KEY
+          ```
 
-      ## Example OPA Policy
+          Without an API key, the plugin still works but findings are not categorized by
+          severity in the report.
 
-      An example Plan policy is included that denies runs based on severity thresholds.
-      You can customize the max_critical, max_high, max_medium, and max_low values:
+          ## Usage
 
-      ```rego
-      package spacelift
+          The plugin automatically runs after the plan phase and:
 
-      import rego.v1
+          1. Scans your Terraform/OpenTofu code with Checkov
+          2. Reports failed security checks in a formatted Markdown report
+          3. Organizes findings by severity level (CRITICAL, HIGH, MEDIUM, LOW) when available
+          4. Provides check details, resource names, file locations, and remediation links
+          5. Adds comprehensive scan data to policy input for OPA evaluation
 
-      # Configure maximum allowed findings by severity
-      max_critical := 0
-      max_high := 0
-      max_medium := 50
-      max_low := 100
+          ## Example OPA Policy
 
-      checkov_data := input.third_party_metadata.custom.checkov
+          An example Plan policy is included that denies runs based on severity thresholds.
+          You can customize the max_critical, max_high, max_medium, and max_low values:
 
-      deny contains sprintf("Found %d CRITICAL severity Checkov security checks", [checkov_data.summary.critical]) if {
-          checkov_data.summary.critical > max_critical
-      }
+          ```rego
+          package spacelift
 
-      deny contains sprintf("Found %d HIGH severity Checkov security checks", [checkov_data.summary.high]) if {
-          checkov_data.summary.high > max_high
-      }
-      ```
-      """
+          import rego.v1
 
-      import json
-      import os
+          # Configure maximum allowed findings by severity
+          max_critical := 0
+          max_high := 0
+          max_medium := 50
+          max_low := 100
 
-      from spaceforge import Context, Parameter, Policy, SpaceforgePlugin, Variable
+          checkov_data := input.third_party_metadata.custom.checkov
 
-      __plugin_name__ = "checkov"
-      __author__ = "Spacelift"
-      __version__ = "1.0.1"
-      __labels__ = ["security", "terraform"]
+          deny contains sprintf("Found %d CRITICAL severity Checkov security checks", [checkov_data.summary.critical]) if {
+              checkov_data.summary.critical > max_critical
+          }
 
+          deny contains sprintf("Found %d HIGH severity Checkov security checks", [checkov_data.summary.high]) if {
+              checkov_data.summary.high > max_high
+          }
+          ```
+          """
 
-      class CheckovPlugin(SpaceforgePlugin):
-          """Checkov security scanner plugin for Spacelift."""
+          __plugin_name__ = "Checkov"
+          __author__ = "Spacelift"
+          __version__ = "1.0.3"
+          __labels__ = ["security", "terraform"]
 
           __parameters__ = [
               Parameter(
@@ -116,6 +182,7 @@ contexts:
                   id="checkov_additional_args",
                   description="Additional command-line arguments to pass to Checkov (e.g., --check HIGH,CRITICAL or --skip-check CKV_AWS_123)",
                   default="",
+                  type="string",
                   required=False,
               )
           ]
@@ -371,13 +438,13 @@ contexts:
                   self.logger.error(f"Plugin failed: {e}")
                   exit(1)
     sensitive: false
-  - path: /mnt/workspace/plugins/spaceforgeplugin/after_plan.sh
+  - path: /mnt/workspace/plugins/checkov/after_plan.sh
     content: |-
       #!/bin/sh
 
       set -e
 
-      cd /mnt/workspace/plugins/spaceforgeplugin
+      cd /mnt/workspace/plugins/checkov
 
       if [ ! -d "./venv" ]; then
           python -m venv --system-site-packages ./venv
@@ -394,13 +461,13 @@ contexts:
       fi
 
       cd /mnt/workspace/source/$TF_VAR_spacelift_project_root
-      python -m spaceforge run --plugin-file /mnt/workspace/plugins/spaceforgeplugin/plugin.py after_plan
+      python -m spaceforge run --plugin-file /mnt/workspace/plugins/checkov/plugin.py after_plan
     sensitive: false
   hooks:
     before_init:
-    - mkdir -p /mnt/workspace/plugins/spaceforgeplugin
+    - mkdir -p /mnt/workspace/plugins/checkov
     after_plan:
-    - chmod +x /mnt/workspace/plugins/spaceforgeplugin/after_plan.sh && /mnt/workspace/plugins/spaceforgeplugin/after_plan.sh
+    - chmod +x /mnt/workspace/plugins/checkov/after_plan.sh && /mnt/workspace/plugins/checkov/after_plan.sh
 policies:
 - name_prefix: checkov
   type: PLAN