diff --git a/Terraform_Examples/data_labels.tf b/Terraform_Examples/data_labels.tf index 7b32478..ef1075e 100644 --- a/Terraform_Examples/data_labels.tf +++ b/Terraform_Examples/data_labels.tf @@ -1,3 +1,22 @@ + +terraform { + required_providers { + cyral = { + source = "cyralinc/cyral" + version = "~> 4.0" + } + } +} + +## Setup connection to the control plane + +provider "cyral" { + client_id = "" + client_secret = "" + + control_plane = "" +} + locals { no_code_data_labels = toset(compact((split("\n", file("./resource_files/no_code_data_labels.txt"))))) } @@ -7,14 +26,14 @@ locals { } -resource "cyral_datalabel" "data_labels" { - for_each = local.no_code_data_labels - name = each.key - classification_rule { - rule_status = "DISABLED" - rule_type = "UNKNOWN" - } -} +#resource "cyral_datalabel" "data_labels" { +# for_each = local.no_code_data_labels +# name = each.key +# classification_rule { +# rule_status = "DISABLED" +# rule_type = "UNKNOWN" +# } +#} resource "cyral_datalabel" "data_labels_with_code" { for_each = local.data_labels_json diff --git a/Terraform_Examples/resource_files/data_label_rego/cardholder_name_test.rego b/Terraform_Examples/resource_files/data_label_rego/cardholder_name_test.rego index a0c15cf..f795983 100644 --- a/Terraform_Examples/resource_files/data_label_rego/cardholder_name_test.rego +++ b/Terraform_Examples/resource_files/data_label_rego/cardholder_name_test.rego @@ -1,25 +1,25 @@ package classifier_cardholder_name -test_dob_pattern { +test_chn_pattern { output.cardholder_name == "CARDHOLDER_NAME" with input as {"cardholder_name":"John Doe"} } -test_dob_pattern { +test_chn_pattern { output.cardholder_name == "CARDHOLDER_NAME" with input as {"cardholder_name":"Robert Williams-Brown"} } -test_dob_pattern { +test_chn_pattern { output.cardholdername == "CARDHOLDER_NAME" with input as {"cardholdername":"Robert Williams-Brown"} } -test_dob_pattern { +test_chn_pattern { output.cardholderName == "CARDHOLDER_NAME" with input as {"cardholderName":"Robert Williams-Brown"} } -test_dob_pattern { +test_chn_pattern { output.cardholder_Name == "CARDHOLDER_NAME" with input as {"cardholder_Name":"Robert Williams-Brown"} } -test_dob_pattern { +test_chn_pattern { output.cardholderName == "CARDHOLDER_NAME" with input as {"cardholderName":"Robert Williams-Brown"} } diff --git a/Terraform_Examples/resource_files/data_label_rego/dob.rego b/Terraform_Examples/resource_files/data_label_rego/dob.rego index 788ce15..1cdeba8 100644 --- a/Terraform_Examples/resource_files/data_label_rego/dob.rego +++ b/Terraform_Examples/resource_files/data_label_rego/dob.rego @@ -8,7 +8,12 @@ classify(key, val) := "DOB" { any([ lower(key) == "dob", lower(key) == "birthdate", - regex.match(`^(0?[1-9]|1[0-2])[\/](0?[1-9]|[12]\d|3[01])[\/](19|20)\d{2}$`, val) + # mm/dd/yyyy mm-dd-yyyy mm.dd.yyyy + regex.match(`^(0?[1-9]|1[0-2])[\/\.-](0?[1-9]|[12]\d|3[01])[\/\.-](19|20)\d{2}$`, val), + # dd/mm/yyyy + regex.match(`^(0?[1-9]|[12]\d|3[01])[\/\.-](0?[1-9]|1[0-2])[\/\.-](19|20)\d{2}$`, val), + # yyyy/mm/dd + regex.match(`^(19|20)\d{2}[\/\.-](0?[1-9]|1[0-2])[\/\.-](0?[1-9]|[12]\d|3[01])$`, val), ]) } else = "UNLABELED" { true diff --git a/Terraform_Examples/resource_files/data_label_rego/dob_test.rego b/Terraform_Examples/resource_files/data_label_rego/dob_test.rego index 018eebb..65c54ad 100644 --- a/Terraform_Examples/resource_files/data_label_rego/dob_test.rego +++ b/Terraform_Examples/resource_files/data_label_rego/dob_test.rego @@ -20,6 +20,26 @@ test_dob_key { output.BirthDate == "DOB" with input as {"BirthDate":"test"} } +# mm/dd/yyyy + +test_dob_pattern { + output.message == "DOB" with input as {"message":"01/01/1900"} +} + +test_dob_pattern { + output.message == "DOB" with input as {"message":"1-1-1900"} +} + +test_dob_pattern { + output.message == "DOB" with input as {"message":"10.01.1971"} +} + +test_dob_pattern { + output.message == "DOB" with input as {"message":"11/30/2023"} +} + +# dd/mm/yyyy + test_dob_pattern { output.message == "DOB" with input as {"message":"01/01/1900"} } @@ -33,5 +53,24 @@ test_dob_pattern { } test_dob_pattern { - output.message == "DOB" with input as {"message":"11/30/2023"} + output.message == "DOB" with input as {"message":"30/11/2023"} +} + + +# yyyy/mm/dd + +test_dob_pattern { + output.message == "DOB" with input as {"message":"1900/01/10"} } + +test_dob_pattern { + output.message == "DOB" with input as {"message":"1900/1/1"} +} + +test_dob_pattern { + output.message == "DOB" with input as {"message":"1971/10/01"} +} + +test_dob_pattern { + output.message == "DOB" with input as {"message":"2023/12/31"} +} \ No newline at end of file diff --git a/Terraform_Examples/resource_files/data_label_rego/first_name_test.rego b/Terraform_Examples/resource_files/data_label_rego/first_name_test.rego index 51bc3e4..b813303 100644 --- a/Terraform_Examples/resource_files/data_label_rego/first_name_test.rego +++ b/Terraform_Examples/resource_files/data_label_rego/first_name_test.rego @@ -1,25 +1,25 @@ package classifier_first_name -test_dob_pattern { +test_fn_pattern { output.first_name == "FIRST_NAME" with input as {"first_name":"John"} } -test_dob_pattern { +test_fn_pattern { output.first_name == "FIRST_NAME" with input as {"first_name":"Robert"} } -test_dob_pattern { +test_fn_pattern { output.firstname == "FIRST_NAME" with input as {"firstname":"Robert"} } -test_dob_pattern { +test_fn_pattern { output.firstName == "FIRST_NAME" with input as {"firstName":"Robert"} } -test_dob_pattern { +test_fn_pattern { output.First_Name == "FIRST_NAME" with input as {"First_Name":"Robert"} } -test_dob_pattern { +test_fn_pattern { output.FirstName == "FIRST_NAME" with input as {"FirstName":"Robert"} } diff --git a/Terraform_Examples/resource_files/data_label_rego/full_name_test.rego b/Terraform_Examples/resource_files/data_label_rego/full_name_test.rego index 5afe2d9..af50741 100644 --- a/Terraform_Examples/resource_files/data_label_rego/full_name_test.rego +++ b/Terraform_Examples/resource_files/data_label_rego/full_name_test.rego @@ -1,25 +1,25 @@ package classifier_full_name -test_dob_pattern { +test_fullname_pattern { output.full_name == "FULL_NAME" with input as {"full_name":"John Doe"} } -test_dob_pattern { +test_fullname_pattern { output.full_name == "FULL_NAME" with input as {"full_name":"Robert Williams-Brown"} } -test_dob_pattern { +test_fullname_pattern { output.fullname == "FULL_NAME" with input as {"fullname":"Robert Williams-Brown"} } -test_dob_pattern { +test_fullname_pattern { output.fullName == "FULL_NAME" with input as {"fullName":"Robert Williams-Brown"} } -test_dob_pattern { +test_fullname_pattern { output.Full_Name == "FULL_NAME" with input as {"Full_Name":"Robert Williams-Brown"} } -test_dob_pattern { +test_fullname_pattern { output.FullName == "FULL_NAME" with input as {"FullName":"Robert Williams-Brown"} } diff --git a/Terraform_Examples/resource_files/data_label_rego/last_name_test.rego b/Terraform_Examples/resource_files/data_label_rego/last_name_test.rego index d8bbc35..1d6967b 100644 --- a/Terraform_Examples/resource_files/data_label_rego/last_name_test.rego +++ b/Terraform_Examples/resource_files/data_label_rego/last_name_test.rego @@ -1,25 +1,25 @@ package classifier_last_name -test_dob_pattern { +test_ln_pattern { output.last_name == "LAST_NAME" with input as {"last_name":"Doe"} } -test_dob_pattern { +test_ln_pattern { output.last_name == "LAST_NAME" with input as {"last_name":"Williams-Brown"} } -test_dob_pattern { +test_ln_pattern { output.lastname == "LAST_NAME" with input as {"lastname":"Williams-Brown"} } -test_dob_pattern { +test_ln_pattern { output.lastName == "LAST_NAME" with input as {"lastName":"Williams-Brown"} } -test_dob_pattern { +test_ln_pattern { output.Last_Name == "LAST_NAME" with input as {"Last_Name":"Williams-Brown"} } -test_dob_pattern { +test_ln_pattern { output.LastName == "LAST_NAME" with input as {"LastName":"Williams-Brown"} } diff --git a/Terraform_Examples/resource_files/data_label_rego/passport_test.rego b/Terraform_Examples/resource_files/data_label_rego/passport_test.rego index fe68e5a..0750487 100644 --- a/Terraform_Examples/resource_files/data_label_rego/passport_test.rego +++ b/Terraform_Examples/resource_files/data_label_rego/passport_test.rego @@ -63,7 +63,10 @@ test_passport_pattern { output.message == "PASSPORT" with input as {"message":"E12345678"} } - +# South Africa (diplomat, standard covered by other countries) +test_passport_sa_pattern { + output.message == "PASSPORT" with input as {"message":"D123456789"} +} diff --git a/Terraform_Examples/resource_files/data_label_rego/phone.rego b/Terraform_Examples/resource_files/data_label_rego/phone.rego index d1f07df..8a21724 100644 --- a/Terraform_Examples/resource_files/data_label_rego/phone.rego +++ b/Terraform_Examples/resource_files/data_label_rego/phone.rego @@ -7,10 +7,9 @@ output := {k: v | classify(key, val) := "PHONE" { any([ contains(lower(key), "phone"), - regex.match( - `\(?\d{3}\)?[ .-]?\d{3}[ .-]?\d{4}`, - val - ) + regex.match(`\(?\d{3}\)?[ .-]?\d{3}[ .-]?\d{4}`, val), + regex.match(`\+(9[976]\d|8[987530]\d|6[987]\d|5[90]\d|42\d|3[875]\d|2[98654321]\d|9[8543210]|8[6421]|6[6543210]|5[87654321]|4[987654310]|3[9643210]|2[70]|7|1)\d{1,14}$`, val), + regex.match(`((?:9[679]|8[035789]|6[789]|5[90]|42|3[578]|2[1-689])|9[0-58]|8[1246]|6[0-6]|5[1-8]|4[013-9]|3[0-469]|2[70]|7|1)(?:\W*\d){0,13}\d$`, val) ]) } else := "UNLABELED" { true diff --git a/Terraform_Examples/resource_files/data_label_rego/phone_test.rego b/Terraform_Examples/resource_files/data_label_rego/phone_test.rego index 6a3c223..054a8ad 100644 --- a/Terraform_Examples/resource_files/data_label_rego/phone_test.rego +++ b/Terraform_Examples/resource_files/data_label_rego/phone_test.rego @@ -20,6 +20,9 @@ test_phone_key { output.PhoneNumber == "PHONE" with input as {"PhoneNumber":"some number"} } + +# standard US patterns + test_phone_pattern { output.message == "PHONE" with input as {"message":"+1-(800)-123-4567"} } @@ -39,3 +42,18 @@ test_phone_pattern { test_phone_pattern { output.message == "PHONE" with input as {"message":"123 456 7890"} } + + +# South Africa specific tests + +test_phone_valid_with_country_code { + output.message == "PHONE" with input as {"message": "0027 12 456 7890"} +} + +test_phone_valid_with_plus_sign { + output.message == "PHONE" with input as {"message": "+27 11 123 4567"} +} + +test_phone_valid_mobile { + output.message == "PHONE" with input as {"message": "+27791234567"} +} diff --git a/Terraform_Examples/resource_files/data_label_rego/surname_test.rego b/Terraform_Examples/resource_files/data_label_rego/surname_test.rego index 7db5838..da8892a 100644 --- a/Terraform_Examples/resource_files/data_label_rego/surname_test.rego +++ b/Terraform_Examples/resource_files/data_label_rego/surname_test.rego @@ -1,21 +1,21 @@ package classifier_surname -test_dob_pattern { +test_sn_pattern { output.surname == "SURNAME" with input as {"surname":"Doe"} } -test_dob_pattern { +test_sn_pattern { output.surname == "SURNAME" with input as {"surname":"Williams-Brown"} } -test_dob_pattern { +test_sn_pattern { output.surname == "SURNAME" with input as {"surname":"Williams-Brown"} } -test_dob_pattern { +test_sn_pattern { output.SurName == "SURNAME" with input as {"SurName":"Williams-Brown"} } -test_dob_pattern { +test_sn_pattern { output.SurName == "SURNAME" with input as {"SurName":"Williams-Brown"} } diff --git a/Terraform_Examples/resource_files/data_labels_with_code.json b/Terraform_Examples/resource_files/data_labels_with_code.json index 1c9479e..1b491d5 100644 --- a/Terraform_Examples/resource_files/data_labels_with_code.json +++ b/Terraform_Examples/resource_files/data_labels_with_code.json @@ -5,23 +5,40 @@ "rule_code_file":"./resource_files/data_label_rego/address.rego", "rule_status":"ENABLED" }, - "test_cnid" : { - "name":"TEST_CNID", - "description":"Social security number", - "rule_code_file":"./resource_files/data_label_rego/test_cnid.rego", - "rule_status":"ENABLED" - }, "age" : { "name":"AGE", "description":"Age", "rule_code_file":"./resource_files/data_label_rego/age.rego", "rule_status":"ENABLED" }, + "card_expiration" : { + "name":"CARD_EXPIRATION", + "description":"Credit card expiration", + "rule_code_file":"./resource_files/data_label_rego/card_expiration.rego", + "rule_status":"ENABLED" + }, + "cardholder_name" : { + "name":"CARDHOLDER_NAME", + "description":"Credit card holder name", + "rule_code_file":"./resource_files/data_label_rego/cardholder_name.rego", + "rule_status":"ENABLED" + }, "ccn" : { "name":"CCN", "description":"Credit card number", "rule_code_file":"./resource_files/data_label_rego/ccn.rego", "rule_status":"ENABLED" + },"cvv" : { + "name":"CVV", + "description":"Credit card CVV", + "rule_code_file":"./resource_files/data_label_rego/cvv.rego", + "rule_status":"ENABLED" + }, + "dob" : { + "name":"DOB", + "description":"date of birth", + "rule_code_file":"./resource_files/data_label_rego/dob.rego", + "rule_status":"ENABLED" }, "email" : { "name":"EMAIL", @@ -29,22 +46,64 @@ "rule_code_file":"./resource_files/data_label_rego/email.rego", "rule_status":"ENABLED" }, + "first_name" : { + "name":"FIRST_NAME", + "description":"First name", + "rule_code_file":"./resource_files/data_label_rego/first_name.rego", + "rule_status":"ENABLED" + }, + "full_name" : { + "name":"FULL_NAME", + "description":"Full name", + "rule_code_file":"./resource_files/data_label_rego/full_name.rego", + "rule_status":"ENABLED" + }, + "imei" : { + "name":"IMEI", + "description":"IMEI number", + "rule_code_file":"./resource_files/data_label_rego/imei.rego", + "rule_status":"ENABLED" + }, "ip_address" : { "name":"IP_ADDRESS", "description":"IP Address", "rule_code_file":"./resource_files/data_label_rego/ip_address.rego", "rule_status":"ENABLED" }, + "last_name" : { + "name":"LAST_NAME", + "description":"Last name", + "rule_code_file":"./resource_files/data_label_rego/last_name.rego", + "rule_status":"ENABLED" + }, + "passport" : { + "name":"PASSPORT", + "description":"Passport", + "rule_code_file":"./resource_files/data_label_rego/passport.rego", + "rule_status":"ENABLED" + }, "phone" : { "name":"PHONE", "description":"Phone number", "rule_code_file":"./resource_files/data_label_rego/phone.rego", "rule_status":"ENABLED" }, + "puk" : { + "name":"PUK", + "description":"PUK number", + "rule_code_file":"./resource_files/data_label_rego/puk_number.rego", + "rule_status":"ENABLED" + }, "ssn" : { "name":"SSN", "description":"Social security number", "rule_code_file":"./resource_files/data_label_rego/ssn.rego", "rule_status":"ENABLED" + }, + "surname" : { + "name":"SURNAME", + "description":"Surname", + "rule_code_file":"./resource_files/data_label_rego/surname.rego", + "rule_status":"ENABLED" } } \ No newline at end of file