Skip to content

Commit 2d9a7ae

Browse files
synthesis: add terraform state secret examples
1 parent 63b6d37 commit 2d9a7ae

1 file changed

Lines changed: 30 additions & 0 deletions

File tree

rust/modality/src/cmds/synthesize.rs

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -499,6 +499,8 @@ const FORMULA_EXAMPLE_GROUPS: &[FormulaExampleGroup] = &[
499499
r#"always([+ROTATE_PACKAGE_SIGNING_KEY] true -> eventually(<+NOTIFY_RELEASE_OWNER> true))"#,
500500
r#"always([+CLOUD_ACCESS_KEY_LEAKED] true -> (<+ROTATE_CLOUD_ACCESS_KEY> true | <+DISABLE_CLOUD_ACCOUNT> true))"#,
501501
r#"always([+ROTATE_CLOUD_ACCESS_KEY] true -> eventually(<+NOTIFY_CLOUD_ACCOUNT_OWNER> true))"#,
502+
r#"always([+TERRAFORM_STATE_SECRET_EXPOSED] true -> (<+ROTATE_STATE_SECRETS> true | <+LOCK_TERRAFORM_BACKEND> true))"#,
503+
r#"always([+ROTATE_STATE_SECRETS] true -> eventually(<+NOTIFY_INFRA_OWNER> true))"#,
502504
r#"next(<+APPROVE> true)"#,
503505
r#"next((<+APPROVE> true | [<+REJECT>] true))"#,
504506
r#"<+WAIT> true until <+APPROVE> true"#,
@@ -5047,6 +5049,18 @@ F2: formula generated_2 {
50475049
));
50485050
}
50495051

5052+
#[test]
5053+
fn synthesis_list_includes_terraform_state_secret_exposure_prompt_examples() {
5054+
let output = synthesis_list_text();
5055+
5056+
assert!(output.contains(
5057+
"always([+TERRAFORM_STATE_SECRET_EXPOSED] true -> (<+ROTATE_STATE_SECRETS> true | <+LOCK_TERRAFORM_BACKEND> true))"
5058+
));
5059+
assert!(output.contains(
5060+
"always([+ROTATE_STATE_SECRETS] true -> eventually(<+NOTIFY_INFRA_OWNER> true))"
5061+
));
5062+
}
5063+
50505064
#[test]
50515065
fn synthesis_list_includes_escrow_progression_prompt_examples() {
50525066
let output = synthesis_list_text();
@@ -15038,6 +15052,22 @@ gfp(X, []((X)) & ([<+ARCHIVE>] true))
1503815052
verify_synthesized_model(&model, &formulas).unwrap();
1503915053
}
1504015054

15055+
#[test]
15056+
fn verify_synthesized_model_accepts_terraform_state_secret_exposure_prompt_examples() {
15057+
let formulas = parse_formula_strings(&[
15058+
"always([+TERRAFORM_STATE_SECRET_EXPOSED] true -> (<+ROTATE_STATE_SECRETS> true | <+LOCK_TERRAFORM_BACKEND> true))"
15059+
.to_string(),
15060+
"always([+ROTATE_STATE_SECRETS] true -> eventually(<+NOTIFY_INFRA_OWNER> true))"
15061+
.to_string(),
15062+
]);
15063+
let model = modality_lang::formula_synthesis::synthesize_from_formulas(
15064+
"TerraformStateSecretExposure",
15065+
&formulas,
15066+
);
15067+
15068+
verify_synthesized_model(&model, &formulas).unwrap();
15069+
}
15070+
1504115071
#[test]
1504215072
fn verify_synthesized_model_accepts_mixed_alternatives_with_signer_requirement() {
1504315073
let formulas = parse_formula_strings(&[

0 commit comments

Comments
 (0)