github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/internal/adapters/cloudformation/aws/ec2/adapt_test.go (about) 1 package ec2 2 3 import ( 4 "context" 5 "testing" 6 7 "github.com/aquasecurity/defsec/pkg/providers/aws/ec2" 8 "github.com/aquasecurity/defsec/pkg/types" 9 "github.com/stretchr/testify/require" 10 11 "github.com/aquasecurity/trivy-iac/pkg/scanners/cloudformation/parser" 12 "github.com/aquasecurity/trivy-iac/test/testutil" 13 ) 14 15 func TestAdapt(t *testing.T) { 16 tests := []struct { 17 name string 18 source string 19 expected ec2.EC2 20 }{ 21 { 22 name: "ec2 instance", 23 source: `AWSTemplateFormatVersion: 2010-09-09 24 Resources: 25 MyEC2Instance: 26 Type: AWS::EC2::Instance 27 Properties: 28 ImageId: "ami-79fd7eee" 29 KeyName: "testkey" 30 BlockDeviceMappings: 31 - DeviceName: "/dev/sdm" 32 Ebs: 33 VolumeType: "io1" 34 Iops: "200" 35 DeleteOnTermination: "false" 36 VolumeSize: "20" 37 Encrypted: true 38 - DeviceName: "/dev/sdk" 39 NoDevice: {} 40 `, 41 expected: ec2.EC2{ 42 Instances: []ec2.Instance{ 43 { 44 Metadata: types.NewTestMetadata(), 45 MetadataOptions: ec2.MetadataOptions{ 46 HttpEndpoint: types.StringDefault("enabled", types.NewTestMetadata()), 47 HttpTokens: types.StringDefault("optional", types.NewTestMetadata()), 48 }, 49 RootBlockDevice: &ec2.BlockDevice{ 50 Metadata: types.NewTestMetadata(), 51 Encrypted: types.BoolDefault(true, types.NewTestMetadata()), 52 }, 53 EBSBlockDevices: []*ec2.BlockDevice{ 54 { 55 Metadata: types.NewTestMetadata(), 56 Encrypted: types.BoolDefault(false, types.NewTestMetadata()), 57 }, 58 }, 59 }, 60 }, 61 }, 62 }, 63 { 64 name: "ec2 instance with launch template, ref to name", 65 source: `AWSTemplateFormatVersion: 2010-09-09 66 Resources: 67 MyLaunchTemplate: 68 Type: AWS::EC2::LaunchTemplate 69 Properties: 70 LaunchTemplateName: MyTemplate 71 LaunchTemplateData: 72 MetadataOptions: 73 HttpEndpoint: enabled 74 HttpTokens: required 75 MyEC2Instance: 76 Type: AWS::EC2::Instance 77 Properties: 78 ImageId: "ami-79fd7eee" 79 LaunchTemplate: 80 LaunchTemplateName: MyTemplate 81 `, 82 expected: ec2.EC2{ 83 LaunchTemplates: []ec2.LaunchTemplate{ 84 { 85 Metadata: types.NewTestMetadata(), 86 Name: types.String("MyTemplate", types.NewTestMetadata()), 87 Instance: ec2.Instance{ 88 Metadata: types.NewTestMetadata(), 89 MetadataOptions: ec2.MetadataOptions{ 90 HttpEndpoint: types.String("enabled", types.NewTestMetadata()), 91 HttpTokens: types.String("required", types.NewTestMetadata()), 92 }, 93 }, 94 }, 95 }, 96 Instances: []ec2.Instance{ 97 { 98 Metadata: types.NewTestMetadata(), 99 MetadataOptions: ec2.MetadataOptions{ 100 HttpEndpoint: types.String("enabled", types.NewTestMetadata()), 101 HttpTokens: types.String("required", types.NewTestMetadata()), 102 }, 103 RootBlockDevice: &ec2.BlockDevice{ 104 Metadata: types.NewTestMetadata(), 105 Encrypted: types.Bool(false, types.NewTestMetadata()), 106 }, 107 }, 108 }, 109 }, 110 }, 111 { 112 name: "ec2 instance with launch template, ref to id", 113 source: `AWSTemplateFormatVersion: 2010-09-09 114 Resources: 115 MyLaunchTemplate: 116 Type: AWS::EC2::LaunchTemplate 117 Properties: 118 LaunchTemplateName: MyTemplate 119 LaunchTemplateData: 120 MetadataOptions: 121 HttpEndpoint: enabled 122 HttpTokens: required 123 MyEC2Instance: 124 Type: AWS::EC2::Instance 125 Properties: 126 ImageId: "ami-79fd7eee" 127 LaunchTemplate: 128 LaunchTemplateId: !Ref MyLaunchTemplate 129 `, 130 expected: ec2.EC2{ 131 LaunchTemplates: []ec2.LaunchTemplate{ 132 { 133 Metadata: types.NewTestMetadata(), 134 Name: types.String("MyTemplate", types.NewTestMetadata()), 135 Instance: ec2.Instance{ 136 Metadata: types.NewTestMetadata(), 137 MetadataOptions: ec2.MetadataOptions{ 138 HttpEndpoint: types.String("enabled", types.NewTestMetadata()), 139 HttpTokens: types.String("required", types.NewTestMetadata()), 140 }, 141 }, 142 }, 143 }, 144 Instances: []ec2.Instance{ 145 { 146 Metadata: types.NewTestMetadata(), 147 MetadataOptions: ec2.MetadataOptions{ 148 HttpEndpoint: types.String("enabled", types.NewTestMetadata()), 149 HttpTokens: types.String("required", types.NewTestMetadata()), 150 }, 151 RootBlockDevice: &ec2.BlockDevice{ 152 Metadata: types.NewTestMetadata(), 153 Encrypted: types.Bool(false, types.NewTestMetadata()), 154 }, 155 }, 156 }, 157 }, 158 }, 159 } 160 161 for _, tt := range tests { 162 t.Run(tt.name, func(t *testing.T) { 163 164 fsys := testutil.CreateFS(t, map[string]string{ 165 "main.yaml": tt.source, 166 }) 167 168 fctx, err := parser.New().ParseFile(context.TODO(), fsys, "main.yaml") 169 require.NoError(t, err) 170 171 adapted := Adapt(*fctx) 172 testutil.AssertDefsecEqual(t, tt.expected, adapted) 173 }) 174 } 175 176 }