github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/internal/adapters/cloudformation/aws/rds/adapt_test.go (about) 1 package rds 2 3 import ( 4 "context" 5 "testing" 6 7 "github.com/aquasecurity/defsec/pkg/providers/aws/rds" 8 "github.com/aquasecurity/defsec/pkg/types" 9 "github.com/stretchr/testify/require" 10 11 "github.com/aquasecurity/trivy-iac/pkg/scanners/cloudformation/parser" 12 "github.com/aquasecurity/trivy-iac/test/testutil" 13 ) 14 15 func TestAdapt(t *testing.T) { 16 tests := []struct { 17 name string 18 source string 19 expected rds.RDS 20 }{ 21 { 22 name: "cluster with instances", 23 source: `AWSTemplateFormatVersion: 2010-09-09 24 Resources: 25 RDSCluster: 26 Type: 'AWS::RDS::DBCluster' 27 Properties: 28 DBClusterIdentifier: my-cluster1 29 Engine: aurora-postgresql 30 StorageEncrypted: true 31 KmsKeyId: "your-kms-key-id" 32 PerformanceInsightsEnabled: true 33 PerformanceInsightsKmsKeyId: "test-kms-key-id" 34 PublicAccess: true 35 DeletionProtection: true 36 BackupRetentionPeriod: 2 37 RDSDBInstance1: 38 Type: 'AWS::RDS::DBInstance' 39 Properties: 40 Engine: aurora-mysql 41 EngineVersion: "5.7.12" 42 DBInstanceIdentifier: test 43 DBClusterIdentifier: 44 Ref: RDSCluster 45 PubliclyAccessible: 'false' 46 DBInstanceClass: db.r3.xlarge 47 StorageEncrypted: true 48 KmsKeyId: "your-kms-key-id" 49 EnablePerformanceInsights: true 50 PerformanceInsightsKMSKeyId: "test-kms-key-id2" 51 MultiAZ: true 52 AutoMinorVersionUpgrade: true 53 DBInstanceArn: "arn:aws:rds:us-east-2:123456789012:db:my-mysql-instance-1" 54 EnableIAMDatabaseAuthentication: true 55 EnableCloudwatchLogsExports: 56 - "error" 57 - "general" 58 DBParameterGroupName: "testgroup" 59 Tags: 60 - Key: "keyname1" 61 Value: "value1" 62 - Key: "keyname2" 63 Value: "value2" 64 RDSDBParameterGroup: 65 Type: 'AWS::RDS::DBParameterGroup' 66 Properties: 67 Description: "CloudFormation Sample MySQL Parameter Group" 68 DBParameterGroupName: "testgroup" 69 `, 70 expected: rds.RDS{ 71 ParameterGroups: []rds.ParameterGroups{ 72 { 73 Metadata: types.NewTestMetadata(), 74 DBParameterGroupName: types.String("testgroup", types.NewTestMetadata()), 75 }, 76 }, 77 Clusters: []rds.Cluster{ 78 { 79 Metadata: types.NewTestMetadata(), 80 BackupRetentionPeriodDays: types.Int(2, types.NewTestMetadata()), 81 Engine: types.String("aurora-postgresql", types.NewTestMetadata()), 82 Encryption: rds.Encryption{ 83 EncryptStorage: types.Bool(true, types.NewTestMetadata()), 84 KMSKeyID: types.String("your-kms-key-id", types.NewTestMetadata()), 85 }, 86 PerformanceInsights: rds.PerformanceInsights{ 87 Metadata: types.NewTestMetadata(), 88 Enabled: types.Bool(true, types.NewTestMetadata()), 89 KMSKeyID: types.String("test-kms-key-id", types.NewTestMetadata()), 90 }, 91 PublicAccess: types.Bool(false, types.NewTestMetadata()), 92 DeletionProtection: types.Bool(true, types.NewTestMetadata()), 93 Instances: []rds.ClusterInstance{ 94 { 95 Instance: rds.Instance{ 96 Metadata: types.NewTestMetadata(), 97 StorageEncrypted: types.Bool(true, types.NewTestMetadata()), 98 Encryption: rds.Encryption{ 99 EncryptStorage: types.Bool(true, types.NewTestMetadata()), 100 KMSKeyID: types.String("your-kms-key-id", types.NewTestMetadata()), 101 }, 102 DBInstanceIdentifier: types.String("test", types.NewTestMetadata()), 103 PubliclyAccessible: types.Bool(false, types.NewTestMetadata()), 104 PublicAccess: types.BoolDefault(false, types.NewTestMetadata()), 105 BackupRetentionPeriodDays: types.IntDefault(1, types.NewTestMetadata()), 106 Engine: types.StringDefault("aurora-mysql", types.NewTestMetadata()), 107 EngineVersion: types.String("5.7.12", types.NewTestMetadata()), 108 MultiAZ: types.Bool(true, types.NewTestMetadata()), 109 AutoMinorVersionUpgrade: types.Bool(true, types.NewTestMetadata()), 110 DBInstanceArn: types.String("arn:aws:rds:us-east-2:123456789012:db:my-mysql-instance-1", types.NewTestMetadata()), 111 IAMAuthEnabled: types.Bool(true, types.NewTestMetadata()), 112 PerformanceInsights: rds.PerformanceInsights{ 113 Metadata: types.NewTestMetadata(), 114 Enabled: types.Bool(true, types.NewTestMetadata()), 115 KMSKeyID: types.String("test-kms-key-id2", types.NewTestMetadata()), 116 }, 117 EnabledCloudwatchLogsExports: []types.StringValue{ 118 types.String("error", types.NewTestMetadata()), 119 types.String("general", types.NewTestMetadata()), 120 }, 121 DBParameterGroups: []rds.DBParameterGroupsList{ 122 { 123 DBParameterGroupName: types.String("testgroup", types.NewTestMetadata()), 124 }, 125 }, 126 TagList: []rds.TagList{ 127 { 128 Metadata: types.NewTestMetadata(), 129 }, 130 { 131 Metadata: types.NewTestMetadata(), 132 }, 133 }, 134 }, 135 ClusterIdentifier: types.String("RDSCluster", types.NewTestMetadata()), 136 }, 137 }, 138 }, 139 }, 140 }, 141 }, 142 } 143 144 for _, tt := range tests { 145 t.Run(tt.name, func(t *testing.T) { 146 fs := testutil.CreateFS(t, map[string]string{ 147 "template.yaml": tt.source, 148 }) 149 150 p := parser.New() 151 fctx, err := p.ParseFile(context.TODO(), fs, "template.yaml") 152 require.NoError(t, err) 153 154 testutil.AssertDefsecEqual(t, tt.expected, Adapt(*fctx)) 155 }) 156 } 157 158 }