github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/internal/adapters/terraform/aws/cloudwatch/adapt_test.go (about) 1 package cloudwatch 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/aquasecurity/defsec/pkg/types" 7 8 "github.com/aquasecurity/defsec/pkg/providers/aws/cloudwatch" 9 10 "github.com/aquasecurity/trivy-iac/internal/adapters/terraform/tftestutil" 11 12 "github.com/aquasecurity/trivy-iac/test/testutil" 13 "github.com/stretchr/testify/assert" 14 "github.com/stretchr/testify/require" 15 ) 16 17 func Test_adaptLogGroups(t *testing.T) { 18 tests := []struct { 19 name string 20 terraform string 21 expected []cloudwatch.LogGroup 22 }{ 23 { 24 name: "key referencing block", 25 terraform: ` 26 resource "aws_cloudwatch_log_group" "my-group" { 27 name = "my-group" 28 kms_key_id = aws_kms_key.log_key.arn 29 } 30 31 resource "aws_kms_key" "log_key" { 32 } 33 `, 34 expected: []cloudwatch.LogGroup{ 35 { 36 Metadata: defsecTypes.NewTestMetadata(), 37 Arn: defsecTypes.String("", defsecTypes.NewTestMetadata()), 38 Name: defsecTypes.String("my-group", defsecTypes.NewTestMetadata()), 39 KMSKeyID: defsecTypes.String("aws_kms_key.log_key", defsecTypes.NewTestMetadata()), 40 RetentionInDays: defsecTypes.Int(0, defsecTypes.NewTestMetadata()), 41 MetricFilters: nil, 42 }, 43 }, 44 }, 45 { 46 name: "key as string", 47 terraform: ` 48 resource "aws_cloudwatch_log_group" "my-group" { 49 name = "my-group" 50 kms_key_id = "key-as-string" 51 } 52 `, 53 expected: []cloudwatch.LogGroup{ 54 { 55 Metadata: defsecTypes.NewTestMetadata(), 56 Arn: defsecTypes.String("", defsecTypes.NewTestMetadata()), 57 Name: defsecTypes.String("my-group", defsecTypes.NewTestMetadata()), 58 KMSKeyID: defsecTypes.String("key-as-string", defsecTypes.NewTestMetadata()), 59 RetentionInDays: defsecTypes.Int(0, defsecTypes.NewTestMetadata()), 60 }, 61 }, 62 }, 63 { 64 name: "missing key", 65 terraform: ` 66 resource "aws_cloudwatch_log_group" "my-group" { 67 name = "my-group" 68 retention_in_days = 3 69 } 70 `, 71 expected: []cloudwatch.LogGroup{ 72 { 73 Metadata: defsecTypes.NewTestMetadata(), 74 Arn: defsecTypes.String("", defsecTypes.NewTestMetadata()), 75 Name: defsecTypes.String("my-group", defsecTypes.NewTestMetadata()), 76 KMSKeyID: defsecTypes.String("", defsecTypes.NewTestMetadata()), 77 RetentionInDays: defsecTypes.Int(3, defsecTypes.NewTestMetadata()), 78 }, 79 }, 80 }, 81 } 82 83 for _, test := range tests { 84 t.Run(test.name, func(t *testing.T) { 85 modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf") 86 adapted := adaptLogGroups(modules) 87 testutil.AssertDefsecEqual(t, test.expected, adapted) 88 }) 89 } 90 } 91 92 func TestLines(t *testing.T) { 93 src := ` 94 resource "aws_cloudwatch_log_group" "my-group" { 95 name = "my-group" 96 kms_key_id = aws_kms_key.log_key.arn 97 retention_in_days = 3 98 99 }` 100 101 modules := tftestutil.CreateModulesFromSource(t, src, ".tf") 102 adapted := Adapt(modules) 103 require.Len(t, adapted.LogGroups, 1) 104 logGroup := adapted.LogGroups[0] 105 106 assert.Equal(t, 3, logGroup.Name.GetMetadata().Range().GetStartLine()) 107 assert.Equal(t, 3, logGroup.Name.GetMetadata().Range().GetEndLine()) 108 109 assert.Equal(t, 4, logGroup.KMSKeyID.GetMetadata().Range().GetStartLine()) 110 assert.Equal(t, 4, logGroup.KMSKeyID.GetMetadata().Range().GetStartLine()) 111 112 assert.Equal(t, 5, logGroup.RetentionInDays.GetMetadata().Range().GetStartLine()) 113 assert.Equal(t, 5, logGroup.RetentionInDays.GetMetadata().Range().GetStartLine()) 114 }