github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/internal/adapters/terraform/google/compute/networks_test.go (about) 1 package compute 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/aquasecurity/defsec/pkg/types" 7 8 "github.com/aquasecurity/defsec/pkg/providers/google/compute" 9 10 "github.com/aquasecurity/trivy-iac/internal/adapters/terraform/tftestutil" 11 "github.com/aquasecurity/trivy-iac/test/testutil" 12 ) 13 14 func Test_adaptNetworks(t *testing.T) { 15 tests := []struct { 16 name string 17 terraform string 18 expected []compute.Network 19 }{ 20 { 21 name: "defined", 22 terraform: ` 23 resource "google_compute_subnetwork" "example" { 24 name = "test-subnetwork" 25 network = google_compute_network.example.id 26 log_config { 27 aggregation_interval = "INTERVAL_10_MIN" 28 flow_sampling = 0.5 29 metadata = "INCLUDE_ALL_METADATA" 30 } 31 } 32 33 resource "google_compute_network" "example" { 34 name = "test-network" 35 auto_create_subnetworks = false 36 } 37 38 resource "google_compute_firewall" "example" { 39 name = "my-firewall-rule" 40 network = google_compute_network.example.name 41 source_ranges = ["1.2.3.4/32"] 42 allow { 43 protocol = "icmp" 44 ports = ["80", "8080"] 45 } 46 } 47 `, 48 expected: []compute.Network{ 49 { 50 Metadata: defsecTypes.NewTestMetadata(), 51 Firewall: &compute.Firewall{ 52 Metadata: defsecTypes.NewTestMetadata(), 53 Name: defsecTypes.String("my-firewall-rule", defsecTypes.NewTestMetadata()), 54 IngressRules: []compute.IngressRule{ 55 { 56 Metadata: defsecTypes.NewTestMetadata(), 57 FirewallRule: compute.FirewallRule{ 58 Metadata: defsecTypes.NewTestMetadata(), 59 IsAllow: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 60 Protocol: defsecTypes.String("icmp", defsecTypes.NewTestMetadata()), 61 Enforced: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 62 Ports: []defsecTypes.IntValue{ 63 defsecTypes.Int(80, defsecTypes.NewTestMetadata()), 64 defsecTypes.Int(8080, defsecTypes.NewTestMetadata()), 65 }, 66 }, 67 SourceRanges: []defsecTypes.StringValue{ 68 defsecTypes.String("1.2.3.4/32", defsecTypes.NewTestMetadata()), 69 }, 70 }, 71 }, 72 }, 73 Subnetworks: []compute.SubNetwork{ 74 { 75 Metadata: defsecTypes.NewTestMetadata(), 76 Name: defsecTypes.String("test-subnetwork", defsecTypes.NewTestMetadata()), 77 EnableFlowLogs: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 78 Purpose: defsecTypes.StringDefault("PRIVATE_RFC_1918", defsecTypes.NewTestMetadata()), 79 }, 80 }, 81 }, 82 }, 83 }, 84 { 85 name: "defaults", 86 terraform: ` 87 resource "google_compute_subnetwork" "example" { 88 network = google_compute_network.example.id 89 purpose = "REGIONAL_MANAGED_PROXY" 90 } 91 92 resource "google_compute_network" "example" { 93 } 94 95 resource "google_compute_firewall" "example" { 96 network = google_compute_network.example.name 97 } 98 `, 99 expected: []compute.Network{ 100 { 101 Metadata: defsecTypes.NewTestMetadata(), 102 Firewall: &compute.Firewall{ 103 Metadata: defsecTypes.NewTestMetadata(), 104 Name: defsecTypes.String("", defsecTypes.NewTestMetadata()), 105 }, 106 Subnetworks: []compute.SubNetwork{ 107 { 108 Metadata: defsecTypes.NewTestMetadata(), 109 Name: defsecTypes.String("", defsecTypes.NewTestMetadata()), 110 EnableFlowLogs: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 111 Purpose: defsecTypes.String("REGIONAL_MANAGED_PROXY", defsecTypes.NewTestMetadata()), 112 }, 113 }, 114 }, 115 }, 116 }, 117 } 118 119 for _, test := range tests { 120 t.Run(test.name, func(t *testing.T) { 121 modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf") 122 adapted := adaptNetworks(modules) 123 testutil.AssertDefsecEqual(t, test.expected, adapted) 124 }) 125 } 126 }