github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/internal/adapters/terraform/google/dns/adapt_test.go (about) 1 package dns 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/aquasecurity/defsec/pkg/types" 7 8 "github.com/aquasecurity/defsec/pkg/providers/google/dns" 9 10 "github.com/aquasecurity/trivy-iac/internal/adapters/terraform/tftestutil" 11 12 "github.com/aquasecurity/trivy-iac/test/testutil" 13 "github.com/stretchr/testify/assert" 14 "github.com/stretchr/testify/require" 15 ) 16 17 func Test_Adapt(t *testing.T) { 18 tests := []struct { 19 name string 20 terraform string 21 expected dns.DNS 22 }{ 23 { 24 name: "basic", 25 terraform: ` 26 resource "google_dns_managed_zone" "example" { 27 name = "example-zone" 28 dns_name = "example-${random_id.rnd.hex}.com." 29 description = "Example DNS zone" 30 labels = { 31 foo = "bar" 32 } 33 dnssec_config { 34 state = "on" 35 default_key_specs { 36 algorithm = "rsasha1" 37 key_type = "keySigning" 38 } 39 default_key_specs { 40 algorithm = "rsasha1" 41 key_type = "zoneSigning" 42 } 43 } 44 } 45 `, 46 expected: dns.DNS{ 47 ManagedZones: []dns.ManagedZone{ 48 { 49 Metadata: defsecTypes.NewTestMetadata(), 50 Visibility: defsecTypes.String("public", defsecTypes.NewTestMetadata()), 51 DNSSec: dns.DNSSec{ 52 Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 53 DefaultKeySpecs: []dns.KeySpecs{ 54 { 55 Metadata: defsecTypes.NewTestMetadata(), 56 Algorithm: defsecTypes.String("rsasha1", defsecTypes.NewTestMetadata()), 57 KeyType: defsecTypes.String("keySigning", defsecTypes.NewTestMetadata()), 58 }, 59 { 60 Metadata: defsecTypes.NewTestMetadata(), 61 Algorithm: defsecTypes.String("rsasha1", defsecTypes.NewTestMetadata()), 62 KeyType: defsecTypes.String("zoneSigning", defsecTypes.NewTestMetadata()), 63 }, 64 }, 65 }, 66 }, 67 }, 68 }, 69 }, 70 } 71 72 for _, test := range tests { 73 t.Run(test.name, func(t *testing.T) { 74 modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf") 75 adapted := Adapt(modules) 76 testutil.AssertDefsecEqual(t, test.expected, adapted) 77 }) 78 } 79 } 80 81 func TestLines(t *testing.T) { 82 src := ` 83 resource "google_dns_managed_zone" "example" { 84 name = "example-zone" 85 dns_name = "example-${random_id.rnd.hex}.com." 86 87 dnssec_config { 88 state = "on" 89 default_key_specs { 90 algorithm = "rsasha1" 91 key_type = "keySigning" 92 } 93 } 94 }` 95 96 modules := tftestutil.CreateModulesFromSource(t, src, ".tf") 97 adapted := Adapt(modules) 98 99 require.Len(t, adapted.ManagedZones, 1) 100 zone := adapted.ManagedZones[0] 101 102 assert.Equal(t, 2, zone.Metadata.Range().GetStartLine()) 103 assert.Equal(t, 13, zone.Metadata.Range().GetEndLine()) 104 105 assert.Equal(t, 7, zone.DNSSec.Enabled.GetMetadata().Range().GetStartLine()) 106 assert.Equal(t, 7, zone.DNSSec.Enabled.GetMetadata().Range().GetEndLine()) 107 108 assert.Equal(t, 8, zone.DNSSec.DefaultKeySpecs[0].Metadata.Range().GetStartLine()) 109 assert.Equal(t, 11, zone.DNSSec.DefaultKeySpecs[0].Metadata.Range().GetEndLine()) 110 111 assert.Equal(t, 9, zone.DNSSec.DefaultKeySpecs[0].Algorithm.GetMetadata().Range().GetStartLine()) 112 assert.Equal(t, 9, zone.DNSSec.DefaultKeySpecs[0].Algorithm.GetMetadata().Range().GetEndLine()) 113 }