github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/cloud/aws/iam/role_test.go (about) 1 package iam 2 3 import ( 4 "testing" 5 6 "github.com/stretchr/testify/assert" 7 8 "github.com/khulnasoft-lab/defsec/internal/adapters/cloud/aws" 9 10 iamapi "github.com/aws/aws-sdk-go-v2/service/iam" 11 12 "github.com/khulnasoft-lab/defsec/internal/adapters/cloud/aws/test" 13 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/iam" 14 "github.com/khulnasoft-lab/defsec/pkg/state" 15 "github.com/stretchr/testify/require" 16 ) 17 18 type roleDetails struct { 19 name string 20 document string 21 } 22 23 func Test_IAMRoles(t *testing.T) { 24 tests := []struct { 25 name string 26 details roleDetails 27 }{ 28 { 29 name: "basic role", 30 details: roleDetails{ 31 name: "test-group", 32 document: `{ 33 "Version": "2012-10-17", 34 "Statement": { 35 "Effect": "Allow", 36 "Principal": { "AWS": "arn:aws:iam::123456789012:root" }, 37 "Action": "sts:AssumeRole" 38 } 39 }`, 40 }, 41 }, 42 } 43 ra, stack, err := test.CreateLocalstackAdapter(t) 44 defer func() { _ = stack.Stop() }() 45 require.NoError(t, err) 46 47 for _, tt := range tests { 48 t.Run(tt.name, func(t *testing.T) { 49 arn := bootstrapIAMRole(t, ra, tt.details) 50 testState := &state.State{} 51 iamAdapter := &adapter{} 52 err := iamAdapter.Adapt(ra, testState) 53 require.NoError(t, err) 54 55 var found int 56 var match iam.Role 57 for _, role := range testState.AWS.IAM.Roles { 58 if role.Name.EqualTo(tt.details.name) { 59 found++ 60 match = role 61 } 62 } 63 require.Equal(t, 1, found) 64 assert.Equal(t, arn, match.Metadata.Range().GetLocalFilename()) 65 }) 66 } 67 } 68 69 func bootstrapIAMRole(t *testing.T, ra *aws.RootAdapter, details roleDetails) string { 70 api := iamapi.NewFromConfig(ra.SessionConfig()) 71 output, err := api.CreateRole(ra.Context(), &iamapi.CreateRoleInput{ 72 RoleName: &details.name, 73 AssumeRolePolicyDocument: &details.document, 74 }) 75 require.NoError(t, err) 76 return *output.Role.Arn 77 }