github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/cloudtrail/adapt_test.go (about) 1 package cloudtrail 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/cloudtrail" 9 10 "github.com/khulnasoft-lab/defsec/internal/adapters/terraform/tftestutil" 11 12 "github.com/khulnasoft-lab/defsec/test/testutil" 13 "github.com/stretchr/testify/assert" 14 "github.com/stretchr/testify/require" 15 ) 16 17 func Test_adaptTrail(t *testing.T) { 18 tests := []struct { 19 name string 20 terraform string 21 expected cloudtrail.Trail 22 }{ 23 { 24 name: "configured", 25 terraform: ` 26 resource "aws_cloudtrail" "example" { 27 name = "example" 28 is_multi_region_trail = true 29 30 enable_log_file_validation = true 31 kms_key_id = "kms-key" 32 s3_bucket_name = "abcdefgh" 33 cloud_watch_logs_group_arn = "abc" 34 enable_logging = false 35 } 36 `, 37 expected: cloudtrail.Trail{ 38 Metadata: defsecTypes.NewTestMetadata(), 39 Name: defsecTypes.String("example", defsecTypes.NewTestMetadata()), 40 EnableLogFileValidation: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 41 IsMultiRegion: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 42 KMSKeyID: defsecTypes.String("kms-key", defsecTypes.NewTestMetadata()), 43 CloudWatchLogsLogGroupArn: defsecTypes.String("abc", defsecTypes.NewTestMetadata()), 44 IsLogging: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 45 BucketName: defsecTypes.String("abcdefgh", defsecTypes.NewTestMetadata()), 46 }, 47 }, 48 { 49 name: "defaults", 50 terraform: ` 51 resource "aws_cloudtrail" "example" { 52 } 53 `, 54 expected: cloudtrail.Trail{ 55 Metadata: defsecTypes.NewTestMetadata(), 56 Name: defsecTypes.String("", defsecTypes.NewTestMetadata()), 57 EnableLogFileValidation: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 58 IsMultiRegion: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 59 KMSKeyID: defsecTypes.String("", defsecTypes.NewTestMetadata()), 60 BucketName: defsecTypes.String("", defsecTypes.NewTestMetadata()), 61 CloudWatchLogsLogGroupArn: defsecTypes.String("", defsecTypes.NewTestMetadata()), 62 IsLogging: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 63 }, 64 }, 65 } 66 67 for _, test := range tests { 68 t.Run(test.name, func(t *testing.T) { 69 modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf") 70 adapted := adaptTrail(modules.GetBlocks()[0]) 71 testutil.AssertDefsecEqual(t, test.expected, adapted) 72 }) 73 } 74 } 75 76 func TestLines(t *testing.T) { 77 src := ` 78 resource "aws_cloudtrail" "example" { 79 name = "example" 80 is_multi_region_trail = true 81 82 enable_log_file_validation = true 83 kms_key_id = "kms-key" 84 }` 85 86 modules := tftestutil.CreateModulesFromSource(t, src, ".tf") 87 adapted := Adapt(modules) 88 89 require.Len(t, adapted.Trails, 1) 90 trail := adapted.Trails[0] 91 92 assert.Equal(t, 2, trail.Metadata.Range().GetStartLine()) 93 assert.Equal(t, 8, trail.Metadata.Range().GetEndLine()) 94 95 assert.Equal(t, 3, trail.Name.GetMetadata().Range().GetStartLine()) 96 assert.Equal(t, 3, trail.Name.GetMetadata().Range().GetEndLine()) 97 98 assert.Equal(t, 4, trail.IsMultiRegion.GetMetadata().Range().GetStartLine()) 99 assert.Equal(t, 4, trail.IsMultiRegion.GetMetadata().Range().GetEndLine()) 100 101 assert.Equal(t, 6, trail.EnableLogFileValidation.GetMetadata().Range().GetStartLine()) 102 assert.Equal(t, 6, trail.EnableLogFileValidation.GetMetadata().Range().GetEndLine()) 103 104 assert.Equal(t, 7, trail.KMSKeyID.GetMetadata().Range().GetStartLine()) 105 assert.Equal(t, 7, trail.KMSKeyID.GetMetadata().Range().GetEndLine()) 106 }