github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/documentdb/adapt_test.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/documentdb/adapt_test.go (about)

     1  package documentdb
     2  
     3  import (
     4  	"testing"
     5  
     6  	defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types"
     7  
     8  	"github.com/khulnasoft-lab/defsec/pkg/providers/aws/documentdb"
     9  
    10  	"github.com/khulnasoft-lab/defsec/internal/adapters/terraform/tftestutil"
    11  
    12  	"github.com/khulnasoft-lab/defsec/test/testutil"
    13  	"github.com/stretchr/testify/assert"
    14  	"github.com/stretchr/testify/require"
    15  )
    16  
    17  func Test_adaptCluster(t *testing.T) {
    18  	tests := []struct {
    19  		name      string
    20  		terraform string
    21  		expected  documentdb.Cluster
    22  	}{
    23  		{
    24  			name: "configured",
    25  			terraform: `		
    26  			resource "aws_docdb_cluster" "docdb" {
    27  			  cluster_identifier      = "my-docdb-cluster"
    28  			  kms_key_id 			  = "kms-key"
    29  			  enabled_cloudwatch_logs_exports = "audit"
    30  			  storage_encrypted = true
    31  			}
    32  
    33  			resource "aws_docdb_cluster_instance" "cluster_instances" {
    34  				count              = 1
    35  				identifier         = "my-docdb-cluster"
    36  				cluster_identifier = aws_docdb_cluster.docdb.id
    37  				kms_key_id 			  = "kms-key#1"
    38  			  }
    39  `,
    40  			expected: documentdb.Cluster{
    41  				Metadata:   defsecTypes.NewTestMetadata(),
    42  				Identifier: defsecTypes.String("my-docdb-cluster", defsecTypes.NewTestMetadata()),
    43  				KMSKeyID:   defsecTypes.String("kms-key", defsecTypes.NewTestMetadata()),
    44  				EnabledLogExports: []defsecTypes.StringValue{
    45  					defsecTypes.String("audit", defsecTypes.NewTestMetadata()),
    46  				},
    47  				Instances: []documentdb.Instance{
    48  					{
    49  						Metadata: defsecTypes.NewTestMetadata(),
    50  						KMSKeyID: defsecTypes.String("kms-key#1", defsecTypes.NewTestMetadata()),
    51  					},
    52  				},
    53  				StorageEncrypted: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()),
    54  			},
    55  		},
    56  		{
    57  			name: "defaults",
    58  			terraform: `		
    59  			resource "aws_docdb_cluster" "docdb" {
    60  			}
    61  `,
    62  			expected: documentdb.Cluster{
    63  				Metadata:         defsecTypes.NewTestMetadata(),
    64  				Identifier:       defsecTypes.String("", defsecTypes.NewTestMetadata()),
    65  				StorageEncrypted: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()),
    66  				KMSKeyID:         defsecTypes.String("", defsecTypes.NewTestMetadata()),
    67  			},
    68  		},
    69  	}
    70  
    71  	for _, test := range tests {
    72  		t.Run(test.name, func(t *testing.T) {
    73  			modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf")
    74  			adapted := adaptCluster(modules.GetBlocks()[0], modules[0])
    75  			testutil.AssertDefsecEqual(t, test.expected, adapted)
    76  		})
    77  	}
    78  }
    79  
    80  func TestLines(t *testing.T) {
    81  	src := `
    82  	resource "aws_docdb_cluster" "docdb" {
    83  		cluster_identifier      = "my-docdb-cluster"
    84  		kms_key_id 			  = "kms-key"
    85  		enabled_cloudwatch_logs_exports = "audit"
    86  		storage_encrypted = true
    87  	}
    88  
    89   	resource "aws_docdb_cluster_instance" "cluster_instances" {
    90  		count              	= 1
    91  		identifier         	= "my-docdb-cluster"
    92  		cluster_identifier 	= aws_docdb_cluster.docdb.id
    93  		kms_key_id 		    = "kms-key"
    94  	}`
    95  
    96  	modules := tftestutil.CreateModulesFromSource(t, src, ".tf")
    97  	adapted := Adapt(modules)
    98  
    99  	require.Len(t, adapted.Clusters, 1)
   100  	require.Len(t, adapted.Clusters[0].Instances, 1)
   101  
   102  	cluster := adapted.Clusters[0]
   103  	instance := cluster.Instances[0]
   104  
   105  	assert.Equal(t, 2, cluster.Metadata.Range().GetStartLine())
   106  	assert.Equal(t, 7, cluster.Metadata.Range().GetEndLine())
   107  
   108  	assert.Equal(t, 3, cluster.Identifier.GetMetadata().Range().GetStartLine())
   109  	assert.Equal(t, 3, cluster.Identifier.GetMetadata().Range().GetEndLine())
   110  
   111  	assert.Equal(t, 4, cluster.KMSKeyID.GetMetadata().Range().GetStartLine())
   112  	assert.Equal(t, 4, cluster.KMSKeyID.GetMetadata().Range().GetEndLine())
   113  
   114  	assert.Equal(t, 5, cluster.EnabledLogExports[0].GetMetadata().Range().GetStartLine())
   115  	assert.Equal(t, 5, cluster.EnabledLogExports[0].GetMetadata().Range().GetEndLine())
   116  
   117  	assert.Equal(t, 6, cluster.StorageEncrypted.GetMetadata().Range().GetStartLine())
   118  	assert.Equal(t, 6, cluster.StorageEncrypted.GetMetadata().Range().GetEndLine())
   119  
   120  	assert.Equal(t, 9, instance.Metadata.Range().GetStartLine())
   121  	assert.Equal(t, 14, instance.Metadata.Range().GetEndLine())
   122  
   123  	assert.Equal(t, 13, instance.KMSKeyID.GetMetadata().Range().GetStartLine())
   124  	assert.Equal(t, 13, instance.KMSKeyID.GetMetadata().Range().GetEndLine())
   125  }