github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/dynamodb/adapt_test.go (about) 1 package dynamodb 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/dynamodb" 9 10 "github.com/khulnasoft-lab/defsec/internal/adapters/terraform/tftestutil" 11 12 "github.com/khulnasoft-lab/defsec/test/testutil" 13 "github.com/stretchr/testify/assert" 14 "github.com/stretchr/testify/require" 15 ) 16 17 func Test_adaptCluster(t *testing.T) { 18 tests := []struct { 19 name string 20 terraform string 21 expected dynamodb.DAXCluster 22 }{ 23 { 24 name: "cluster", 25 terraform: ` 26 resource "aws_dax_cluster" "example" { 27 server_side_encryption { 28 enabled = true 29 } 30 } 31 `, 32 expected: dynamodb.DAXCluster{ 33 Metadata: defsecTypes.NewTestMetadata(), 34 ServerSideEncryption: dynamodb.ServerSideEncryption{ 35 Metadata: defsecTypes.NewTestMetadata(), 36 Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 37 KMSKeyID: defsecTypes.String("", defsecTypes.NewTestMetadata()), 38 }, 39 PointInTimeRecovery: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 40 }, 41 }, 42 } 43 44 for _, test := range tests { 45 t.Run(test.name, func(t *testing.T) { 46 modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf") 47 adapted := adaptCluster(modules.GetBlocks()[0], modules[0]) 48 testutil.AssertDefsecEqual(t, test.expected, adapted) 49 }) 50 } 51 } 52 53 func Test_adaptTable(t *testing.T) { 54 tests := []struct { 55 name string 56 terraform string 57 expected dynamodb.Table 58 }{ 59 { 60 name: "table", 61 terraform: ` 62 resource "aws_dynamodb_table" "example" { 63 name = "example" 64 65 server_side_encryption { 66 enabled = true 67 kms_key_arn = "key-string" 68 } 69 70 point_in_time_recovery { 71 enabled = true 72 } 73 } 74 `, 75 expected: dynamodb.Table{ 76 Metadata: defsecTypes.NewTestMetadata(), 77 ServerSideEncryption: dynamodb.ServerSideEncryption{ 78 Metadata: defsecTypes.NewTestMetadata(), 79 Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 80 KMSKeyID: defsecTypes.String("key-string", defsecTypes.NewTestMetadata()), 81 }, 82 PointInTimeRecovery: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 83 }, 84 }, 85 { 86 name: "table no kms", 87 terraform: ` 88 resource "aws_dax_cluster" "example" { 89 server_side_encryption { 90 enabled = true 91 } 92 } 93 `, 94 expected: dynamodb.Table{ 95 Metadata: defsecTypes.NewTestMetadata(), 96 ServerSideEncryption: dynamodb.ServerSideEncryption{ 97 Metadata: defsecTypes.NewTestMetadata(), 98 Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 99 KMSKeyID: defsecTypes.String("alias/aws/dynamodb", defsecTypes.NewTestMetadata()), 100 }, 101 PointInTimeRecovery: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 102 }, 103 }, 104 { 105 name: "reference key", 106 terraform: ` 107 resource "aws_dynamodb_table" "example" { 108 name = "example" 109 110 server_side_encryption { 111 enabled = true 112 kms_key_arn = aws_kms_key.a.arn 113 } 114 } 115 116 resource "aws_kms_key" "a" { 117 } 118 `, 119 expected: dynamodb.Table{ 120 Metadata: defsecTypes.NewTestMetadata(), 121 ServerSideEncryption: dynamodb.ServerSideEncryption{ 122 Metadata: defsecTypes.NewTestMetadata(), 123 Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 124 KMSKeyID: defsecTypes.String("aws_kms_key.a", defsecTypes.NewTestMetadata()), 125 }, 126 PointInTimeRecovery: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 127 }, 128 }, 129 } 130 131 for _, test := range tests { 132 t.Run(test.name, func(t *testing.T) { 133 modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf") 134 adapted := adaptTable(modules.GetBlocks()[0], modules[0]) 135 testutil.AssertDefsecEqual(t, test.expected, adapted) 136 }) 137 } 138 } 139 140 func TestLines(t *testing.T) { 141 src := ` 142 resource "aws_dynamodb_table" "example" { 143 name = "example" 144 145 server_side_encryption { 146 enabled = true 147 kms_key_arn = "key-string" 148 } 149 150 point_in_time_recovery { 151 enabled = true 152 } 153 }` 154 155 modules := tftestutil.CreateModulesFromSource(t, src, ".tf") 156 adapted := Adapt(modules) 157 158 require.Len(t, adapted.DAXClusters, 0) 159 require.Len(t, adapted.Tables, 1) 160 table := adapted.Tables[0] 161 162 assert.Equal(t, 2, table.Metadata.Range().GetStartLine()) 163 assert.Equal(t, 13, table.Metadata.Range().GetEndLine()) 164 165 assert.Equal(t, 5, table.ServerSideEncryption.Metadata.Range().GetStartLine()) 166 assert.Equal(t, 8, table.ServerSideEncryption.Metadata.Range().GetEndLine()) 167 168 assert.Equal(t, 6, table.ServerSideEncryption.Enabled.GetMetadata().Range().GetStartLine()) 169 assert.Equal(t, 6, table.ServerSideEncryption.Enabled.GetMetadata().Range().GetEndLine()) 170 171 assert.Equal(t, 7, table.ServerSideEncryption.KMSKeyID.GetMetadata().Range().GetStartLine()) 172 assert.Equal(t, 7, table.ServerSideEncryption.KMSKeyID.GetMetadata().Range().GetEndLine()) 173 174 assert.Equal(t, 11, table.PointInTimeRecovery.GetMetadata().Range().GetStartLine()) 175 assert.Equal(t, 11, table.PointInTimeRecovery.GetMetadata().Range().GetEndLine()) 176 }