github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/ec2/adapt_test.go (about) 1 package ec2 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/ec2" 9 10 "github.com/khulnasoft-lab/defsec/internal/adapters/terraform/tftestutil" 11 12 "github.com/khulnasoft-lab/defsec/test/testutil" 13 "github.com/stretchr/testify/assert" 14 "github.com/stretchr/testify/require" 15 ) 16 17 func Test_Adapt(t *testing.T) { 18 tests := []struct { 19 name string 20 terraform string 21 expected ec2.EC2 22 }{ 23 { 24 name: "configured", 25 terraform: ` 26 resource "aws_instance" "example" { 27 ami = "ami-7f89a64f" 28 instance_type = "t1.micro" 29 30 root_block_device { 31 encrypted = true 32 } 33 34 metadata_options { 35 http_tokens = "required" 36 http_endpoint = "disabled" 37 } 38 39 ebs_block_device { 40 encrypted = true 41 } 42 43 user_data = <<EOF 44 export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE 45 EOF 46 } 47 `, 48 expected: ec2.EC2{ 49 Instances: []ec2.Instance{ 50 { 51 Metadata: defsecTypes.NewTestMetadata(), 52 MetadataOptions: ec2.MetadataOptions{ 53 Metadata: defsecTypes.NewTestMetadata(), 54 HttpTokens: defsecTypes.String("required", defsecTypes.NewTestMetadata()), 55 HttpEndpoint: defsecTypes.String("disabled", defsecTypes.NewTestMetadata()), 56 }, 57 UserData: defsecTypes.String( 58 `export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE 59 `, 60 defsecTypes.NewTestMetadata()), 61 RootBlockDevice: &ec2.BlockDevice{ 62 Metadata: defsecTypes.NewTestMetadata(), 63 Encrypted: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 64 }, 65 EBSBlockDevices: []*ec2.BlockDevice{ 66 { 67 Metadata: defsecTypes.NewTestMetadata(), 68 Encrypted: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 69 }, 70 }, 71 }, 72 }, 73 }, 74 }, 75 { 76 name: "defaults", 77 terraform: ` 78 resource "aws_instance" "example" { 79 } 80 `, 81 expected: ec2.EC2{ 82 Instances: []ec2.Instance{ 83 { 84 Metadata: defsecTypes.NewTestMetadata(), 85 MetadataOptions: ec2.MetadataOptions{ 86 Metadata: defsecTypes.NewTestMetadata(), 87 HttpTokens: defsecTypes.String("", defsecTypes.NewTestMetadata()), 88 HttpEndpoint: defsecTypes.String("", defsecTypes.NewTestMetadata()), 89 }, 90 UserData: defsecTypes.String("", defsecTypes.NewTestMetadata()), 91 RootBlockDevice: &ec2.BlockDevice{ 92 Metadata: defsecTypes.NewTestMetadata(), 93 Encrypted: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 94 }, 95 }, 96 }, 97 }, 98 }, 99 } 100 101 for _, test := range tests { 102 t.Run(test.name, func(t *testing.T) { 103 modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf") 104 adapted := Adapt(modules) 105 testutil.AssertDefsecEqual(t, test.expected, adapted) 106 }) 107 } 108 } 109 110 func TestLines(t *testing.T) { 111 src := ` 112 resource "aws_instance" "example" { 113 ami = "ami-7f89a64f" 114 instance_type = "t1.micro" 115 116 root_block_device { 117 encrypted = true 118 } 119 120 metadata_options { 121 http_tokens = "required" 122 http_endpoint = "disabled" 123 } 124 125 ebs_block_device { 126 encrypted = true 127 } 128 129 user_data = <<EOF 130 export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE 131 EOF 132 }` 133 134 modules := tftestutil.CreateModulesFromSource(t, src, ".tf") 135 adapted := Adapt(modules) 136 137 require.Len(t, adapted.Instances, 1) 138 instance := adapted.Instances[0] 139 140 assert.Equal(t, 2, instance.Metadata.Range().GetStartLine()) 141 assert.Equal(t, 22, instance.Metadata.Range().GetEndLine()) 142 143 assert.Equal(t, 6, instance.RootBlockDevice.Metadata.Range().GetStartLine()) 144 assert.Equal(t, 8, instance.RootBlockDevice.Metadata.Range().GetEndLine()) 145 146 assert.Equal(t, 7, instance.RootBlockDevice.Encrypted.GetMetadata().Range().GetStartLine()) 147 assert.Equal(t, 7, instance.RootBlockDevice.Encrypted.GetMetadata().Range().GetEndLine()) 148 149 assert.Equal(t, 10, instance.MetadataOptions.Metadata.Range().GetStartLine()) 150 assert.Equal(t, 13, instance.MetadataOptions.Metadata.Range().GetEndLine()) 151 152 assert.Equal(t, 11, instance.MetadataOptions.HttpTokens.GetMetadata().Range().GetStartLine()) 153 assert.Equal(t, 11, instance.MetadataOptions.HttpTokens.GetMetadata().Range().GetEndLine()) 154 155 assert.Equal(t, 12, instance.MetadataOptions.HttpEndpoint.GetMetadata().Range().GetStartLine()) 156 assert.Equal(t, 12, instance.MetadataOptions.HttpEndpoint.GetMetadata().Range().GetEndLine()) 157 158 assert.Equal(t, 15, instance.EBSBlockDevices[0].Metadata.Range().GetStartLine()) 159 assert.Equal(t, 17, instance.EBSBlockDevices[0].Metadata.Range().GetEndLine()) 160 161 assert.Equal(t, 16, instance.EBSBlockDevices[0].Encrypted.GetMetadata().Range().GetStartLine()) 162 assert.Equal(t, 16, instance.EBSBlockDevices[0].Encrypted.GetMetadata().Range().GetEndLine()) 163 164 assert.Equal(t, 19, instance.UserData.GetMetadata().Range().GetStartLine()) 165 assert.Equal(t, 21, instance.UserData.GetMetadata().Range().GetEndLine()) 166 }