github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/ec2/volume_test.go (about) 1 package ec2 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/ec2" 9 10 "github.com/khulnasoft-lab/defsec/internal/adapters/terraform/tftestutil" 11 12 "github.com/khulnasoft-lab/defsec/test/testutil" 13 "github.com/stretchr/testify/assert" 14 "github.com/stretchr/testify/require" 15 ) 16 17 func Test_adaptVolume(t *testing.T) { 18 tests := []struct { 19 name string 20 terraform string 21 expected ec2.Volume 22 }{ 23 { 24 name: "referenced key", 25 terraform: ` 26 resource "aws_ebs_volume" "example" { 27 kms_key_id = aws_kms_key.ebs_encryption.arn 28 encrypted = true 29 } 30 31 resource "aws_kms_key" "ebs_encryption" { 32 enable_key_rotation = true 33 } 34 `, 35 expected: ec2.Volume{ 36 Metadata: defsecTypes.NewTestMetadata(), 37 Encryption: ec2.Encryption{ 38 Metadata: defsecTypes.NewTestMetadata(), 39 Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 40 KMSKeyID: defsecTypes.String("aws_kms_key.ebs_encryption", defsecTypes.NewTestMetadata()), 41 }, 42 }, 43 }, 44 { 45 name: "string key", 46 terraform: ` 47 resource "aws_ebs_volume" "example" { 48 kms_key_id = "string-key" 49 encrypted = true 50 } 51 `, 52 expected: ec2.Volume{ 53 Metadata: defsecTypes.NewTestMetadata(), 54 Encryption: ec2.Encryption{ 55 Metadata: defsecTypes.NewTestMetadata(), 56 Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 57 KMSKeyID: defsecTypes.String("string-key", defsecTypes.NewTestMetadata()), 58 }, 59 }, 60 }, 61 { 62 name: "defaults", 63 terraform: ` 64 resource "aws_ebs_volume" "example" { 65 } 66 `, 67 expected: ec2.Volume{ 68 Metadata: defsecTypes.NewTestMetadata(), 69 Encryption: ec2.Encryption{ 70 Metadata: defsecTypes.NewTestMetadata(), 71 Enabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 72 KMSKeyID: defsecTypes.String("", defsecTypes.NewTestMetadata()), 73 }, 74 }, 75 }, 76 } 77 78 for _, test := range tests { 79 t.Run(test.name, func(t *testing.T) { 80 modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf") 81 adapted := adaptVolume(modules.GetBlocks()[0], modules[0]) 82 testutil.AssertDefsecEqual(t, test.expected, adapted) 83 }) 84 } 85 } 86 87 func TestVolumeLines(t *testing.T) { 88 src := ` 89 resource "aws_ebs_volume" "example" { 90 kms_key_id = aws_kms_key.ebs_encryption.arn 91 encrypted = true 92 } 93 94 resource "aws_kms_key" "ebs_encryption" { 95 enable_key_rotation = true 96 }` 97 98 modules := tftestutil.CreateModulesFromSource(t, src, ".tf") 99 adapted := Adapt(modules) 100 101 require.Len(t, adapted.Volumes, 1) 102 volume := adapted.Volumes[0] 103 104 assert.Equal(t, 2, volume.Metadata.Range().GetStartLine()) 105 assert.Equal(t, 5, volume.Metadata.Range().GetEndLine()) 106 107 assert.Equal(t, 4, volume.Encryption.Enabled.GetMetadata().Range().GetStartLine()) 108 assert.Equal(t, 4, volume.Encryption.Enabled.GetMetadata().Range().GetEndLine()) 109 110 assert.Equal(t, 7, volume.Encryption.KMSKeyID.GetMetadata().Range().GetStartLine()) 111 assert.Equal(t, 9, volume.Encryption.KMSKeyID.GetMetadata().Range().GetEndLine()) 112 }