github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/ecs/adapt_test.go (about) 1 package ecs 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/ecs" 9 10 "github.com/khulnasoft-lab/defsec/internal/adapters/terraform/tftestutil" 11 12 "github.com/khulnasoft-lab/defsec/test/testutil" 13 "github.com/stretchr/testify/assert" 14 "github.com/stretchr/testify/require" 15 ) 16 17 func Test_adaptClusterSettings(t *testing.T) { 18 tests := []struct { 19 name string 20 terraform string 21 expected ecs.ClusterSettings 22 }{ 23 { 24 name: "container insights enabled", 25 terraform: ` 26 resource "aws_ecs_cluster" "example" { 27 name = "services-cluster" 28 29 setting { 30 name = "containerInsights" 31 value = "enabled" 32 } 33 } 34 `, 35 expected: ecs.ClusterSettings{ 36 Metadata: defsecTypes.NewTestMetadata(), 37 ContainerInsightsEnabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 38 }, 39 }, 40 { 41 name: "invalid name", 42 terraform: ` 43 resource "aws_ecs_cluster" "example" { 44 name = "services-cluster" 45 46 setting { 47 name = "invalidName" 48 value = "enabled" 49 } 50 } 51 `, 52 expected: ecs.ClusterSettings{ 53 Metadata: defsecTypes.NewTestMetadata(), 54 ContainerInsightsEnabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 55 }, 56 }, 57 { 58 name: "defaults", 59 terraform: ` 60 resource "aws_ecs_cluster" "example" { 61 } 62 `, 63 expected: ecs.ClusterSettings{ 64 Metadata: defsecTypes.NewTestMetadata(), 65 ContainerInsightsEnabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 66 }, 67 }, 68 } 69 70 for _, test := range tests { 71 t.Run(test.name, func(t *testing.T) { 72 modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf") 73 adapted := adaptClusterSettings(modules.GetBlocks()[0]) 74 testutil.AssertDefsecEqual(t, test.expected, adapted) 75 }) 76 } 77 } 78 79 func Test_adaptTaskDefinitionResource(t *testing.T) { 80 tests := []struct { 81 name string 82 terraform string 83 expected ecs.TaskDefinition 84 }{ 85 { 86 name: "configured", 87 terraform: ` 88 resource "aws_ecs_task_definition" "example" { 89 family = "service" 90 container_definitions = <<EOF 91 [ 92 { 93 "name": "my_service", 94 "image": "my_image", 95 "essential": true, 96 "memory": 256, 97 "cpu": 2, 98 "environment": [ 99 { "name": "ENVIRONMENT", "value": "development" } 100 ] 101 } 102 ] 103 EOF 104 105 volume { 106 name = "service-storage" 107 108 efs_volume_configuration { 109 transit_encryption = "ENABLED" 110 } 111 } 112 } 113 `, 114 expected: ecs.TaskDefinition{ 115 Metadata: defsecTypes.NewTestMetadata(), 116 Volumes: []ecs.Volume{ 117 { 118 Metadata: defsecTypes.NewTestMetadata(), 119 EFSVolumeConfiguration: ecs.EFSVolumeConfiguration{ 120 Metadata: defsecTypes.NewTestMetadata(), 121 TransitEncryptionEnabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 122 }, 123 }, 124 }, 125 ContainerDefinitions: []ecs.ContainerDefinition{ 126 { 127 Metadata: defsecTypes.NewTestMetadata(), 128 Name: defsecTypes.String("my_service", defsecTypes.NewTestMetadata()), 129 Image: defsecTypes.String("my_image", defsecTypes.NewTestMetadata()), 130 CPU: defsecTypes.Int(2, defsecTypes.NewTestMetadata()), 131 Memory: defsecTypes.Int(256, defsecTypes.NewTestMetadata()), 132 Essential: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 133 Privileged: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 134 Environment: []ecs.EnvVar{ 135 { 136 Name: "ENVIRONMENT", 137 Value: "development", 138 }, 139 }, 140 }, 141 }, 142 }, 143 }, 144 { 145 name: "defaults", 146 terraform: ` 147 resource "aws_ecs_task_definition" "example" { 148 volume { 149 name = "service-storage" 150 151 efs_volume_configuration { 152 } 153 } 154 } 155 `, 156 expected: ecs.TaskDefinition{ 157 Metadata: defsecTypes.NewTestMetadata(), 158 Volumes: []ecs.Volume{ 159 { 160 Metadata: defsecTypes.NewTestMetadata(), 161 EFSVolumeConfiguration: ecs.EFSVolumeConfiguration{ 162 163 Metadata: defsecTypes.NewTestMetadata(), 164 TransitEncryptionEnabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 165 }, 166 }, 167 }, 168 ContainerDefinitions: nil, 169 }, 170 }, 171 } 172 173 for _, test := range tests { 174 t.Run(test.name, func(t *testing.T) { 175 modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf") 176 adapted := adaptTaskDefinitionResource(modules.GetBlocks()[0]) 177 testutil.AssertDefsecEqual(t, test.expected, adapted) 178 }) 179 } 180 } 181 182 func TestLines(t *testing.T) { 183 src := ` 184 resource "aws_ecs_cluster" "example" { 185 name = "services-cluster" 186 187 setting { 188 name = "containerInsights" 189 value = "enabled" 190 } 191 } 192 193 resource "aws_ecs_task_definition" "example" { 194 family = "service" 195 container_definitions = <<EOF 196 [ 197 { 198 "name": "my_service", 199 "essential": true, 200 "memory": 256, 201 "environment": [ 202 { "name": "ENVIRONMENT", "value": "development" } 203 ] 204 } 205 ] 206 EOF 207 208 volume { 209 name = "service-storage" 210 211 efs_volume_configuration { 212 transit_encryption = "ENABLED" 213 } 214 } 215 }` 216 217 modules := tftestutil.CreateModulesFromSource(t, src, ".tf") 218 adapted := Adapt(modules) 219 220 require.Len(t, adapted.Clusters, 1) 221 require.Len(t, adapted.TaskDefinitions, 1) 222 223 cluster := adapted.Clusters[0] 224 taskDefinition := adapted.TaskDefinitions[0] 225 226 assert.Equal(t, 2, cluster.Metadata.Range().GetStartLine()) 227 assert.Equal(t, 9, cluster.Metadata.Range().GetEndLine()) 228 229 assert.Equal(t, 5, cluster.Settings.Metadata.Range().GetStartLine()) 230 assert.Equal(t, 8, cluster.Settings.Metadata.Range().GetEndLine()) 231 232 assert.Equal(t, 7, cluster.Settings.ContainerInsightsEnabled.GetMetadata().Range().GetStartLine()) 233 assert.Equal(t, 7, cluster.Settings.ContainerInsightsEnabled.GetMetadata().Range().GetEndLine()) 234 235 assert.Equal(t, 11, taskDefinition.Metadata.Range().GetStartLine()) 236 assert.Equal(t, 33, taskDefinition.Metadata.Range().GetEndLine()) 237 238 assert.Equal(t, 26, taskDefinition.Volumes[0].Metadata.Range().GetStartLine()) 239 assert.Equal(t, 32, taskDefinition.Volumes[0].Metadata.Range().GetEndLine()) 240 241 assert.Equal(t, 29, taskDefinition.Volumes[0].EFSVolumeConfiguration.Metadata.Range().GetStartLine()) 242 assert.Equal(t, 31, taskDefinition.Volumes[0].EFSVolumeConfiguration.Metadata.Range().GetEndLine()) 243 244 assert.Equal(t, 30, taskDefinition.Volumes[0].EFSVolumeConfiguration.TransitEncryptionEnabled.GetMetadata().Range().GetStartLine()) 245 assert.Equal(t, 30, taskDefinition.Volumes[0].EFSVolumeConfiguration.TransitEncryptionEnabled.GetMetadata().Range().GetEndLine()) 246 }