github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/elasticache/adapt_test.go (about) 1 package elasticache 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/elasticache" 9 10 "github.com/khulnasoft-lab/defsec/internal/adapters/terraform/tftestutil" 11 12 "github.com/khulnasoft-lab/defsec/test/testutil" 13 "github.com/stretchr/testify/assert" 14 "github.com/stretchr/testify/require" 15 ) 16 17 func Test_adaptCluster(t *testing.T) { 18 tests := []struct { 19 name string 20 terraform string 21 expected elasticache.Cluster 22 }{ 23 { 24 name: "configured", 25 terraform: ` 26 resource "aws_elasticache_cluster" "example" { 27 cluster_id = "cluster-example" 28 engine = "redis" 29 node_type = "cache.m4.large" 30 num_cache_nodes = 1 31 parameter_group_name = "default.redis3.2" 32 engine_version = "3.2.10" 33 port = 6379 34 35 snapshot_retention_limit = 5 36 } 37 `, 38 expected: elasticache.Cluster{ 39 Metadata: defsecTypes.NewTestMetadata(), 40 Engine: defsecTypes.String("redis", defsecTypes.NewTestMetadata()), 41 NodeType: defsecTypes.String("cache.m4.large", defsecTypes.NewTestMetadata()), 42 SnapshotRetentionLimit: defsecTypes.Int(5, defsecTypes.NewTestMetadata()), 43 }, 44 }, 45 { 46 name: "defaults", 47 terraform: ` 48 resource "aws_elasticache_cluster" "example" { 49 }`, 50 expected: elasticache.Cluster{ 51 Metadata: defsecTypes.NewTestMetadata(), 52 Engine: defsecTypes.String("", defsecTypes.NewTestMetadata()), 53 NodeType: defsecTypes.String("", defsecTypes.NewTestMetadata()), 54 SnapshotRetentionLimit: defsecTypes.Int(0, defsecTypes.NewTestMetadata()), 55 }, 56 }, 57 } 58 59 for _, test := range tests { 60 t.Run(test.name, func(t *testing.T) { 61 modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf") 62 adapted := adaptCluster(modules.GetBlocks()[0]) 63 testutil.AssertDefsecEqual(t, test.expected, adapted) 64 }) 65 } 66 } 67 68 func Test_adaptReplicationGroup(t *testing.T) { 69 tests := []struct { 70 name string 71 terraform string 72 expected elasticache.ReplicationGroup 73 }{ 74 { 75 name: "configured", 76 terraform: ` 77 resource "aws_elasticache_replication_group" "example" { 78 replication_group_id = "foo" 79 replication_group_description = "my foo cluster" 80 transit_encryption_enabled = true 81 at_rest_encryption_enabled = true 82 } 83 `, 84 expected: elasticache.ReplicationGroup{ 85 Metadata: defsecTypes.NewTestMetadata(), 86 TransitEncryptionEnabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 87 AtRestEncryptionEnabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 88 }, 89 }, 90 { 91 name: "defaults", 92 terraform: ` 93 resource "aws_elasticache_replication_group" "example" { 94 } 95 `, 96 expected: elasticache.ReplicationGroup{ 97 Metadata: defsecTypes.NewTestMetadata(), 98 TransitEncryptionEnabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 99 AtRestEncryptionEnabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 100 }, 101 }, 102 } 103 104 for _, test := range tests { 105 t.Run(test.name, func(t *testing.T) { 106 modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf") 107 adapted := adaptReplicationGroup(modules.GetBlocks()[0]) 108 testutil.AssertDefsecEqual(t, test.expected, adapted) 109 }) 110 } 111 } 112 113 func Test_adaptSecurityGroup(t *testing.T) { 114 tests := []struct { 115 name string 116 terraform string 117 expected elasticache.SecurityGroup 118 }{ 119 { 120 name: "description provided", 121 terraform: ` 122 resource "aws_security_group" "bar" { 123 name = "security-group" 124 } 125 126 resource "aws_elasticache_security_group" "example" { 127 name = "elasticache-security-group" 128 security_group_names = [aws_security_group.bar.name] 129 description = "something" 130 } 131 `, 132 expected: elasticache.SecurityGroup{ 133 Metadata: defsecTypes.NewTestMetadata(), 134 Description: defsecTypes.String("something", defsecTypes.NewTestMetadata()), 135 }, 136 }, 137 { 138 name: "missing description", 139 terraform: ` 140 resource "aws_security_group" "bar" { 141 name = "security-group" 142 } 143 144 resource "aws_elasticache_security_group" "example" { 145 security_group_names = [aws_security_group.bar.name] 146 } 147 `, 148 expected: elasticache.SecurityGroup{ 149 Metadata: defsecTypes.NewTestMetadata(), 150 Description: defsecTypes.String("Managed by Terraform", defsecTypes.NewTestMetadata()), 151 }, 152 }, 153 } 154 155 for _, test := range tests { 156 t.Run(test.name, func(t *testing.T) { 157 modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf") 158 adapted := adaptSecurityGroup(modules.GetBlocks()[0]) 159 testutil.AssertDefsecEqual(t, test.expected, adapted) 160 }) 161 } 162 } 163 164 func TestLines(t *testing.T) { 165 src := ` 166 resource "aws_elasticache_cluster" "example" { 167 cluster_id = "cluster-example" 168 engine = "redis" 169 node_type = "cache.m4.large" 170 num_cache_nodes = 1 171 parameter_group_name = "default.redis3.2" 172 engine_version = "3.2.10" 173 port = 6379 174 175 snapshot_retention_limit = 5 176 } 177 178 resource "aws_elasticache_replication_group" "example" { 179 replication_group_id = "foo" 180 replication_group_description = "my foo cluster" 181 transit_encryption_enabled = true 182 at_rest_encryption_enabled = true 183 } 184 185 resource "aws_security_group" "bar" { 186 name = "security-group" 187 } 188 189 resource "aws_elasticache_security_group" "example" { 190 name = "elasticache-security-group" 191 security_group_names = [aws_security_group.bar.name] 192 description = "something" 193 }` 194 195 modules := tftestutil.CreateModulesFromSource(t, src, ".tf") 196 adapted := Adapt(modules) 197 198 require.Len(t, adapted.Clusters, 1) 199 require.Len(t, adapted.ReplicationGroups, 1) 200 require.Len(t, adapted.SecurityGroups, 1) 201 202 cluster := adapted.Clusters[0] 203 replicationGroup := adapted.ReplicationGroups[0] 204 securityGroup := adapted.SecurityGroups[0] 205 206 assert.Equal(t, 2, cluster.Metadata.Range().GetStartLine()) 207 assert.Equal(t, 12, cluster.Metadata.Range().GetEndLine()) 208 209 assert.Equal(t, 4, cluster.Engine.GetMetadata().Range().GetStartLine()) 210 assert.Equal(t, 4, cluster.Engine.GetMetadata().Range().GetEndLine()) 211 212 assert.Equal(t, 5, cluster.NodeType.GetMetadata().Range().GetStartLine()) 213 assert.Equal(t, 5, cluster.NodeType.GetMetadata().Range().GetEndLine()) 214 215 assert.Equal(t, 11, cluster.SnapshotRetentionLimit.GetMetadata().Range().GetStartLine()) 216 assert.Equal(t, 11, cluster.SnapshotRetentionLimit.GetMetadata().Range().GetEndLine()) 217 218 assert.Equal(t, 14, replicationGroup.Metadata.Range().GetStartLine()) 219 assert.Equal(t, 19, replicationGroup.Metadata.Range().GetEndLine()) 220 221 assert.Equal(t, 17, replicationGroup.TransitEncryptionEnabled.GetMetadata().Range().GetStartLine()) 222 assert.Equal(t, 17, replicationGroup.TransitEncryptionEnabled.GetMetadata().Range().GetEndLine()) 223 224 assert.Equal(t, 18, replicationGroup.AtRestEncryptionEnabled.GetMetadata().Range().GetStartLine()) 225 assert.Equal(t, 18, replicationGroup.AtRestEncryptionEnabled.GetMetadata().Range().GetEndLine()) 226 227 assert.Equal(t, 25, securityGroup.Metadata.Range().GetStartLine()) 228 assert.Equal(t, 29, securityGroup.Metadata.Range().GetEndLine()) 229 230 assert.Equal(t, 28, securityGroup.Description.GetMetadata().Range().GetStartLine()) 231 assert.Equal(t, 28, securityGroup.Description.GetMetadata().Range().GetEndLine()) 232 233 }