github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/iam/groups_test.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/iam/groups_test.go (about)

     1  package iam
     2  
     3  import (
     4  	"testing"
     5  
     6  	defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types"
     7  
     8  	"github.com/khulnasoft-lab/defsec/pkg/providers/aws/iam"
     9  	"github.com/liamg/iamgo"
    10  
    11  	"github.com/khulnasoft-lab/defsec/internal/adapters/terraform/tftestutil"
    12  	"github.com/khulnasoft-lab/defsec/test/testutil"
    13  )
    14  
    15  func Test_adaptGroups(t *testing.T) {
    16  	tests := []struct {
    17  		name      string
    18  		terraform string
    19  		expected  []iam.Group
    20  	}{
    21  		{
    22  			name: "basic",
    23  			terraform: `
    24  			resource "aws_iam_group_policy" "my_developer_policy" {
    25  				name  = "my_developer_policy"
    26  				group = aws_iam_group.my_developers.name
    27  
    28  				policy = <<EOF
    29  				{
    30  				  "Version": "2012-10-17",
    31  				  "Statement": [
    32  				  {
    33  					"Sid": "new policy",
    34  					"Effect": "Allow",
    35  					"Resource": "*",
    36  					"Action": [
    37  						"ec2:Describe*"
    38  					]
    39  				  }
    40  				  ]
    41  				}
    42  				EOF
    43  			  }
    44  			  
    45  			  resource "aws_iam_group" "my_developers" {
    46  				name = "developers"
    47  				path = "/users/"
    48  			  }
    49  			  
    50  			  `,
    51  			expected: []iam.Group{
    52  				{
    53  					Metadata: defsecTypes.NewTestMetadata(),
    54  					Name:     defsecTypes.String("developers", defsecTypes.NewTestMetadata()),
    55  					Policies: []iam.Policy{
    56  						{
    57  							Metadata: defsecTypes.NewTestMetadata(),
    58  							Name:     defsecTypes.String("my_developer_policy", defsecTypes.NewTestMetadata()),
    59  							Document: func() iam.Document {
    60  
    61  								builder := iamgo.NewPolicyBuilder()
    62  								builder.WithVersion("2012-10-17")
    63  
    64  								sb := iamgo.NewStatementBuilder()
    65  								sb.WithEffect(iamgo.EffectAllow)
    66  								sb.WithSid("new policy")
    67  								sb.WithActions([]string{"ec2:Describe*"})
    68  								sb.WithResources([]string{"*"})
    69  
    70  								builder.WithStatement(sb.Build())
    71  
    72  								return iam.Document{
    73  									Parsed:   builder.Build(),
    74  									Metadata: defsecTypes.NewTestMetadata(),
    75  									IsOffset: false,
    76  									HasRefs:  false,
    77  								}
    78  							}(),
    79  							Builtin: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()),
    80  						},
    81  					},
    82  				},
    83  			},
    84  		},
    85  	}
    86  
    87  	for _, test := range tests {
    88  		t.Run(test.name, func(t *testing.T) {
    89  			modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf")
    90  			adapted := adaptGroups(modules)
    91  			testutil.AssertDefsecEqual(t, test.expected, adapted)
    92  		})
    93  	}
    94  }