github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/iam/policies_test.go (about) 1 package iam 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/iam" 9 "github.com/liamg/iamgo" 10 11 "github.com/khulnasoft-lab/defsec/internal/adapters/terraform/tftestutil" 12 "github.com/khulnasoft-lab/defsec/test/testutil" 13 ) 14 15 func Test_adaptPolicies(t *testing.T) { 16 tests := []struct { 17 name string 18 terraform string 19 expected []iam.Policy 20 }{ 21 { 22 name: "basic", 23 terraform: ` 24 resource "aws_iam_policy" "policy" { 25 name = "test" 26 27 policy = jsonencode({ 28 Version = "2012-10-17" 29 Statement = [ 30 { 31 Action = [ 32 "ec2:Describe*", 33 ] 34 Effect = "Allow" 35 Resource = "*" 36 }, 37 ] 38 }) 39 } 40 `, 41 expected: []iam.Policy{ 42 { 43 Metadata: defsecTypes.NewTestMetadata(), 44 Name: defsecTypes.String("test", defsecTypes.NewTestMetadata()), 45 Document: func() iam.Document { 46 47 builder := iamgo.NewPolicyBuilder() 48 builder.WithVersion("2012-10-17") 49 50 sb := iamgo.NewStatementBuilder() 51 52 sb.WithEffect(iamgo.EffectAllow) 53 sb.WithActions([]string{"ec2:Describe*"}) 54 sb.WithResources([]string{"*"}) 55 56 builder.WithStatement(sb.Build()) 57 58 return iam.Document{ 59 Parsed: builder.Build(), 60 Metadata: defsecTypes.NewTestMetadata(), 61 IsOffset: false, 62 HasRefs: false, 63 } 64 }(), 65 Builtin: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 66 }, 67 }, 68 }, 69 } 70 71 for _, test := range tests { 72 t.Run(test.name, func(t *testing.T) { 73 modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf") 74 adapted := adaptPolicies(modules) 75 testutil.AssertDefsecEqual(t, test.expected, adapted) 76 }) 77 } 78 }