github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/iam/users_test.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/iam/users_test.go (about)

     1  package iam
     2  
     3  import (
     4  	"testing"
     5  
     6  	defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types"
     7  
     8  	"github.com/khulnasoft-lab/defsec/pkg/providers/aws/iam"
     9  	"github.com/liamg/iamgo"
    10  
    11  	"github.com/khulnasoft-lab/defsec/internal/adapters/terraform/tftestutil"
    12  	"github.com/khulnasoft-lab/defsec/test/testutil"
    13  )
    14  
    15  func Test_adaptUsers(t *testing.T) {
    16  	tests := []struct {
    17  		name      string
    18  		terraform string
    19  		expected  []iam.User
    20  	}{
    21  		{
    22  			name: "basic",
    23  			terraform: `
    24  			resource "aws_iam_user" "lb" {
    25  				name = "loadbalancer"
    26  				path = "/system/"
    27  			  }
    28  			  
    29  			resource "aws_iam_user_policy" "policy" {
    30  				name = "test"
    31  				user = aws_iam_user.lb.name
    32  	
    33  
    34  				policy = jsonencode({
    35  					Version = "2012-10-17"
    36  					Statement = [
    37  					  {
    38  						Action = [
    39  						  "ec2:Describe*",
    40  						]
    41  						Effect   = "Allow"
    42  						Resource = "*"
    43  					  },
    44  					]
    45  				  })
    46  			  }
    47  `,
    48  			expected: []iam.User{
    49  				{
    50  					Metadata:   defsecTypes.NewTestMetadata(),
    51  					Name:       defsecTypes.String("loadbalancer", defsecTypes.NewTestMetadata()),
    52  					LastAccess: defsecTypes.TimeUnresolvable(defsecTypes.NewTestMetadata()),
    53  					Policies: []iam.Policy{
    54  						{
    55  							Metadata: defsecTypes.NewTestMetadata(),
    56  							Name:     defsecTypes.String("test", defsecTypes.NewTestMetadata()),
    57  							Document: func() iam.Document {
    58  
    59  								builder := iamgo.NewPolicyBuilder()
    60  								builder.WithVersion("2012-10-17")
    61  
    62  								sb := iamgo.NewStatementBuilder()
    63  
    64  								sb.WithEffect(iamgo.EffectAllow)
    65  								sb.WithActions([]string{"ec2:Describe*"})
    66  								sb.WithResources([]string{"*"})
    67  
    68  								builder.WithStatement(sb.Build())
    69  
    70  								return iam.Document{
    71  									Parsed:   builder.Build(),
    72  									Metadata: defsecTypes.NewTestMetadata(),
    73  									IsOffset: false,
    74  									HasRefs:  false,
    75  								}
    76  							}(),
    77  							Builtin: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()),
    78  						},
    79  					},
    80  				},
    81  			},
    82  		},
    83  	}
    84  
    85  	for _, test := range tests {
    86  		t.Run(test.name, func(t *testing.T) {
    87  			modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf")
    88  			adapted := adaptUsers(modules)
    89  			testutil.AssertDefsecEqual(t, test.expected, adapted)
    90  		})
    91  	}
    92  }