github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/kms/adapt_test.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/kms/adapt_test.go (about)

     1  package kms
     2  
     3  import (
     4  	"testing"
     5  
     6  	defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types"
     7  
     8  	"github.com/khulnasoft-lab/defsec/pkg/providers/aws/kms"
     9  
    10  	"github.com/khulnasoft-lab/defsec/internal/adapters/terraform/tftestutil"
    11  
    12  	"github.com/khulnasoft-lab/defsec/test/testutil"
    13  	"github.com/stretchr/testify/assert"
    14  	"github.com/stretchr/testify/require"
    15  )
    16  
    17  func Test_adaptKey(t *testing.T) {
    18  	tests := []struct {
    19  		name      string
    20  		terraform string
    21  		expected  kms.Key
    22  	}{
    23  		{
    24  			name: "configured",
    25  			terraform: `
    26  			resource "aws_kms_key" "example" {
    27  				enable_key_rotation = true
    28  				key_usage = "SIGN_VERIFY"
    29  			}
    30  `,
    31  			expected: kms.Key{
    32  				Usage:           defsecTypes.String(kms.KeyUsageSignAndVerify, defsecTypes.NewTestMetadata()),
    33  				RotationEnabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()),
    34  			},
    35  		},
    36  		{
    37  			name: "defaults",
    38  			terraform: `
    39  			resource "aws_kms_key" "example" {
    40  			}
    41  `,
    42  			expected: kms.Key{
    43  				Usage:           defsecTypes.String("ENCRYPT_DECRYPT", defsecTypes.NewTestMetadata()),
    44  				RotationEnabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()),
    45  			},
    46  		},
    47  	}
    48  
    49  	for _, test := range tests {
    50  		t.Run(test.name, func(t *testing.T) {
    51  			modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf")
    52  			adapted := adaptKey(modules.GetBlocks()[0])
    53  			testutil.AssertDefsecEqual(t, test.expected, adapted)
    54  		})
    55  	}
    56  }
    57  
    58  func TestLines(t *testing.T) {
    59  	src := `
    60  	resource "aws_kms_key" "example" {
    61  		enable_key_rotation = true
    62  		key_usage = SIGN_VERIFY
    63  	}`
    64  
    65  	modules := tftestutil.CreateModulesFromSource(t, src, ".tf")
    66  	adapted := Adapt(modules)
    67  
    68  	require.Len(t, adapted.Keys, 1)
    69  	key := adapted.Keys[0]
    70  
    71  	assert.Equal(t, 2, key.Metadata.Range().GetStartLine())
    72  	assert.Equal(t, 5, key.Metadata.Range().GetEndLine())
    73  
    74  	assert.Equal(t, 3, key.RotationEnabled.GetMetadata().Range().GetStartLine())
    75  	assert.Equal(t, 3, key.RotationEnabled.GetMetadata().Range().GetEndLine())
    76  
    77  	assert.Equal(t, 4, key.Usage.GetMetadata().Range().GetStartLine())
    78  	assert.Equal(t, 4, key.Usage.GetMetadata().Range().GetEndLine())
    79  
    80  }