github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/redshift/adapt_test.go (about) 1 package redshift 2 3 import ( 4 "fmt" 5 "testing" 6 7 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 8 9 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/redshift" 10 "github.com/stretchr/testify/assert" 11 "github.com/stretchr/testify/require" 12 13 "github.com/khulnasoft-lab/defsec/internal/adapters/terraform/tftestutil" 14 "github.com/khulnasoft-lab/defsec/test/testutil" 15 ) 16 17 func Test_Adapt(t *testing.T) { 18 tests := []struct { 19 name string 20 terraform string 21 expected redshift.Redshift 22 }{ 23 { 24 name: "reference key id", 25 terraform: ` 26 resource "aws_kms_key" "redshift" { 27 enable_key_rotation = true 28 } 29 30 resource "aws_redshift_cluster" "example" { 31 cluster_identifier = "tf-redshift-cluster" 32 publicly_accessible = false 33 number_of_nodes = 1 34 allow_version_upgrade = false 35 port = 5440 36 encrypted = true 37 kms_key_id = aws_kms_key.redshift.key_id 38 cluster_subnet_group_name = "redshift_subnet" 39 } 40 41 resource "aws_redshift_security_group" "default" { 42 name = "redshift-sg" 43 description = "some description" 44 } 45 `, 46 expected: redshift.Redshift{ 47 Clusters: []redshift.Cluster{ 48 { 49 Metadata: defsecTypes.NewTestMetadata(), 50 ClusterIdentifier: defsecTypes.String("tf-redshift-cluster", defsecTypes.NewTestMetadata()), 51 PubliclyAccessible: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 52 NumberOfNodes: defsecTypes.Int(1, defsecTypes.NewTestMetadata()), 53 AllowVersionUpgrade: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 54 EndPoint: redshift.EndPoint{ 55 Metadata: defsecTypes.NewTestMetadata(), 56 Port: defsecTypes.Int(5440, defsecTypes.NewTestMetadata()), 57 }, 58 Encryption: redshift.Encryption{ 59 Metadata: defsecTypes.NewTestMetadata(), 60 Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 61 KMSKeyID: defsecTypes.String("aws_kms_key.redshift", defsecTypes.NewTestMetadata()), 62 }, 63 SubnetGroupName: defsecTypes.String("redshift_subnet", defsecTypes.NewTestMetadata()), 64 }, 65 }, 66 SecurityGroups: []redshift.SecurityGroup{ 67 { 68 Metadata: defsecTypes.NewTestMetadata(), 69 Description: defsecTypes.String("some description", defsecTypes.NewTestMetadata()), 70 }, 71 }, 72 }, 73 }, 74 } 75 76 for _, test := range tests { 77 t.Run(test.name, func(t *testing.T) { 78 modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf") 79 adapted := Adapt(modules) 80 fmt.Println(adapted.SecurityGroups[0].Description.Value()) 81 testutil.AssertDefsecEqual(t, test.expected, adapted) 82 }) 83 } 84 } 85 86 func Test_adaptCluster(t *testing.T) { 87 tests := []struct { 88 name string 89 terraform string 90 expected redshift.Cluster 91 }{ 92 { 93 name: "key as string", 94 terraform: ` 95 resource "aws_redshift_cluster" "example" { 96 cluster_identifier = "tf-redshift-cluster" 97 publicly_accessible = false 98 number_of_nodes = 1 99 allow_version_upgrade = false 100 port = 5440 101 encrypted = true 102 kms_key_id = "key-id" 103 cluster_subnet_group_name = "redshift_subnet" 104 } 105 `, 106 expected: redshift.Cluster{ 107 Metadata: defsecTypes.NewTestMetadata(), 108 ClusterIdentifier: defsecTypes.String("tf-redshift-cluster", defsecTypes.NewTestMetadata()), 109 PubliclyAccessible: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 110 NumberOfNodes: defsecTypes.Int(1, defsecTypes.NewTestMetadata()), 111 AllowVersionUpgrade: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 112 EndPoint: redshift.EndPoint{ 113 Metadata: defsecTypes.NewTestMetadata(), 114 Port: defsecTypes.Int(5440, defsecTypes.NewTestMetadata()), 115 }, 116 Encryption: redshift.Encryption{ 117 Metadata: defsecTypes.NewTestMetadata(), 118 Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 119 KMSKeyID: defsecTypes.String("key-id", defsecTypes.NewTestMetadata()), 120 }, 121 SubnetGroupName: defsecTypes.String("redshift_subnet", defsecTypes.NewTestMetadata()), 122 }, 123 }, 124 { 125 name: "defaults", 126 terraform: ` 127 resource "aws_redshift_cluster" "example" { 128 } 129 `, 130 expected: redshift.Cluster{ 131 Metadata: defsecTypes.NewTestMetadata(), 132 ClusterIdentifier: defsecTypes.String("", defsecTypes.NewTestMetadata()), 133 PubliclyAccessible: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 134 NumberOfNodes: defsecTypes.Int(1, defsecTypes.NewTestMetadata()), 135 AllowVersionUpgrade: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 136 EndPoint: redshift.EndPoint{ 137 Metadata: defsecTypes.NewTestMetadata(), 138 Port: defsecTypes.Int(5439, defsecTypes.NewTestMetadata()), 139 }, 140 Encryption: redshift.Encryption{ 141 Metadata: defsecTypes.NewTestMetadata(), 142 Enabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 143 KMSKeyID: defsecTypes.String("", defsecTypes.NewTestMetadata()), 144 }, 145 SubnetGroupName: defsecTypes.String("", defsecTypes.NewTestMetadata()), 146 }, 147 }, 148 } 149 150 for _, test := range tests { 151 t.Run(test.name, func(t *testing.T) { 152 modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf") 153 adapted := adaptCluster(modules.GetBlocks()[0], modules[0]) 154 testutil.AssertDefsecEqual(t, test.expected, adapted) 155 }) 156 } 157 } 158 159 func Test_adaptSecurityGroup(t *testing.T) { 160 tests := []struct { 161 name string 162 terraform string 163 expected redshift.SecurityGroup 164 }{ 165 { 166 name: "defaults", 167 terraform: ` 168 resource "" "example" { 169 } 170 `, 171 expected: redshift.SecurityGroup{ 172 Metadata: defsecTypes.NewTestMetadata(), 173 Description: defsecTypes.String("Managed by Terraform", defsecTypes.NewTestMetadata()), 174 }, 175 }, 176 } 177 178 for _, test := range tests { 179 t.Run(test.name, func(t *testing.T) { 180 modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf") 181 adapted := adaptSecurityGroup(modules.GetBlocks()[0]) 182 testutil.AssertDefsecEqual(t, test.expected, adapted) 183 }) 184 } 185 } 186 187 func TestLines(t *testing.T) { 188 src := ` 189 resource "aws_kms_key" "redshift" { 190 enable_key_rotation = true 191 } 192 193 resource "aws_redshift_cluster" "example" { 194 cluster_identifier = "tf-redshift-cluster" 195 encrypted = true 196 kms_key_id = aws_kms_key.redshift.key_id 197 cluster_subnet_group_name = "subnet name" 198 } 199 200 resource "aws_redshift_security_group" "default" { 201 name = "redshift-sg" 202 description = "some description" 203 }` 204 205 modules := tftestutil.CreateModulesFromSource(t, src, ".tf") 206 adapted := Adapt(modules) 207 208 require.Len(t, adapted.Clusters, 1) 209 require.Len(t, adapted.SecurityGroups, 1) 210 cluster := adapted.Clusters[0] 211 securityGroup := adapted.SecurityGroups[0] 212 213 assert.Equal(t, 6, cluster.Metadata.Range().GetStartLine()) 214 assert.Equal(t, 11, cluster.Metadata.Range().GetEndLine()) 215 216 assert.Equal(t, 8, cluster.Encryption.Enabled.GetMetadata().Range().GetStartLine()) 217 assert.Equal(t, 8, cluster.Encryption.Enabled.GetMetadata().Range().GetEndLine()) 218 219 assert.Equal(t, 2, cluster.Encryption.KMSKeyID.GetMetadata().Range().GetStartLine()) 220 assert.Equal(t, 4, cluster.Encryption.KMSKeyID.GetMetadata().Range().GetEndLine()) 221 222 assert.Equal(t, 10, cluster.SubnetGroupName.GetMetadata().Range().GetStartLine()) 223 assert.Equal(t, 10, cluster.SubnetGroupName.GetMetadata().Range().GetEndLine()) 224 225 assert.Equal(t, 13, securityGroup.Metadata.Range().GetStartLine()) 226 assert.Equal(t, 16, securityGroup.Metadata.Range().GetEndLine()) 227 228 assert.Equal(t, 15, securityGroup.Description.GetMetadata().Range().GetStartLine()) 229 assert.Equal(t, 15, securityGroup.Description.GetMetadata().Range().GetEndLine()) 230 }