github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/ssm/adapt_test.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/ssm/adapt_test.go (about)

     1  package ssm
     2  
     3  import (
     4  	"testing"
     5  
     6  	defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types"
     7  
     8  	"github.com/khulnasoft-lab/defsec/pkg/providers/aws/ssm"
     9  
    10  	"github.com/khulnasoft-lab/defsec/internal/adapters/terraform/tftestutil"
    11  
    12  	"github.com/khulnasoft-lab/defsec/test/testutil"
    13  	"github.com/stretchr/testify/assert"
    14  	"github.com/stretchr/testify/require"
    15  )
    16  
    17  func Test_Adapt(t *testing.T) {
    18  	tests := []struct {
    19  		name      string
    20  		terraform string
    21  		expected  ssm.SSM
    22  	}{
    23  		{
    24  			name: "reference key",
    25  			terraform: `
    26  			resource "aws_kms_key" "secrets" {
    27  				enable_key_rotation = true
    28  			}
    29  			
    30  			resource "aws_secretsmanager_secret" "example" {
    31  			  name       = "lambda_password"
    32  			  kms_key_id = aws_kms_key.secrets.arn
    33  			}
    34  `,
    35  			expected: ssm.SSM{
    36  				Secrets: []ssm.Secret{
    37  					{
    38  						Metadata: defsecTypes.NewTestMetadata(),
    39  						KMSKeyID: defsecTypes.String("aws_kms_key.secrets", defsecTypes.NewTestMetadata()),
    40  					},
    41  				},
    42  			},
    43  		},
    44  		{
    45  			name: "string key",
    46  			terraform: `
    47  			resource "aws_secretsmanager_secret" "example" {
    48  			  name       = "lambda_password"
    49  			  kms_key_id = "key_id"
    50  			}
    51  `,
    52  			expected: ssm.SSM{
    53  				Secrets: []ssm.Secret{
    54  					{
    55  						Metadata: defsecTypes.NewTestMetadata(),
    56  						KMSKeyID: defsecTypes.String("key_id", defsecTypes.NewTestMetadata()),
    57  					},
    58  				},
    59  			},
    60  		},
    61  		{
    62  			name: "defaults",
    63  			terraform: `
    64  			resource "aws_secretsmanager_secret" "example" {
    65  			}
    66  `,
    67  			expected: ssm.SSM{
    68  				Secrets: []ssm.Secret{
    69  					{
    70  						Metadata: defsecTypes.NewTestMetadata(),
    71  						KMSKeyID: defsecTypes.String("alias/aws/secretsmanager", defsecTypes.NewTestMetadata()),
    72  					},
    73  				},
    74  			},
    75  		},
    76  	}
    77  
    78  	for _, test := range tests {
    79  		t.Run(test.name, func(t *testing.T) {
    80  			modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf")
    81  			adapted := Adapt(modules)
    82  			testutil.AssertDefsecEqual(t, test.expected, adapted)
    83  		})
    84  	}
    85  }
    86  
    87  func TestLines(t *testing.T) {
    88  	src := `
    89  	resource "aws_kms_key" "secrets" {
    90  		enable_key_rotation = true
    91  	}
    92  	
    93  	resource "aws_secretsmanager_secret" "example" {
    94  	  name       = "lambda_password"
    95  	  kms_key_id = aws_kms_key.secrets.arn
    96  	}`
    97  
    98  	modules := tftestutil.CreateModulesFromSource(t, src, ".tf")
    99  	adapted := Adapt(modules)
   100  
   101  	require.Len(t, adapted.Secrets, 1)
   102  	secret := adapted.Secrets[0]
   103  
   104  	assert.Equal(t, 6, secret.Metadata.Range().GetStartLine())
   105  	assert.Equal(t, 9, secret.Metadata.Range().GetEndLine())
   106  
   107  	assert.Equal(t, 2, secret.KMSKeyID.GetMetadata().Range().GetStartLine())
   108  	assert.Equal(t, 4, secret.KMSKeyID.GetMetadata().Range().GetEndLine())
   109  
   110  }