github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/google/bigquery/adapt_test.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/google/bigquery/adapt_test.go (about)

     1  package bigquery
     2  
     3  import (
     4  	"testing"
     5  
     6  	defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types"
     7  
     8  	"github.com/khulnasoft-lab/defsec/pkg/providers/google/bigquery"
     9  
    10  	"github.com/khulnasoft-lab/defsec/internal/adapters/terraform/tftestutil"
    11  
    12  	"github.com/khulnasoft-lab/defsec/test/testutil"
    13  	"github.com/stretchr/testify/assert"
    14  	"github.com/stretchr/testify/require"
    15  )
    16  
    17  func Test_Adapt(t *testing.T) {
    18  	tests := []struct {
    19  		name      string
    20  		terraform string
    21  		expected  bigquery.BigQuery
    22  	}{
    23  		{
    24  			name: "basic",
    25  			terraform: `
    26  			resource "google_bigquery_dataset" "my_dataset" {
    27  				access {
    28  				  role          = "OWNER"
    29  				  special_group = "allAuthenticatedUsers"
    30  				}
    31  			  
    32  				access {
    33  				  role   = "READER"
    34  				  domain = "hashicorp.com"
    35  				}
    36  			  }
    37  `,
    38  			expected: bigquery.BigQuery{
    39  				Datasets: []bigquery.Dataset{
    40  					{
    41  						Metadata: defsecTypes.NewTestMetadata(),
    42  						ID:       defsecTypes.String("", defsecTypes.NewTestMetadata()),
    43  						AccessGrants: []bigquery.AccessGrant{
    44  							{
    45  								Metadata:     defsecTypes.NewTestMetadata(),
    46  								Role:         defsecTypes.String("OWNER", defsecTypes.NewTestMetadata()),
    47  								Domain:       defsecTypes.String("", defsecTypes.NewTestMetadata()),
    48  								SpecialGroup: defsecTypes.String(bigquery.SpecialGroupAllAuthenticatedUsers, defsecTypes.NewTestMetadata()),
    49  							},
    50  							{
    51  								Metadata:     defsecTypes.NewTestMetadata(),
    52  								Role:         defsecTypes.String("READER", defsecTypes.NewTestMetadata()),
    53  								Domain:       defsecTypes.String("hashicorp.com", defsecTypes.NewTestMetadata()),
    54  								SpecialGroup: defsecTypes.String("", defsecTypes.NewTestMetadata()),
    55  							},
    56  						},
    57  					},
    58  				},
    59  			},
    60  		},
    61  		{
    62  			name: "no access blocks",
    63  			terraform: `
    64  			resource "google_bigquery_dataset" "my_dataset" {
    65  				dataset_id                  = "example_dataset"
    66  			  }
    67  `,
    68  			expected: bigquery.BigQuery{
    69  				Datasets: []bigquery.Dataset{
    70  					{
    71  						Metadata: defsecTypes.NewTestMetadata(),
    72  						ID:       defsecTypes.String("example_dataset", defsecTypes.NewTestMetadata()),
    73  					},
    74  				},
    75  			},
    76  		},
    77  		{
    78  			name: "access block without fields",
    79  			terraform: `
    80  			resource "google_bigquery_dataset" "my_dataset" {
    81  				access {
    82  				}
    83  			  }
    84  `,
    85  			expected: bigquery.BigQuery{
    86  				Datasets: []bigquery.Dataset{
    87  					{
    88  						Metadata: defsecTypes.NewTestMetadata(),
    89  						ID:       defsecTypes.String("", defsecTypes.NewTestMetadata()),
    90  						AccessGrants: []bigquery.AccessGrant{
    91  							{
    92  								Metadata:     defsecTypes.NewTestMetadata(),
    93  								Role:         defsecTypes.String("", defsecTypes.NewTestMetadata()),
    94  								Domain:       defsecTypes.String("", defsecTypes.NewTestMetadata()),
    95  								SpecialGroup: defsecTypes.String("", defsecTypes.NewTestMetadata()),
    96  							},
    97  						},
    98  					},
    99  				},
   100  			},
   101  		},
   102  	}
   103  
   104  	for _, test := range tests {
   105  		t.Run(test.name, func(t *testing.T) {
   106  			modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf")
   107  			adapted := Adapt(modules)
   108  			testutil.AssertDefsecEqual(t, test.expected, adapted)
   109  		})
   110  	}
   111  }
   112  
   113  func TestLines(t *testing.T) {
   114  	src := `
   115  	resource "google_bigquery_dataset" "my_dataset" {
   116  		dataset_id                  = "example_dataset"
   117  		friendly_name               = "test"
   118  		description                 = "This is a test description"
   119  		location                    = "EU"
   120  		default_table_expiration_ms = 3600000
   121  	  
   122  		labels = {
   123  		  env = "default"
   124  		}
   125  	  
   126  		access {
   127  		  role          = "OWNER"
   128  		  special_group = "allAuthenticatedUsers"
   129  		}
   130  	  
   131  		access {
   132  		  role   = "READER"
   133  		  domain = "hashicorp.com"
   134  		}
   135  	}`
   136  
   137  	modules := tftestutil.CreateModulesFromSource(t, src, ".tf")
   138  	adapted := Adapt(modules)
   139  
   140  	require.Len(t, adapted.Datasets, 1)
   141  	dataset := adapted.Datasets[0]
   142  	require.Len(t, dataset.AccessGrants, 2)
   143  
   144  	assert.Equal(t, 14, dataset.AccessGrants[0].Role.GetMetadata().Range().GetStartLine())
   145  	assert.Equal(t, 14, dataset.AccessGrants[0].Role.GetMetadata().Range().GetEndLine())
   146  
   147  	assert.Equal(t, 15, dataset.AccessGrants[0].SpecialGroup.GetMetadata().Range().GetStartLine())
   148  	assert.Equal(t, 15, dataset.AccessGrants[0].SpecialGroup.GetMetadata().Range().GetEndLine())
   149  
   150  	assert.Equal(t, 19, dataset.AccessGrants[1].Role.GetMetadata().Range().GetStartLine())
   151  	assert.Equal(t, 19, dataset.AccessGrants[1].Role.GetMetadata().Range().GetEndLine())
   152  
   153  	assert.Equal(t, 20, dataset.AccessGrants[1].Domain.GetMetadata().Range().GetStartLine())
   154  	assert.Equal(t, 20, dataset.AccessGrants[1].Domain.GetMetadata().Range().GetEndLine())
   155  }