github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/google/compute/adapt_test.go (about) 1 package compute 2 3 import ( 4 "testing" 5 6 "github.com/khulnasoft-lab/defsec/internal/adapters/terraform/tftestutil" 7 "github.com/stretchr/testify/assert" 8 "github.com/stretchr/testify/require" 9 ) 10 11 func TestLines(t *testing.T) { 12 src := ` 13 resource "google_compute_disk" "example" { 14 name = "disk #1" 15 16 disk_encryption_key { 17 kms_key_self_link = "" 18 raw_key="b2ggbm8gdGhpcyBpcyBiYWQ" 19 } 20 } 21 22 resource "google_compute_instance" "example" { 23 name = "test" 24 25 boot_disk { 26 device_name = "boot-disk" 27 kms_key_self_link = "something" 28 } 29 30 shielded_instance_config { 31 enable_integrity_monitoring = true 32 enable_vtpm = true 33 enable_secure_boot = true 34 } 35 36 network_interface { 37 network = "default" 38 39 access_config { 40 } 41 } 42 43 service_account { 44 email = "email" 45 scopes = ["cloud-platform"] 46 } 47 can_ip_forward = true 48 49 metadata = { 50 enable-oslogin = false 51 block-project-ssh-keys = true 52 serial-port-enable = true 53 } 54 } 55 56 resource "google_compute_project_metadata" "example" { 57 metadata = { 58 enable-oslogin = true 59 } 60 } 61 62 resource "google_compute_network" "example" { 63 } 64 65 resource "google_compute_firewall" "example" { 66 name = "my-firewall-rule" 67 network = google_compute_network.example.name 68 source_ranges = ["1.2.3.4/32"] 69 allow { 70 protocol = "icmp" 71 ports = ["80", "8080"] 72 } 73 } 74 75 resource "google_compute_subnetwork" "example" { 76 name = "test-subnetwork" 77 network = google_compute_network.example.id 78 log_config { 79 aggregation_interval = "INTERVAL_10_MIN" 80 flow_sampling = 0.5 81 metadata = "INCLUDE_ALL_METADATA" 82 } 83 } 84 85 resource "google_compute_ssl_policy" "example" { 86 name = "production-ssl-policy" 87 profile = "MODERN" 88 min_tls_version = "TLS_1_2" 89 }` 90 91 modules := tftestutil.CreateModulesFromSource(t, src, ".tf") 92 adapted := Adapt(modules) 93 94 require.Len(t, adapted.Disks, 1) 95 require.Len(t, adapted.Instances, 1) 96 require.Len(t, adapted.Networks, 1) 97 require.Len(t, adapted.SSLPolicies, 1) 98 99 disk := adapted.Disks[0] 100 instance := adapted.Instances[0] 101 network := adapted.Networks[0] 102 ssslPolicy := adapted.SSLPolicies[0] 103 metadata := adapted.ProjectMetadata 104 105 assert.Equal(t, 2, disk.Metadata.Range().GetStartLine()) 106 assert.Equal(t, 9, disk.Metadata.Range().GetEndLine()) 107 108 assert.Equal(t, 5, disk.Encryption.Metadata.Range().GetStartLine()) 109 assert.Equal(t, 8, disk.Encryption.Metadata.Range().GetEndLine()) 110 111 assert.Equal(t, 6, disk.Encryption.KMSKeyLink.GetMetadata().Range().GetStartLine()) 112 assert.Equal(t, 6, disk.Encryption.KMSKeyLink.GetMetadata().Range().GetEndLine()) 113 114 assert.Equal(t, 7, disk.Encryption.RawKey.GetMetadata().Range().GetStartLine()) 115 assert.Equal(t, 7, disk.Encryption.RawKey.GetMetadata().Range().GetEndLine()) 116 117 assert.Equal(t, 11, instance.Metadata.Range().GetStartLine()) 118 assert.Equal(t, 43, instance.Metadata.Range().GetEndLine()) 119 120 assert.Equal(t, 12, instance.Name.GetMetadata().Range().GetStartLine()) 121 assert.Equal(t, 12, instance.Name.GetMetadata().Range().GetEndLine()) 122 123 assert.Equal(t, 14, instance.BootDisks[0].Metadata.Range().GetStartLine()) 124 assert.Equal(t, 17, instance.BootDisks[0].Metadata.Range().GetEndLine()) 125 126 assert.Equal(t, 15, instance.BootDisks[0].Name.GetMetadata().Range().GetStartLine()) 127 assert.Equal(t, 15, instance.BootDisks[0].Name.GetMetadata().Range().GetEndLine()) 128 129 assert.Equal(t, 16, instance.BootDisks[0].Encryption.KMSKeyLink.GetMetadata().Range().GetStartLine()) 130 assert.Equal(t, 16, instance.BootDisks[0].Encryption.KMSKeyLink.GetMetadata().Range().GetEndLine()) 131 132 assert.Equal(t, 19, instance.ShieldedVM.Metadata.Range().GetStartLine()) 133 assert.Equal(t, 23, instance.ShieldedVM.Metadata.Range().GetEndLine()) 134 135 assert.Equal(t, 20, instance.ShieldedVM.IntegrityMonitoringEnabled.GetMetadata().Range().GetStartLine()) 136 assert.Equal(t, 20, instance.ShieldedVM.IntegrityMonitoringEnabled.GetMetadata().Range().GetEndLine()) 137 138 assert.Equal(t, 21, instance.ShieldedVM.VTPMEnabled.GetMetadata().Range().GetStartLine()) 139 assert.Equal(t, 21, instance.ShieldedVM.VTPMEnabled.GetMetadata().Range().GetEndLine()) 140 141 assert.Equal(t, 22, instance.ShieldedVM.SecureBootEnabled.GetMetadata().Range().GetStartLine()) 142 assert.Equal(t, 22, instance.ShieldedVM.SecureBootEnabled.GetMetadata().Range().GetEndLine()) 143 144 assert.Equal(t, 11, instance.ServiceAccount.Metadata.Range().GetStartLine()) 145 assert.Equal(t, 43, instance.ServiceAccount.Metadata.Range().GetEndLine()) 146 147 assert.Equal(t, 33, instance.ServiceAccount.Email.GetMetadata().Range().GetStartLine()) 148 assert.Equal(t, 33, instance.ServiceAccount.Email.GetMetadata().Range().GetEndLine()) 149 150 assert.Equal(t, 34, instance.ServiceAccount.Scopes[0].GetMetadata().Range().GetStartLine()) 151 assert.Equal(t, 34, instance.ServiceAccount.Scopes[0].GetMetadata().Range().GetEndLine()) 152 153 assert.Equal(t, 36, instance.CanIPForward.GetMetadata().Range().GetStartLine()) 154 assert.Equal(t, 36, instance.CanIPForward.GetMetadata().Range().GetEndLine()) 155 156 assert.Equal(t, 38, instance.OSLoginEnabled.GetMetadata().Range().GetStartLine()) 157 assert.Equal(t, 42, instance.OSLoginEnabled.GetMetadata().Range().GetEndLine()) 158 159 assert.Equal(t, 38, instance.EnableProjectSSHKeyBlocking.GetMetadata().Range().GetStartLine()) 160 assert.Equal(t, 42, instance.EnableProjectSSHKeyBlocking.GetMetadata().Range().GetEndLine()) 161 162 assert.Equal(t, 38, instance.EnableSerialPort.GetMetadata().Range().GetStartLine()) 163 assert.Equal(t, 42, instance.EnableSerialPort.GetMetadata().Range().GetEndLine()) 164 165 assert.Equal(t, 45, metadata.Metadata.Range().GetStartLine()) 166 assert.Equal(t, 49, metadata.Metadata.Range().GetEndLine()) 167 168 assert.Equal(t, 51, network.Metadata.Range().GetStartLine()) 169 assert.Equal(t, 52, network.Metadata.Range().GetEndLine()) 170 171 assert.Equal(t, 54, network.Firewall.Metadata.Range().GetStartLine()) 172 assert.Equal(t, 62, network.Firewall.Metadata.Range().GetEndLine()) 173 174 assert.Equal(t, 55, network.Firewall.Name.GetMetadata().Range().GetStartLine()) 175 assert.Equal(t, 55, network.Firewall.Name.GetMetadata().Range().GetEndLine()) 176 177 assert.Equal(t, 54, network.Firewall.IngressRules[0].Metadata.Range().GetStartLine()) 178 assert.Equal(t, 62, network.Firewall.IngressRules[0].Metadata.Range().GetEndLine()) 179 180 assert.Equal(t, 57, network.Firewall.IngressRules[0].SourceRanges[0].GetMetadata().Range().GetStartLine()) 181 assert.Equal(t, 57, network.Firewall.IngressRules[0].SourceRanges[0].GetMetadata().Range().GetEndLine()) 182 183 assert.Equal(t, 59, network.Firewall.IngressRules[0].Protocol.GetMetadata().Range().GetStartLine()) 184 assert.Equal(t, 59, network.Firewall.IngressRules[0].Protocol.GetMetadata().Range().GetEndLine()) 185 186 assert.Equal(t, 60, network.Firewall.IngressRules[0].Ports[0].GetMetadata().Range().GetStartLine()) 187 assert.Equal(t, 60, network.Firewall.IngressRules[0].Ports[0].GetMetadata().Range().GetEndLine()) 188 189 assert.Equal(t, 64, network.Subnetworks[0].Metadata.Range().GetStartLine()) 190 assert.Equal(t, 72, network.Subnetworks[0].Metadata.Range().GetEndLine()) 191 192 assert.Equal(t, 65, network.Subnetworks[0].Name.GetMetadata().Range().GetStartLine()) 193 assert.Equal(t, 65, network.Subnetworks[0].Name.GetMetadata().Range().GetEndLine()) 194 195 assert.Equal(t, 67, network.Subnetworks[0].EnableFlowLogs.GetMetadata().Range().GetStartLine()) 196 assert.Equal(t, 71, network.Subnetworks[0].EnableFlowLogs.GetMetadata().Range().GetEndLine()) 197 198 assert.Equal(t, 74, ssslPolicy.Metadata.Range().GetStartLine()) 199 assert.Equal(t, 78, ssslPolicy.Metadata.Range().GetEndLine()) 200 201 assert.Equal(t, 75, ssslPolicy.Name.GetMetadata().Range().GetStartLine()) 202 assert.Equal(t, 75, ssslPolicy.Name.GetMetadata().Range().GetEndLine()) 203 204 assert.Equal(t, 76, ssslPolicy.Profile.GetMetadata().Range().GetStartLine()) 205 assert.Equal(t, 76, ssslPolicy.Profile.GetMetadata().Range().GetEndLine()) 206 207 assert.Equal(t, 77, ssslPolicy.MinimumTLSVersion.GetMetadata().Range().GetStartLine()) 208 assert.Equal(t, 77, ssslPolicy.MinimumTLSVersion.GetMetadata().Range().GetEndLine()) 209 210 }