github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/google/compute/disks_test.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/google/compute/disks_test.go (about)

     1  package compute
     2  
     3  import (
     4  	"testing"
     5  
     6  	defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types"
     7  
     8  	"github.com/khulnasoft-lab/defsec/pkg/providers/google/compute"
     9  
    10  	"github.com/khulnasoft-lab/defsec/internal/adapters/terraform/tftestutil"
    11  	"github.com/khulnasoft-lab/defsec/test/testutil"
    12  )
    13  
    14  func Test_adaptDisks(t *testing.T) {
    15  	tests := []struct {
    16  		name      string
    17  		terraform string
    18  		expected  []compute.Disk
    19  	}{
    20  		{
    21  			name: "key as string link or raw bytes",
    22  			terraform: `
    23  			resource "google_compute_disk" "example-one" {
    24  				name  = "disk #1"
    25  			
    26  				disk_encryption_key {
    27  				  kms_key_self_link = "something"
    28  				}
    29  			  }
    30  
    31  			  resource "google_compute_disk" "example-two" {
    32  				name  = "disk #2"
    33  			
    34  				disk_encryption_key {
    35  				  raw_key="b2ggbm8gdGhpcyBpcyBiYWQ"
    36  				}
    37  			  }
    38  `,
    39  			expected: []compute.Disk{
    40  				{
    41  					Metadata: defsecTypes.NewTestMetadata(),
    42  					Name:     defsecTypes.String("disk #1", defsecTypes.NewTestMetadata()),
    43  					Encryption: compute.DiskEncryption{
    44  						Metadata:   defsecTypes.NewTestMetadata(),
    45  						KMSKeyLink: defsecTypes.String("something", defsecTypes.NewTestMetadata()),
    46  					},
    47  				},
    48  				{
    49  					Metadata: defsecTypes.NewTestMetadata(),
    50  					Name:     defsecTypes.String("disk #2", defsecTypes.NewTestMetadata()),
    51  					Encryption: compute.DiskEncryption{
    52  						Metadata:   defsecTypes.NewTestMetadata(),
    53  						KMSKeyLink: defsecTypes.String("", defsecTypes.NewTestMetadata()),
    54  						RawKey:     defsecTypes.Bytes([]byte("b2ggbm8gdGhpcyBpcyBiYWQ"), defsecTypes.NewTestMetadata()),
    55  					},
    56  				},
    57  			},
    58  		},
    59  		{
    60  			name: "key link as reference",
    61  			terraform: `
    62  			resource "google_kms_crypto_key" "my_crypto_key" {
    63  				name            = "crypto-key-example"
    64  			  }
    65  
    66  			resource "google_compute_disk" "example-three" {
    67  				name  = "disk #3"
    68  			
    69  				disk_encryption_key {
    70  					kms_key_self_link = google_kms_crypto_key.my_crypto_key.id
    71  				}
    72  			  }`,
    73  			expected: []compute.Disk{
    74  				{
    75  					Metadata: defsecTypes.NewTestMetadata(),
    76  					Name:     defsecTypes.String("disk #3", defsecTypes.NewTestMetadata()),
    77  					Encryption: compute.DiskEncryption{
    78  						Metadata:   defsecTypes.NewTestMetadata(),
    79  						KMSKeyLink: defsecTypes.String("google_kms_crypto_key.my_crypto_key", defsecTypes.NewTestMetadata()),
    80  					},
    81  				},
    82  			},
    83  		},
    84  	}
    85  
    86  	for _, test := range tests {
    87  		t.Run(test.name, func(t *testing.T) {
    88  			modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf")
    89  			adapted := adaptDisks(modules)
    90  			testutil.AssertDefsecEqual(t, test.expected, adapted)
    91  		})
    92  	}
    93  }