github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/google/compute/networks_test.go (about) 1 package compute 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 "github.com/khulnasoft-lab/defsec/pkg/providers/google/compute" 9 10 "github.com/khulnasoft-lab/defsec/internal/adapters/terraform/tftestutil" 11 "github.com/khulnasoft-lab/defsec/test/testutil" 12 ) 13 14 func Test_adaptNetworks(t *testing.T) { 15 tests := []struct { 16 name string 17 terraform string 18 expected []compute.Network 19 }{ 20 { 21 name: "defined", 22 terraform: ` 23 resource "google_compute_subnetwork" "example" { 24 name = "test-subnetwork" 25 network = google_compute_network.example.id 26 log_config { 27 aggregation_interval = "INTERVAL_10_MIN" 28 flow_sampling = 0.5 29 metadata = "INCLUDE_ALL_METADATA" 30 } 31 } 32 33 resource "google_compute_network" "example" { 34 name = "test-network" 35 auto_create_subnetworks = false 36 } 37 38 resource "google_compute_firewall" "example" { 39 name = "my-firewall-rule" 40 network = google_compute_network.example.name 41 source_ranges = ["1.2.3.4/32"] 42 allow { 43 protocol = "icmp" 44 ports = ["80", "8080"] 45 } 46 } 47 `, 48 expected: []compute.Network{ 49 { 50 Metadata: defsecTypes.NewTestMetadata(), 51 Firewall: &compute.Firewall{ 52 Metadata: defsecTypes.NewTestMetadata(), 53 Name: defsecTypes.String("my-firewall-rule", defsecTypes.NewTestMetadata()), 54 IngressRules: []compute.IngressRule{ 55 { 56 Metadata: defsecTypes.NewTestMetadata(), 57 FirewallRule: compute.FirewallRule{ 58 Metadata: defsecTypes.NewTestMetadata(), 59 IsAllow: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 60 Protocol: defsecTypes.String("icmp", defsecTypes.NewTestMetadata()), 61 Enforced: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 62 Ports: []defsecTypes.IntValue{ 63 defsecTypes.Int(80, defsecTypes.NewTestMetadata()), 64 defsecTypes.Int(8080, defsecTypes.NewTestMetadata()), 65 }, 66 }, 67 SourceRanges: []defsecTypes.StringValue{ 68 defsecTypes.String("1.2.3.4/32", defsecTypes.NewTestMetadata()), 69 }, 70 }, 71 }, 72 }, 73 Subnetworks: []compute.SubNetwork{ 74 { 75 Metadata: defsecTypes.NewTestMetadata(), 76 Name: defsecTypes.String("test-subnetwork", defsecTypes.NewTestMetadata()), 77 EnableFlowLogs: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 78 }, 79 }, 80 }, 81 }, 82 }, 83 { 84 name: "defaults", 85 terraform: ` 86 resource "google_compute_subnetwork" "example" { 87 network = google_compute_network.example.id 88 } 89 90 resource "google_compute_network" "example" { 91 } 92 93 resource "google_compute_firewall" "example" { 94 network = google_compute_network.example.name 95 } 96 `, 97 expected: []compute.Network{ 98 { 99 Metadata: defsecTypes.NewTestMetadata(), 100 Firewall: &compute.Firewall{ 101 Metadata: defsecTypes.NewTestMetadata(), 102 Name: defsecTypes.String("", defsecTypes.NewTestMetadata()), 103 }, 104 Subnetworks: []compute.SubNetwork{ 105 { 106 Metadata: defsecTypes.NewTestMetadata(), 107 Name: defsecTypes.String("", defsecTypes.NewTestMetadata()), 108 EnableFlowLogs: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 109 }, 110 }, 111 }, 112 }, 113 }, 114 } 115 116 for _, test := range tests { 117 t.Run(test.name, func(t *testing.T) { 118 modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf") 119 adapted := adaptNetworks(modules) 120 testutil.AssertDefsecEqual(t, test.expected, adapted) 121 }) 122 } 123 }