github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/google/sql/adapt_test.go (about) 1 package sql 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 "github.com/khulnasoft-lab/defsec/pkg/providers/google/sql" 9 10 "github.com/khulnasoft-lab/defsec/internal/adapters/terraform/tftestutil" 11 12 "github.com/khulnasoft-lab/defsec/test/testutil" 13 "github.com/stretchr/testify/assert" 14 "github.com/stretchr/testify/require" 15 ) 16 17 func Test_Adapt(t *testing.T) { 18 tests := []struct { 19 name string 20 terraform string 21 expected sql.SQL 22 }{ 23 { 24 name: "default flags", 25 terraform: ` 26 resource "google_sql_database_instance" "db" { 27 database_version = "POSTGRES_12" 28 settings { 29 backup_configuration { 30 enabled = true 31 } 32 ip_configuration { 33 ipv4_enabled = false 34 authorized_networks { 35 value = "108.12.12.0/24" 36 name = "internal" 37 } 38 require_ssl = true 39 } 40 } 41 } 42 `, 43 expected: sql.SQL{ 44 Instances: []sql.DatabaseInstance{ 45 { 46 Metadata: defsecTypes.NewTestMetadata(), 47 IsReplica: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 48 DatabaseVersion: defsecTypes.String("POSTGRES_12", defsecTypes.NewTestMetadata()), 49 Settings: sql.Settings{ 50 Metadata: defsecTypes.NewTestMetadata(), 51 Backups: sql.Backups{ 52 Metadata: defsecTypes.NewTestMetadata(), 53 Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 54 }, 55 Flags: sql.Flags{ 56 Metadata: defsecTypes.NewTestMetadata(), 57 LogMinDurationStatement: defsecTypes.Int(-1, defsecTypes.NewTestMetadata()), 58 ContainedDatabaseAuthentication: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 59 CrossDBOwnershipChaining: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 60 LocalInFile: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 61 LogCheckpoints: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 62 LogConnections: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 63 LogDisconnections: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 64 LogLockWaits: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 65 LogMinMessages: defsecTypes.String("", defsecTypes.NewTestMetadata()), 66 LogTempFileSize: defsecTypes.Int(-1, defsecTypes.NewTestMetadata()), 67 }, 68 IPConfiguration: sql.IPConfiguration{ 69 Metadata: defsecTypes.NewTestMetadata(), 70 RequireTLS: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 71 EnableIPv4: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 72 AuthorizedNetworks: []struct { 73 Name defsecTypes.StringValue 74 CIDR defsecTypes.StringValue 75 }{ 76 { 77 Name: defsecTypes.String("internal", defsecTypes.NewTestMetadata()), 78 CIDR: defsecTypes.String("108.12.12.0/24", defsecTypes.NewTestMetadata()), 79 }, 80 }, 81 }, 82 }, 83 }, 84 }, 85 }, 86 }, 87 } 88 89 for _, test := range tests { 90 t.Run(test.name, func(t *testing.T) { 91 modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf") 92 adapted := Adapt(modules) 93 testutil.AssertDefsecEqual(t, test.expected, adapted) 94 }) 95 } 96 } 97 98 func Test_adaptInstances(t *testing.T) { 99 tests := []struct { 100 name string 101 terraform string 102 expected []sql.DatabaseInstance 103 }{ 104 { 105 name: "all flags", 106 terraform: ` 107 resource "google_sql_database_instance" "backup_source_instance" { 108 name = "test-instance" 109 database_version = "POSTGRES_11" 110 111 project = "test-project" 112 region = "europe-west6" 113 deletion_protection = false 114 settings { 115 tier = "db-f1-micro" 116 backup_configuration { 117 enabled = true 118 } 119 ip_configuration { 120 ipv4_enabled = false 121 private_network = "test-network" 122 require_ssl = true 123 } 124 database_flags { 125 name = "log_connections" 126 value = "on" 127 } 128 database_flags { 129 name = "log_temp_files" 130 value = "0" 131 } 132 database_flags { 133 name = "log_checkpoints" 134 value = "on" 135 } 136 database_flags { 137 name = "log_disconnections" 138 value = "on" 139 } 140 database_flags { 141 name = "log_lock_waits" 142 value = "on" 143 } 144 } 145 } 146 `, 147 expected: []sql.DatabaseInstance{ 148 { 149 Metadata: defsecTypes.NewTestMetadata(), 150 DatabaseVersion: defsecTypes.String("POSTGRES_11", defsecTypes.NewTestMetadata()), 151 IsReplica: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 152 Settings: sql.Settings{ 153 Backups: sql.Backups{ 154 Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 155 }, 156 Flags: sql.Flags{ 157 LogConnections: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 158 LogTempFileSize: defsecTypes.Int(0, defsecTypes.NewTestMetadata()), 159 LogCheckpoints: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 160 LogDisconnections: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 161 LogLockWaits: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 162 ContainedDatabaseAuthentication: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 163 CrossDBOwnershipChaining: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 164 LocalInFile: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 165 LogMinDurationStatement: defsecTypes.Int(-1, defsecTypes.NewTestMetadata()), 166 LogMinMessages: defsecTypes.String("", defsecTypes.NewTestMetadata()), 167 }, 168 IPConfiguration: sql.IPConfiguration{ 169 EnableIPv4: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 170 RequireTLS: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 171 }, 172 }, 173 }, 174 }, 175 }, 176 } 177 178 for _, test := range tests { 179 t.Run(test.name, func(t *testing.T) { 180 modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf") 181 adapted := adaptInstances(modules) 182 testutil.AssertDefsecEqual(t, test.expected, adapted) 183 }) 184 } 185 } 186 187 func TestLines(t *testing.T) { 188 src := ` 189 resource "google_sql_database_instance" "backup_source_instance" { 190 name = "test-instance" 191 database_version = "POSTGRES_11" 192 193 settings { 194 backup_configuration { 195 enabled = true 196 } 197 198 ip_configuration { 199 ipv4_enabled = false 200 require_ssl = true 201 authorized_networks { 202 name = "internal" 203 value = "108.12.12.0/24" 204 } 205 } 206 207 database_flags { 208 name = "log_connections" 209 value = "on" 210 } 211 database_flags { 212 name = "log_temp_files" 213 value = "0" 214 } 215 database_flags { 216 name = "log_checkpoints" 217 value = "on" 218 } 219 database_flags { 220 name = "log_disconnections" 221 value = "on" 222 } 223 database_flags { 224 name = "log_lock_waits" 225 value = "on" 226 } 227 } 228 }` 229 230 modules := tftestutil.CreateModulesFromSource(t, src, ".tf") 231 adapted := Adapt(modules) 232 233 require.Len(t, adapted.Instances, 1) 234 instance := adapted.Instances[0] 235 236 assert.Equal(t, 2, instance.Metadata.Range().GetStartLine()) 237 assert.Equal(t, 41, instance.Metadata.Range().GetEndLine()) 238 239 assert.Equal(t, 4, instance.DatabaseVersion.GetMetadata().Range().GetStartLine()) 240 assert.Equal(t, 4, instance.DatabaseVersion.GetMetadata().Range().GetEndLine()) 241 242 assert.Equal(t, 6, instance.Settings.Metadata.Range().GetStartLine()) 243 assert.Equal(t, 40, instance.Settings.Metadata.Range().GetEndLine()) 244 245 assert.Equal(t, 7, instance.Settings.Backups.Metadata.Range().GetStartLine()) 246 assert.Equal(t, 9, instance.Settings.Backups.Metadata.Range().GetEndLine()) 247 248 assert.Equal(t, 8, instance.Settings.Backups.Enabled.GetMetadata().Range().GetStartLine()) 249 assert.Equal(t, 8, instance.Settings.Backups.Enabled.GetMetadata().Range().GetEndLine()) 250 251 assert.Equal(t, 11, instance.Settings.IPConfiguration.Metadata.Range().GetStartLine()) 252 assert.Equal(t, 18, instance.Settings.IPConfiguration.Metadata.Range().GetEndLine()) 253 254 assert.Equal(t, 12, instance.Settings.IPConfiguration.EnableIPv4.GetMetadata().Range().GetStartLine()) 255 assert.Equal(t, 12, instance.Settings.IPConfiguration.EnableIPv4.GetMetadata().Range().GetEndLine()) 256 257 assert.Equal(t, 13, instance.Settings.IPConfiguration.RequireTLS.GetMetadata().Range().GetStartLine()) 258 assert.Equal(t, 13, instance.Settings.IPConfiguration.RequireTLS.GetMetadata().Range().GetEndLine()) 259 260 assert.Equal(t, 15, instance.Settings.IPConfiguration.AuthorizedNetworks[0].Name.GetMetadata().Range().GetStartLine()) 261 assert.Equal(t, 15, instance.Settings.IPConfiguration.AuthorizedNetworks[0].Name.GetMetadata().Range().GetEndLine()) 262 263 assert.Equal(t, 16, instance.Settings.IPConfiguration.AuthorizedNetworks[0].CIDR.GetMetadata().Range().GetStartLine()) 264 assert.Equal(t, 16, instance.Settings.IPConfiguration.AuthorizedNetworks[0].CIDR.GetMetadata().Range().GetEndLine()) 265 266 assert.Equal(t, 22, instance.Settings.Flags.LogConnections.GetMetadata().Range().GetStartLine()) 267 assert.Equal(t, 22, instance.Settings.Flags.LogConnections.GetMetadata().Range().GetEndLine()) 268 269 assert.Equal(t, 25, instance.Settings.Flags.LogTempFileSize.GetMetadata().Range().GetStartLine()) 270 assert.Equal(t, 25, instance.Settings.Flags.LogTempFileSize.GetMetadata().Range().GetEndLine()) 271 272 assert.Equal(t, 34, instance.Settings.Flags.LogDisconnections.GetMetadata().Range().GetStartLine()) 273 assert.Equal(t, 34, instance.Settings.Flags.LogDisconnections.GetMetadata().Range().GetEndLine()) 274 275 assert.Equal(t, 38, instance.Settings.Flags.LogLockWaits.GetMetadata().Range().GetStartLine()) 276 assert.Equal(t, 38, instance.Settings.Flags.LogLockWaits.GetMetadata().Range().GetEndLine()) 277 278 }