github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/google/storage/adapt_test.go (about) 1 package storage 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 "github.com/khulnasoft-lab/defsec/pkg/providers/google/iam" 9 "github.com/khulnasoft-lab/defsec/pkg/providers/google/storage" 10 "github.com/stretchr/testify/assert" 11 "github.com/stretchr/testify/require" 12 13 "github.com/khulnasoft-lab/defsec/internal/adapters/terraform/tftestutil" 14 "github.com/khulnasoft-lab/defsec/test/testutil" 15 ) 16 17 func Test_Adapt(t *testing.T) { 18 tests := []struct { 19 name string 20 terraform string 21 expected storage.Storage 22 }{ 23 { 24 name: "defined", 25 terraform: ` 26 resource "google_storage_bucket" "static-site" { 27 name = "image-store.com" 28 location = "EU" 29 uniform_bucket_level_access = true 30 31 encryption { 32 default_kms_key_name = "default-kms-key-name" 33 } 34 } 35 36 resource "google_storage_bucket_iam_binding" "binding" { 37 bucket = google_storage_bucket.static-site.name 38 role = "roles/storage.admin #1" 39 members = [ 40 "group:test@example.com", 41 ] 42 } 43 44 resource "google_storage_bucket_iam_member" "example" { 45 member = "serviceAccount:test@example.com" 46 bucket = google_storage_bucket.static-site.name 47 role = "roles/storage.admin #2" 48 }`, 49 expected: storage.Storage{ 50 Buckets: []storage.Bucket{ 51 { 52 Metadata: defsecTypes.NewTestMetadata(), 53 Name: defsecTypes.String("image-store.com", defsecTypes.NewTestMetadata()), 54 Location: defsecTypes.String("EU", defsecTypes.NewTestMetadata()), 55 EnableUniformBucketLevelAccess: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 56 Bindings: []iam.Binding{ 57 { 58 Metadata: defsecTypes.NewTestMetadata(), 59 Members: []defsecTypes.StringValue{ 60 defsecTypes.String("group:test@example.com", defsecTypes.NewTestMetadata()), 61 }, 62 Role: defsecTypes.String("roles/storage.admin #1", defsecTypes.NewTestMetadata()), 63 IncludesDefaultServiceAccount: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 64 }, 65 }, 66 Members: []iam.Member{ 67 { 68 Metadata: defsecTypes.NewTestMetadata(), 69 Member: defsecTypes.String("serviceAccount:test@example.com", defsecTypes.NewTestMetadata()), 70 Role: defsecTypes.String("roles/storage.admin #2", defsecTypes.NewTestMetadata()), 71 DefaultServiceAccount: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 72 }, 73 }, 74 Encryption: storage.BucketEncryption{ 75 Metadata: defsecTypes.NewTestMetadata(), 76 DefaultKMSKeyName: defsecTypes.String("default-kms-key-name", defsecTypes.NewTestMetadata()), 77 }, 78 }, 79 }, 80 }, 81 }, 82 { 83 name: "defaults", 84 terraform: ` 85 resource "google_storage_bucket" "static-site" { 86 } 87 88 resource "google_storage_bucket_iam_binding" "binding" { 89 bucket = google_storage_bucket.static-site.name 90 } 91 92 resource "google_storage_bucket_iam_member" "example" { 93 bucket = google_storage_bucket.static-site.name 94 }`, 95 expected: storage.Storage{ 96 Buckets: []storage.Bucket{ 97 { 98 Metadata: defsecTypes.NewTestMetadata(), 99 Name: defsecTypes.String("", defsecTypes.NewTestMetadata()), 100 Location: defsecTypes.String("", defsecTypes.NewTestMetadata()), 101 EnableUniformBucketLevelAccess: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 102 Bindings: []iam.Binding{ 103 { 104 Metadata: defsecTypes.NewTestMetadata(), 105 Role: defsecTypes.String("", defsecTypes.NewTestMetadata()), 106 IncludesDefaultServiceAccount: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 107 }, 108 }, 109 Members: []iam.Member{ 110 { 111 Metadata: defsecTypes.NewTestMetadata(), 112 Member: defsecTypes.String("", defsecTypes.NewTestMetadata()), 113 Role: defsecTypes.String("", defsecTypes.NewTestMetadata()), 114 DefaultServiceAccount: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 115 }, 116 }, 117 Encryption: storage.BucketEncryption{ 118 Metadata: defsecTypes.NewTestMetadata(), 119 DefaultKMSKeyName: defsecTypes.String("", defsecTypes.NewTestMetadata()), 120 }, 121 }, 122 }, 123 }, 124 }, 125 } 126 127 for _, test := range tests { 128 t.Run(test.name, func(t *testing.T) { 129 modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf") 130 adapted := Adapt(modules) 131 testutil.AssertDefsecEqual(t, test.expected, adapted) 132 }) 133 } 134 } 135 136 func TestLines(t *testing.T) { 137 src := ` 138 resource "google_storage_bucket" "static-site" { 139 name = "image-store.com" 140 location = "EU" 141 uniform_bucket_level_access = true 142 } 143 144 resource "google_storage_bucket_iam_binding" "binding" { 145 bucket = google_storage_bucket.static-site.name 146 role = "roles/storage.admin #1" 147 members = [ 148 "group:test@example.com", 149 ] 150 } 151 152 resource "google_storage_bucket_iam_member" "example" { 153 member = "serviceAccount:test@example.com" 154 bucket = google_storage_bucket.static-site.name 155 role = "roles/storage.admin #2" 156 }` 157 158 modules := tftestutil.CreateModulesFromSource(t, src, ".tf") 159 adapted := Adapt(modules) 160 161 require.Len(t, adapted.Buckets, 1) 162 require.Len(t, adapted.Buckets[0].Bindings, 1) 163 require.Len(t, adapted.Buckets[0].Members, 1) 164 165 bucket := adapted.Buckets[0] 166 binding := adapted.Buckets[0].Bindings[0] 167 member := adapted.Buckets[0].Members[0] 168 169 assert.Equal(t, 2, bucket.Metadata.Range().GetStartLine()) 170 assert.Equal(t, 6, bucket.Metadata.Range().GetEndLine()) 171 172 assert.Equal(t, 3, bucket.Name.GetMetadata().Range().GetStartLine()) 173 assert.Equal(t, 3, bucket.Name.GetMetadata().Range().GetEndLine()) 174 175 assert.Equal(t, 4, bucket.Location.GetMetadata().Range().GetStartLine()) 176 assert.Equal(t, 4, bucket.Location.GetMetadata().Range().GetEndLine()) 177 178 assert.Equal(t, 5, bucket.EnableUniformBucketLevelAccess.GetMetadata().Range().GetStartLine()) 179 assert.Equal(t, 5, bucket.EnableUniformBucketLevelAccess.GetMetadata().Range().GetEndLine()) 180 181 assert.Equal(t, 8, binding.Metadata.Range().GetStartLine()) 182 assert.Equal(t, 14, binding.Metadata.Range().GetEndLine()) 183 184 assert.Equal(t, 10, binding.Role.GetMetadata().Range().GetStartLine()) 185 assert.Equal(t, 10, binding.Role.GetMetadata().Range().GetEndLine()) 186 187 assert.Equal(t, 11, binding.Members[0].GetMetadata().Range().GetStartLine()) 188 assert.Equal(t, 13, binding.Members[0].GetMetadata().Range().GetEndLine()) 189 190 assert.Equal(t, 16, member.Metadata.Range().GetStartLine()) 191 assert.Equal(t, 20, member.Metadata.Range().GetEndLine()) 192 193 assert.Equal(t, 17, member.Member.GetMetadata().Range().GetStartLine()) 194 assert.Equal(t, 17, member.Member.GetMetadata().Range().GetEndLine()) 195 196 assert.Equal(t, 19, member.Role.GetMetadata().Range().GetStartLine()) 197 assert.Equal(t, 19, member.Role.GetMetadata().Range().GetEndLine()) 198 }