github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/nifcloud/computing/security_group_test.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/nifcloud/computing/security_group_test.go (about)

     1  package computing
     2  
     3  import (
     4  	"testing"
     5  
     6  	defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types"
     7  
     8  	"github.com/khulnasoft-lab/defsec/pkg/providers/nifcloud/computing"
     9  
    10  	"github.com/khulnasoft-lab/defsec/internal/adapters/terraform/tftestutil"
    11  
    12  	"github.com/khulnasoft-lab/defsec/test/testutil"
    13  )
    14  
    15  func Test_adaptSecurityGroups(t *testing.T) {
    16  	tests := []struct {
    17  		name      string
    18  		terraform string
    19  		expected  []computing.SecurityGroup
    20  	}{
    21  		{
    22  			name: "configured",
    23  			terraform: `
    24  			resource "nifcloud_security_group" "example" {
    25  				group_name = "example"
    26  				description = "memo"
    27  			}
    28  			
    29  			resource "nifcloud_security_group_rule" "example" {
    30  				type                 = "IN"
    31  				security_group_names = [nifcloud_security_group.example.group_name]
    32  				from_port            = 22
    33  				to_port              = 22
    34  				protocol             = "TCP"
    35  				description          = "memo"
    36  				cidr_ip              = "1.2.3.4/32"
    37  			}
    38  `,
    39  			expected: []computing.SecurityGroup{{
    40  				Metadata:    defsecTypes.NewTestMetadata(),
    41  				Description: defsecTypes.String("memo", defsecTypes.NewTestMetadata()),
    42  				IngressRules: []computing.SecurityGroupRule{
    43  					{
    44  						Metadata:    defsecTypes.NewTestMetadata(),
    45  						CIDR:        defsecTypes.String("1.2.3.4/32", defsecTypes.NewTestMetadata()),
    46  						Description: defsecTypes.String("memo", defsecTypes.NewTestMetadata()),
    47  					},
    48  				},
    49  			}},
    50  		},
    51  		{
    52  			name: "defaults",
    53  			terraform: `
    54  			resource "nifcloud_security_group" "example" {
    55  			}
    56  			
    57  			resource "nifcloud_security_group_rule" "example" {
    58  				type                 = "IN"
    59  				security_group_names = [nifcloud_security_group.example.group_name]
    60  			}
    61  
    62  `,
    63  
    64  			expected: []computing.SecurityGroup{{
    65  				Metadata:    defsecTypes.NewTestMetadata(),
    66  				Description: defsecTypes.String("", defsecTypes.NewTestMetadata()),
    67  				IngressRules: []computing.SecurityGroupRule{
    68  					{
    69  						Metadata:    defsecTypes.NewTestMetadata(),
    70  						CIDR:        defsecTypes.String("", defsecTypes.NewTestMetadata()),
    71  						Description: defsecTypes.String("", defsecTypes.NewTestMetadata()),
    72  					},
    73  				},
    74  			}},
    75  		},
    76  	}
    77  
    78  	for _, test := range tests {
    79  		t.Run(test.name, func(t *testing.T) {
    80  			modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf")
    81  			sgAdapter := sgAdapter{sgRuleIDs: modules.GetChildResourceIDMapByType("nifcloud_security_group_rule")}
    82  			adapted := sgAdapter.adaptSecurityGroups(modules)
    83  			testutil.AssertDefsecEqual(t, test.expected, adapted)
    84  		})
    85  	}
    86  }