github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/openstack/adapt_test.go (about) 1 package openstack 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 "github.com/khulnasoft-lab/defsec/pkg/providers/openstack" 9 10 "github.com/khulnasoft-lab/defsec/internal/adapters/terraform/tftestutil" 11 12 "github.com/khulnasoft-lab/defsec/test/testutil" 13 "github.com/stretchr/testify/assert" 14 "github.com/stretchr/testify/require" 15 ) 16 17 func TestFields(t *testing.T) { 18 tests := []struct { 19 name string 20 terraform string 21 expected openstack.OpenStack 22 }{ 23 { 24 name: "Plaintext password", 25 terraform: ` 26 resource "openstack_compute_instance_v2" "my-instance" { 27 admin_pass = "N0tSoS3cretP4ssw0rd" 28 29 }`, 30 expected: openstack.OpenStack{ 31 Compute: openstack.Compute{ 32 Instances: []openstack.Instance{ 33 { 34 Metadata: defsecTypes.NewTestMetadata(), 35 AdminPassword: defsecTypes.String("N0tSoS3cretP4ssw0rd", defsecTypes.NewTestMetadata()), 36 }, 37 }, 38 }, 39 }, 40 }, 41 { 42 name: "No plaintext password", 43 terraform: ` 44 resource "openstack_compute_instance_v2" "my-instance" { 45 }`, 46 expected: openstack.OpenStack{ 47 Compute: openstack.Compute{ 48 Instances: []openstack.Instance{ 49 { 50 Metadata: defsecTypes.NewTestMetadata(), 51 AdminPassword: defsecTypes.String("", defsecTypes.NewTestMetadata()), 52 }, 53 }, 54 }, 55 }, 56 }, 57 { 58 name: "Firewall rule", 59 terraform: ` 60 resource "openstack_fw_rule_v1" "rule_1" { 61 action = "allow" 62 protocol = "tcp" 63 destination_port = "22" 64 destination_ip_address = "10.10.10.1" 65 source_ip_address = "10.10.10.2" 66 enabled = "true" 67 }`, 68 expected: openstack.OpenStack{ 69 Compute: openstack.Compute{ 70 Firewall: openstack.Firewall{ 71 AllowRules: []openstack.FirewallRule{ 72 { 73 Metadata: defsecTypes.NewTestMetadata(), 74 Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 75 Destination: defsecTypes.String("10.10.10.1", defsecTypes.NewTestMetadata()), 76 Source: defsecTypes.String("10.10.10.2", defsecTypes.NewTestMetadata()), 77 DestinationPort: defsecTypes.String("22", defsecTypes.NewTestMetadata()), 78 SourcePort: defsecTypes.String("", defsecTypes.NewTestMetadata()), 79 }, 80 }, 81 }, 82 }, 83 }, 84 }, 85 } 86 for _, test := range tests { 87 t.Run(test.name, func(t *testing.T) { 88 modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf") 89 adapted := Adapt(modules) 90 testutil.AssertDefsecEqual(t, test.expected, adapted) 91 }) 92 } 93 } 94 95 func TestLines(t *testing.T) { 96 src := ` 97 resource "openstack_compute_instance_v2" "my-instance" { 98 admin_pass = "N0tSoS3cretP4ssw0rd" 99 } 100 101 resource "openstack_fw_rule_v1" "rule_1" { 102 action = "allow" 103 protocol = "tcp" 104 destination_port = "22" 105 destination_ip_address = "10.10.10.1" 106 source_ip_address = "10.10.10.2" 107 enabled = "true" 108 }` 109 110 modules := tftestutil.CreateModulesFromSource(t, src, ".tf") 111 adapted := Adapt(modules) 112 113 require.Len(t, adapted.Compute.Instances, 1) 114 instance := adapted.Compute.Instances[0] 115 116 require.Len(t, adapted.Compute.Firewall.AllowRules, 1) 117 rule := adapted.Compute.Firewall.AllowRules[0] 118 119 assert.Equal(t, 3, instance.AdminPassword.GetMetadata().Range().GetStartLine()) 120 assert.Equal(t, 3, instance.AdminPassword.GetMetadata().Range().GetEndLine()) 121 122 assert.Equal(t, 9, rule.DestinationPort.GetMetadata().Range().GetStartLine()) 123 assert.Equal(t, 9, rule.DestinationPort.GetMetadata().Range().GetEndLine()) 124 125 assert.Equal(t, 10, rule.Destination.GetMetadata().Range().GetStartLine()) 126 assert.Equal(t, 10, rule.Destination.GetMetadata().Range().GetEndLine()) 127 128 assert.Equal(t, 11, rule.Source.GetMetadata().Range().GetStartLine()) 129 assert.Equal(t, 11, rule.Source.GetMetadata().Range().GetEndLine()) 130 131 assert.Equal(t, 12, rule.Enabled.GetMetadata().Range().GetStartLine()) 132 assert.Equal(t, 12, rule.Enabled.GetMetadata().Range().GetEndLine()) 133 }