github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/pkg/state/merge_test.go (about) 1 package state 2 3 import ( 4 "testing" 5 6 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/ec2" 7 8 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 9 10 "github.com/khulnasoft-lab/defsec/pkg/providers/aws" 11 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/rds" 12 13 "github.com/stretchr/testify/assert" 14 ) 15 16 func Test_Merging(t *testing.T) { 17 tests := []struct { 18 name string 19 a, b, expected State 20 }{ 21 { 22 name: "both empty", 23 }, 24 { 25 name: "a empty, b has a service", 26 b: State{ 27 AWS: aws.AWS{ 28 RDS: rds.RDS{ 29 Instances: []rds.Instance{ 30 { 31 BackupRetentionPeriodDays: defsecTypes.Int(1, defsecTypes.Metadata{}), 32 ReplicationSourceARN: defsecTypes.String("arn:whatever", defsecTypes.Metadata{}), 33 PerformanceInsights: rds.PerformanceInsights{ 34 Metadata: defsecTypes.Metadata{}, 35 Enabled: defsecTypes.Bool(true, defsecTypes.Metadata{}), 36 KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), 37 }, 38 Encryption: rds.Encryption{ 39 Metadata: defsecTypes.Metadata{}, 40 EncryptStorage: defsecTypes.Bool(true, defsecTypes.Metadata{}), 41 KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), 42 }, 43 PublicAccess: defsecTypes.Bool(true, defsecTypes.Metadata{}), 44 }, 45 }, 46 }, 47 }, 48 }, 49 expected: State{ 50 AWS: aws.AWS{ 51 RDS: rds.RDS{ 52 Instances: []rds.Instance{ 53 { 54 BackupRetentionPeriodDays: defsecTypes.Int(1, defsecTypes.Metadata{}), 55 ReplicationSourceARN: defsecTypes.String("arn:whatever", defsecTypes.Metadata{}), 56 PerformanceInsights: rds.PerformanceInsights{ 57 Metadata: defsecTypes.Metadata{}, 58 Enabled: defsecTypes.Bool(true, defsecTypes.Metadata{}), 59 KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), 60 }, 61 Encryption: rds.Encryption{ 62 Metadata: defsecTypes.Metadata{}, 63 EncryptStorage: defsecTypes.Bool(true, defsecTypes.Metadata{}), 64 KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), 65 }, 66 PublicAccess: defsecTypes.Bool(true, defsecTypes.Metadata{}), 67 }, 68 }, 69 }, 70 }, 71 }, 72 }, 73 { 74 name: "b empty, a has a service", 75 a: State{ 76 AWS: aws.AWS{ 77 RDS: rds.RDS{ 78 Instances: []rds.Instance{ 79 { 80 BackupRetentionPeriodDays: defsecTypes.Int(1, defsecTypes.Metadata{}), 81 ReplicationSourceARN: defsecTypes.String("arn:whatever", defsecTypes.Metadata{}), 82 PerformanceInsights: rds.PerformanceInsights{ 83 Metadata: defsecTypes.Metadata{}, 84 Enabled: defsecTypes.Bool(true, defsecTypes.Metadata{}), 85 KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), 86 }, 87 Encryption: rds.Encryption{ 88 Metadata: defsecTypes.Metadata{}, 89 EncryptStorage: defsecTypes.Bool(true, defsecTypes.Metadata{}), 90 KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), 91 }, 92 PublicAccess: defsecTypes.Bool(true, defsecTypes.Metadata{}), 93 }, 94 }, 95 }, 96 }, 97 }, 98 expected: State{ 99 AWS: aws.AWS{ 100 RDS: rds.RDS{ 101 Instances: []rds.Instance{ 102 { 103 BackupRetentionPeriodDays: defsecTypes.Int(1, defsecTypes.Metadata{}), 104 ReplicationSourceARN: defsecTypes.String("arn:whatever", defsecTypes.Metadata{}), 105 PerformanceInsights: rds.PerformanceInsights{ 106 Metadata: defsecTypes.Metadata{}, 107 Enabled: defsecTypes.Bool(true, defsecTypes.Metadata{}), 108 KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), 109 }, 110 Encryption: rds.Encryption{ 111 Metadata: defsecTypes.Metadata{}, 112 EncryptStorage: defsecTypes.Bool(true, defsecTypes.Metadata{}), 113 KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), 114 }, 115 PublicAccess: defsecTypes.Bool(true, defsecTypes.Metadata{}), 116 }, 117 }, 118 }, 119 }, 120 }, 121 }, 122 { 123 name: "both have differing versions of same service", 124 a: State{ 125 AWS: aws.AWS{ 126 RDS: rds.RDS{ 127 Instances: []rds.Instance{ 128 { 129 BackupRetentionPeriodDays: defsecTypes.Int(1, defsecTypes.Metadata{}), 130 ReplicationSourceARN: defsecTypes.String("arn:whatever", defsecTypes.Metadata{}), 131 PerformanceInsights: rds.PerformanceInsights{ 132 Metadata: defsecTypes.Metadata{}, 133 Enabled: defsecTypes.Bool(true, defsecTypes.Metadata{}), 134 KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), 135 }, 136 Encryption: rds.Encryption{ 137 Metadata: defsecTypes.Metadata{}, 138 EncryptStorage: defsecTypes.Bool(true, defsecTypes.Metadata{}), 139 KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), 140 }, 141 PublicAccess: defsecTypes.Bool(true, defsecTypes.Metadata{}), 142 }, 143 }, 144 }, 145 }, 146 }, 147 b: State{ 148 AWS: aws.AWS{ 149 RDS: rds.RDS{ 150 Instances: []rds.Instance{ 151 { 152 BackupRetentionPeriodDays: defsecTypes.Int(1, defsecTypes.Metadata{}), 153 ReplicationSourceARN: defsecTypes.String("arn:whatever:B", defsecTypes.Metadata{}), 154 PerformanceInsights: rds.PerformanceInsights{ 155 Metadata: defsecTypes.Metadata{}, 156 Enabled: defsecTypes.Bool(true, defsecTypes.Metadata{}), 157 KMSKeyID: defsecTypes.String("keyidhere:B", defsecTypes.Metadata{}), 158 }, 159 Encryption: rds.Encryption{ 160 Metadata: defsecTypes.Metadata{}, 161 EncryptStorage: defsecTypes.Bool(true, defsecTypes.Metadata{}), 162 KMSKeyID: defsecTypes.String("keyidhere:B", defsecTypes.Metadata{}), 163 }, 164 PublicAccess: defsecTypes.Bool(true, defsecTypes.Metadata{}), 165 }, 166 }, 167 }, 168 }, 169 }, 170 expected: State{ 171 AWS: aws.AWS{ 172 RDS: rds.RDS{ 173 Instances: []rds.Instance{ 174 { 175 BackupRetentionPeriodDays: defsecTypes.Int(1, defsecTypes.Metadata{}), 176 ReplicationSourceARN: defsecTypes.String("arn:whatever:B", defsecTypes.Metadata{}), 177 PerformanceInsights: rds.PerformanceInsights{ 178 Metadata: defsecTypes.Metadata{}, 179 Enabled: defsecTypes.Bool(true, defsecTypes.Metadata{}), 180 KMSKeyID: defsecTypes.String("keyidhere:B", defsecTypes.Metadata{}), 181 }, 182 Encryption: rds.Encryption{ 183 Metadata: defsecTypes.Metadata{}, 184 EncryptStorage: defsecTypes.Bool(true, defsecTypes.Metadata{}), 185 KMSKeyID: defsecTypes.String("keyidhere:B", defsecTypes.Metadata{}), 186 }, 187 PublicAccess: defsecTypes.Bool(true, defsecTypes.Metadata{}), 188 }, 189 }, 190 }, 191 }, 192 }, 193 }, 194 { 195 name: "each has a different service", 196 a: State{ 197 AWS: aws.AWS{ 198 RDS: rds.RDS{ 199 Instances: []rds.Instance{ 200 { 201 BackupRetentionPeriodDays: defsecTypes.Int(1, defsecTypes.Metadata{}), 202 ReplicationSourceARN: defsecTypes.String("arn:whatever", defsecTypes.Metadata{}), 203 PerformanceInsights: rds.PerformanceInsights{ 204 Metadata: defsecTypes.Metadata{}, 205 Enabled: defsecTypes.Bool(true, defsecTypes.Metadata{}), 206 KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), 207 }, 208 Encryption: rds.Encryption{ 209 Metadata: defsecTypes.Metadata{}, 210 EncryptStorage: defsecTypes.Bool(true, defsecTypes.Metadata{}), 211 KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), 212 }, 213 PublicAccess: defsecTypes.Bool(true, defsecTypes.Metadata{}), 214 }, 215 }, 216 }, 217 }, 218 }, 219 b: State{ 220 AWS: aws.AWS{ 221 EC2: ec2.EC2{ 222 Instances: []ec2.Instance{ 223 { 224 Metadata: defsecTypes.Metadata{}, 225 MetadataOptions: ec2.MetadataOptions{ 226 Metadata: defsecTypes.Metadata{}, 227 HttpTokens: defsecTypes.String("something", defsecTypes.Metadata{}), 228 HttpEndpoint: defsecTypes.String("something", defsecTypes.Metadata{}), 229 }, 230 UserData: defsecTypes.String("something", defsecTypes.Metadata{}), 231 SecurityGroups: []ec2.SecurityGroup{ 232 { 233 Metadata: defsecTypes.Metadata{}, 234 IsDefault: defsecTypes.Bool(true, defsecTypes.Metadata{}), 235 Description: defsecTypes.String("something", defsecTypes.Metadata{}), 236 IngressRules: []ec2.SecurityGroupRule{ 237 { 238 Metadata: defsecTypes.Metadata{}, 239 Description: defsecTypes.String("something", defsecTypes.Metadata{}), 240 CIDRs: []defsecTypes.StringValue{ 241 defsecTypes.String("something", defsecTypes.Metadata{}), 242 }, 243 }, 244 }, 245 EgressRules: nil, 246 VPCID: defsecTypes.String("something", defsecTypes.Metadata{}), 247 }, 248 }, 249 RootBlockDevice: &ec2.BlockDevice{ 250 Metadata: defsecTypes.Metadata{}, 251 Encrypted: defsecTypes.Bool(true, defsecTypes.Metadata{}), 252 }, 253 EBSBlockDevices: []*ec2.BlockDevice{ 254 { 255 Metadata: defsecTypes.Metadata{}, 256 Encrypted: defsecTypes.Bool(true, defsecTypes.Metadata{}), 257 }, 258 }, 259 }, 260 }, 261 }, 262 }, 263 }, 264 expected: State{ 265 AWS: aws.AWS{ 266 EC2: ec2.EC2{ 267 Instances: []ec2.Instance{ 268 { 269 Metadata: defsecTypes.Metadata{}, 270 MetadataOptions: ec2.MetadataOptions{ 271 Metadata: defsecTypes.Metadata{}, 272 HttpTokens: defsecTypes.String("something", defsecTypes.Metadata{}), 273 HttpEndpoint: defsecTypes.String("something", defsecTypes.Metadata{}), 274 }, 275 UserData: defsecTypes.String("something", defsecTypes.Metadata{}), 276 SecurityGroups: []ec2.SecurityGroup{ 277 { 278 Metadata: defsecTypes.Metadata{}, 279 IsDefault: defsecTypes.Bool(true, defsecTypes.Metadata{}), 280 Description: defsecTypes.String("something", defsecTypes.Metadata{}), 281 IngressRules: []ec2.SecurityGroupRule{ 282 { 283 Metadata: defsecTypes.Metadata{}, 284 Description: defsecTypes.String("something", defsecTypes.Metadata{}), 285 CIDRs: []defsecTypes.StringValue{ 286 defsecTypes.String("something", defsecTypes.Metadata{}), 287 }, 288 }, 289 }, 290 EgressRules: nil, 291 VPCID: defsecTypes.String("something", defsecTypes.Metadata{}), 292 }, 293 }, 294 RootBlockDevice: &ec2.BlockDevice{ 295 Metadata: defsecTypes.Metadata{}, 296 Encrypted: defsecTypes.Bool(true, defsecTypes.Metadata{}), 297 }, 298 EBSBlockDevices: []*ec2.BlockDevice{ 299 { 300 Metadata: defsecTypes.Metadata{}, 301 Encrypted: defsecTypes.Bool(true, defsecTypes.Metadata{}), 302 }, 303 }, 304 }, 305 }, 306 }, 307 RDS: rds.RDS{ 308 Instances: []rds.Instance{ 309 { 310 BackupRetentionPeriodDays: defsecTypes.Int(1, defsecTypes.Metadata{}), 311 ReplicationSourceARN: defsecTypes.String("arn:whatever", defsecTypes.Metadata{}), 312 PerformanceInsights: rds.PerformanceInsights{ 313 Metadata: defsecTypes.Metadata{}, 314 Enabled: defsecTypes.Bool(true, defsecTypes.Metadata{}), 315 KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), 316 }, 317 Encryption: rds.Encryption{ 318 Metadata: defsecTypes.Metadata{}, 319 EncryptStorage: defsecTypes.Bool(true, defsecTypes.Metadata{}), 320 KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), 321 }, 322 PublicAccess: defsecTypes.Bool(true, defsecTypes.Metadata{}), 323 }, 324 }, 325 }, 326 }, 327 }, 328 }, 329 } 330 331 for _, test := range tests { 332 t.Run(test.name, func(t *testing.T) { 333 actual, err := test.a.Merge(&test.b) 334 if err != nil { 335 t.Fatal(err) 336 } 337 assert.Equal(t, test.expected, *actual) 338 }) 339 } 340 341 }