github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/cloudtrail/ensure_cloudwatch_integration_test.go (about) 1 package cloudtrail 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 "github.com/khulnasoft-lab/defsec/pkg/scan" 9 "github.com/khulnasoft-lab/defsec/pkg/state" 10 11 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/cloudtrail" 12 "github.com/stretchr/testify/assert" 13 ) 14 15 func TestCheckEnsureCloudwatchIntegration(t *testing.T) { 16 tests := []struct { 17 name string 18 input cloudtrail.CloudTrail 19 expected bool 20 }{ 21 { 22 name: "Trail has cloudwatch configured", 23 input: cloudtrail.CloudTrail{ 24 Trails: []cloudtrail.Trail{ 25 { 26 Metadata: defsecTypes.NewTestMetadata(), 27 CloudWatchLogsLogGroupArn: defsecTypes.String("arn:aws:logs:us-east-1:123456789012:log-group:my-log-group", defsecTypes.NewTestMetadata()), 28 }, 29 }, 30 }, 31 expected: false, 32 }, 33 { 34 name: "Trail does not have cloudwatch configured", 35 input: cloudtrail.CloudTrail{ 36 Trails: []cloudtrail.Trail{ 37 { 38 Metadata: defsecTypes.NewTestMetadata(), 39 CloudWatchLogsLogGroupArn: defsecTypes.String("", defsecTypes.NewTestMetadata()), 40 }, 41 }, 42 }, 43 expected: true, 44 }, 45 } 46 for _, test := range tests { 47 t.Run(test.name, func(t *testing.T) { 48 var testState state.State 49 testState.AWS.CloudTrail = test.input 50 results := checkEnsureCloudwatchIntegration.Evaluate(&testState) 51 var found bool 52 for _, result := range results { 53 if result.Status() == scan.StatusFailed && result.Rule().LongID() == checkEnsureCloudwatchIntegration.Rule().LongID() { 54 found = true 55 } 56 } 57 if test.expected { 58 assert.True(t, found, "Rule should have been found") 59 } else { 60 assert.False(t, found, "Rule should not have been found") 61 } 62 }) 63 } 64 }