github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/ec2/enable_at_rest_encryption_test.go (about) 1 package ec2 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/ec2" 9 "github.com/khulnasoft-lab/defsec/pkg/state" 10 11 "github.com/khulnasoft-lab/defsec/pkg/scan" 12 13 "github.com/stretchr/testify/assert" 14 ) 15 16 func TestCheckEnableAtRestEncryption(t *testing.T) { 17 tests := []struct { 18 name string 19 input ec2.EC2 20 expected bool 21 }{ 22 { 23 name: "encrypted block device", 24 input: ec2.EC2{ 25 Instances: []ec2.Instance{ 26 { 27 RootBlockDevice: &ec2.BlockDevice{ 28 Encrypted: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 29 }, 30 }, 31 }, 32 }, 33 expected: false, 34 }, 35 { 36 name: "unencrypted block device", 37 input: ec2.EC2{ 38 Instances: []ec2.Instance{ 39 { 40 RootBlockDevice: &ec2.BlockDevice{ 41 Encrypted: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 42 }, 43 }, 44 }, 45 }, 46 expected: true, 47 }, 48 } 49 for _, test := range tests { 50 t.Run(test.name, func(t *testing.T) { 51 var testState state.State 52 testState.AWS.EC2 = test.input 53 results := CheckEnableAtRestEncryption.Evaluate(&testState) 54 var found bool 55 for _, result := range results { 56 if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableAtRestEncryption.Rule().LongID() { 57 found = true 58 } 59 } 60 if test.expected { 61 assert.True(t, found, "Rule should have been found") 62 } else { 63 assert.False(t, found, "Rule should not have been found") 64 } 65 }) 66 } 67 }