github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/iam/no_user_attached_policies_test.go (about) 1 package iam 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 "github.com/khulnasoft-lab/defsec/pkg/state" 9 10 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/iam" 11 "github.com/khulnasoft-lab/defsec/pkg/scan" 12 13 "github.com/stretchr/testify/assert" 14 ) 15 16 func TestCheckNoUserAttachedPolicies(t *testing.T) { 17 tests := []struct { 18 name string 19 input iam.IAM 20 expected bool 21 }{ 22 { 23 name: "user without policies attached", 24 input: iam.IAM{ 25 Users: []iam.User{ 26 { 27 Metadata: defsecTypes.NewTestMetadata(), 28 Name: defsecTypes.String("example", defsecTypes.NewTestMetadata()), 29 }, 30 }, 31 }, 32 expected: false, 33 }, 34 { 35 name: "user with a policy attached", 36 input: iam.IAM{ 37 Users: []iam.User{ 38 { 39 Metadata: defsecTypes.NewTestMetadata(), 40 Name: defsecTypes.String("example", defsecTypes.NewTestMetadata()), 41 Policies: []iam.Policy{ 42 { 43 Metadata: defsecTypes.NewTestMetadata(), 44 Name: defsecTypes.String("another.policy", defsecTypes.NewTestMetadata()), 45 Document: iam.Document{ 46 Metadata: defsecTypes.NewTestMetadata(), 47 }, 48 }, 49 }, 50 }, 51 }, 52 }, 53 expected: true, 54 }, 55 } 56 for _, test := range tests { 57 t.Run(test.name, func(t *testing.T) { 58 var testState state.State 59 testState.AWS.IAM = test.input 60 results := checkNoUserAttachedPolicies.Evaluate(&testState) 61 var found bool 62 for _, result := range results { 63 if result.Status() == scan.StatusFailed && result.Rule().LongID() == checkNoUserAttachedPolicies.Rule().LongID() { 64 found = true 65 } 66 } 67 if test.expected { 68 assert.True(t, found, "Rule should have been found") 69 } else { 70 assert.False(t, found, "Rule should not have been found") 71 } 72 }) 73 } 74 }