github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/msk/enable_logging_test.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/msk/enable_logging_test.go (about)

     1  package msk
     2  
     3  import (
     4  	"testing"
     5  
     6  	defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types"
     7  
     8  	"github.com/khulnasoft-lab/defsec/pkg/state"
     9  
    10  	"github.com/khulnasoft-lab/defsec/pkg/providers/aws/msk"
    11  	"github.com/khulnasoft-lab/defsec/pkg/scan"
    12  
    13  	"github.com/stretchr/testify/assert"
    14  )
    15  
    16  func TestCheckEnableLogging(t *testing.T) {
    17  	tests := []struct {
    18  		name     string
    19  		input    msk.MSK
    20  		expected bool
    21  	}{
    22  		{
    23  			name: "Cluster with logging disabled",
    24  			input: msk.MSK{
    25  				Clusters: []msk.Cluster{
    26  					{
    27  						Metadata: defsecTypes.NewTestMetadata(),
    28  						Logging: msk.Logging{
    29  							Metadata: defsecTypes.NewTestMetadata(),
    30  							Broker: msk.BrokerLogging{
    31  								Metadata: defsecTypes.NewTestMetadata(),
    32  								S3: msk.S3Logging{
    33  									Metadata: defsecTypes.NewTestMetadata(),
    34  									Enabled:  defsecTypes.Bool(false, defsecTypes.NewTestMetadata()),
    35  								},
    36  								Cloudwatch: msk.CloudwatchLogging{
    37  									Metadata: defsecTypes.NewTestMetadata(),
    38  									Enabled:  defsecTypes.Bool(false, defsecTypes.NewTestMetadata()),
    39  								},
    40  								Firehose: msk.FirehoseLogging{
    41  									Metadata: defsecTypes.NewTestMetadata(),
    42  									Enabled:  defsecTypes.Bool(false, defsecTypes.NewTestMetadata()),
    43  								},
    44  							},
    45  						},
    46  					},
    47  				},
    48  			},
    49  			expected: true,
    50  		},
    51  		{
    52  			name: "Cluster logging to S3",
    53  			input: msk.MSK{
    54  				Clusters: []msk.Cluster{
    55  					{
    56  						Metadata: defsecTypes.NewTestMetadata(),
    57  						Logging: msk.Logging{
    58  							Metadata: defsecTypes.NewTestMetadata(),
    59  							Broker: msk.BrokerLogging{
    60  								Metadata: defsecTypes.NewTestMetadata(),
    61  								S3: msk.S3Logging{
    62  									Metadata: defsecTypes.NewTestMetadata(),
    63  									Enabled:  defsecTypes.Bool(true, defsecTypes.NewTestMetadata()),
    64  								},
    65  								Cloudwatch: msk.CloudwatchLogging{
    66  									Metadata: defsecTypes.NewTestMetadata(),
    67  									Enabled:  defsecTypes.Bool(false, defsecTypes.NewTestMetadata()),
    68  								},
    69  								Firehose: msk.FirehoseLogging{
    70  									Metadata: defsecTypes.NewTestMetadata(),
    71  									Enabled:  defsecTypes.Bool(false, defsecTypes.NewTestMetadata()),
    72  								},
    73  							},
    74  						},
    75  					},
    76  				},
    77  			},
    78  			expected: false,
    79  		},
    80  	}
    81  	for _, test := range tests {
    82  		t.Run(test.name, func(t *testing.T) {
    83  			var testState state.State
    84  			testState.AWS.MSK = test.input
    85  			results := CheckEnableLogging.Evaluate(&testState)
    86  			var found bool
    87  			for _, result := range results {
    88  				if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableLogging.Rule().LongID() {
    89  					found = true
    90  				}
    91  			}
    92  			if test.expected {
    93  				assert.True(t, found, "Rule should have been found")
    94  			} else {
    95  				assert.False(t, found, "Rule should not have been found")
    96  			}
    97  		})
    98  	}
    99  }