github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/azure/keyvault/ensure_secret_expiry_test.go (about) 1 package keyvault 2 3 import ( 4 "testing" 5 "time" 6 7 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 8 9 "github.com/khulnasoft-lab/defsec/pkg/state" 10 11 "github.com/khulnasoft-lab/defsec/pkg/providers/azure/keyvault" 12 "github.com/khulnasoft-lab/defsec/pkg/scan" 13 14 "github.com/stretchr/testify/assert" 15 ) 16 17 func TestCheckEnsureSecretExpiry(t *testing.T) { 18 tests := []struct { 19 name string 20 input keyvault.KeyVault 21 expected bool 22 }{ 23 { 24 name: "Key vault secret expiration date not set", 25 input: keyvault.KeyVault{ 26 Vaults: []keyvault.Vault{ 27 { 28 Metadata: defsecTypes.NewTestMetadata(), 29 Secrets: []keyvault.Secret{ 30 { 31 Metadata: defsecTypes.NewTestMetadata(), 32 ExpiryDate: defsecTypes.Time(time.Time{}, defsecTypes.NewTestMetadata().GetMetadata()), 33 }, 34 }, 35 }, 36 }, 37 }, 38 expected: true, 39 }, 40 { 41 name: "Key vault secret expiration date specified", 42 input: keyvault.KeyVault{ 43 Vaults: []keyvault.Vault{ 44 { 45 Metadata: defsecTypes.NewTestMetadata(), 46 Secrets: []keyvault.Secret{ 47 { 48 Metadata: defsecTypes.NewTestMetadata(), 49 ExpiryDate: defsecTypes.Time(time.Now(), defsecTypes.NewTestMetadata().GetMetadata()), 50 }, 51 }, 52 }, 53 }, 54 }, 55 expected: false, 56 }, 57 } 58 for _, test := range tests { 59 t.Run(test.name, func(t *testing.T) { 60 var testState state.State 61 testState.Azure.KeyVault = test.input 62 results := CheckEnsureSecretExpiry.Evaluate(&testState) 63 var found bool 64 for _, result := range results { 65 if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnsureSecretExpiry.Rule().LongID() { 66 found = true 67 } 68 } 69 if test.expected { 70 assert.True(t, found, "Rule should have been found") 71 } else { 72 assert.False(t, found, "Rule should not have been found") 73 } 74 }) 75 } 76 }