github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/google/iam/no_default_network_test.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/google/iam/no_default_network_test.go (about)

     1  package iam
     2  
     3  import (
     4  	"testing"
     5  
     6  	defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types"
     7  
     8  	"github.com/khulnasoft-lab/defsec/pkg/state"
     9  
    10  	"github.com/khulnasoft-lab/defsec/pkg/providers/google/iam"
    11  	"github.com/khulnasoft-lab/defsec/pkg/scan"
    12  
    13  	"github.com/stretchr/testify/assert"
    14  )
    15  
    16  func TestCheckNoDefaultNetwork(t *testing.T) {
    17  	tests := []struct {
    18  		name     string
    19  		input    iam.IAM
    20  		expected bool
    21  	}{
    22  		{
    23  			name: "Project automatic network creation enabled",
    24  			input: iam.IAM{
    25  				Organizations: []iam.Organization{
    26  					{
    27  						Metadata: defsecTypes.NewTestMetadata(),
    28  						Projects: []iam.Project{
    29  							{
    30  								Metadata:          defsecTypes.NewTestMetadata(),
    31  								AutoCreateNetwork: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()),
    32  							},
    33  						},
    34  					},
    35  				},
    36  			},
    37  			expected: true,
    38  		},
    39  		{
    40  			name: "Project automatic network creation enabled #2",
    41  			input: iam.IAM{
    42  				Organizations: []iam.Organization{
    43  					{
    44  						Metadata: defsecTypes.NewTestMetadata(),
    45  
    46  						Folders: []iam.Folder{
    47  							{
    48  								Metadata: defsecTypes.NewTestMetadata(),
    49  								Projects: []iam.Project{
    50  									{
    51  										Metadata:          defsecTypes.NewTestMetadata(),
    52  										AutoCreateNetwork: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()),
    53  									},
    54  								},
    55  								Folders: []iam.Folder{
    56  									{
    57  										Metadata: defsecTypes.NewTestMetadata(),
    58  										Projects: []iam.Project{
    59  											{
    60  												Metadata:          defsecTypes.NewTestMetadata(),
    61  												AutoCreateNetwork: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()),
    62  											},
    63  										},
    64  									},
    65  								},
    66  							},
    67  						},
    68  					},
    69  				},
    70  			},
    71  			expected: true,
    72  		},
    73  		{
    74  			name: "Project automatic network creation disabled",
    75  			input: iam.IAM{
    76  				Organizations: []iam.Organization{
    77  					{
    78  						Metadata: defsecTypes.NewTestMetadata(),
    79  						Projects: []iam.Project{
    80  							{
    81  								Metadata:          defsecTypes.NewTestMetadata(),
    82  								AutoCreateNetwork: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()),
    83  							},
    84  						},
    85  					},
    86  				},
    87  			},
    88  			expected: false,
    89  		},
    90  	}
    91  	for _, test := range tests {
    92  		t.Run(test.name, func(t *testing.T) {
    93  			var testState state.State
    94  			testState.Google.IAM = test.input
    95  			results := CheckNoDefaultNetwork.Evaluate(&testState)
    96  			var found bool
    97  			for _, result := range results {
    98  				if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoDefaultNetwork.Rule().LongID() {
    99  					found = true
   100  				}
   101  			}
   102  			if test.expected {
   103  				assert.True(t, found, "Rule should have been found")
   104  			} else {
   105  				assert.False(t, found, "Rule should not have been found")
   106  			}
   107  		})
   108  	}
   109  }