github.com/wata727/tflint@v0.12.2-0.20191013070026-96dd0d36f385/rules/awsrules/api/api_test.go (about) 1 package api 2 3 import ( 4 "errors" 5 "io/ioutil" 6 "log" 7 "os" 8 "testing" 9 10 "github.com/aws/aws-sdk-go/aws" 11 "github.com/aws/aws-sdk-go/service/ec2" 12 "github.com/aws/aws-sdk-go/service/rds" 13 "github.com/golang/mock/gomock" 14 hcl "github.com/hashicorp/hcl/v2" 15 "github.com/wata727/tflint/client" 16 "github.com/wata727/tflint/tflint" 17 ) 18 19 func TestMain(m *testing.M) { 20 log.SetOutput(ioutil.Discard) 21 os.Exit(m.Run()) 22 } 23 24 func Test_APIListData(t *testing.T) { 25 cases := []struct { 26 Name string 27 Content string 28 Response []*ec2.SecurityGroup 29 Expected tflint.Issues 30 }{ 31 { 32 Name: "security group is invalid", 33 Content: ` 34 resource "aws_alb" "balancer" { 35 security_groups = [ 36 "sg-1234abcd", 37 "sg-abcd1234", 38 ] 39 }`, 40 Response: []*ec2.SecurityGroup{ 41 { 42 GroupId: aws.String("sg-12345678"), 43 }, 44 { 45 GroupId: aws.String("sg-abcdefgh"), 46 }, 47 }, 48 Expected: tflint.Issues{ 49 { 50 Rule: NewAwsALBInvalidSecurityGroupRule(), 51 Message: "\"sg-1234abcd\" is invalid security group.", 52 Range: hcl.Range{ 53 Filename: "resource.tf", 54 Start: hcl.Pos{Line: 4, Column: 9}, 55 End: hcl.Pos{Line: 4, Column: 22}, 56 }, 57 }, 58 { 59 Rule: NewAwsALBInvalidSecurityGroupRule(), 60 Message: "\"sg-abcd1234\" is invalid security group.", 61 Range: hcl.Range{ 62 Filename: "resource.tf", 63 Start: hcl.Pos{Line: 5, Column: 9}, 64 End: hcl.Pos{Line: 5, Column: 22}, 65 }, 66 }, 67 }, 68 }, 69 { 70 Name: "security group is valid", 71 Content: ` 72 resource "aws_alb" "balancer" { 73 security_groups = [ 74 "sg-1234abcd", 75 "sg-abcd1234", 76 ] 77 }`, 78 Response: []*ec2.SecurityGroup{ 79 { 80 GroupId: aws.String("sg-1234abcd"), 81 }, 82 { 83 GroupId: aws.String("sg-abcd1234"), 84 }, 85 }, 86 Expected: tflint.Issues{}, 87 }, 88 { 89 Name: "use list variables", 90 Content: ` 91 variable "security_groups" { 92 default = ["sg-1234abcd", "sg-abcd1234"] 93 } 94 95 resource "aws_alb" "balancer" { 96 security_groups = "${var.security_groups}" 97 }`, 98 Response: []*ec2.SecurityGroup{ 99 { 100 GroupId: aws.String("sg-12345678"), 101 }, 102 { 103 GroupId: aws.String("sg-abcdefgh"), 104 }, 105 }, 106 Expected: tflint.Issues{ 107 { 108 Rule: NewAwsALBInvalidSecurityGroupRule(), 109 Message: "\"sg-1234abcd\" is invalid security group.", 110 Range: hcl.Range{ 111 Filename: "resource.tf", 112 Start: hcl.Pos{Line: 7, Column: 23}, 113 End: hcl.Pos{Line: 7, Column: 47}, 114 }, 115 }, 116 { 117 Rule: NewAwsALBInvalidSecurityGroupRule(), 118 Message: "\"sg-abcd1234\" is invalid security group.", 119 Range: hcl.Range{ 120 Filename: "resource.tf", 121 Start: hcl.Pos{Line: 7, Column: 23}, 122 End: hcl.Pos{Line: 7, Column: 47}, 123 }, 124 }, 125 }, 126 }, 127 } 128 129 ctrl := gomock.NewController(t) 130 defer ctrl.Finish() 131 132 for _, tc := range cases { 133 runner := tflint.TestRunner(t, map[string]string{"resource.tf": tc.Content}) 134 135 mock := client.NewMockEC2API(ctrl) 136 mock.EXPECT().DescribeSecurityGroups(&ec2.DescribeSecurityGroupsInput{}).Return(&ec2.DescribeSecurityGroupsOutput{ 137 SecurityGroups: tc.Response, 138 }, nil) 139 runner.AwsClient.EC2 = mock 140 141 rule := NewAwsALBInvalidSecurityGroupRule() 142 if err := rule.Check(runner); err != nil { 143 t.Fatalf("Unexpected error occurred: %s", err) 144 } 145 146 tflint.AssertIssues(t, tc.Expected, runner.Issues) 147 } 148 } 149 150 func Test_APIStringData(t *testing.T) { 151 cases := []struct { 152 Name string 153 Content string 154 Response []*rds.DBSubnetGroup 155 Expected tflint.Issues 156 }{ 157 { 158 Name: "db_subnet_group_name is invalid", 159 Content: ` 160 resource "aws_db_instance" "mysql" { 161 db_subnet_group_name = "app-server" 162 }`, 163 Response: []*rds.DBSubnetGroup{ 164 { 165 DBSubnetGroupName: aws.String("app-server1"), 166 }, 167 { 168 DBSubnetGroupName: aws.String("app-server2"), 169 }, 170 }, 171 Expected: tflint.Issues{ 172 { 173 Rule: NewAwsDBInstanceInvalidDBSubnetGroupRule(), 174 Message: "\"app-server\" is invalid DB subnet group name.", 175 Range: hcl.Range{ 176 Filename: "resource.tf", 177 Start: hcl.Pos{Line: 3, Column: 28}, 178 End: hcl.Pos{Line: 3, Column: 40}, 179 }, 180 }, 181 }, 182 }, 183 { 184 Name: "db_subnet_group_name is valid", 185 Content: ` 186 resource "aws_db_instance" "mysql" { 187 db_subnet_group_name = "app-server" 188 }`, 189 Response: []*rds.DBSubnetGroup{ 190 { 191 DBSubnetGroupName: aws.String("app-server1"), 192 }, 193 { 194 DBSubnetGroupName: aws.String("app-server2"), 195 }, 196 { 197 DBSubnetGroupName: aws.String("app-server"), 198 }, 199 }, 200 Expected: tflint.Issues{}, 201 }, 202 } 203 204 ctrl := gomock.NewController(t) 205 defer ctrl.Finish() 206 207 for _, tc := range cases { 208 runner := tflint.TestRunner(t, map[string]string{"resource.tf": tc.Content}) 209 210 mock := client.NewMockRDSAPI(ctrl) 211 mock.EXPECT().DescribeDBSubnetGroups(&rds.DescribeDBSubnetGroupsInput{}).Return(&rds.DescribeDBSubnetGroupsOutput{ 212 DBSubnetGroups: tc.Response, 213 }, nil) 214 runner.AwsClient.RDS = mock 215 216 rule := NewAwsDBInstanceInvalidDBSubnetGroupRule() 217 if err := rule.Check(runner); err != nil { 218 t.Fatalf("Unexpected error occurred: %s", err) 219 } 220 221 tflint.AssertIssues(t, tc.Expected, runner.Issues) 222 } 223 } 224 225 func Test_API_error(t *testing.T) { 226 cases := []struct { 227 Name string 228 Content string 229 Response error 230 Error tflint.Error 231 }{ 232 { 233 Name: "API error", 234 Content: ` 235 resource "aws_alb" "balancer" { 236 security_groups = [ 237 "sg-1234abcd", 238 "sg-abcd1234", 239 ] 240 }`, 241 Response: errors.New("MissingRegion: could not find region configuration"), 242 Error: tflint.Error{ 243 Code: tflint.ExternalAPIError, 244 Level: tflint.ErrorLevel, 245 Message: "An error occurred while invoking DescribeSecurityGroups; MissingRegion: could not find region configuration", 246 }, 247 }, 248 } 249 250 ctrl := gomock.NewController(t) 251 defer ctrl.Finish() 252 253 rule := NewAwsALBInvalidSecurityGroupRule() 254 255 for _, tc := range cases { 256 runner := tflint.TestRunner(t, map[string]string{"resource.tf": tc.Content}) 257 258 mock := client.NewMockEC2API(ctrl) 259 mock.EXPECT().DescribeSecurityGroups(&ec2.DescribeSecurityGroupsInput{}).Return(nil, tc.Response) 260 runner.AwsClient.EC2 = mock 261 262 err := rule.Check(runner) 263 tflint.AssertAppError(t, tc.Error, err) 264 } 265 }