github.com/wata727/tflint@v0.12.2-0.20191013070026-96dd0d36f385/rules/awsrules/api/api_test.go (about)

     1  package api
     2  
     3  import (
     4  	"errors"
     5  	"io/ioutil"
     6  	"log"
     7  	"os"
     8  	"testing"
     9  
    10  	"github.com/aws/aws-sdk-go/aws"
    11  	"github.com/aws/aws-sdk-go/service/ec2"
    12  	"github.com/aws/aws-sdk-go/service/rds"
    13  	"github.com/golang/mock/gomock"
    14  	hcl "github.com/hashicorp/hcl/v2"
    15  	"github.com/wata727/tflint/client"
    16  	"github.com/wata727/tflint/tflint"
    17  )
    18  
    19  func TestMain(m *testing.M) {
    20  	log.SetOutput(ioutil.Discard)
    21  	os.Exit(m.Run())
    22  }
    23  
    24  func Test_APIListData(t *testing.T) {
    25  	cases := []struct {
    26  		Name     string
    27  		Content  string
    28  		Response []*ec2.SecurityGroup
    29  		Expected tflint.Issues
    30  	}{
    31  		{
    32  			Name: "security group is invalid",
    33  			Content: `
    34  resource "aws_alb" "balancer" {
    35      security_groups = [
    36          "sg-1234abcd",
    37          "sg-abcd1234",
    38      ]
    39  }`,
    40  			Response: []*ec2.SecurityGroup{
    41  				{
    42  					GroupId: aws.String("sg-12345678"),
    43  				},
    44  				{
    45  					GroupId: aws.String("sg-abcdefgh"),
    46  				},
    47  			},
    48  			Expected: tflint.Issues{
    49  				{
    50  					Rule:    NewAwsALBInvalidSecurityGroupRule(),
    51  					Message: "\"sg-1234abcd\" is invalid security group.",
    52  					Range: hcl.Range{
    53  						Filename: "resource.tf",
    54  						Start:    hcl.Pos{Line: 4, Column: 9},
    55  						End:      hcl.Pos{Line: 4, Column: 22},
    56  					},
    57  				},
    58  				{
    59  					Rule:    NewAwsALBInvalidSecurityGroupRule(),
    60  					Message: "\"sg-abcd1234\" is invalid security group.",
    61  					Range: hcl.Range{
    62  						Filename: "resource.tf",
    63  						Start:    hcl.Pos{Line: 5, Column: 9},
    64  						End:      hcl.Pos{Line: 5, Column: 22},
    65  					},
    66  				},
    67  			},
    68  		},
    69  		{
    70  			Name: "security group is valid",
    71  			Content: `
    72  resource "aws_alb" "balancer" {
    73      security_groups = [
    74          "sg-1234abcd",
    75          "sg-abcd1234",
    76      ]
    77  }`,
    78  			Response: []*ec2.SecurityGroup{
    79  				{
    80  					GroupId: aws.String("sg-1234abcd"),
    81  				},
    82  				{
    83  					GroupId: aws.String("sg-abcd1234"),
    84  				},
    85  			},
    86  			Expected: tflint.Issues{},
    87  		},
    88  		{
    89  			Name: "use list variables",
    90  			Content: `
    91  variable "security_groups" {
    92      default = ["sg-1234abcd", "sg-abcd1234"]
    93  }
    94  
    95  resource "aws_alb" "balancer" {
    96      security_groups = "${var.security_groups}"
    97  }`,
    98  			Response: []*ec2.SecurityGroup{
    99  				{
   100  					GroupId: aws.String("sg-12345678"),
   101  				},
   102  				{
   103  					GroupId: aws.String("sg-abcdefgh"),
   104  				},
   105  			},
   106  			Expected: tflint.Issues{
   107  				{
   108  					Rule:    NewAwsALBInvalidSecurityGroupRule(),
   109  					Message: "\"sg-1234abcd\" is invalid security group.",
   110  					Range: hcl.Range{
   111  						Filename: "resource.tf",
   112  						Start:    hcl.Pos{Line: 7, Column: 23},
   113  						End:      hcl.Pos{Line: 7, Column: 47},
   114  					},
   115  				},
   116  				{
   117  					Rule:    NewAwsALBInvalidSecurityGroupRule(),
   118  					Message: "\"sg-abcd1234\" is invalid security group.",
   119  					Range: hcl.Range{
   120  						Filename: "resource.tf",
   121  						Start:    hcl.Pos{Line: 7, Column: 23},
   122  						End:      hcl.Pos{Line: 7, Column: 47},
   123  					},
   124  				},
   125  			},
   126  		},
   127  	}
   128  
   129  	ctrl := gomock.NewController(t)
   130  	defer ctrl.Finish()
   131  
   132  	for _, tc := range cases {
   133  		runner := tflint.TestRunner(t, map[string]string{"resource.tf": tc.Content})
   134  
   135  		mock := client.NewMockEC2API(ctrl)
   136  		mock.EXPECT().DescribeSecurityGroups(&ec2.DescribeSecurityGroupsInput{}).Return(&ec2.DescribeSecurityGroupsOutput{
   137  			SecurityGroups: tc.Response,
   138  		}, nil)
   139  		runner.AwsClient.EC2 = mock
   140  
   141  		rule := NewAwsALBInvalidSecurityGroupRule()
   142  		if err := rule.Check(runner); err != nil {
   143  			t.Fatalf("Unexpected error occurred: %s", err)
   144  		}
   145  
   146  		tflint.AssertIssues(t, tc.Expected, runner.Issues)
   147  	}
   148  }
   149  
   150  func Test_APIStringData(t *testing.T) {
   151  	cases := []struct {
   152  		Name     string
   153  		Content  string
   154  		Response []*rds.DBSubnetGroup
   155  		Expected tflint.Issues
   156  	}{
   157  		{
   158  			Name: "db_subnet_group_name is invalid",
   159  			Content: `
   160  resource "aws_db_instance" "mysql" {
   161      db_subnet_group_name = "app-server"
   162  }`,
   163  			Response: []*rds.DBSubnetGroup{
   164  				{
   165  					DBSubnetGroupName: aws.String("app-server1"),
   166  				},
   167  				{
   168  					DBSubnetGroupName: aws.String("app-server2"),
   169  				},
   170  			},
   171  			Expected: tflint.Issues{
   172  				{
   173  					Rule:    NewAwsDBInstanceInvalidDBSubnetGroupRule(),
   174  					Message: "\"app-server\" is invalid DB subnet group name.",
   175  					Range: hcl.Range{
   176  						Filename: "resource.tf",
   177  						Start:    hcl.Pos{Line: 3, Column: 28},
   178  						End:      hcl.Pos{Line: 3, Column: 40},
   179  					},
   180  				},
   181  			},
   182  		},
   183  		{
   184  			Name: "db_subnet_group_name is valid",
   185  			Content: `
   186  resource "aws_db_instance" "mysql" {
   187      db_subnet_group_name = "app-server"
   188  }`,
   189  			Response: []*rds.DBSubnetGroup{
   190  				{
   191  					DBSubnetGroupName: aws.String("app-server1"),
   192  				},
   193  				{
   194  					DBSubnetGroupName: aws.String("app-server2"),
   195  				},
   196  				{
   197  					DBSubnetGroupName: aws.String("app-server"),
   198  				},
   199  			},
   200  			Expected: tflint.Issues{},
   201  		},
   202  	}
   203  
   204  	ctrl := gomock.NewController(t)
   205  	defer ctrl.Finish()
   206  
   207  	for _, tc := range cases {
   208  		runner := tflint.TestRunner(t, map[string]string{"resource.tf": tc.Content})
   209  
   210  		mock := client.NewMockRDSAPI(ctrl)
   211  		mock.EXPECT().DescribeDBSubnetGroups(&rds.DescribeDBSubnetGroupsInput{}).Return(&rds.DescribeDBSubnetGroupsOutput{
   212  			DBSubnetGroups: tc.Response,
   213  		}, nil)
   214  		runner.AwsClient.RDS = mock
   215  
   216  		rule := NewAwsDBInstanceInvalidDBSubnetGroupRule()
   217  		if err := rule.Check(runner); err != nil {
   218  			t.Fatalf("Unexpected error occurred: %s", err)
   219  		}
   220  
   221  		tflint.AssertIssues(t, tc.Expected, runner.Issues)
   222  	}
   223  }
   224  
   225  func Test_API_error(t *testing.T) {
   226  	cases := []struct {
   227  		Name     string
   228  		Content  string
   229  		Response error
   230  		Error    tflint.Error
   231  	}{
   232  		{
   233  			Name: "API error",
   234  			Content: `
   235  resource "aws_alb" "balancer" {
   236      security_groups = [
   237          "sg-1234abcd",
   238          "sg-abcd1234",
   239      ]
   240  }`,
   241  			Response: errors.New("MissingRegion: could not find region configuration"),
   242  			Error: tflint.Error{
   243  				Code:    tflint.ExternalAPIError,
   244  				Level:   tflint.ErrorLevel,
   245  				Message: "An error occurred while invoking DescribeSecurityGroups; MissingRegion: could not find region configuration",
   246  			},
   247  		},
   248  	}
   249  
   250  	ctrl := gomock.NewController(t)
   251  	defer ctrl.Finish()
   252  
   253  	rule := NewAwsALBInvalidSecurityGroupRule()
   254  
   255  	for _, tc := range cases {
   256  		runner := tflint.TestRunner(t, map[string]string{"resource.tf": tc.Content})
   257  
   258  		mock := client.NewMockEC2API(ctrl)
   259  		mock.EXPECT().DescribeSecurityGroups(&ec2.DescribeSecurityGroupsInput{}).Return(nil, tc.Response)
   260  		runner.AwsClient.EC2 = mock
   261  
   262  		err := rule.Check(runner)
   263  		tflint.AssertAppError(t, tc.Error, err)
   264  	}
   265  }