driftctl/pkg/remote/ec2_scanner_test.go

1102 lines
36 KiB
Go
Raw Normal View History

2021-07-01 09:53:26 +00:00
package remote
import (
"testing"
awssdk "github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/ec2"
"github.com/cloudskiff/driftctl/mocks"
"github.com/cloudskiff/driftctl/pkg/remote/aws"
"github.com/cloudskiff/driftctl/pkg/remote/aws/repository"
"github.com/cloudskiff/driftctl/pkg/remote/cache"
"github.com/cloudskiff/driftctl/pkg/remote/common"
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
"github.com/cloudskiff/driftctl/pkg/resource"
resourceaws "github.com/cloudskiff/driftctl/pkg/resource/aws"
"github.com/cloudskiff/driftctl/pkg/terraform"
"github.com/cloudskiff/driftctl/test"
"github.com/cloudskiff/driftctl/test/goldenfile"
testresource "github.com/cloudskiff/driftctl/test/resource"
terraform2 "github.com/cloudskiff/driftctl/test/terraform"
"github.com/stretchr/testify/assert"
)
func TestEC2EbsVolume(t *testing.T) {
tests := []struct {
test string
dirName string
mocks func(repository *repository.MockEC2Repository)
wantErr error
}{
{
test: "no volumes",
dirName: "aws_ec2_ebs_volume_empty",
mocks: func(repository *repository.MockEC2Repository) {
repository.On("ListAllVolumes").Return([]*ec2.Volume{}, nil)
},
},
{
test: "multiple volumes",
dirName: "aws_ec2_ebs_volume_multiple",
mocks: func(repository *repository.MockEC2Repository) {
repository.On("ListAllVolumes").Return([]*ec2.Volume{
{VolumeId: awssdk.String("vol-081c7272a57a09db1")},
{VolumeId: awssdk.String("vol-01ddc91d3d9d1318b")},
}, nil)
},
},
{
test: "cannot list volumes",
dirName: "aws_ec2_ebs_volume_list",
mocks: func(repository *repository.MockEC2Repository) {
repository.On("ListAllVolumes").Return(nil, awserr.NewRequestFailure(nil, 403, ""))
},
wantErr: remoteerror.NewResourceEnumerationError(awserr.NewRequestFailure(nil, 403, ""), resourceaws.AwsEbsVolumeResourceType),
},
}
schemaRepository := testresource.InitFakeSchemaRepository("aws", "3.19.0")
resourceaws.InitResourcesMetadata(schemaRepository)
factory := terraform.NewTerraformResourceFactory(schemaRepository)
deserializer := resource.NewDeserializer(factory)
alerter := &mocks.AlerterInterface{}
for _, c := range tests {
t.Run(c.test, func(tt *testing.T) {
shouldUpdate := c.dirName == *goldenfile.Update
sess := session.Must(session.NewSessionWithOptions(session.Options{
SharedConfigState: session.SharedConfigEnable,
}))
scanOptions := ScannerOptions{Deep: true}
providerLibrary := terraform.NewProviderLibrary()
remoteLibrary := common.NewRemoteLibrary()
// Initialize mocks
fakeRepo := &repository.MockEC2Repository{}
c.mocks(fakeRepo)
var repo repository.EC2Repository = fakeRepo
providerVersion := "3.19.0"
realProvider, err := terraform2.InitTestAwsProvider(providerLibrary, providerVersion)
if err != nil {
t.Fatal(err)
}
provider := terraform2.NewFakeTerraformProvider(realProvider)
provider.WithResponse(c.dirName)
// Replace mock by real resources if we are in update mode
if shouldUpdate {
err := realProvider.Init()
if err != nil {
t.Fatal(err)
}
provider.ShouldUpdate()
repo = repository.NewEC2Repository(sess, cache.New(0))
}
2021-07-05 08:30:42 +00:00
remoteLibrary.AddEnumerator(aws.NewEC2EbsVolumeEnumerator(repo, factory))
2021-07-01 15:11:25 +00:00
remoteLibrary.AddDetailsFetcher(resourceaws.AwsEbsVolumeResourceType, common.NewGenericDetailsFetcher(resourceaws.AwsEbsVolumeResourceType, provider, deserializer))
2021-07-01 09:53:26 +00:00
s := NewScanner(nil, remoteLibrary, alerter, scanOptions)
got, err := s.Resources()
assert.Equal(tt, err, c.wantErr)
if err != nil {
return
}
test.TestAgainstGoldenFile(got, resourceaws.AwsEbsVolumeResourceType, c.dirName, provider, deserializer, shouldUpdate, tt)
})
}
}
2021-07-01 10:09:09 +00:00
func TestEC2EbsSnapshot(t *testing.T) {
tests := []struct {
test string
dirName string
mocks func(repository *repository.MockEC2Repository)
wantErr error
}{
{
test: "no snapshots",
dirName: "aws_ec2_ebs_snapshot_empty",
mocks: func(repository *repository.MockEC2Repository) {
repository.On("ListAllSnapshots").Return([]*ec2.Snapshot{}, nil)
},
},
{
test: "multiple snapshots",
dirName: "aws_ec2_ebs_snapshot_multiple",
mocks: func(repository *repository.MockEC2Repository) {
repository.On("ListAllSnapshots").Return([]*ec2.Snapshot{
{SnapshotId: awssdk.String("snap-0c509a2a880d95a39")},
{SnapshotId: awssdk.String("snap-00672558cecd93a61")},
}, nil)
},
},
{
test: "cannot list snapshots",
dirName: "aws_ec2_ebs_snapshot_list",
mocks: func(repository *repository.MockEC2Repository) {
repository.On("ListAllSnapshots").Return(nil, awserr.NewRequestFailure(nil, 403, ""))
},
wantErr: remoteerror.NewResourceEnumerationError(awserr.NewRequestFailure(nil, 403, ""), resourceaws.AwsEbsSnapshotResourceType),
},
}
schemaRepository := testresource.InitFakeSchemaRepository("aws", "3.19.0")
resourceaws.InitResourcesMetadata(schemaRepository)
factory := terraform.NewTerraformResourceFactory(schemaRepository)
deserializer := resource.NewDeserializer(factory)
alerter := &mocks.AlerterInterface{}
for _, c := range tests {
t.Run(c.test, func(tt *testing.T) {
shouldUpdate := c.dirName == *goldenfile.Update
sess := session.Must(session.NewSessionWithOptions(session.Options{
SharedConfigState: session.SharedConfigEnable,
}))
scanOptions := ScannerOptions{Deep: true}
providerLibrary := terraform.NewProviderLibrary()
remoteLibrary := common.NewRemoteLibrary()
// Initialize mocks
fakeRepo := &repository.MockEC2Repository{}
c.mocks(fakeRepo)
var repo repository.EC2Repository = fakeRepo
providerVersion := "3.19.0"
realProvider, err := terraform2.InitTestAwsProvider(providerLibrary, providerVersion)
if err != nil {
t.Fatal(err)
}
provider := terraform2.NewFakeTerraformProvider(realProvider)
provider.WithResponse(c.dirName)
// Replace mock by real resources if we are in update mode
if shouldUpdate {
err := realProvider.Init()
if err != nil {
t.Fatal(err)
}
provider.ShouldUpdate()
repo = repository.NewEC2Repository(sess, cache.New(0))
}
2021-07-05 08:30:42 +00:00
remoteLibrary.AddEnumerator(aws.NewEC2EbsSnapshotEnumerator(repo, factory))
2021-07-01 15:11:25 +00:00
remoteLibrary.AddDetailsFetcher(resourceaws.AwsEbsSnapshotResourceType, common.NewGenericDetailsFetcher(resourceaws.AwsEbsSnapshotResourceType, provider, deserializer))
2021-07-01 10:09:09 +00:00
s := NewScanner(nil, remoteLibrary, alerter, scanOptions)
got, err := s.Resources()
assert.Equal(tt, err, c.wantErr)
if err != nil {
return
}
test.TestAgainstGoldenFile(got, resourceaws.AwsEbsSnapshotResourceType, c.dirName, provider, deserializer, shouldUpdate, tt)
})
}
}
2021-07-01 10:19:34 +00:00
func TestEC2Eip(t *testing.T) {
tests := []struct {
test string
dirName string
mocks func(repository *repository.MockEC2Repository)
wantErr error
}{
{
test: "no eips",
dirName: "aws_ec2_eip_empty",
mocks: func(repository *repository.MockEC2Repository) {
repository.On("ListAllAddresses").Return([]*ec2.Address{}, nil)
},
},
{
test: "multiple eips",
dirName: "aws_ec2_eip_multiple",
mocks: func(repository *repository.MockEC2Repository) {
repository.On("ListAllAddresses").Return([]*ec2.Address{
{AllocationId: awssdk.String("eipalloc-017d5267e4dda73f1")},
{AllocationId: awssdk.String("eipalloc-0cf714dc097c992cc")},
}, nil)
},
},
{
test: "cannot list eips",
dirName: "aws_ec2_eip_list",
mocks: func(repository *repository.MockEC2Repository) {
repository.On("ListAllAddresses").Return(nil, awserr.NewRequestFailure(nil, 403, ""))
},
wantErr: remoteerror.NewResourceEnumerationError(awserr.NewRequestFailure(nil, 403, ""), resourceaws.AwsEipResourceType),
},
}
schemaRepository := testresource.InitFakeSchemaRepository("aws", "3.19.0")
resourceaws.InitResourcesMetadata(schemaRepository)
factory := terraform.NewTerraformResourceFactory(schemaRepository)
deserializer := resource.NewDeserializer(factory)
alerter := &mocks.AlerterInterface{}
for _, c := range tests {
t.Run(c.test, func(tt *testing.T) {
shouldUpdate := c.dirName == *goldenfile.Update
sess := session.Must(session.NewSessionWithOptions(session.Options{
SharedConfigState: session.SharedConfigEnable,
}))
scanOptions := ScannerOptions{Deep: true}
providerLibrary := terraform.NewProviderLibrary()
remoteLibrary := common.NewRemoteLibrary()
// Initialize mocks
fakeRepo := &repository.MockEC2Repository{}
c.mocks(fakeRepo)
var repo repository.EC2Repository = fakeRepo
providerVersion := "3.19.0"
realProvider, err := terraform2.InitTestAwsProvider(providerLibrary, providerVersion)
if err != nil {
t.Fatal(err)
}
provider := terraform2.NewFakeTerraformProvider(realProvider)
provider.WithResponse(c.dirName)
// Replace mock by real resources if we are in update mode
if shouldUpdate {
err := realProvider.Init()
if err != nil {
t.Fatal(err)
}
provider.ShouldUpdate()
repo = repository.NewEC2Repository(sess, cache.New(0))
}
2021-07-05 08:30:42 +00:00
remoteLibrary.AddEnumerator(aws.NewEC2EipEnumerator(repo, factory))
2021-07-01 15:11:25 +00:00
remoteLibrary.AddDetailsFetcher(resourceaws.AwsEipResourceType, common.NewGenericDetailsFetcher(resourceaws.AwsEipResourceType, provider, deserializer))
2021-07-01 10:19:34 +00:00
s := NewScanner(nil, remoteLibrary, alerter, scanOptions)
got, err := s.Resources()
assert.Equal(tt, err, c.wantErr)
if err != nil {
return
}
test.TestAgainstGoldenFile(got, resourceaws.AwsEipResourceType, c.dirName, provider, deserializer, shouldUpdate, tt)
})
}
}
2021-07-01 08:52:30 +00:00
func TestEC2Ami(t *testing.T) {
tests := []struct {
test string
dirName string
mocks func(repository *repository.MockEC2Repository)
wantErr error
}{
{
test: "no amis",
dirName: "aws_ec2_ami_empty",
mocks: func(repository *repository.MockEC2Repository) {
repository.On("ListAllImages").Return([]*ec2.Image{}, nil)
},
},
{
test: "multiple amis",
dirName: "aws_ec2_ami_multiple",
mocks: func(repository *repository.MockEC2Repository) {
repository.On("ListAllImages").Return([]*ec2.Image{
{ImageId: awssdk.String("ami-03a578b46f4c3081b")},
{ImageId: awssdk.String("ami-025962fd8b456731f")},
}, nil)
},
},
{
test: "cannot list ami",
dirName: "aws_ec2_ami_list",
mocks: func(repository *repository.MockEC2Repository) {
repository.On("ListAllImages").Return(nil, awserr.NewRequestFailure(nil, 403, ""))
},
wantErr: remoteerror.NewResourceEnumerationError(awserr.NewRequestFailure(nil, 403, ""), resourceaws.AwsAmiResourceType),
},
}
schemaRepository := testresource.InitFakeSchemaRepository("aws", "3.19.0")
resourceaws.InitResourcesMetadata(schemaRepository)
factory := terraform.NewTerraformResourceFactory(schemaRepository)
deserializer := resource.NewDeserializer(factory)
alerter := &mocks.AlerterInterface{}
for _, c := range tests {
t.Run(c.test, func(tt *testing.T) {
shouldUpdate := c.dirName == *goldenfile.Update
sess := session.Must(session.NewSessionWithOptions(session.Options{
SharedConfigState: session.SharedConfigEnable,
}))
scanOptions := ScannerOptions{Deep: true}
providerLibrary := terraform.NewProviderLibrary()
remoteLibrary := common.NewRemoteLibrary()
// Initialize mocks
fakeRepo := &repository.MockEC2Repository{}
c.mocks(fakeRepo)
var repo repository.EC2Repository = fakeRepo
providerVersion := "3.19.0"
realProvider, err := terraform2.InitTestAwsProvider(providerLibrary, providerVersion)
if err != nil {
t.Fatal(err)
}
provider := terraform2.NewFakeTerraformProvider(realProvider)
provider.WithResponse(c.dirName)
// Replace mock by real resources if we are in update mode
if shouldUpdate {
err := realProvider.Init()
if err != nil {
t.Fatal(err)
}
provider.ShouldUpdate()
repo = repository.NewEC2Repository(sess, cache.New(0))
}
2021-07-05 08:30:42 +00:00
remoteLibrary.AddEnumerator(aws.NewEC2AmiEnumerator(repo, factory))
2021-07-01 08:52:30 +00:00
remoteLibrary.AddDetailsFetcher(resourceaws.AwsAmiResourceType, common.NewGenericDetailsFetcher(resourceaws.AwsAmiResourceType, provider, deserializer))
s := NewScanner(nil, remoteLibrary, alerter, scanOptions)
got, err := s.Resources()
assert.Equal(tt, err, c.wantErr)
if err != nil {
return
}
test.TestAgainstGoldenFile(got, resourceaws.AwsAmiResourceType, c.dirName, provider, deserializer, shouldUpdate, tt)
})
}
}
2021-07-01 09:37:10 +00:00
func TestEC2KeyPair(t *testing.T) {
tests := []struct {
test string
dirName string
mocks func(repository *repository.MockEC2Repository)
wantErr error
}{
{
test: "no key pairs",
dirName: "aws_ec2_key_pair_empty",
mocks: func(repository *repository.MockEC2Repository) {
repository.On("ListAllKeyPairs").Return([]*ec2.KeyPairInfo{}, nil)
},
},
{
test: "multiple key pairs",
dirName: "aws_ec2_key_pair_multiple",
mocks: func(repository *repository.MockEC2Repository) {
repository.On("ListAllKeyPairs").Return([]*ec2.KeyPairInfo{
{KeyName: awssdk.String("test")},
{KeyName: awssdk.String("bar")},
}, nil)
},
},
{
test: "cannot list key pairs",
dirName: "aws_ec2_key_pair_list",
mocks: func(repository *repository.MockEC2Repository) {
repository.On("ListAllKeyPairs").Return(nil, awserr.NewRequestFailure(nil, 403, ""))
},
wantErr: remoteerror.NewResourceEnumerationError(awserr.NewRequestFailure(nil, 403, ""), resourceaws.AwsKeyPairResourceType),
},
}
schemaRepository := testresource.InitFakeSchemaRepository("aws", "3.19.0")
resourceaws.InitResourcesMetadata(schemaRepository)
factory := terraform.NewTerraformResourceFactory(schemaRepository)
deserializer := resource.NewDeserializer(factory)
alerter := &mocks.AlerterInterface{}
for _, c := range tests {
t.Run(c.test, func(tt *testing.T) {
shouldUpdate := c.dirName == *goldenfile.Update
sess := session.Must(session.NewSessionWithOptions(session.Options{
SharedConfigState: session.SharedConfigEnable,
}))
scanOptions := ScannerOptions{Deep: true}
providerLibrary := terraform.NewProviderLibrary()
remoteLibrary := common.NewRemoteLibrary()
// Initialize mocks
fakeRepo := &repository.MockEC2Repository{}
c.mocks(fakeRepo)
var repo repository.EC2Repository = fakeRepo
providerVersion := "3.19.0"
realProvider, err := terraform2.InitTestAwsProvider(providerLibrary, providerVersion)
if err != nil {
t.Fatal(err)
}
provider := terraform2.NewFakeTerraformProvider(realProvider)
provider.WithResponse(c.dirName)
// Replace mock by real resources if we are in update mode
if shouldUpdate {
err := realProvider.Init()
if err != nil {
t.Fatal(err)
}
provider.ShouldUpdate()
repo = repository.NewEC2Repository(sess, cache.New(0))
}
2021-07-05 08:30:42 +00:00
remoteLibrary.AddEnumerator(aws.NewEC2KeyPairEnumerator(repo, factory))
2021-07-01 09:37:10 +00:00
remoteLibrary.AddDetailsFetcher(resourceaws.AwsKeyPairResourceType, common.NewGenericDetailsFetcher(resourceaws.AwsKeyPairResourceType, provider, deserializer))
s := NewScanner(nil, remoteLibrary, alerter, scanOptions)
got, err := s.Resources()
assert.Equal(tt, err, c.wantErr)
if err != nil {
return
}
test.TestAgainstGoldenFile(got, resourceaws.AwsKeyPairResourceType, c.dirName, provider, deserializer, shouldUpdate, tt)
})
}
}
2021-07-01 11:34:14 +00:00
func TestEC2EipAssociation(t *testing.T) {
tests := []struct {
test string
dirName string
mocks func(repository *repository.MockEC2Repository)
wantErr error
}{
{
test: "no eip associations",
dirName: "aws_ec2_eip_association_empty",
mocks: func(repository *repository.MockEC2Repository) {
repository.On("ListAllAddressesAssociation").Return([]string{}, nil)
},
},
{
test: "single eip association",
dirName: "aws_ec2_eip_association_single",
mocks: func(repository *repository.MockEC2Repository) {
repository.On("ListAllAddressesAssociation").Return([]string{
"eipassoc-0e9a7356e30f0c3d1",
}, nil)
},
},
{
test: "cannot list eip associations",
dirName: "aws_ec2_eip_association_list",
mocks: func(repository *repository.MockEC2Repository) {
repository.On("ListAllAddressesAssociation").Return(nil, awserr.NewRequestFailure(nil, 403, ""))
},
wantErr: remoteerror.NewResourceEnumerationError(awserr.NewRequestFailure(nil, 403, ""), resourceaws.AwsEipAssociationResourceType),
},
}
schemaRepository := testresource.InitFakeSchemaRepository("aws", "3.19.0")
resourceaws.InitResourcesMetadata(schemaRepository)
factory := terraform.NewTerraformResourceFactory(schemaRepository)
deserializer := resource.NewDeserializer(factory)
alerter := &mocks.AlerterInterface{}
for _, c := range tests {
t.Run(c.test, func(tt *testing.T) {
shouldUpdate := c.dirName == *goldenfile.Update
sess := session.Must(session.NewSessionWithOptions(session.Options{
SharedConfigState: session.SharedConfigEnable,
}))
scanOptions := ScannerOptions{Deep: true}
providerLibrary := terraform.NewProviderLibrary()
remoteLibrary := common.NewRemoteLibrary()
// Initialize mocks
fakeRepo := &repository.MockEC2Repository{}
c.mocks(fakeRepo)
var repo repository.EC2Repository = fakeRepo
providerVersion := "3.19.0"
realProvider, err := terraform2.InitTestAwsProvider(providerLibrary, providerVersion)
if err != nil {
t.Fatal(err)
}
provider := terraform2.NewFakeTerraformProvider(realProvider)
provider.WithResponse(c.dirName)
// Replace mock by real resources if we are in update mode
if shouldUpdate {
err := realProvider.Init()
if err != nil {
t.Fatal(err)
}
provider.ShouldUpdate()
repo = repository.NewEC2Repository(sess, cache.New(0))
}
2021-07-05 08:30:42 +00:00
remoteLibrary.AddEnumerator(aws.NewEC2EipAssociationEnumerator(repo, factory))
2021-07-01 11:34:14 +00:00
remoteLibrary.AddDetailsFetcher(resourceaws.AwsEipAssociationResourceType, common.NewGenericDetailsFetcher(resourceaws.AwsEipAssociationResourceType, provider, deserializer))
s := NewScanner(nil, remoteLibrary, alerter, scanOptions)
got, err := s.Resources()
assert.Equal(tt, err, c.wantErr)
if err != nil {
return
}
test.TestAgainstGoldenFile(got, resourceaws.AwsEipAssociationResourceType, c.dirName, provider, deserializer, shouldUpdate, tt)
})
}
}
2021-07-01 12:11:18 +00:00
func TestEC2Instance(t *testing.T) {
tests := []struct {
test string
dirName string
mocks func(repository *repository.MockEC2Repository)
wantErr error
}{
{
test: "no instances",
dirName: "aws_ec2_instance_empty",
mocks: func(repository *repository.MockEC2Repository) {
repository.On("ListAllInstances").Return([]*ec2.Instance{}, nil)
},
},
{
test: "multiple instances",
dirName: "aws_ec2_instance_multiple",
mocks: func(repository *repository.MockEC2Repository) {
repository.On("ListAllInstances").Return([]*ec2.Instance{
{InstanceId: awssdk.String("i-0d3650a23f4e45dc0")},
{InstanceId: awssdk.String("i-010376047a71419f1")},
}, nil)
},
},
{
test: "terminated instances",
dirName: "aws_ec2_instance_terminated",
mocks: func(repository *repository.MockEC2Repository) {
repository.On("ListAllInstances").Return([]*ec2.Instance{
{InstanceId: awssdk.String("i-0e1543baf4f2cd990")},
{InstanceId: awssdk.String("i-0a3a7ed51ae2b4fa0")}, // Nil
}, nil)
},
},
{
test: "cannot list instances",
dirName: "aws_ec2_instance_list",
mocks: func(repository *repository.MockEC2Repository) {
repository.On("ListAllInstances").Return(nil, awserr.NewRequestFailure(nil, 403, ""))
},
wantErr: remoteerror.NewResourceEnumerationError(awserr.NewRequestFailure(nil, 403, ""), resourceaws.AwsInstanceResourceType),
},
}
schemaRepository := testresource.InitFakeSchemaRepository("aws", "3.19.0")
resourceaws.InitResourcesMetadata(schemaRepository)
factory := terraform.NewTerraformResourceFactory(schemaRepository)
deserializer := resource.NewDeserializer(factory)
alerter := &mocks.AlerterInterface{}
for _, c := range tests {
t.Run(c.test, func(tt *testing.T) {
shouldUpdate := c.dirName == *goldenfile.Update
sess := session.Must(session.NewSessionWithOptions(session.Options{
SharedConfigState: session.SharedConfigEnable,
}))
scanOptions := ScannerOptions{Deep: true}
providerLibrary := terraform.NewProviderLibrary()
remoteLibrary := common.NewRemoteLibrary()
// Initialize mocks
fakeRepo := &repository.MockEC2Repository{}
c.mocks(fakeRepo)
var repo repository.EC2Repository = fakeRepo
providerVersion := "3.19.0"
realProvider, err := terraform2.InitTestAwsProvider(providerLibrary, providerVersion)
if err != nil {
t.Fatal(err)
}
provider := terraform2.NewFakeTerraformProvider(realProvider)
provider.WithResponse(c.dirName)
// Replace mock by real resources if we are in update mode
if shouldUpdate {
err := realProvider.Init()
if err != nil {
t.Fatal(err)
}
provider.ShouldUpdate()
repo = repository.NewEC2Repository(sess, cache.New(0))
}
2021-07-05 08:30:42 +00:00
remoteLibrary.AddEnumerator(aws.NewEC2InstanceEnumerator(repo, factory))
2021-07-01 12:11:18 +00:00
remoteLibrary.AddDetailsFetcher(resourceaws.AwsInstanceResourceType, aws.NewEC2InstanceDetailsFetcher(provider, deserializer))
s := NewScanner(nil, remoteLibrary, alerter, scanOptions)
got, err := s.Resources()
assert.Equal(tt, err, c.wantErr)
if err != nil {
return
}
test.TestAgainstGoldenFile(got, resourceaws.AwsInstanceResourceType, c.dirName, provider, deserializer, shouldUpdate, tt)
})
}
}
2021-07-01 14:01:46 +00:00
func TestEC2InternetGateway(t *testing.T) {
tests := []struct {
test string
dirName string
mocks func(repository *repository.MockEC2Repository)
wantErr error
}{
{
test: "no internet gateways",
dirName: "aws_ec2_internet_gateway_empty",
mocks: func(repository *repository.MockEC2Repository) {
repository.On("ListAllInternetGateways").Return([]*ec2.InternetGateway{}, nil)
},
},
{
test: "multiple internet gateways",
dirName: "aws_ec2_internet_gateway_multiple",
mocks: func(repository *repository.MockEC2Repository) {
repository.On("ListAllInternetGateways").Return([]*ec2.InternetGateway{
{InternetGatewayId: awssdk.String("igw-0184eb41aadc62d1c")},
{InternetGatewayId: awssdk.String("igw-047b487f5c60fca99")},
}, nil)
},
},
{
test: "cannot list internet gateways",
dirName: "aws_ec2_internet_gateway_list",
mocks: func(repository *repository.MockEC2Repository) {
repository.On("ListAllInternetGateways").Return(nil, awserr.NewRequestFailure(nil, 403, ""))
},
wantErr: remoteerror.NewResourceEnumerationError(awserr.NewRequestFailure(nil, 403, ""), resourceaws.AwsInternetGatewayResourceType),
},
}
schemaRepository := testresource.InitFakeSchemaRepository("aws", "3.19.0")
resourceaws.InitResourcesMetadata(schemaRepository)
factory := terraform.NewTerraformResourceFactory(schemaRepository)
deserializer := resource.NewDeserializer(factory)
alerter := &mocks.AlerterInterface{}
for _, c := range tests {
t.Run(c.test, func(tt *testing.T) {
shouldUpdate := c.dirName == *goldenfile.Update
sess := session.Must(session.NewSessionWithOptions(session.Options{
SharedConfigState: session.SharedConfigEnable,
}))
scanOptions := ScannerOptions{Deep: true}
providerLibrary := terraform.NewProviderLibrary()
remoteLibrary := common.NewRemoteLibrary()
// Initialize mocks
fakeRepo := &repository.MockEC2Repository{}
c.mocks(fakeRepo)
var repo repository.EC2Repository = fakeRepo
providerVersion := "3.19.0"
realProvider, err := terraform2.InitTestAwsProvider(providerLibrary, providerVersion)
if err != nil {
t.Fatal(err)
}
provider := terraform2.NewFakeTerraformProvider(realProvider)
provider.WithResponse(c.dirName)
// Replace mock by real resources if we are in update mode
if shouldUpdate {
err := realProvider.Init()
if err != nil {
t.Fatal(err)
}
provider.ShouldUpdate()
repo = repository.NewEC2Repository(sess, cache.New(0))
}
remoteLibrary.AddEnumerator(aws.NewEC2InternetGatewayEnumerator(repo, factory))
remoteLibrary.AddDetailsFetcher(resourceaws.AwsInternetGatewayResourceType, common.NewGenericDetailsFetcher(resourceaws.AwsInternetGatewayResourceType, provider, deserializer))
s := NewScanner(nil, remoteLibrary, alerter, scanOptions)
got, err := s.Resources()
assert.Equal(tt, err, c.wantErr)
if err != nil {
return
}
test.TestAgainstGoldenFile(got, resourceaws.AwsInternetGatewayResourceType, c.dirName, provider, deserializer, shouldUpdate, tt)
})
}
}
func TestVPC(t *testing.T) {
tests := []struct {
test string
dirName string
mocks func(repository *repository.MockEC2Repository)
wantErr error
}{
{
test: "no VPC",
dirName: "vpc_empty",
mocks: func(client *repository.MockEC2Repository) {
client.On("ListAllVPCs").Once().Return([]*ec2.Vpc{}, []*ec2.Vpc{}, nil)
},
wantErr: nil,
},
{
test: "VPC results",
dirName: "vpc",
mocks: func(client *repository.MockEC2Repository) {
client.On("ListAllVPCs").Once().Return([]*ec2.Vpc{
{
VpcId: awssdk.String("vpc-0768e1fd0029e3fc3"),
},
{
VpcId: awssdk.String("vpc-020b072316a95b97f"),
IsDefault: awssdk.Bool(false),
},
{
VpcId: awssdk.String("vpc-02c50896b59598761"),
IsDefault: awssdk.Bool(false),
},
}, []*ec2.Vpc{
{
VpcId: awssdk.String("vpc-a8c5d4c1"),
IsDefault: awssdk.Bool(false),
},
}, nil)
},
wantErr: nil,
},
{
test: "cannot list VPC",
dirName: "vpc_empty",
mocks: func(client *repository.MockEC2Repository) {
client.On("ListAllVPCs").Once().Return(nil, nil, awserr.NewRequestFailure(nil, 403, ""))
},
wantErr: remoteerror.NewResourceEnumerationError(awserr.NewRequestFailure(nil, 403, ""), resourceaws.AwsVpcResourceType),
},
}
schemaRepository := testresource.InitFakeSchemaRepository("aws", "3.19.0")
resourceaws.InitResourcesMetadata(schemaRepository)
factory := terraform.NewTerraformResourceFactory(schemaRepository)
deserializer := resource.NewDeserializer(factory)
alerter := &mocks.AlerterInterface{}
for _, c := range tests {
t.Run(c.test, func(tt *testing.T) {
shouldUpdate := c.dirName == *goldenfile.Update
session := session.Must(session.NewSessionWithOptions(session.Options{
SharedConfigState: session.SharedConfigEnable,
}))
scanOptions := ScannerOptions{Deep: true}
providerLibrary := terraform.NewProviderLibrary()
remoteLibrary := common.NewRemoteLibrary()
// Initialize mocks
fakeRepo := &repository.MockEC2Repository{}
c.mocks(fakeRepo)
var repo repository.EC2Repository = fakeRepo
providerVersion := "3.19.0"
realProvider, err := terraform2.InitTestAwsProvider(providerLibrary, providerVersion)
if err != nil {
t.Fatal(err)
}
provider := terraform2.NewFakeTerraformProvider(realProvider)
provider.WithResponse(c.dirName)
// Replace mock by real resources if we are in update mode
if shouldUpdate {
err := realProvider.Init()
if err != nil {
t.Fatal(err)
}
provider.ShouldUpdate()
repo = repository.NewEC2Repository(session, cache.New(0))
}
remoteLibrary.AddEnumerator(aws.NewVPCEnumerator(repo, factory))
remoteLibrary.AddDetailsFetcher(resourceaws.AwsVpcResourceType, common.NewGenericDetailsFetcher(resourceaws.AwsVpcResourceType, provider, deserializer))
s := NewScanner(nil, remoteLibrary, alerter, scanOptions)
got, err := s.Resources()
assert.Equal(tt, err, c.wantErr)
if err != nil {
return
}
test.TestAgainstGoldenFile(got, resourceaws.AwsVpcResourceType, c.dirName, provider, deserializer, shouldUpdate, tt)
})
}
}
func TestDefaultVPC(t *testing.T) {
tests := []struct {
test string
dirName string
mocks func(repository *repository.MockEC2Repository)
wantErr error
}{
{
test: "no VPC",
dirName: "vpc_empty",
mocks: func(client *repository.MockEC2Repository) {
client.On("ListAllVPCs").Once().Return([]*ec2.Vpc{}, []*ec2.Vpc{}, nil)
},
wantErr: nil,
},
{
test: "default VPC results",
dirName: "default_vpc",
mocks: func(client *repository.MockEC2Repository) {
client.On("ListAllVPCs").Once().Return([]*ec2.Vpc{
{
VpcId: awssdk.String("vpc-0768e1fd0029e3fc3"),
IsDefault: awssdk.Bool(false),
},
{
VpcId: awssdk.String("vpc-020b072316a95b97f"),
IsDefault: awssdk.Bool(false),
},
}, []*ec2.Vpc{
{
VpcId: awssdk.String("vpc-a8c5d4c1"),
IsDefault: awssdk.Bool(true),
},
}, nil)
},
wantErr: nil,
},
{
test: "cannot list VPC",
dirName: "vpc_empty",
mocks: func(client *repository.MockEC2Repository) {
client.On("ListAllVPCs").Once().Return(nil, nil, awserr.NewRequestFailure(nil, 403, ""))
},
wantErr: remoteerror.NewResourceEnumerationError(awserr.NewRequestFailure(nil, 403, ""), resourceaws.AwsDefaultVpcResourceType),
},
}
schemaRepository := testresource.InitFakeSchemaRepository("aws", "3.19.0")
resourceaws.InitResourcesMetadata(schemaRepository)
factory := terraform.NewTerraformResourceFactory(schemaRepository)
deserializer := resource.NewDeserializer(factory)
alerter := &mocks.AlerterInterface{}
for _, c := range tests {
t.Run(c.test, func(tt *testing.T) {
shouldUpdate := c.dirName == *goldenfile.Update
session := session.Must(session.NewSessionWithOptions(session.Options{
SharedConfigState: session.SharedConfigEnable,
}))
scanOptions := ScannerOptions{Deep: true}
providerLibrary := terraform.NewProviderLibrary()
remoteLibrary := common.NewRemoteLibrary()
// Initialize mocks
fakeRepo := &repository.MockEC2Repository{}
c.mocks(fakeRepo)
var repo repository.EC2Repository = fakeRepo
providerVersion := "3.19.0"
realProvider, err := terraform2.InitTestAwsProvider(providerLibrary, providerVersion)
if err != nil {
t.Fatal(err)
}
provider := terraform2.NewFakeTerraformProvider(realProvider)
provider.WithResponse(c.dirName)
// Replace mock by real resources if we are in update mode
if shouldUpdate {
err := realProvider.Init()
if err != nil {
t.Fatal(err)
}
provider.ShouldUpdate()
repo = repository.NewEC2Repository(session, cache.New(0))
}
remoteLibrary.AddEnumerator(aws.NewDefaultVPCEnumerator(repo, factory))
remoteLibrary.AddDetailsFetcher(resourceaws.AwsDefaultVpcResourceType, common.NewGenericDetailsFetcher(resourceaws.AwsDefaultVpcResourceType, provider, deserializer))
s := NewScanner(nil, remoteLibrary, alerter, scanOptions)
got, err := s.Resources()
assert.Equal(tt, err, c.wantErr)
if err != nil {
return
}
test.TestAgainstGoldenFile(got, resourceaws.AwsDefaultVpcResourceType, c.dirName, provider, deserializer, shouldUpdate, tt)
})
}
}
2021-07-05 11:15:25 +00:00
func TestEC2RouteTableAssociation(t *testing.T) {
tests := []struct {
test string
dirName string
mocks func(repository *repository.MockEC2Repository)
wantErr error
}{
{
test: "no route table associations (test for nil values)",
dirName: "aws_ec2_route_table_association_empty",
mocks: func(repository *repository.MockEC2Repository) {
repository.On("ListAllRouteTables").Return([]*ec2.RouteTable{
{
RouteTableId: awssdk.String("assoc_with_nil"),
Associations: []*ec2.RouteTableAssociation{
{
AssociationState: nil,
GatewayId: nil,
Main: nil,
RouteTableAssociationId: nil,
RouteTableId: nil,
SubnetId: nil,
},
},
},
{RouteTableId: awssdk.String("nil_assoc")},
}, nil)
},
},
{
test: "multiple route table associations (mixed subnet and gateway associations)",
dirName: "aws_ec2_route_table_association_multiple",
mocks: func(repository *repository.MockEC2Repository) {
repository.On("ListAllRouteTables").Return([]*ec2.RouteTable{
{
RouteTableId: awssdk.String("rtb-05aa6c5673311a17b"), // route
Associations: []*ec2.RouteTableAssociation{
{ // Should be ignored
AssociationState: &ec2.RouteTableAssociationState{
State: awssdk.String("disassociated"),
},
GatewayId: awssdk.String("dummy-id"),
},
{ // Should be ignored
SubnetId: nil,
GatewayId: nil,
},
{ // assoc_route_subnet1
AssociationState: &ec2.RouteTableAssociationState{
State: awssdk.String("associated"),
},
Main: awssdk.Bool(false),
RouteTableAssociationId: awssdk.String("rtbassoc-0809598f92dbec03b"),
RouteTableId: awssdk.String("rtb-05aa6c5673311a17b"),
SubnetId: awssdk.String("subnet-05185af647b2eeda3"),
},
{ // assoc_route_subnet
AssociationState: &ec2.RouteTableAssociationState{
State: awssdk.String("associated"),
},
Main: awssdk.Bool(false),
RouteTableAssociationId: awssdk.String("rtbassoc-01957791b2cfe6ea4"),
RouteTableId: awssdk.String("rtb-05aa6c5673311a17b"),
SubnetId: awssdk.String("subnet-0e93dbfa2e5dd8282"),
},
{ // assoc_route_subnet2
AssociationState: &ec2.RouteTableAssociationState{
State: awssdk.String("associated"),
},
GatewayId: nil,
Main: awssdk.Bool(false),
RouteTableAssociationId: awssdk.String("rtbassoc-0b4f97ea57490e213"),
RouteTableId: awssdk.String("rtb-05aa6c5673311a17b"),
SubnetId: awssdk.String("subnet-0fd966efd884d0362"),
},
},
},
{
RouteTableId: awssdk.String("rtb-09df7cc9d16de9f8f"), // route2
Associations: []*ec2.RouteTableAssociation{
{ // assoc_route2_gateway
AssociationState: &ec2.RouteTableAssociationState{
State: awssdk.String("associated"),
},
RouteTableAssociationId: awssdk.String("rtbassoc-0a79ccacfceb4944b"),
RouteTableId: awssdk.String("rtb-09df7cc9d16de9f8f"),
GatewayId: awssdk.String("igw-0238f6e09185ac954"),
},
},
},
}, nil)
},
},
{
test: "cannot list route table associations",
dirName: "aws_ec2_route_table_association_list",
mocks: func(repository *repository.MockEC2Repository) {
repository.On("ListAllRouteTables").Return(nil, awserr.NewRequestFailure(nil, 403, ""))
},
wantErr: remoteerror.NewResourceEnumerationErrorWithType(awserr.NewRequestFailure(nil, 403, ""), resourceaws.AwsRouteTableAssociationResourceType, resourceaws.AwsRouteTableResourceType),
},
}
schemaRepository := testresource.InitFakeSchemaRepository("aws", "3.19.0")
resourceaws.InitResourcesMetadata(schemaRepository)
factory := terraform.NewTerraformResourceFactory(schemaRepository)
deserializer := resource.NewDeserializer(factory)
alerter := &mocks.AlerterInterface{}
for _, c := range tests {
t.Run(c.test, func(tt *testing.T) {
shouldUpdate := c.dirName == *goldenfile.Update
sess := session.Must(session.NewSessionWithOptions(session.Options{
SharedConfigState: session.SharedConfigEnable,
}))
scanOptions := ScannerOptions{Deep: true}
providerLibrary := terraform.NewProviderLibrary()
remoteLibrary := common.NewRemoteLibrary()
// Initialize mocks
fakeRepo := &repository.MockEC2Repository{}
c.mocks(fakeRepo)
var repo repository.EC2Repository = fakeRepo
providerVersion := "3.19.0"
realProvider, err := terraform2.InitTestAwsProvider(providerLibrary, providerVersion)
if err != nil {
t.Fatal(err)
}
provider := terraform2.NewFakeTerraformProvider(realProvider)
provider.WithResponse(c.dirName)
// Replace mock by real resources if we are in update mode
if shouldUpdate {
err := realProvider.Init()
if err != nil {
t.Fatal(err)
}
provider.ShouldUpdate()
repo = repository.NewEC2Repository(sess, cache.New(0))
}
remoteLibrary.AddEnumerator(aws.NewEC2RouteTableAssociationEnumerator(repo, factory))
remoteLibrary.AddDetailsFetcher(resourceaws.AwsRouteTableAssociationResourceType, aws.NewEC2RouteTableAssociationDetailsFetcher(provider, deserializer))
s := NewScanner(nil, remoteLibrary, alerter, scanOptions)
got, err := s.Resources()
assert.Equal(tt, err, c.wantErr)
if err != nil {
return
}
test.TestAgainstGoldenFile(got, resourceaws.AwsRouteTableAssociationResourceType, c.dirName, provider, deserializer, shouldUpdate, tt)
})
}
}