217 lines
6.1 KiB
Go
217 lines
6.1 KiB
Go
package middlewares
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"github.com/snyk/driftctl/pkg/resource/aws"
|
|
|
|
"github.com/snyk/driftctl/enumeration/resource"
|
|
)
|
|
|
|
func TestS3BucketAcl_Execute(t *testing.T) {
|
|
type args struct {
|
|
remoteResources *[]*resource.Resource
|
|
resourcesFromState *[]*resource.Resource
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
args args
|
|
assert func(assert *assert.Assertions, remoteResources, resourcesFromState *[]*resource.Resource)
|
|
}{
|
|
{
|
|
name: "grant field on remote resource must be reset if acl != private in state resource",
|
|
args: args{
|
|
remoteResources: &[]*resource.Resource{
|
|
{
|
|
Id: "testgrant",
|
|
Type: aws.AwsS3BucketResourceType,
|
|
Attrs: &resource.Attributes{
|
|
"grant": []map[string]interface{}{
|
|
{
|
|
"id": "356616ba70ebbea29732c95eef24f9ea326b9018c167651705348b5af406a6db",
|
|
"permissions": []string{"FULL_CONTROL"},
|
|
"type": "CanonicalUser",
|
|
"uri": "",
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
resourcesFromState: &[]*resource.Resource{
|
|
{
|
|
Type: aws.AwsAmiResourceType,
|
|
},
|
|
{
|
|
Id: "testgrant",
|
|
Type: aws.AwsS3BucketResourceType,
|
|
Attrs: &resource.Attributes{
|
|
"acl": "public-read",
|
|
},
|
|
},
|
|
},
|
|
},
|
|
assert: func(assert *assert.Assertions, remoteResources, resourcesFromState *[]*resource.Resource) {
|
|
remoteRes := (*remoteResources)[0]
|
|
stateRes := (*resourcesFromState)[1]
|
|
_, exist := remoteRes.Attrs.Get("grant")
|
|
_, stateAclExist := stateRes.Attrs.Get("acl")
|
|
_, remoteAclExist := remoteRes.Attrs.Get("acl")
|
|
assert.False(exist)
|
|
assert.False(stateAclExist)
|
|
assert.False(remoteAclExist)
|
|
},
|
|
},
|
|
{
|
|
name: "does not modify grant field on remote resource if acl field is private",
|
|
args: args{
|
|
remoteResources: &[]*resource.Resource{
|
|
{
|
|
Id: "testgrant",
|
|
Type: aws.AwsS3BucketResourceType,
|
|
Attrs: &resource.Attributes{
|
|
"grant": []map[string]interface{}{
|
|
{
|
|
"id": "356616ba70ebbea29732c95eef24f9ea326b9018c167651705348b5af406a6db",
|
|
"permissions": []string{"FULL_CONTROL"},
|
|
"type": "CanonicalUser",
|
|
"uri": "",
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
resourcesFromState: &[]*resource.Resource{
|
|
{
|
|
Type: aws.AwsAmiResourceType,
|
|
},
|
|
{
|
|
Id: "testgrant",
|
|
Type: aws.AwsS3BucketResourceType,
|
|
Attrs: &resource.Attributes{
|
|
"acl": "private",
|
|
},
|
|
},
|
|
},
|
|
},
|
|
assert: func(assert *assert.Assertions, remoteResources, resourcesFromState *[]*resource.Resource) {
|
|
s3Bucket := (*remoteResources)[0]
|
|
grantAttr, exist := s3Bucket.Attrs.Get("grant")
|
|
grant := grantAttr.([]map[string]interface{})
|
|
assert.True(exist)
|
|
assert.Len(grant, 1)
|
|
expected := map[string]interface{}{
|
|
"id": "356616ba70ebbea29732c95eef24f9ea326b9018c167651705348b5af406a6db",
|
|
"permissions": []string{"FULL_CONTROL"},
|
|
"type": "CanonicalUser",
|
|
"uri": "",
|
|
}
|
|
assert.Equal(expected, grant[0])
|
|
},
|
|
},
|
|
{
|
|
name: "does not modify grant field on remote resource if acl field is undefined",
|
|
args: args{
|
|
remoteResources: &[]*resource.Resource{
|
|
{
|
|
Id: "testgrant",
|
|
Type: aws.AwsS3BucketResourceType,
|
|
Attrs: &resource.Attributes{
|
|
"grant": []map[string]interface{}{
|
|
{
|
|
"id": "356616ba70ebbea29732c95eef24f9ea326b9018c167651705348b5af406a6db",
|
|
"permissions": []string{"FULL_CONTROL"},
|
|
"type": "CanonicalUser",
|
|
"uri": "",
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
resourcesFromState: &[]*resource.Resource{
|
|
{
|
|
Type: aws.AwsAmiResourceType,
|
|
},
|
|
{
|
|
Id: "testgrant",
|
|
Type: aws.AwsS3BucketResourceType,
|
|
Attrs: &resource.Attributes{},
|
|
},
|
|
},
|
|
},
|
|
assert: func(assert *assert.Assertions, remoteResources, resourcesFromState *[]*resource.Resource) {
|
|
s3Bucket := (*remoteResources)[0]
|
|
grantAttr, exist := s3Bucket.Attrs.Get("grant")
|
|
grant := grantAttr.([]map[string]interface{})
|
|
assert.True(exist)
|
|
assert.Len(grant, 1)
|
|
expected := map[string]interface{}{
|
|
"id": "356616ba70ebbea29732c95eef24f9ea326b9018c167651705348b5af406a6db",
|
|
"permissions": []string{"FULL_CONTROL"},
|
|
"type": "CanonicalUser",
|
|
"uri": "",
|
|
}
|
|
assert.Equal(expected, grant[0])
|
|
},
|
|
},
|
|
{
|
|
name: "does not modify grant field on remote resource if acl field is empty",
|
|
args: args{
|
|
remoteResources: &[]*resource.Resource{
|
|
{
|
|
Id: "testgrant",
|
|
Type: aws.AwsS3BucketResourceType,
|
|
Attrs: &resource.Attributes{
|
|
"grant": []map[string]interface{}{
|
|
{
|
|
"id": "356616ba70ebbea29732c95eef24f9ea326b9018c167651705348b5af406a6db",
|
|
"permissions": []string{"FULL_CONTROL"},
|
|
"type": "CanonicalUser",
|
|
"uri": "",
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
resourcesFromState: &[]*resource.Resource{
|
|
{
|
|
Type: aws.AwsAmiResourceType,
|
|
},
|
|
{
|
|
Id: "testgrant",
|
|
Type: aws.AwsS3BucketResourceType,
|
|
Attrs: &resource.Attributes{
|
|
"acl": "",
|
|
},
|
|
},
|
|
},
|
|
},
|
|
assert: func(assert *assert.Assertions, remoteResources, resourcesFromState *[]*resource.Resource) {
|
|
s3Bucket := (*remoteResources)[0]
|
|
grantAttr, exist := s3Bucket.Attrs.Get("grant")
|
|
grant := grantAttr.([]map[string]interface{})
|
|
assert.True(exist)
|
|
assert.Len(grant, 1)
|
|
expected := map[string]interface{}{
|
|
"id": "356616ba70ebbea29732c95eef24f9ea326b9018c167651705348b5af406a6db",
|
|
"permissions": []string{"FULL_CONTROL"},
|
|
"type": "CanonicalUser",
|
|
"uri": "",
|
|
}
|
|
assert.Equal(expected, grant[0])
|
|
},
|
|
},
|
|
}
|
|
for _, c := range tests {
|
|
t.Run(c.name, func(tt *testing.T) {
|
|
assert := assert.New(tt)
|
|
m := S3BucketAcl{}
|
|
if err := m.Execute(c.args.remoteResources, c.args.resourcesFromState); err != nil {
|
|
tt.Error(err)
|
|
}
|
|
c.assert(assert, c.args.remoteResources, c.args.resourcesFromState)
|
|
})
|
|
}
|
|
}
|