def test_success_no_encryption_at_rest_kms_key_arn_specified(self):
resource_conf = {
"name": "test-project",
"encryption_info": [{}],
}
scan_result = check.scan_resource_conf(conf=resource_conf)
self.assertEqual(CheckResult.PASSED, scan_result)
def test_success_no_encrypt_block(self):
resource_conf = {
"name":
"test-project",
"encryption_info": [{
"encryption_at_rest_kms_key_arn": ["aws_kms_key.kms.arn"],
}],
}
scan_result = check.scan_resource_conf(conf=resource_conf)
self.assertEqual(CheckResult.PASSED, scan_result)
def test_failure_no_kms(self):
resource_conf = {
"name":
"test-project",
"encryption_info": [{
"encryption_in_transit": [{
"client_broker": "TLS",
"in_cluster": "true",
}],
}],
}
scan_result = check.scan_resource_conf(conf=resource_conf)
self.assertEqual(CheckResult.FAILED, scan_result)
def test_success_encryption_in_transit_and_no_encryption_at_rest_kms_key_arn_specified(
self):
resource_conf = {
"name":
"test-project",
"encryption_info": [{
"encryption_in_transit": [{
"client_broker": ["TLS"],
"in_cluster": [True],
}],
}],
}
scan_result = check.scan_resource_conf(conf=resource_conf)
self.assertEqual(CheckResult.PASSED, scan_result)
def test_success(self):
resource_conf = {
"name":
"test-project",
"encryption_info": [{
"encryption_at_rest_kms_key_arn": ["aws_kms_key.kms.arn"],
"encryption_in_transit": [{
"client_broker": ["TLS"],
"in_cluster": ["true"],
}],
}],
}
scan_result = check.scan_resource_conf(conf=resource_conf)
self.assertEqual(CheckResult.PASSED, scan_result)
def test_failure_in_cluster(self):
resource_conf = {
"name":
"test-project",
"encryption_info": [{
"encryption_at_rest_kms_key_arn":
"aws_kms_key.kms.arn",
"encryption_in_transit": [{
"client_broker": "TLS",
"in_cluster": False,
}],
}],
}
scan_result = check.scan_resource_conf(conf=resource_conf)
self.assertEqual(CheckResult.FAILED, scan_result)
def test_failure(self):
resource_conf = {
"name": "test-project",
}
scan_result = check.scan_resource_conf(conf=resource_conf)
self.assertEqual(CheckResult.FAILED, scan_result)
