def test_list_plugins(self, capsys):
file = '--list-plugins'
expected_checks = [
{
'check':
'FileLayoutCheck:FileLayoutCheck',
'severity':
'ERROR',
'description':
'Ensure variables and outputs are only in files of the same name',
},
{
'check': 'NullCheck:NullCheck',
'severity': 'WARNING',
'description': 'None',
},
{
'check': 'JqCheck:variable_description',
'severity': 'ERROR',
'description': 'Variables must contain description',
},
{
'check': 'JqCheck:output_description',
'severity': 'WARNING',
'description': 'Outputs should contain description',
},
]
with Wrap(self, [file], [], expect_exit=False):
out, err = capsys.readouterr()
for plugin in ['BuiltinPlugin', 'NullPlugin']:
assert plugin in out
for check in expected_checks:
assert "[Severity.{severity}] {check}\n\t{description}".format(
**check) in out
def test_passes_if_variable_using_snake_case(self, caplog):
file = 'tests/test_logical_names/good/variables.tf'
with Wrap(self, [file], expect_exit=False):
assert (
'[PASS] name_snake_case:Logical names should use snake_case:{}'
.format(file)) in caplog.text
def test_bad_file_layout(self, caplog):
file = 'tests/test_plugins/bad'
config = 'tests/test_plugins/notnull.tuvok.json'
with Wrap(self, [file], [config], expect_exit=True):
assert 'FAIL' in caplog.text
assert 'variable:foo was not found in a file named variables.tf' in caplog.text
assert 'output:foo was not found in a file named outputs.tf' in caplog.text
def test_passes_if_version_in_provider_block(self, caplog):
file = 'tests/test_provider/good/main.tf'
with Wrap(self, [file], expect_exit=False):
assert (
'[PASS] provider_has_version:Provider block should have version pinned:{}'
.format(file)) in caplog.text
def test_passes_if_variable_has_type_and_description(self, caplog):
file = 'tests/test_variable/good/variables.tf'
with Wrap(self, [file], expect_exit=False):
assert ('Variables must contain description PASS in {}:'.format(
file)) in caplog.text
assert ('Variables must contain type PASS in {}:'.format(file)
) in caplog.text
def test_fails_if_version_not_in_provider_block(self, caplog):
file = 'tests/test_provider/bad/no_version.tf'
with Wrap(self, [file], expect_exit=False):
assert (
'[FAIL] provider_has_version:Provider block should have version pinned:aws:{}'
.format(file)) in caplog.text
def test_bad_hcl2(self, caplog):
file = 'tests/test_hcl2/bad'
with Wrap(self, [file], [], expect_exit=True):
assert 'FAIL' in caplog.text
assert 'variable:foo was not found in a file named variables.tf' in caplog.text
assert 'output:foo was not found in a file named outputs.tf' in caplog.text
assert 'github_module_ref:Modules sourced from GitHub should be pinned:some_module:' in caplog.text
def test_passes_override_success(self, capsys, caplog):
files = ['tests/test_config/variables.tf', 'tests/test_config/outputs.tf']
config = 'tests/test_config/success.tuvok.json'
out, err = capsys.readouterr()
with Wrap(self, files, [config], expect_exit=False):
assert err == ''
assert ('Rule output_description will be set to severity INFO by custom config {}'.format(config)) in caplog.text
assert ('Rule variable_type will be ignored by custom config {}'.format(config)) in caplog.text
def test_fails_if_variable_has_no_type_or_no_description(self, caplog):
file = 'tests/test_variable/bad/variables.tf'
with Wrap(self, [file]):
assert ('Variables must contain description FAIL in {}:foo'.format(
file)) in caplog.text
assert ('Variables must contain type FAIL in {}:bar'.format(file)
) in caplog.text
def test_passes_if_output_uses_snake_case(self, caplog, capsys):
file = 'tests/test_logical_names/good/outputs.tf'
with Wrap(self, [file], expect_exit=False):
assert (
'[PASS] name_snake_case:Logical names should use snake_case:{}'
.format(file)) in caplog.text
err = capsys.readouterr().err
assert err == ''
def test_fails_if_output_not_using_snake_case(self, caplog):
file = 'tests/test_logical_names/bad/outputs.tf'
with Wrap(self, [file], expect_exit=False):
assert (
'[FAIL] name_snake_case:Logical names should use snake_case:output:FooBar:{}'
.format(file)) in caplog.text
assert (
'[FAIL] name_snake_case:Logical names should use snake_case:output:foo-bar:{}'
.format(file)) in caplog.text
def test_fails_if_variable_has_no_type_or_no_description(self, caplog):
file = 'tests/test_variable/bad/variables.tf'
with Wrap(self, [file]):
assert (
'[FAIL] variable_description:Variables must contain description:foo:{}'
.format(file)) in caplog.text
assert ('[FAIL] variable_type:Variables must contain type:bar:{}'.
format(file)) in caplog.text
assert (
'[FAIL] variable_default:Variables should not contain defaults. Values should be provided via a tfvars file:baz:{}'
.format(file)) in caplog.text
def test_passes_if_variable_has_type_and_description_and_no_default(
self, caplog):
file = 'tests/test_variable/good/variables.tf'
with Wrap(self, [file], expect_exit=False):
assert (
'[PASS] variable_description:Variables must contain description:{}'
.format(file)) in caplog.text
assert ('[PASS] variable_type:Variables must contain type:{}'.
format(file)) in caplog.text
assert (
'[PASS] variable_default:Variables should not contain defaults. Values should be provided via a tfvars file:{}'
.format(file)) in caplog.text
def test_fails_if_resource_not_using_snake_case(self, caplog):
file = 'tests/test_logical_names/bad/main.tf'
with Wrap(self, [file], expect_exit=False):
assert (
'[FAIL] resource_name_snake_case:Logical names should use snake_case:resource:aws_iam_role:FooBar:{}'
.format(file)) in caplog.text
assert (
'[FAIL] resource_name_snake_case:Logical names should use snake_case:resource:aws_iam_role:foo-bar:{}'
.format(file)) in caplog.text
assert (
'[FAIL] resource_name_snake_case:Logical names should use snake_case:resource:aws_iam_policy:FooBaz:{}'
.format(file)) in caplog.text
assert (
'[FAIL] resource_name_snake_case:Logical names should use snake_case:resource:aws_iam_role_policy_attachment:foo-baz:{}'
.format(file)) in caplog.text
assert (
'[FAIL] name_snake_case:Logical names should use snake_case:module:FooBin:{}'
.format(file)) in caplog.text
assert (
'[FAIL] name_snake_case:Logical names should use snake_case:module:foo-bin:{}'
.format(file)) in caplog.text
def test_warns_if_output_has_no_description(self, caplog):
file = 'tests/test_output/bad/outputs.tf'
with Wrap(self, [file], expect_exit=False):
assert ('Outputs should contain description FAIL in {}:foo'.format(
file)) in caplog.text
def test_passes_if_output_has_description(self, capsys):
with Wrap(self, ['tests/test_output/good/outputs.tf'],
expect_exit=False):
err = capsys.readouterr().err
assert err == ''
def test_warns_if_module_isnt_pinned_github(self, caplog):
file = 'tests/test_module/module_github_missingref.tf'
with Wrap(self, [file], expect_exit=True):
assert (
'[FAIL] github_module_ref:Modules sourced from GitHub should be pinned:some_module:{}'
.format(file)) in caplog.text
def test_passes_if_module_not_git(self, caplog):
file = 'tests/test_module/module_notgit.tf'
with Wrap(self, [file], expect_exit=False):
assert (
'[PASS] github_module_ref:Modules sourced from GitHub should be pinned:{}'
.format(file)) in caplog.text
def test_good_file_layout(self, caplog):
file = 'tests/test_plugins/good'
with Wrap(self, [file], [], expect_exit=False):
assert 'FAIL' not in caplog.text
assert 'variable:foo was not found in a file named variables.tf' not in caplog.text
assert 'output:foo was not found in a file named outputs.tf' not in caplog.text
def test_disable_null(self, caplog):
file = 'tests/test_plugins/good'
config = 'tests/test_plugins/notnull.tuvok.json'
with Wrap(self, [file], [config], expect_exit=False):
assert (
'NullCheck-None PASS in {}'.format(file)) not in caplog.text
def test_default_null(self, caplog):
file = 'tests/test_plugins/good'
with Wrap(self, [file], [], expect_exit=False):
assert ('[PASS] NullCheck:{}'.format(file)) in caplog.text
def test_fails_if_module_has_rackspace_http_ref(self, caplog):
file = 'tests/test_module/module_github_has_rackspace_ref.tf'
with Wrap(self, [file], expect_exit=True):
assert (
'[FAIL] github_rackspace_module_use_ssh:Rackspace module references should use SSH source paths:some_module:{}'
.format(file)) in caplog.text
def test_warns_if_module_has_http_ref(self, caplog):
file = 'tests/test_module/module_github_hasref.tf'
with Wrap(self, [file], expect_exit=False):
assert (
'[FAIL] github_module_use_ssh:Module references should use SSH source paths:some_module:{}'
.format(file)) in caplog.text
def test_fails_prevent_override_ignore(self, caplog):
file = 'tests/test_config/variables.tf'
config = 'tests/test_config/ignore.tuvok.json'
with Wrap(self, [file], [config]):
assert ('Cannot ignore check variable_description in Configuration file {}'.format(config)) in caplog.text
def test_passes_if_module_has_ssh_ref(self, caplog):
file = 'tests/test_module/module_git_hasref.tf'
with Wrap(self, [file], expect_exit=False):
assert (
'[PASS] github_module_use_ssh:Module references should use SSH source paths:{}'
.format(file)) in caplog.text