def test_check_fail_pipeline_disabled(monkeypatch, template_dir): """ GIVEN a valid template is passed in WHEN `FAIL_PIPELINE_CFN` env var is `enabled` and `FailConformityPipeline` CFN parameter is `disabled` THEN return `False` (pipeline won't fail even if issues are found) """ monkeypatch.setenv("FAIL_PIPELINE_CFN", "enabled") template_name = f"{template_dir}/insecure-s3-bucket-disable-failure.json" with open(template_name, "r") as f: cfn_contents = json.load(f) c = CcValidator() fail_pipeline = c._check_fail_pipeline(cfn_contents) assert fail_pipeline is False
def test_check_fail_pipeline_unset(monkeypatch, template_dir): """ GIVEN a valid template is passed in WHEN `FAIL_PIPELINE_CFN` env var is `enabled` but `FailConformityPipeline` CFN parameter is not set THEN return `True` (pipeline will fail when issues are found) """ monkeypatch.setenv("FAIL_PIPELINE_CFN", "enabled") template_name = f"{template_dir}/insecure-s3-bucket.json" with open(template_name, "r") as f: cfn_contents = json.load(f) c = CcValidator() fail_pipeline = c._check_fail_pipeline(cfn_contents) assert fail_pipeline is True
def test_check_fail_pipeline_invalid(monkeypatch, template_dir): """ GIVEN a valid template is passed in WHEN `FAIL_PIPELINE_CFN` env var is `enabled` and but `FailConformityPipeline` CFN parameter is set to something other than "disabled" THEN return `True` (pipeline will fail when issues are found) """ monkeypatch.setenv("FAIL_PIPELINE_CFN", "enabled") template_name = f"{template_dir}/insecure-s3-bucket-disable-failure.json" with open(template_name, "r") as f: cfn_contents = json.load(f) cfn_contents["Parameters"]["FailConformityPipeline"] = "x" c = CcValidator() fail_pipeline = c._check_fail_pipeline(cfn_contents) assert fail_pipeline is True