def test_failure_multiple_blocks(self): hcl_res = hcl2.loads(""" resource "aws_instance" "test" { ami = var.ami_id instance_type = var.instance_type key_name = var.key_name root_block_device { volume_type = "gp2" volume_size = var.root_volume_size encrypted = true } ebs_block_device { volume_type = "gp2" volume_size = var.ebs_volume_size device_name = "/dev/xvdb" encrypted = false } } """) resource_conf = hcl_res['resource'][0]['aws_instance']['test'] scan_result = check.scan_resource_conf(conf=resource_conf) self.assertEqual(CheckResult.FAILED, scan_result)
def test_failure_missing_element(self): resource_conf = { 'image_id': ['ami-123'], 'instance_type': ['t2.micro'], 'root_block_device': [{}] } scan_result = check.scan_resource_conf(conf=resource_conf) self.assertEqual(CheckResult.FAILED, scan_result)
def test_failure(self): resource_conf = { 'image_id': ['ami-123'], 'instance_type': ['t2.micro'], 'root_block_device': [{ 'encrypted': [False] }] } scan_result = check.scan_resource_conf(conf=resource_conf) self.assertEqual(CheckResult.FAILED, scan_result)
def test_success(self): resource_conf = { 'image_id': ['ami-123'], 'instance_type': ['t2.micro'], 'root_block_device': [{ 'encrypted': [True] }] } scan_result = check.scan_resource_conf(conf=resource_conf) self.assertEqual(CheckResult.PASSED, scan_result)
def test_failure_omission_root_block_device_2(self): #Test to ensure no false negative as raised in issue 496 hcl_res = hcl2.loads(""" resource "aws_instance" "test" { ami = var.ami_id instance_type = var.instance_type key_name = var.key_name } """) resource_conf = hcl_res['resource'][0]['aws_instance']['test'] scan_result = check.scan_resource_conf(conf=resource_conf) self.assertEqual(CheckResult.FAILED, scan_result)
def test_success(self): hcl_res = hcl2.loads(""" resource "aws_instance" "test" { ami = var.ami_id instance_type = var.instance_type key_name = var.key_name root_block_device { volume_type = "gp2" volume_size = var.root_volume_size encrypted = true } } """) resource_conf = hcl_res['resource'][0]['aws_instance']['test'] scan_result = check.scan_resource_conf(conf=resource_conf) self.assertEqual(CheckResult.PASSED, scan_result)
def test_failure_omission_root_block_device_1(self): #Test to ensure no false negative as raised in issue 496 hcl_res = hcl2.loads(""" resource "aws_instance" "test" { ami = var.ami_id instance_type = var.instance_type key_name = var.key_name ebs_block_device { volume_type = "gp2" volume_size = var.ebs_volume_size device_name = "/dev/xvdb" encrypted = false } } """) resource_conf = hcl_res['resource'][0]['aws_instance']['test'] scan_result = check.scan_resource_conf(conf=resource_conf) self.assertEqual(CheckResult.FAILED, scan_result)