def test_skip_noeffect(self): hcl_res = hcl2.loads(""" resource "aws_s3_bucket_policy" "s3" { bucket = "bucket" policy = <<POLICY { "Id": "Policy1597273448050", "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1597273446725", "Action": [ "s3:GetObject" ], "Resource": "arn:aws:s3:::bucket/*", "Principal": { "AWS": "some_arn" } } ] } POLICY } """) resource_conf = hcl_res['resource'][0]['aws_s3_bucket_policy']['s3'] scan_result = check.scan_resource_conf(conf=resource_conf) self.assertEqual(CheckResult.PASSED, scan_result)
def test_failure(self): hcl_res = hcl2.loads(""" resource "aws_s3_bucket" "s3" { bucket = "bucket" policy = <<POLICY { "Version": "2012-10-17", "Statement": [ { "Principal": { "AWS": [ "*" ] }, "Effect": "Deny", "Action": [ "s3:*" ], "Resource": [ "*" ] } ] } POLICY } """) resource_conf = hcl_res['resource'][0]['aws_s3_bucket']['s3'] scan_result = check.scan_resource_conf(conf=resource_conf) self.assertEqual(CheckResult.FAILED, scan_result)