def test(self):
runner = Runner()
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files_dir = current_dir + "/example_S3BucketObjectLock"
report = runner.run(root_folder=test_files_dir,
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"aws_s3_bucket.enabled_via_object",
"aws_s3_bucket.enabled_via_block",
}
failing_resources = {
"aws_s3_bucket.disabled_via_object",
"aws_s3_bucket.disabled_via_block",
}
passed_check_resources = set(
[c.resource for c in report.passed_checks])
failed_check_resources = set(
[c.resource for c in report.failed_checks])
self.assertEqual(summary["passed"], 2)
self.assertEqual(summary["failed"], 2)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
runner = Runner()
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files_dir = current_dir + "/example_SSMSessionManagerDocumentEncryption"
report = runner.run(root_folder=test_files_dir,
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"aws_ssm_document.enabled", "aws_ssm_document.enabled_yaml"
}
failing_resources = {
"aws_ssm_document.disabled", "aws_ssm_document.disabled_yaml"
}
passed_check_resources = set(
[c.resource for c in report.passed_checks])
failed_check_resources = set(
[c.resource for c in report.failed_checks])
self.assertEqual(summary["passed"], 2)
self.assertEqual(summary["failed"], 2)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
runner = Runner()
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files_dir = current_dir + "/example_CodeBuildProjectEncryption"
report = runner.run(root_folder=test_files_dir,
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"aws_codebuild_project.success_no_encryption_disabled",
"aws_codebuild_project.success"
}
failing_resources = {
"aws_codebuild_project.fail",
}
passed_check_resources = set(
[c.resource for c in report.passed_checks])
failed_check_resources = set(
[c.resource for c in report.failed_checks])
self.assertEqual(summary["passed"], 2)
self.assertEqual(summary["failed"], 1)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
runner = Runner()
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files_dir = current_dir + "/example_ElasticacheReplicationGroupEncryptedWithCMK"
report = runner.run(root_folder=test_files_dir,
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"aws_elasticache_replication_group.pass",
}
failing_resources = {
"aws_elasticache_replication_group.fail",
}
passed_check_resources = set(
[c.resource for c in report.passed_checks])
failed_check_resources = set(
[c.resource for c in report.failed_checks])
self.assertEqual(summary["passed"], 1)
self.assertEqual(summary["failed"], 1)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
# given
test_files_dir = Path(__file__).parent / "example_SecretsEncrypted"
# when
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
# then
summary = report.get_summary()
passing_resources = {
"github_actions_environment_secret.pass",
"github_actions_organization_secret.pass",
"github_actions_secret.pass",
"github_actions_secret.value_ref",
}
failing_resources = {
"github_actions_environment_secret.fail",
"github_actions_organization_secret.fail",
"github_actions_secret.fail",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 4)
self.assertEqual(summary["failed"], 3)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
# given
test_files_dir = Path(
__file__).parent / "example_GlueSecurityConfigurationEnabled"
# when
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
# then
summary = report.get_summary()
passing_resources = {
"aws_glue_crawler.enabled",
"aws_glue_dev_endpoint.enabled",
"aws_glue_job.enabled",
}
failing_resources = {
"aws_glue_crawler.default",
"aws_glue_dev_endpoint.default",
"aws_glue_job.default",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 3)
self.assertEqual(summary["failed"], 3)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
runner = Runner()
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files_dir = current_dir + "/example_IMDSv1Disabled"
report = runner.run(root_folder=test_files_dir,
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"aws_instance.required", "aws_launch_configuration.required_lc",
"aws_instance.disabled"
}
failing_resources = {
"aws_instance.defaults", "aws_instance.optional_token",
"aws_launch_configuration.optional_lc",
"aws_launch_template.optional_lt", "aws_launch_template.default_lt"
}
passed_check_resources = set(
[c.resource for c in report.passed_checks])
failed_check_resources = set(
[c.resource for c in report.failed_checks])
self.assertEqual(summary["passed"], 3)
self.assertEqual(summary["failed"], 5)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
runner = Runner()
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files_dir = os.path.join(current_dir, "example_OSSBucketPublic")
report = runner.run(root_folder=test_files_dir,
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
'alicloud_oss_bucket.good-bucket',
'alicloud_oss_bucket.good-bucket2',
}
failing_resources = {
'alicloud_oss_bucket.bad-bucket',
'alicloud_oss_bucket.bad-bucket2',
}
skipped_resources = {}
passed_check_resources = set([c.resource for c in report.passed_checks])
failed_check_resources = set([c.resource for c in report.failed_checks])
self.assertEqual(summary['passed'], len(passing_resources))
self.assertEqual(summary['failed'], len(failing_resources))
self.assertEqual(summary['skipped'], len(skipped_resources))
self.assertEqual(summary['parsing_errors'], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
# given
test_files_dir = Path(__file__).parent / "example_CloudMySqlLocalInfileOff"
# when
report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id]))
# then
summary = report.get_summary()
passing_resources = {
"google_sql_database_instance.pass",
"google_sql_database_instance.pass2",
"google_sql_database_instance.pass3",
"google_sql_database_instance.pass4",
}
failing_resources = {
"google_sql_database_instance.fail",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 4)
self.assertEqual(summary["failed"], 1)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
runner = Runner()
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files_dir = current_dir + "/example_BatchJobIsNotPrivileged"
report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"aws_batch_job_definition.pass",
"aws_batch_job_definition.pass2",
"aws_batch_job_definition.pass3",
}
failing_resources = {
"aws_batch_job_definition.fail",
}
passed_check_resources = set([c.resource for c in report.passed_checks])
failed_check_resources = set([c.resource for c in report.failed_checks])
self.assertEqual(summary["passed"], 3)
self.assertEqual(summary["failed"], 1)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
runner = Runner()
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files_dir = current_dir + "/example_DynamoDBTablesEncrypted"
report = runner.run(root_folder=test_files_dir,
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"aws_dynamodb_table.cmk",
}
failing_resources = {
"aws_dynamodb_table.default",
"aws_dynamodb_table.encrypted_false",
"aws_dynamodb_table.encrypted_no_cmk",
}
passed_check_resources = set(
[c.resource for c in report.passed_checks])
failed_check_resources = set(
[c.resource for c in report.failed_checks])
self.assertEqual(summary["passed"], 1)
self.assertEqual(summary["failed"], 3)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
test_files_dir = Path(
__file__).parent / "example_AzureInstanceExtensions"
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"azurerm_linux_virtual_machine.disabled",
"azurerm_windows_virtual_machine.disabled",
}
failing_resources = {
"azurerm_linux_virtual_machine.default",
"azurerm_linux_virtual_machine.enabled",
"azurerm_windows_virtual_machine.default",
"azurerm_windows_virtual_machine.enabled",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 2)
self.assertEqual(summary["failed"], 4)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
runner = Runner()
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files_dir = current_dir + "/example_CloudsearchDomainEnforceHttps"
report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"aws_cloudsearch_domain.pass",
}
failing_resources = {
"aws_cloudsearch_domain.fail",
"aws_cloudsearch_domain.fail2",
}
passed_check_resources = set([c.resource for c in report.passed_checks])
failed_check_resources = set([c.resource for c in report.failed_checks])
self.assertEqual(summary["passed"], 1)
self.assertEqual(summary["failed"], 2)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
runner = Runner()
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files_dir = current_dir + "/example_APIGatewayDomainNameTLS"
report = runner.run(root_folder=test_files_dir,
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"aws_api_gateway_domain_name.pass",
}
failing_resources = {
"aws_api_gateway_domain_name.fail",
}
passed_check_resources = set(
[c.resource for c in report.passed_checks])
failed_check_resources = set(
[c.resource for c in report.failed_checks])
self.assertEqual(summary["passed"], 1)
self.assertEqual(summary["failed"], 1)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
runner = Runner()
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files_dir = current_dir + "/example_IAMPasswordPolicyUpperCase"
report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"oci_identity_authentication_policy.pass",
}
failing_resources = {
"oci_identity_authentication_policy.fail",
}
passed_check_resources = set([c.resource for c in report.passed_checks])
failed_check_resources = set([c.resource for c in report.failed_checks])
self.assertEqual(summary["passed"], 1)
self.assertEqual(summary["failed"], 1)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test_build_graph(self):
resources_path = os.path.join(
os.path.dirname(os.path.dirname(__file__)), "resources",
"graph_files_test")
source_files = ["pass_s3.tf", "variables.tf"]
runner = Runner()
report = runner.run(None,
None,
files=list(
map(lambda f: f'{resources_path}/{f}',
source_files)))
tf_definitions = runner.tf_definitions
self.assertEqual(4, len(report.failed_checks))
for file, definitions in tf_definitions.items():
if file.endswith('pass_s3.tf'):
s3_bucket_config = definitions['resource'][0]['aws_s3_bucket'][
'bucket_with_versioning']
# Evaluation succeeded for included vars
self.assertTrue(
s3_bucket_config['versioning'][0]['enabled'][0])
# Evaluation does not run for un-included vars
self.assertEqual(
s3_bucket_config['server_side_encryption_configuration'][0]
['rule'][0]['apply_server_side_encryption_by_default'][0]
['sse_algorithm'][0], 'var.encryption')
def test(self):
runner = Runner()
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files_dir = current_dir + "/test_GKEEnableShieldedNodes"
report = runner.run(root_folder=test_files_dir,
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {'google_container_cluster.success'}
failing_resources = {
'google_container_cluster.fail1', 'google_container_cluster.fail2'
}
passed_check_resources = set(
[c.resource for c in report.passed_checks])
failed_check_resources = set(
[c.resource for c in report.failed_checks])
self.assertEqual(summary['passed'], 1)
self.assertEqual(summary['failed'], 2)
self.assertEqual(summary['skipped'], 0)
self.assertEqual(summary['parsing_errors'], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test_module_and_variables(self):
resources_path = os.path.join(
os.path.dirname(os.path.dirname(__file__)), "resources",
"modules-and-vars")
runner = Runner()
report = runner.run(root_folder=resources_path)
self.assertLessEqual(3, len(report.failed_checks))
self.assertLessEqual(12, len(report.passed_checks))
self.assertEqual(0, len(report.skipped_checks))
found_versioning_failure = False
for record in report.failed_checks:
if record.check_id != 'CKV_AWS_40':
self.assertIsNotNone(record.breadcrumbs)
if record.check_id == 'CKV_AWS_21':
found_versioning_failure = True
bc = record.breadcrumbs.get('versioning.enabled')
self.assertEqual(len(bc), 2)
bc = bc[0]
self.assertEqual(bc.get('type'), 'module')
self.assertEqual(
os.path.relpath(bc.get('path'), resources_path),
'examples/complete/main.tf')
self.assertTrue(found_versioning_failure)
def test(self):
# given
test_files_dir = Path(__file__).parent / "example_WAFACLCVE202144228"
# when
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
# then
summary = report.get_summary()
passing_resources = {
"aws_wafv2_web_acl.pass",
"aws_wafv2_web_acl.multi_rules",
}
failing_resources = {
"aws_wafv2_web_acl.no_rule",
"aws_wafv2_web_acl.wrong_rule",
"aws_wafv2_web_acl.rule_count",
"aws_wafv2_web_acl.rule_group_count",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 2)
self.assertEqual(summary["failed"], 4)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
runner = Runner()
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files_dir = current_dir + "/example_SecretManagerSecretEncrypted"
report = runner.run(root_folder=test_files_dir,
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"aws_secretsmanager_secret.enabled1",
"aws_secretsmanager_secret.enabled2",
}
failing_resources = {
"aws_secretsmanager_secret.default",
"aws_secretsmanager_secret.default_explicit",
}
passed_check_resources = set(
[c.resource for c in report.passed_checks])
failed_check_resources = set(
[c.resource for c in report.failed_checks])
self.assertEqual(summary["passed"], 2)
self.assertEqual(summary["failed"], 2)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
runner = Runner()
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files_dir = current_dir + "/example_VertexAIPrivateInstance"
report = runner.run(root_folder=test_files_dir,
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
'google_notebooks_instance.pass1',
}
failing_resources = {
'google_notebooks_instance.fail1',
'google_notebooks_instance.fail2',
}
passed_check_resources = set(
[c.resource for c in report.passed_checks])
failed_check_resources = set(
[c.resource for c in report.failed_checks])
self.assertEqual(summary['passed'], 1)
self.assertEqual(summary['failed'], 2)
self.assertEqual(summary['skipped'], 0)
self.assertEqual(summary['parsing_errors'], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
runner = Runner()
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files_dir = current_dir + "/example_InstanceMetadataServiceEnabled"
report = runner.run(root_folder=test_files_dir,
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"oci_core_instance.pass",
}
failing_resources = {
"oci_core_instance.fail",
"oci_core_instance.fail2",
}
passed_check_resources = set(
[c.resource for c in report.passed_checks])
failed_check_resources = set(
[c.resource for c in report.failed_checks])
self.assertEqual(summary["passed"], 1)
self.assertEqual(summary["failed"], 2)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
runner = Runner()
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files_dir = os.path.join(current_dir,
"example_RedisCacheMinTLSVersion")
report = runner.run(root_folder=test_files_dir,
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
'azurerm_redis_cache.pass',
}
failing_resources = {
'azurerm_redis_cache.fail', 'azurerm_redis_cache.fail2'
}
skipped_resources = {}
passed_check_resources = set(
[c.resource for c in report.passed_checks])
failed_check_resources = set(
[c.resource for c in report.failed_checks])
self.assertEqual(summary['passed'], len(passing_resources))
self.assertEqual(summary['failed'], len(failing_resources))
self.assertEqual(summary['skipped'], len(skipped_resources))
self.assertEqual(summary['parsing_errors'], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
test_files_dir = Path(__file__).parent / "example_AdminPolicyDocument"
report = Runner().run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"aws_iam_policy_document.list",
"aws_iam_policy_document.pass",
}
failing_resources = {
"aws_iam_policy_document.fail",
"aws_iam_policy_document.no_effect",
}
passed_check_resources = set([c.resource for c in report.passed_checks])
failed_check_resources = set([c.resource for c in report.failed_checks])
self.assertEqual(summary["passed"], 2)
self.assertEqual(summary["failed"], 2)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
# given
test_files_dir = Path(__file__).parent / "example_WAFEnabled"
# when
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
# then
summary = report.get_summary()
passing_resources = {
"aws_cloudfront_distribution.pass",
}
failing_resources = {
"aws_cloudfront_distribution.fail",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 1)
self.assertEqual(summary["failed"], 1)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
runner = Runner()
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files_dir = current_dir + "/example_DropletSSHKeys"
report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"digitalocean_droplet.pass",
}
failing_resources = {
"digitalocean_droplet.fail",
}
passed_check_resources = set([c.resource for c in report.passed_checks])
failed_check_resources = set([c.resource for c in report.failed_checks])
self.assertEqual(summary["passed"], 1)
self.assertEqual(summary["failed"], 1)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
runner = Runner()
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files_dir = os.path.join(current_dir,
"example_CosmosDBLocalAuthDisabled")
report = runner.run(root_folder=test_files_dir,
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {'azurerm_cosmosdb_account.ckv_unittest_pass'}
failing_resources = {
'azurerm_cosmosdb_account.ckv_unittest_fail',
'azurerm_cosmosdb_account.ckv_unittest_fail_2'
}
skipped_resources = {}
passed_check_resources = set(
[c.resource for c in report.passed_checks])
failed_check_resources = set(
[c.resource for c in report.failed_checks])
self.assertEqual(summary['passed'], len(passing_resources))
self.assertEqual(summary['failed'], len(failing_resources))
self.assertEqual(summary['skipped'], len(skipped_resources))
self.assertEqual(summary['parsing_errors'], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
# given
test_files_dir = Path(__file__).parent / "example_EBSEncryption"
# when
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
# then
summary = report.get_summary()
passing_resources = {
"aws_ebs_volume.enabled",
}
failing_resources = {
"aws_ebs_volume.default",
"aws_ebs_volume.disabled",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 1)
self.assertEqual(summary["failed"], 2)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
test_files_dir = Path(__file__).parent / "example_EC2PublicIP"
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"aws_instance.default",
"aws_instance.private",
"aws_launch_template.default",
"aws_launch_template.private",
}
failing_resources = {
"aws_instance.public",
"aws_launch_template.public",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 4)
self.assertEqual(summary["failed"], 2)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
runner = Runner()
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files_dir = current_dir + "/example_PubSubPrivateTopic"
report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
'google_pubsub_topic_iam_binding.pass1',
'google_pubsub_topic_iam_binding.pass2',
'google_pubsub_topic_iam_member.pass1',
'google_pubsub_topic_iam_member.pass2',
}
failing_resources = {
'google_pubsub_topic_iam_binding.fail1',
'google_pubsub_topic_iam_binding.fail2',
'google_pubsub_topic_iam_binding.fail3',
'google_pubsub_topic_iam_binding.fail4',
'google_pubsub_topic_iam_member.fail1',
'google_pubsub_topic_iam_member.fail2',
}
passed_check_resources = set([c.resource for c in report.passed_checks])
failed_check_resources = set([c.resource for c in report.failed_checks])
self.assertEqual(summary['passed'], 4)
self.assertEqual(summary['failed'], 6)
self.assertEqual(summary['skipped'], 0)
self.assertEqual(summary['parsing_errors'], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
