def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_S3BucketObjectLock" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "aws_s3_bucket.enabled_via_object", "aws_s3_bucket.enabled_via_block", } failing_resources = { "aws_s3_bucket.disabled_via_object", "aws_s3_bucket.disabled_via_block", } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 2) self.assertEqual(summary["failed"], 2) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_SSMSessionManagerDocumentEncryption" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "aws_ssm_document.enabled", "aws_ssm_document.enabled_yaml" } failing_resources = { "aws_ssm_document.disabled", "aws_ssm_document.disabled_yaml" } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 2) self.assertEqual(summary["failed"], 2) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_CodeBuildProjectEncryption" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "aws_codebuild_project.success_no_encryption_disabled", "aws_codebuild_project.success" } failing_resources = { "aws_codebuild_project.fail", } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 2) self.assertEqual(summary["failed"], 1) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_ElasticacheReplicationGroupEncryptedWithCMK" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "aws_elasticache_replication_group.pass", } failing_resources = { "aws_elasticache_replication_group.fail", } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 1) self.assertEqual(summary["failed"], 1) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): # given test_files_dir = Path(__file__).parent / "example_SecretsEncrypted" # when report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) # then summary = report.get_summary() passing_resources = { "github_actions_environment_secret.pass", "github_actions_organization_secret.pass", "github_actions_secret.pass", "github_actions_secret.value_ref", } failing_resources = { "github_actions_environment_secret.fail", "github_actions_organization_secret.fail", "github_actions_secret.fail", } passed_check_resources = {c.resource for c in report.passed_checks} failed_check_resources = {c.resource for c in report.failed_checks} self.assertEqual(summary["passed"], 4) self.assertEqual(summary["failed"], 3) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): # given test_files_dir = Path( __file__).parent / "example_GlueSecurityConfigurationEnabled" # when report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) # then summary = report.get_summary() passing_resources = { "aws_glue_crawler.enabled", "aws_glue_dev_endpoint.enabled", "aws_glue_job.enabled", } failing_resources = { "aws_glue_crawler.default", "aws_glue_dev_endpoint.default", "aws_glue_job.default", } passed_check_resources = {c.resource for c in report.passed_checks} failed_check_resources = {c.resource for c in report.failed_checks} self.assertEqual(summary["passed"], 3) self.assertEqual(summary["failed"], 3) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_IMDSv1Disabled" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "aws_instance.required", "aws_launch_configuration.required_lc", "aws_instance.disabled" } failing_resources = { "aws_instance.defaults", "aws_instance.optional_token", "aws_launch_configuration.optional_lc", "aws_launch_template.optional_lt", "aws_launch_template.default_lt" } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 3) self.assertEqual(summary["failed"], 5) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = os.path.join(current_dir, "example_OSSBucketPublic") report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { 'alicloud_oss_bucket.good-bucket', 'alicloud_oss_bucket.good-bucket2', } failing_resources = { 'alicloud_oss_bucket.bad-bucket', 'alicloud_oss_bucket.bad-bucket2', } skipped_resources = {} passed_check_resources = set([c.resource for c in report.passed_checks]) failed_check_resources = set([c.resource for c in report.failed_checks]) self.assertEqual(summary['passed'], len(passing_resources)) self.assertEqual(summary['failed'], len(failing_resources)) self.assertEqual(summary['skipped'], len(skipped_resources)) self.assertEqual(summary['parsing_errors'], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): # given test_files_dir = Path(__file__).parent / "example_CloudMySqlLocalInfileOff" # when report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) # then summary = report.get_summary() passing_resources = { "google_sql_database_instance.pass", "google_sql_database_instance.pass2", "google_sql_database_instance.pass3", "google_sql_database_instance.pass4", } failing_resources = { "google_sql_database_instance.fail", } passed_check_resources = {c.resource for c in report.passed_checks} failed_check_resources = {c.resource for c in report.failed_checks} self.assertEqual(summary["passed"], 4) self.assertEqual(summary["failed"], 1) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_BatchJobIsNotPrivileged" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "aws_batch_job_definition.pass", "aws_batch_job_definition.pass2", "aws_batch_job_definition.pass3", } failing_resources = { "aws_batch_job_definition.fail", } passed_check_resources = set([c.resource for c in report.passed_checks]) failed_check_resources = set([c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 3) self.assertEqual(summary["failed"], 1) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_DynamoDBTablesEncrypted" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "aws_dynamodb_table.cmk", } failing_resources = { "aws_dynamodb_table.default", "aws_dynamodb_table.encrypted_false", "aws_dynamodb_table.encrypted_no_cmk", } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 1) self.assertEqual(summary["failed"], 3) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): test_files_dir = Path( __file__).parent / "example_AzureInstanceExtensions" report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "azurerm_linux_virtual_machine.disabled", "azurerm_windows_virtual_machine.disabled", } failing_resources = { "azurerm_linux_virtual_machine.default", "azurerm_linux_virtual_machine.enabled", "azurerm_windows_virtual_machine.default", "azurerm_windows_virtual_machine.enabled", } passed_check_resources = {c.resource for c in report.passed_checks} failed_check_resources = {c.resource for c in report.failed_checks} self.assertEqual(summary["passed"], 2) self.assertEqual(summary["failed"], 4) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_CloudsearchDomainEnforceHttps" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "aws_cloudsearch_domain.pass", } failing_resources = { "aws_cloudsearch_domain.fail", "aws_cloudsearch_domain.fail2", } passed_check_resources = set([c.resource for c in report.passed_checks]) failed_check_resources = set([c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 1) self.assertEqual(summary["failed"], 2) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_APIGatewayDomainNameTLS" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "aws_api_gateway_domain_name.pass", } failing_resources = { "aws_api_gateway_domain_name.fail", } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 1) self.assertEqual(summary["failed"], 1) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_IAMPasswordPolicyUpperCase" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "oci_identity_authentication_policy.pass", } failing_resources = { "oci_identity_authentication_policy.fail", } passed_check_resources = set([c.resource for c in report.passed_checks]) failed_check_resources = set([c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 1) self.assertEqual(summary["failed"], 1) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_build_graph(self): resources_path = os.path.join( os.path.dirname(os.path.dirname(__file__)), "resources", "graph_files_test") source_files = ["pass_s3.tf", "variables.tf"] runner = Runner() report = runner.run(None, None, files=list( map(lambda f: f'{resources_path}/{f}', source_files))) tf_definitions = runner.tf_definitions self.assertEqual(4, len(report.failed_checks)) for file, definitions in tf_definitions.items(): if file.endswith('pass_s3.tf'): s3_bucket_config = definitions['resource'][0]['aws_s3_bucket'][ 'bucket_with_versioning'] # Evaluation succeeded for included vars self.assertTrue( s3_bucket_config['versioning'][0]['enabled'][0]) # Evaluation does not run for un-included vars self.assertEqual( s3_bucket_config['server_side_encryption_configuration'][0] ['rule'][0]['apply_server_side_encryption_by_default'][0] ['sse_algorithm'][0], 'var.encryption')
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/test_GKEEnableShieldedNodes" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = {'google_container_cluster.success'} failing_resources = { 'google_container_cluster.fail1', 'google_container_cluster.fail2' } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary['passed'], 1) self.assertEqual(summary['failed'], 2) self.assertEqual(summary['skipped'], 0) self.assertEqual(summary['parsing_errors'], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_module_and_variables(self): resources_path = os.path.join( os.path.dirname(os.path.dirname(__file__)), "resources", "modules-and-vars") runner = Runner() report = runner.run(root_folder=resources_path) self.assertLessEqual(3, len(report.failed_checks)) self.assertLessEqual(12, len(report.passed_checks)) self.assertEqual(0, len(report.skipped_checks)) found_versioning_failure = False for record in report.failed_checks: if record.check_id != 'CKV_AWS_40': self.assertIsNotNone(record.breadcrumbs) if record.check_id == 'CKV_AWS_21': found_versioning_failure = True bc = record.breadcrumbs.get('versioning.enabled') self.assertEqual(len(bc), 2) bc = bc[0] self.assertEqual(bc.get('type'), 'module') self.assertEqual( os.path.relpath(bc.get('path'), resources_path), 'examples/complete/main.tf') self.assertTrue(found_versioning_failure)
def test(self): # given test_files_dir = Path(__file__).parent / "example_WAFACLCVE202144228" # when report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) # then summary = report.get_summary() passing_resources = { "aws_wafv2_web_acl.pass", "aws_wafv2_web_acl.multi_rules", } failing_resources = { "aws_wafv2_web_acl.no_rule", "aws_wafv2_web_acl.wrong_rule", "aws_wafv2_web_acl.rule_count", "aws_wafv2_web_acl.rule_group_count", } passed_check_resources = {c.resource for c in report.passed_checks} failed_check_resources = {c.resource for c in report.failed_checks} self.assertEqual(summary["passed"], 2) self.assertEqual(summary["failed"], 4) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_SecretManagerSecretEncrypted" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "aws_secretsmanager_secret.enabled1", "aws_secretsmanager_secret.enabled2", } failing_resources = { "aws_secretsmanager_secret.default", "aws_secretsmanager_secret.default_explicit", } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 2) self.assertEqual(summary["failed"], 2) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_VertexAIPrivateInstance" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { 'google_notebooks_instance.pass1', } failing_resources = { 'google_notebooks_instance.fail1', 'google_notebooks_instance.fail2', } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary['passed'], 1) self.assertEqual(summary['failed'], 2) self.assertEqual(summary['skipped'], 0) self.assertEqual(summary['parsing_errors'], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_InstanceMetadataServiceEnabled" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "oci_core_instance.pass", } failing_resources = { "oci_core_instance.fail", "oci_core_instance.fail2", } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 1) self.assertEqual(summary["failed"], 2) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = os.path.join(current_dir, "example_RedisCacheMinTLSVersion") report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { 'azurerm_redis_cache.pass', } failing_resources = { 'azurerm_redis_cache.fail', 'azurerm_redis_cache.fail2' } skipped_resources = {} passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary['passed'], len(passing_resources)) self.assertEqual(summary['failed'], len(failing_resources)) self.assertEqual(summary['skipped'], len(skipped_resources)) self.assertEqual(summary['parsing_errors'], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): test_files_dir = Path(__file__).parent / "example_AdminPolicyDocument" report = Runner().run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "aws_iam_policy_document.list", "aws_iam_policy_document.pass", } failing_resources = { "aws_iam_policy_document.fail", "aws_iam_policy_document.no_effect", } passed_check_resources = set([c.resource for c in report.passed_checks]) failed_check_resources = set([c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 2) self.assertEqual(summary["failed"], 2) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): # given test_files_dir = Path(__file__).parent / "example_WAFEnabled" # when report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) # then summary = report.get_summary() passing_resources = { "aws_cloudfront_distribution.pass", } failing_resources = { "aws_cloudfront_distribution.fail", } passed_check_resources = {c.resource for c in report.passed_checks} failed_check_resources = {c.resource for c in report.failed_checks} self.assertEqual(summary["passed"], 1) self.assertEqual(summary["failed"], 1) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_DropletSSHKeys" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "digitalocean_droplet.pass", } failing_resources = { "digitalocean_droplet.fail", } passed_check_resources = set([c.resource for c in report.passed_checks]) failed_check_resources = set([c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 1) self.assertEqual(summary["failed"], 1) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = os.path.join(current_dir, "example_CosmosDBLocalAuthDisabled") report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = {'azurerm_cosmosdb_account.ckv_unittest_pass'} failing_resources = { 'azurerm_cosmosdb_account.ckv_unittest_fail', 'azurerm_cosmosdb_account.ckv_unittest_fail_2' } skipped_resources = {} passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary['passed'], len(passing_resources)) self.assertEqual(summary['failed'], len(failing_resources)) self.assertEqual(summary['skipped'], len(skipped_resources)) self.assertEqual(summary['parsing_errors'], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): # given test_files_dir = Path(__file__).parent / "example_EBSEncryption" # when report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) # then summary = report.get_summary() passing_resources = { "aws_ebs_volume.enabled", } failing_resources = { "aws_ebs_volume.default", "aws_ebs_volume.disabled", } passed_check_resources = {c.resource for c in report.passed_checks} failed_check_resources = {c.resource for c in report.failed_checks} self.assertEqual(summary["passed"], 1) self.assertEqual(summary["failed"], 2) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): test_files_dir = Path(__file__).parent / "example_EC2PublicIP" report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "aws_instance.default", "aws_instance.private", "aws_launch_template.default", "aws_launch_template.private", } failing_resources = { "aws_instance.public", "aws_launch_template.public", } passed_check_resources = {c.resource for c in report.passed_checks} failed_check_resources = {c.resource for c in report.failed_checks} self.assertEqual(summary["passed"], 4) self.assertEqual(summary["failed"], 2) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_PubSubPrivateTopic" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { 'google_pubsub_topic_iam_binding.pass1', 'google_pubsub_topic_iam_binding.pass2', 'google_pubsub_topic_iam_member.pass1', 'google_pubsub_topic_iam_member.pass2', } failing_resources = { 'google_pubsub_topic_iam_binding.fail1', 'google_pubsub_topic_iam_binding.fail2', 'google_pubsub_topic_iam_binding.fail3', 'google_pubsub_topic_iam_binding.fail4', 'google_pubsub_topic_iam_member.fail1', 'google_pubsub_topic_iam_member.fail2', } passed_check_resources = set([c.resource for c in report.passed_checks]) failed_check_resources = set([c.resource for c in report.failed_checks]) self.assertEqual(summary['passed'], 4) self.assertEqual(summary['failed'], 6) self.assertEqual(summary['skipped'], 0) self.assertEqual(summary['parsing_errors'], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)