def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_EMRClusterIsEncryptedKMS" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "aws_emr_security_configuration.pass", } failing_resources = { "aws_emr_security_configuration.fail", } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 1) self.assertEqual(summary["failed"], 1) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_S3ObjectCopyEncryptedWithCMK" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "aws_s3_object_copy.pass", } failing_resources = { "aws_s3_object_copy.fail", } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 1) self.assertEqual(summary["failed"], 1) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/test_GKEEnsureIntegrityMonitoring" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { 'google_container_cluster.success1', 'google_container_cluster.success2', 'google_container_node_pool.success1', 'google_container_node_pool.success2', } failing_resources = { 'google_container_cluster.fail', 'google_container_node_pool.fail' } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary['passed'], 4) self.assertEqual(summary['failed'], 2) self.assertEqual(summary['skipped'], 0) self.assertEqual(summary['parsing_errors'], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_DynamoDBTablesEncrypted" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "aws_dynamodb_table.cmk", } failing_resources = { "aws_dynamodb_table.default", "aws_dynamodb_table.encrypted_false", "aws_dynamodb_table.encrypted_no_cmk", } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 1) self.assertEqual(summary["failed"], 3) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_build_graph(self): resources_path = os.path.join( os.path.dirname(os.path.dirname(__file__)), "resources", "graph_files_test") source_files = ["pass_s3.tf", "variables.tf"] runner = Runner() report = runner.run(None, None, files=list( map(lambda f: f'{resources_path}/{f}', source_files))) tf_definitions = runner.tf_definitions self.assertEqual(4, len(report.failed_checks)) for file, definitions in tf_definitions.items(): if file.endswith('pass_s3.tf'): s3_bucket_config = definitions['resource'][0]['aws_s3_bucket'][ 'bucket_with_versioning'] # Evaluation succeeded for included vars self.assertTrue( s3_bucket_config['versioning'][0]['enabled'][0]) # Evaluation does not run for un-included vars self.assertEqual( s3_bucket_config['server_side_encryption_configuration'][0] ['rule'][0]['apply_server_side_encryption_by_default'][0] ['sse_algorithm'][0], 'var.encryption')
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_S3BucketObjectLock" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "aws_s3_bucket.enabled_via_object", "aws_s3_bucket.enabled_via_block", } failing_resources = { "aws_s3_bucket.disabled_via_object", "aws_s3_bucket.disabled_via_block", } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 2) self.assertEqual(summary["failed"], 2) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_CloudsearchDomainEnforceHttps" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "aws_cloudsearch_domain.pass", } failing_resources = { "aws_cloudsearch_domain.fail", "aws_cloudsearch_domain.fail2", } passed_check_resources = set([c.resource for c in report.passed_checks]) failed_check_resources = set([c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 1) self.assertEqual(summary["failed"], 2) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_DBInstanceLogging" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "aws_db_instance.mysql", "aws_db_instance.postgres", } failing_resources = { "aws_db_instance.default", "aws_db_instance.empty", } passed_check_resources = set([c.resource for c in report.passed_checks]) failed_check_resources = set([c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 2) self.assertEqual(summary["failed"], 2) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_terraform_module_checks_are_performed_even_if_supported_resources_is_omitted(self): check_name = "TF_M_2" from checkov.common.models.enums import CheckResult from checkov.terraform.checks.module.base_module_check import BaseModuleCheck from checkov.terraform.checks.module.registry import module_registry class ModuleCheck(BaseModuleCheck): def __init__(self): name = "Test check" id = check_name categories = [] super().__init__(name=name, id=id, categories=categories) def scan_module_conf(self, conf): return CheckResult.PASSED check = ModuleCheck() current_dir = os.path.dirname(os.path.realpath(__file__)) valid_dir_path = os.path.join(current_dir, "resources/valid_tf_only_module_usage") runner = Runner() result = runner.run(root_folder=valid_dir_path, external_checks_dir=None, runner_filter=RunnerFilter(checks=check_name)) # unregister check for resource in check.supported_resources: module_registry.checks[resource].remove(check) self.assertEqual(len(result.passed_checks), 1) self.assertIn('module.some-module', map(lambda record: record.resource, result.passed_checks))
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_IAMAdminPolicyDocument" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { 'aws_iam_policy.pass1', 'aws_iam_policy.pass2', 'aws_ssoadmin_permission_set_inline_policy.pass1' } failing_resources = { 'aws_iam_policy.fail1', 'aws_iam_policy.fail2', 'aws_iam_policy.fail3', 'aws_iam_policy.fail4', 'aws_ssoadmin_permission_set_inline_policy.fail1' } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary['passed'], 3) self.assertEqual(summary['failed'], 5) self.assertEqual(summary['skipped'], 0) self.assertEqual(summary['parsing_errors'], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_ObjectStorageVersioning" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "oci_objectstorage_bucket.pass", } failing_resources = { "oci_objectstorage_bucket.fail", "oci_objectstorage_bucket.default", } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 1) self.assertEqual(summary["failed"], 2) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_LambdaEnvironmentEncryptionSettings" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "aws_lambda_function.pass", } failing_resources = { "aws_lambda_function.fail", "aws_lambda_function.failkmsnovars", "aws_lambda_function.failasempty", } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 1) self.assertEqual(summary["failed"], 3) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_KubernetesSecretsEncryptedUsingCMK" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "aws_eks_cluster.enabled", } failing_resources = { "aws_eks_cluster.default", } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 1) self.assertEqual(summary["failed"], 1) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_PolicyNoApplicationAny" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { 'panos_security_policy.pass1', 'panos_security_rule_group.pass2', 'panos_security_policy.pass3', 'panos_security_rule_group.pass4', 'panos_security_policy.pass5', 'panos_security_rule_group.pass6', } failing_resources = { 'panos_security_policy.fail1', 'panos_security_rule_group.fail2', 'panos_security_policy.fail3', 'panos_security_rule_group.fail4', } passed_check_resources = set([c.resource for c in report.passed_checks]) failed_check_resources = set([c.resource for c in report.failed_checks]) self.assertEqual(summary['passed'], 6) self.assertEqual(summary['failed'], 4) self.assertEqual(summary['skipped'], 0) self.assertEqual(summary['parsing_errors'], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_InterfaceMgmtProfileNoHTTP" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { 'panos_management_profile.pass1', 'panos_management_profile.pass2', } failing_resources = { 'panos_management_profile.fail', } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary['passed'], 2) self.assertEqual(summary['failed'], 1) self.assertEqual(summary['skipped'], 0) self.assertEqual(summary['parsing_errors'], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_ElasticCacheAutomaticBackup" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "aws_elasticache_cluster.enabled", } failing_resources = { "aws_elasticache_cluster.default", "aws_elasticache_cluster.disabled", } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 1) self.assertEqual(summary["failed"], 2) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_PubSubPrivateTopic" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { 'google_pubsub_topic_iam_binding.pass1', 'google_pubsub_topic_iam_binding.pass2', 'google_pubsub_topic_iam_member.pass1', 'google_pubsub_topic_iam_member.pass2', } failing_resources = { 'google_pubsub_topic_iam_binding.fail1', 'google_pubsub_topic_iam_binding.fail2', 'google_pubsub_topic_iam_binding.fail3', 'google_pubsub_topic_iam_binding.fail4', 'google_pubsub_topic_iam_member.fail1', 'google_pubsub_topic_iam_member.fail2', } passed_check_resources = set([c.resource for c in report.passed_checks]) failed_check_resources = set([c.resource for c in report.failed_checks]) self.assertEqual(summary['passed'], 4) self.assertEqual(summary['failed'], 6) self.assertEqual(summary['skipped'], 0) self.assertEqual(summary['parsing_errors'], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_GoogleComputeExternalIP" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { 'google_compute_instance.pass', 'google_compute_instance_template.pass' } failing_resources = { 'google_compute_instance.fail', 'google_compute_instance_template.fail', } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary['passed'], 2) self.assertEqual(summary['failed'], 2) self.assertEqual(summary['skipped'], 0) self.assertEqual(summary['parsing_errors'], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_APIGatewayDomainNameTLS" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "aws_api_gateway_domain_name.pass", } failing_resources = { "aws_api_gateway_domain_name.fail", } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 1) self.assertEqual(summary["failed"], 1) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_failure_in_resolved_module(self): current_dir = os.path.dirname(os.path.realpath(__file__)) valid_dir_path = os.path.join( current_dir, "../parser/resources/parser_scenarios/module_matryoshka") valid_dir_path = os.path.normpath(valid_dir_path) runner = Runner() checks_allowlist = ['CKV_AWS_20'] report = runner.run( root_folder=valid_dir_path, external_checks_dir=None, runner_filter=RunnerFilter(framework='terraform', checks=checks_allowlist)) report_json = report.get_json() self.assertTrue(isinstance(report_json, str)) self.assertIsNotNone(report_json) self.assertIsNotNone(report.get_test_suites()) self.assertEqual(report.get_exit_code(soft_fail=False), 1) self.assertEqual(report.get_exit_code(soft_fail=True), 0) self.assertEqual(checks_allowlist[0], report.failed_checks[0].check_id) self.assertEqual("/bucket1/bucket2/bucket3/bucket.tf", report.failed_checks[0].file_path) self.assertEqual(1, len(report.failed_checks)) for record in report.failed_checks: self.assertIn(record.check_id, checks_allowlist)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_BatchJobIsNotPrivileged" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "aws_batch_job_definition.pass", "aws_batch_job_definition.pass2", "aws_batch_job_definition.pass3", } failing_resources = { "aws_batch_job_definition.fail", } passed_check_resources = set([c.resource for c in report.passed_checks]) failed_check_resources = set([c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 3) self.assertEqual(summary["failed"], 1) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_runner_extra_check(self): current_dir = os.path.dirname(os.path.realpath(__file__)) tf_dir_path = current_dir + "/resources/extra_check_test" extra_checks_dir_path = [current_dir + "/extra_checks"] print("testing dir" + tf_dir_path) runner = Runner() report = runner.run(root_folder=tf_dir_path, external_checks_dir=extra_checks_dir_path) report_json = report.get_json() for check in resource_registry.checks["aws_s3_bucket"]: if check.id == "CUSTOM_AWS_1": resource_registry.checks["aws_s3_bucket"].remove(check) self.assertTrue(isinstance(report_json, str)) self.assertIsNotNone(report_json) self.assertIsNotNone(report.get_test_suites()) passing_custom = 0 failed_custom = 0 for record in report.passed_checks: if record.check_id == "CUSTOM_AWS_1": passing_custom = passing_custom + 1 for record in report.failed_checks: if record.check_id == "CUSTOM_AWS_1": failed_custom = failed_custom + 1 self.assertEqual(passing_custom, 1) self.assertEqual(failed_custom, 2)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = os.path.join(current_dir, "example_OSSBucketPublic") report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { 'alicloud_oss_bucket.good-bucket', 'alicloud_oss_bucket.good-bucket2', } failing_resources = { 'alicloud_oss_bucket.bad-bucket', 'alicloud_oss_bucket.bad-bucket2', } skipped_resources = {} passed_check_resources = set([c.resource for c in report.passed_checks]) failed_check_resources = set([c.resource for c in report.failed_checks]) self.assertEqual(summary['passed'], len(passing_resources)) self.assertEqual(summary['failed'], len(failing_resources)) self.assertEqual(summary['skipped'], len(skipped_resources)) self.assertEqual(summary['parsing_errors'], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_record_relative_path_with_abs_file(self): # test whether the record's repo_file_path is correct, relative to the CWD (with a / at the start). # this is just constructing the scan dir as normal current_dir = os.path.dirname(os.path.realpath(__file__)) scan_file_path = os.path.join(current_dir, "resources", "nested_dir", "nested", "example.tf") file_rel_path = os.path.relpath(scan_file_path) file_abs_path = os.path.abspath(scan_file_path) runner = Runner() checks_allowlist = ['CKV_AWS_20'] report = runner.run( root_folder=None, external_checks_dir=None, files=[file_abs_path], runner_filter=RunnerFilter(framework='terraform', checks=checks_allowlist)) all_checks = report.failed_checks + report.passed_checks self.assertTrue( len(all_checks) > 0) # ensure that the assertions below are going to do something for record in all_checks: # no need to join with a '/' because the TF runner adds it to the start of the file path self.assertEqual(record.repo_file_path, f'/{file_rel_path}')
def test_module_and_variables(self): resources_path = os.path.join( os.path.dirname(os.path.dirname(__file__)), "resources", "modules-and-vars") runner = Runner() report = runner.run(root_folder=resources_path) self.assertLessEqual(3, len(report.failed_checks)) self.assertLessEqual(12, len(report.passed_checks)) self.assertEqual(0, len(report.skipped_checks)) found_versioning_failure = False for record in report.failed_checks: if record.check_id != 'CKV_AWS_40': self.assertIsNotNone(record.breadcrumbs) if record.check_id == 'CKV_AWS_21': found_versioning_failure = True bc = record.breadcrumbs.get('versioning.enabled') self.assertEqual(len(bc), 2) bc = bc[0] self.assertEqual(bc.get('type'), 'module') self.assertEqual( os.path.relpath(bc.get('path'), resources_path), 'examples/complete/main.tf') self.assertTrue(found_versioning_failure)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = os.path.join( current_dir, "example_ACRPublicNetworkAccessDisabled") report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = {'azurerm_container_registry.ckv_unittest_pass'} failing_resources = { 'azurerm_container_registry.ckv_unittest_fail', 'azurerm_container_registry.ckv_unittest_fail_2', } skipped_resources = {} passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary['passed'], len(passing_resources)) self.assertEqual(summary['failed'], len(failing_resources)) self.assertEqual(summary['skipped'], len(skipped_resources)) self.assertEqual(summary['parsing_errors'], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_SecretManagerSecretEncrypted" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "aws_secretsmanager_secret.enabled1", "aws_secretsmanager_secret.enabled2", } failing_resources = { "aws_secretsmanager_secret.default", "aws_secretsmanager_secret.default_explicit", } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 2) self.assertEqual(summary["failed"], 2) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_KMSKeyWildcardPrincipal" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { 'aws_kms_key.pass_0', 'aws_kms_key.pass_1', 'aws_kms_key.pass_2', 'aws_kms_key.pass_3' } failing_resources = { 'aws_kms_key.fail_0', 'aws_kms_key.fail_1', 'aws_kms_key.fail_2', 'aws_kms_key.fail_3', 'aws_kms_key.fail_4' } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources) self.assertEqual(summary['passed'], 4) self.assertEqual(summary['failed'], 5) self.assertEqual(summary['skipped'], 0) self.assertEqual(summary['parsing_errors'], 0)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_InstanceMetadataServiceEnabled" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "oci_core_instance.pass", } failing_resources = { "oci_core_instance.fail", "oci_core_instance.fail2", } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 1) self.assertEqual(summary["failed"], 2) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_GlacierVaultAnyPrincipal" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "aws_glacier_vault.my_archive1", "aws_glacier_vault.my_archive6", } failing_resources = { "aws_glacier_vault.my_archive2", "aws_glacier_vault.my_archive3", "aws_glacier_vault.my_archive4", "aws_glacier_vault.my_archive5", } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 2) self.assertEqual(summary["failed"], 4) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)