test: mark tests as integration

aquasecurity · Jan 24, 2024 · 32b54f8 · 32b54f8
1 parent 707b2b9
commit 32b54f8
Show file tree

Hide file tree

Showing 2 changed files with 118 additions and 110 deletions.
diff --git a/pkg/scanners/terraform/scanner_integration_test.go b/pkg/scanners/terraform/scanner_integration_test.go
@@ -130,3 +130,121 @@ deny[res] {
 		fmt.Printf("Debug logs:\n%s\n", debugLog.String())
 	}
 }
+
+func Test_OptionWithSkipDownloaded(t *testing.T) {
+	if testing.Short() {
+		t.Skip("skipping integration test in short mode")
+	}
+
+	fs := testutil.CreateFS(t, map[string]string{
+		"test/main.tf": `
+module "s3-bucket" {
+  source   = "terraform-aws-modules/s3-bucket/aws"
+  version = "3.14.0"
+  bucket = "mybucket"
+  create_bucket = true
+}
+`,
+		// creating our own rule for the reliability of the test
+		"/rules/test.rego": `
+package defsec.abcdefg
+
+__rego_input__ := {
+	"combine": false,
+	"selector": [{"type": "defsec", "subtypes": [{"service": "s3", "provider": "aws"}]}],
+}
+
+deny[cause] {
+	bucket := input.aws.s3.buckets[_]
+	bucket.name.value == "mybucket"
+	cause := bucket.name
+}`,
+	})
+
+	t.Run("without skip", func(t *testing.T) {
+		scanner := New(
+			options.ScannerWithPolicyDirs("rules"),
+			options.ScannerWithRegoOnly(true),
+			options.ScannerWithEmbeddedPolicies(false),
+			options.ScannerWithEmbeddedLibraries(true),
+		)
+		results, err := scanner.ScanFS(context.TODO(), fs, "test")
+		require.NoError(t, err)
+
+		assert.Len(t, results, 1)
+		assert.Len(t, results.GetFailed(), 1)
+	})
+
+	t.Run("with skip", func(t *testing.T) {
+		scanner := New(
+			ScannerWithSkipDownloaded(true),
+			options.ScannerWithPolicyDirs("rules"),
+			options.ScannerWithRegoOnly(true),
+			options.ScannerWithEmbeddedPolicies(false),
+			options.ScannerWithEmbeddedLibraries(true),
+		)
+		results, err := scanner.ScanFS(context.TODO(), fs, "test")
+		require.NoError(t, err)
+
+		assert.Len(t, results, 1)
+		assert.Len(t, results.GetIgnored(), 1)
+	})
+}
+
+func Test_OptionWithSkipDownloadedIAMDocument(t *testing.T) {
+	if testing.Short() {
+		t.Skip("skipping integration test in short mode")
+	}
+
+	fs := testutil.CreateFS(t, map[string]string{
+		"test/main.tf": `
+module "karpenter" {
+  source  = "terraform-aws-modules/eks/aws//modules/karpenter"
+  version = "19.21.0"
+
+  cluster_name           = "test"
+  irsa_oidc_provider_arn = "example"
+}
+`,
+		// creating our own rule for the reliability of the test
+		"/rules/test.rego": `
+package defsec.abcdefg
+
+__rego_input__ := {
+	"combine": false,
+	"selector": [{"type": "defsec", "subtypes": [{"service": "iam", "provider": "aws"}]}],
+}
+
+allows_permission(statements, permission, effect) {
+	statement := statements[_]
+	statement.Effect == effect
+	action = statement.Action[_]
+	action == permission
+}
+
+deny[res] {
+	policy := input.aws.iam.policies[_]
+	value = json.unmarshal(policy.document.value)
+	statements = value.Statement
+	not allows_permission(statements, "iam:PassRole", "Deny")
+	allows_permission(statements, "iam:PassRole", "Allow")
+	res = result.new("IAM policy allows 'iam:PassRole' action", policy.document)
+}
+`,
+	})
+
+	scanner := New(
+		ScannerWithSkipDownloaded(true),
+		options.ScannerWithPolicyDirs("rules"),
+		options.ScannerWithRegoOnly(true),
+		options.ScannerWithEmbeddedLibraries(true),
+		options.ScannerWithEmbeddedPolicies(false),
+	)
+	results, err := scanner.ScanFS(context.TODO(), fs, "test")
+	require.NoError(t, err)
+	assert.Len(t, results, 1)
+
+	ignored := results.GetIgnored()
+	assert.Len(t, ignored, 1)
+	assert.NotNil(t, ignored[0].Metadata().Parent())
+}
diff --git a/pkg/scanners/terraform/scanner_test.go b/pkg/scanners/terraform/scanner_test.go
@@ -534,116 +534,6 @@ deny[res] {
 	}
 }
 
-func Test_OptionWithSkipDownloaded(t *testing.T) {
-	fs := testutil.CreateFS(t, map[string]string{
-		"test/main.tf": `
-module "s3-bucket" {
-  source   = "terraform-aws-modules/s3-bucket/aws"
-  version = "3.14.0"
-  bucket = "mybucket"
-  create_bucket = true
-}
-`,
-		// creating our own rule for the reliability of the test
-		"/rules/test.rego": `
-package defsec.abcdefg
-
-__rego_input__ := {
-	"combine": false,
-	"selector": [{"type": "defsec", "subtypes": [{"service": "s3", "provider": "aws"}]}],
-}
-
-deny[cause] {
-	bucket := input.aws.s3.buckets[_]
-	bucket.name.value == "mybucket"
-	cause := bucket.name
-}`,
-	})
-
-	t.Run("without skip", func(t *testing.T) {
-		scanner := New(
-			options.ScannerWithPolicyDirs("rules"),
-			options.ScannerWithRegoOnly(true),
-			options.ScannerWithEmbeddedPolicies(false),
-			options.ScannerWithEmbeddedLibraries(true),
-		)
-		results, err := scanner.ScanFS(context.TODO(), fs, "test")
-		require.NoError(t, err)
-
-		assert.Len(t, results, 1)
-		assert.Len(t, results.GetFailed(), 1)
-	})
-
-	t.Run("with skip", func(t *testing.T) {
-		scanner := New(
-			ScannerWithSkipDownloaded(true),
-			options.ScannerWithPolicyDirs("rules"),
-			options.ScannerWithRegoOnly(true),
-			options.ScannerWithEmbeddedPolicies(false),
-			options.ScannerWithEmbeddedLibraries(true),
-		)
-		results, err := scanner.ScanFS(context.TODO(), fs, "test")
-		require.NoError(t, err)
-
-		assert.Len(t, results, 1)
-		assert.Len(t, results.GetIgnored(), 1)
-	})
-}
-
-func Test_OptionWithSkipDownloadedIAMDocument(t *testing.T) {
-	fs := testutil.CreateFS(t, map[string]string{
-		"test/main.tf": `
-module "karpenter" {
-  source  = "terraform-aws-modules/eks/aws//modules/karpenter"
-  version = "19.21.0"
-
-  cluster_name           = "test"
-  irsa_oidc_provider_arn = "example"
-}
-`,
-		// creating our own rule for the reliability of the test
-		"/rules/test.rego": `
-package defsec.abcdefg
-
-__rego_input__ := {
-	"combine": false,
-	"selector": [{"type": "defsec", "subtypes": [{"service": "iam", "provider": "aws"}]}],
-}
-
-allows_permission(statements, permission, effect) {
-	statement := statements[_]
-	statement.Effect == effect
-	action = statement.Action[_]
-	action == permission
-}
-
-deny[res] {
-	policy := input.aws.iam.policies[_]
-	value = json.unmarshal(policy.document.value)
-	statements = value.Statement
-	not allows_permission(statements, "iam:PassRole", "Deny")
-	allows_permission(statements, "iam:PassRole", "Allow")
-	res = result.new("IAM policy allows 'iam:PassRole' action", policy.document)
-}
-`,
-	})
-
-	scanner := New(
-		ScannerWithSkipDownloaded(true),
-		options.ScannerWithPolicyDirs("rules"),
-		options.ScannerWithRegoOnly(true),
-		options.ScannerWithEmbeddedLibraries(true),
-		options.ScannerWithEmbeddedPolicies(false),
-	)
-	results, err := scanner.ScanFS(context.TODO(), fs, "test")
-	require.NoError(t, err)
-	assert.Len(t, results, 1)
-
-	ignored := results.GetIgnored()
-	assert.Len(t, ignored, 1)
-	assert.NotNil(t, ignored[0].Metadata().Parent())
-}
-
 func Test_IAMPolicyRego(t *testing.T) {
 	fs := testutil.CreateFS(t, map[string]string{
 		"/code/main.tf": `