checkov/tests/terraform/checks/resource/aws/test_LambdaCodeSigningConfigured.py at 82098c3f0675486f5d7689eb69cc8ccc043ce78c · bridgecrewio/checkov · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
import unittest
from pathlib import Path

from checkov.runner_filter import RunnerFilter
from checkov.terraform.checks.resource.aws.LambdaCodeSigningConfigured import check
from checkov.terraform.runner import Runner


class TestLambdaCodeSigningConfigured(unittest.TestCase):
    def test(self):
        # given
        test_files_dir = Path(__file__).parent / "example_LambdaCodeSigningConfigured"

        # when
        report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id]))

        # then
        summary = report.get_summary()

        # pass: has code_signing_config_arn; image_pass: package_type=Image (check skipped, passes)
        passing_resources = {
            "aws_lambda_function.pass",
            "aws_lambda_function.image_pass",
        }

        # fail: Zip package type (default) without code_signing_config_arn
        failing_resources = {
            "aws_lambda_function.fail"
        }

        passed_check_resources = {c.resource for c in report.passed_checks}
        failed_check_resources = {c.resource for c in report.failed_checks}

        self.assertEqual(summary["passed"], 2)
        self.assertEqual(summary["failed"], 1)
        self.assertEqual(summary["skipped"], 0)
        self.assertEqual(summary["parsing_errors"], 0)

        self.assertEqual(passing_resources, passed_check_resources)
        self.assertEqual(failing_resources, failed_check_resources)


if __name__ == "__main__":
    unittest.main()