Add unit tests for securityhub module

[richgreen-moj]

A reference to the issue / Description of it

ministryofjustice/modernisation-platform#8076

How does this PR fix the problem?

Unit tests for the new resources built in to the securityhub module (eventbridge rule/sns topic/kms key).

This test targets the resources specifically rather than including all the module's resources as some of them are not able to be duplicated within the same account.

How has this been tested?

Tested locally against testing-test account and via status checks in this PR

[github-actions]

Trivy Scan Success

Show Output

```hcl

---

Trivy will check the following folders:
modules/securityhub
test/securityhub-test

---

Running Trivy in modules/securityhub
2024-10-17T18:33:58Z INFO [vulndb] Need to update DB
2024-10-17T18:33:58Z INFO [vulndb] Downloading vulnerability DB...
2024-10-17T18:33:58Z INFO [vulndb] Downloading artifact... repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-17T18:34:01Z INFO [vulndb] Artifact successfully downloaded repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-17T18:34:01Z INFO [vuln] Vulnerability scanning is enabled
2024-10-17T18:34:01Z INFO [misconfig] Misconfiguration scanning is enabled
2024-10-17T18:34:01Z INFO [misconfig] Need to update the built-in checks
2024-10-17T18:34:01Z INFO [misconfig] Downloading the built-in checks...
156.02 KiB / 156.02 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-10-17T18:34:01Z INFO [secret] Secret scanning is enabled
2024-10-17T18:34:01Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-10-17T18:34:01Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.56/docs/scanner/secret#recommendation for faster secret detection
2024-10-17T18:34:02Z INFO [terraform scanner] Scanning root module file_path="."
2024-10-17T18:34:02Z INFO Number of language-specific files num=0
2024-10-17T18:34:02Z INFO Detected config files num=1
trivy_exitcode=0

---

Running Trivy in test/securityhub-test
2024-10-17T18:34:02Z INFO [vuln] Vulnerability scanning is enabled
2024-10-17T18:34:02Z INFO [misconfig] Misconfiguration scanning is enabled
2024-10-17T18:34:02Z INFO [secret] Secret scanning is enabled
2024-10-17T18:34:02Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-10-17T18:34:02Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.56/docs/scanner/secret#recommendation for faster secret detection
2024-10-17T18:34:03Z INFO [terraform scanner] Scanning root module file_path="."
2024-10-17T18:34:03Z INFO Number of language-specific files num=0
2024-10-17T18:34:03Z INFO Detected config files num=1
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
modules/securityhub
test/securityhub-test

*****************************

Running Checkov in modules/securityhub
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 24, Failed checks: 0, Skipped checks: 3


checkov_exitcode=0

*****************************

Running Checkov in test/securityhub-test
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 26, Failed checks: 0, Skipped checks: 3


checkov_exitcode=0

CTFLint Scan Failed

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
modules/securityhub
test/securityhub-test

*****************************

Running tflint in modules/securityhub
Excluding the following checks: terraform_unused_declarations
3 issue(s) found:

Warning: `sechub_eventbridge_rule_name` variable has no type (terraform_typed_variables)

  on modules/securityhub/variables.tf line 1:
   1: variable "sechub_eventbridge_rule_name" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_typed_variables.md

Warning: `sechub_sns_topic_name` variable has no type (terraform_typed_variables)

  on modules/securityhub/variables.tf line 6:
   6: variable "sechub_sns_topic_name" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_typed_variables.md

Warning: `sechub_sns_kms_key_name` variable has no type (terraform_typed_variables)

  on modules/securityhub/variables.tf line 11:
  11: variable "sechub_sns_kms_key_name" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_typed_variables.md

tflint_exitcode=2

*****************************

Running tflint in test/securityhub-test
Excluding the following checks: terraform_unused_declarations
3 issue(s) found:

Warning: `sechub_eventbridge_rule_name` variable has no type (terraform_typed_variables)

  on test/securityhub-test/variables.tf line 1:
   1: variable "sechub_eventbridge_rule_name" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_typed_variables.md

Warning: `sechub_sns_topic_name` variable has no type (terraform_typed_variables)

  on test/securityhub-test/variables.tf line 6:
   6: variable "sechub_sns_topic_name" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_typed_variables.md

Warning: `sechub_sns_kms_key_name` variable has no type (terraform_typed_variables)

  on test/securityhub-test/variables.tf line 11:
  11: variable "sechub_sns_kms_key_name" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_typed_variables.md

tflint_exitcode=4

Trivy Scan Success

Show Output

*****************************

Trivy will check the following folders:
modules/securityhub
test/securityhub-test

*****************************

Running Trivy in modules/securityhub
2024-10-17T18:33:58Z	INFO	[vulndb] Need to update DB
2024-10-17T18:33:58Z	INFO	[vulndb] Downloading vulnerability DB...
2024-10-17T18:33:58Z	INFO	[vulndb] Downloading artifact...	repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-17T18:34:01Z	INFO	[vulndb] Artifact successfully downloaded	repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-17T18:34:01Z	INFO	[vuln] Vulnerability scanning is enabled
2024-10-17T18:34:01Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-10-17T18:34:01Z	INFO	[misconfig] Need to update the built-in checks
2024-10-17T18:34:01Z	INFO	[misconfig] Downloading the built-in checks...
156.02 KiB / 156.02 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-10-17T18:34:01Z	INFO	[secret] Secret scanning is enabled
2024-10-17T18:34:01Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-10-17T18:34:01Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.56/docs/scanner/secret#recommendation for faster secret detection
2024-10-17T18:34:02Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-10-17T18:34:02Z	INFO	Number of language-specific files	num=0
2024-10-17T18:34:02Z	INFO	Detected config files	num=1
trivy_exitcode=0

*****************************

Running Trivy in test/securityhub-test
2024-10-17T18:34:02Z	INFO	[vuln] Vulnerability scanning is enabled
2024-10-17T18:34:02Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-10-17T18:34:02Z	INFO	[secret] Secret scanning is enabled
2024-10-17T18:34:02Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-10-17T18:34:02Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.56/docs/scanner/secret#recommendation for faster secret detection
2024-10-17T18:34:03Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-10-17T18:34:03Z	INFO	Number of language-specific files	num=0
2024-10-17T18:34:03Z	INFO	Detected config files	num=1
trivy_exitcode=0

[github-actions]

Trivy Scan Success

Show Output

```hcl

---

Trivy will check the following folders:
modules/securityhub
test/securityhub-test

---

Running Trivy in modules/securityhub
2024-10-18T07:47:40Z INFO [vulndb] Need to update DB
2024-10-18T07:47:40Z INFO [vulndb] Downloading vulnerability DB...
2024-10-18T07:47:40Z INFO [vulndb] Downloading artifact... repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-18T07:47:42Z INFO [vulndb] Artifact successfully downloaded repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-18T07:47:42Z INFO [vuln] Vulnerability scanning is enabled
2024-10-18T07:47:42Z INFO [misconfig] Misconfiguration scanning is enabled
2024-10-18T07:47:42Z INFO [misconfig] Need to update the built-in checks
2024-10-18T07:47:42Z INFO [misconfig] Downloading the built-in checks...
156.02 KiB / 156.02 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2024-10-18T07:47:42Z INFO [secret] Secret scanning is enabled
2024-10-18T07:47:42Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-10-18T07:47:42Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.56/docs/scanner/secret#recommendation for faster secret detection
2024-10-18T07:47:43Z INFO [terraform scanner] Scanning root module file_path="."
2024-10-18T07:47:43Z INFO Number of language-specific files num=0
2024-10-18T07:47:43Z INFO Detected config files num=1
trivy_exitcode=0

---

Running Trivy in test/securityhub-test
2024-10-18T07:47:43Z INFO [vuln] Vulnerability scanning is enabled
2024-10-18T07:47:43Z INFO [misconfig] Misconfiguration scanning is enabled
2024-10-18T07:47:43Z INFO [secret] Secret scanning is enabled
2024-10-18T07:47:43Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-10-18T07:47:43Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.56/docs/scanner/secret#recommendation for faster secret detection
2024-10-18T07:47:44Z INFO [terraform scanner] Scanning root module file_path="."
2024-10-18T07:47:44Z INFO Number of language-specific files num=0
2024-10-18T07:47:44Z INFO Detected config files num=1
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
modules/securityhub
test/securityhub-test

*****************************

Running Checkov in modules/securityhub
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 24, Failed checks: 0, Skipped checks: 3


checkov_exitcode=0

*****************************

Running Checkov in test/securityhub-test
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 26, Failed checks: 0, Skipped checks: 3


checkov_exitcode=0

CTFLint Scan Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
modules/securityhub
test/securityhub-test

*****************************

Running tflint in modules/securityhub
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

*****************************

Running tflint in test/securityhub-test
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output

*****************************

Trivy will check the following folders:
modules/securityhub
test/securityhub-test

*****************************

Running Trivy in modules/securityhub
2024-10-18T07:47:40Z	INFO	[vulndb] Need to update DB
2024-10-18T07:47:40Z	INFO	[vulndb] Downloading vulnerability DB...
2024-10-18T07:47:40Z	INFO	[vulndb] Downloading artifact...	repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-18T07:47:42Z	INFO	[vulndb] Artifact successfully downloaded	repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-18T07:47:42Z	INFO	[vuln] Vulnerability scanning is enabled
2024-10-18T07:47:42Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-10-18T07:47:42Z	INFO	[misconfig] Need to update the built-in checks
2024-10-18T07:47:42Z	INFO	[misconfig] Downloading the built-in checks...
156.02 KiB / 156.02 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2024-10-18T07:47:42Z	INFO	[secret] Secret scanning is enabled
2024-10-18T07:47:42Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-10-18T07:47:42Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.56/docs/scanner/secret#recommendation for faster secret detection
2024-10-18T07:47:43Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-10-18T07:47:43Z	INFO	Number of language-specific files	num=0
2024-10-18T07:47:43Z	INFO	Detected config files	num=1
trivy_exitcode=0

*****************************

Running Trivy in test/securityhub-test
2024-10-18T07:47:43Z	INFO	[vuln] Vulnerability scanning is enabled
2024-10-18T07:47:43Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-10-18T07:47:43Z	INFO	[secret] Secret scanning is enabled
2024-10-18T07:47:43Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-10-18T07:47:43Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.56/docs/scanner/secret#recommendation for faster secret detection
2024-10-18T07:47:44Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-10-18T07:47:44Z	INFO	Number of language-specific files	num=0
2024-10-18T07:47:44Z	INFO	Detected config files	num=1
trivy_exitcode=0