From 6a0ffc80a4d1bf6ae4adb8c82ea0b394d563593e Mon Sep 17 00:00:00 2001 From: Vojtech Splichal Date: Wed, 19 Jul 2023 18:45:33 +0200 Subject: [PATCH] fix: repair tests + correct excpected/actual in Equal calls (#119) --- examples/wafv2-logging-configuration/main.tf | 49 ++++++++++--------- .../wafv2-logging-configuration/variables.tf | 5 ++ examples/wafv2-sizeconstraint-rules/main.tf | 2 +- test/waf_webaclv2_and_or_test.go | 8 +-- test/waf_webaclv2_bytematch_test.go | 8 +-- test/waf_webaclv2_geomatch_test.go | 8 +-- test/waf_webaclv2_label_match_test.go | 8 +-- test/waf_webaclv2_logging_config_test.go | 48 +++++++++++------- test/waf_webaclv2_regex_pattern_test.go | 12 ++--- test/waf_webaclv2_sizeconstraint_test.go | 10 ++-- 10 files changed, 90 insertions(+), 68 deletions(-) create mode 100644 examples/wafv2-logging-configuration/variables.tf diff --git a/examples/wafv2-logging-configuration/main.tf b/examples/wafv2-logging-configuration/main.tf index 891a40a..8ac107c 100644 --- a/examples/wafv2-logging-configuration/main.tf +++ b/examples/wafv2-logging-configuration/main.tf @@ -1,16 +1,3 @@ -terraform { - required_version = ">= 0.13.7" - - required_providers { - aws = ">= 4.44.0" - } -} - -provider "aws" { - region = "eu-west-1" -} - - ##### # VPC and subnets ##### @@ -18,8 +5,11 @@ data "aws_vpc" "default" { default = true } -data "aws_subnet_ids" "all" { - vpc_id = data.aws_vpc.default.id +data "aws_subnets" "all" { + filter { + name = "vpc-id" + values = [data.aws_vpc.default.id] + } } ##### @@ -29,11 +19,11 @@ module "alb" { source = "umotif-public/alb/aws" version = "~> 2.0.0" - name_prefix = "alb-waf-example" + name_prefix = "${var.name_prefix}-alb-waf-example" load_balancer_type = "application" internal = false vpc_id = data.aws_vpc.default.id - subnets = data.aws_subnet_ids.all.ids + subnets = toset(data.aws_subnets.all.ids) } ##### @@ -41,8 +31,23 @@ module "alb" { ##### resource "aws_s3_bucket" "bucket" { - bucket = "aws-waf-firehose-stream-test-bucket" + bucket = "${var.name_prefix}-aws-waf-firehose-stream-test-bucket" +} + +resource "aws_s3_bucket_ownership_controls" "bucket" { + bucket = aws_s3_bucket.bucket.id + rule { + object_ownership = "BucketOwnerPreferred" + } +} + +resource "aws_s3_bucket_acl" "bucket" { acl = "private" + bucket = aws_s3_bucket.bucket.id + + depends_on = [ + aws_s3_bucket_ownership_controls.bucket + ] } resource "aws_iam_role" "firehose" { @@ -100,9 +105,9 @@ EOF resource "aws_kinesis_firehose_delivery_stream" "test_stream" { name = "aws-waf-logs-kinesis-firehose-test-stream" - destination = "s3" + destination = "extended_s3" - s3_configuration { + extended_s3_configuration { role_arn = aws_iam_role.firehose.arn bucket_arn = aws_s3_bucket.bucket.arn } @@ -114,7 +119,7 @@ resource "aws_kinesis_firehose_delivery_stream" "test_stream" { module "wafv2" { source = "../.." - name_prefix = "test-waf-setup" + name_prefix = var.name_prefix alb_arn = module.alb.arn create_alb_association = true @@ -165,7 +170,7 @@ module "wafv2" { visibility_config = { cloudwatch_metrics_enabled = false - metric_name = "test-waf-setup-waf-main-metrics" + metric_name = "${var.name_prefix}-waf-setup-waf-main-metrics" sampled_requests_enabled = false } diff --git a/examples/wafv2-logging-configuration/variables.tf b/examples/wafv2-logging-configuration/variables.tf new file mode 100644 index 0000000..0519052 --- /dev/null +++ b/examples/wafv2-logging-configuration/variables.tf @@ -0,0 +1,5 @@ +variable "name_prefix" { + description = "A prefix used for naming resources." + type = string + default = "example" +} diff --git a/examples/wafv2-sizeconstraint-rules/main.tf b/examples/wafv2-sizeconstraint-rules/main.tf index f5353a1..6182c11 100644 --- a/examples/wafv2-sizeconstraint-rules/main.tf +++ b/examples/wafv2-sizeconstraint-rules/main.tf @@ -34,7 +34,7 @@ module "waf" { managed_rule_group_statement = { name = "AWSManagedRulesCommonRuleSet" vendor_name = "AWS" - version = "Version_2.0" + version = "Version_1.6" } }, { diff --git a/test/waf_webaclv2_and_or_test.go b/test/waf_webaclv2_and_or_test.go index a2d8187..d784a4e 100644 --- a/test/waf_webaclv2_and_or_test.go +++ b/test/waf_webaclv2_and_or_test.go @@ -43,10 +43,10 @@ func TestWafWebAclV2AndOr(t *testing.T) { WebAclRuleNames := terraform.Output(t, terraformOptions, "web_acl_rule_names") // Verify we're getting back the outputs we expect - assert.Equal(t, WebAclName, "test"+uniqueID) + assert.Equal(t, "test"+uniqueID, WebAclName) assert.Contains(t, WebAclArn, "arn:aws:wafv2:eu-west-1:") assert.Contains(t, WebAclArn, "regional/webacl/test"+uniqueID) - assert.Equal(t, WebAclVisConfigMetricName, "test"+uniqueID+"-waf-setup-waf-main-metrics") - assert.Equal(t, WebAclCapacity, "714") - assert.Equal(t, WebAclRuleNames, "block-specific-ip-set-or-body-contains-hotmail, block-specific-uri-path-and-requests-from-nl-gb-and-us, AWSManagedRulesCommonRuleSet-rule-1") + assert.Equal(t, "test"+uniqueID+"-waf-setup-waf-main-metrics", WebAclVisConfigMetricName) + assert.Equal(t, "760", WebAclCapacity) + assert.Equal(t, "[block-specific-ip-set-or-body-contains-hotmail block-specific-uri block-specific-uri-path-and-not-requests-from-nl-gb-and-us block-specific-uri-path-and-requests-from-nl-gb-and-us AWSManagedRulesCommonRuleSet-rule-1]", WebAclRuleNames) } diff --git a/test/waf_webaclv2_bytematch_test.go b/test/waf_webaclv2_bytematch_test.go index 5558d72..48293c9 100644 --- a/test/waf_webaclv2_bytematch_test.go +++ b/test/waf_webaclv2_bytematch_test.go @@ -43,10 +43,10 @@ func TestWafWebAclV2Bytematch(t *testing.T) { WebAclRuleNames := terraform.Output(t, terraformOptions, "web_acl_rule_names") // Verify we're getting back the outputs we expect - assert.Equal(t, WebAclName, "test"+uniqueID) + assert.Equal(t, "test"+uniqueID, WebAclName) assert.Contains(t, WebAclArn, "arn:aws:wafv2:eu-west-1:") assert.Contains(t, WebAclArn, "regional/webacl/test"+uniqueID) - assert.Equal(t, WebAclVisConfigMetricName, "test"+uniqueID+"-waf-setup-waf-main-metrics") - assert.Equal(t, WebAclCapacity, "736") - assert.Equal(t, WebAclRuleNames, "block-all-post-requests, block-if-request-body-contains-hotmail-email, block-single-user, block-specific-uri-path, AWSManagedRulesCommonRuleSet-rule-1") + assert.Equal(t, "test"+uniqueID+"-waf-setup-waf-main-metrics", WebAclVisConfigMetricName) + assert.Equal(t, "756", WebAclCapacity) + assert.Equal(t, "[block-all-post-requests block-cookie block-if-request-body-contains-hotmail-email block-single-user block-specific-uri-path block-unauthorized AWSManagedRulesCommonRuleSet-rule-1]", WebAclRuleNames) } diff --git a/test/waf_webaclv2_geomatch_test.go b/test/waf_webaclv2_geomatch_test.go index 3239a0e..99d60e4 100644 --- a/test/waf_webaclv2_geomatch_test.go +++ b/test/waf_webaclv2_geomatch_test.go @@ -43,10 +43,10 @@ func TestWafWebAclV2Geomatch(t *testing.T) { WebAclRuleNames := terraform.Output(t, terraformOptions, "web_acl_rule_names") // Verify we're getting back the outputs we expect - assert.Equal(t, WebAclName, "test"+uniqueID) + assert.Equal(t, "test"+uniqueID, WebAclName) assert.Contains(t, WebAclArn, "arn:aws:wafv2:eu-west-1:") assert.Contains(t, WebAclArn, "regional/webacl/test"+uniqueID) - assert.Equal(t, WebAclVisConfigMetricName, "test"+uniqueID+"-waf-setup-waf-main-metrics") - assert.Equal(t, WebAclCapacity, "701") - assert.Equal(t, WebAclRuleNames, "allow-nl-gb-us-traffic-only, AWSManagedRulesCommonRuleSet-rule-1") + assert.Equal(t, "test"+uniqueID+"-waf-setup-waf-main-metrics", WebAclVisConfigMetricName) + assert.Equal(t, "701", WebAclCapacity) + assert.Equal(t, "[allow-nl-gb-us-traffic-only AWSManagedRulesCommonRuleSet-rule-1]", WebAclRuleNames) } diff --git a/test/waf_webaclv2_label_match_test.go b/test/waf_webaclv2_label_match_test.go index 9cf8129..c5a542b 100644 --- a/test/waf_webaclv2_label_match_test.go +++ b/test/waf_webaclv2_label_match_test.go @@ -43,10 +43,10 @@ func TestWafWebAclV2Labelmatch(t *testing.T) { WebAclRuleNames := terraform.Output(t, terraformOptions, "web_acl_rule_names") // Verify we're getting back the outputs we expect - assert.Equal(t, WebAclName, "test"+uniqueID) + assert.Equal(t, "test"+uniqueID, WebAclName) assert.Contains(t, WebAclArn, "arn:aws:wafv2:eu-west-1:") assert.Contains(t, WebAclArn, "regional/webacl/test"+uniqueID) - assert.Equal(t, WebAclVisConfigMetricName, "test"+uniqueID+"-waf-setup-waf-main-metrics") - assert.Equal(t, WebAclCapacity, "61") - assert.Equal(t, WebAclRuleNames, "block-specific-agent, AWSManagedRulesBotControlRuleSet-rule-1") + assert.Equal(t, "test"+uniqueID+"-waf-setup-waf-main-metrics", WebAclVisConfigMetricName) + assert.Equal(t, "61", WebAclCapacity) + assert.Equal(t, "[block-specific-agent AWSManagedRulesBotControlRuleSet-rule-1]", WebAclRuleNames) } diff --git a/test/waf_webaclv2_logging_config_test.go b/test/waf_webaclv2_logging_config_test.go index 0a4683f..9a366e9 100644 --- a/test/waf_webaclv2_logging_config_test.go +++ b/test/waf_webaclv2_logging_config_test.go @@ -1,17 +1,29 @@ package test import ( + "fmt" + "strings" "testing" + "github.com/gruntwork-io/terratest/modules/random" "github.com/gruntwork-io/terratest/modules/terraform" "github.com/stretchr/testify/assert" ) func TestWafWebAclV2Logging(t *testing.T) { + // Random generate a string for naming resources + uniqueID := strings.ToLower(random.UniqueId()) + resourceName := fmt.Sprintf("test%s", uniqueID) + // retryable errors in terraform testing. terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{ TerraformDir: "../examples/wafv2-logging-configuration", Upgrade: true, + + // Variables to pass using -var-file option + Vars: map[string]interface{}{ + "name_prefix": resourceName, + }, }) // At the end of the test, run `terraform destroy` to clean up any resources that were created @@ -51,39 +63,39 @@ func TestWafWebAclV2Logging(t *testing.T) { S3BucketId := terraform.Output(t, terraformOptions, "logging_s3_bucket_id") // Verify we're getting back the outputs we expect - assert.Equal(t, WebAclName, "test-waf-setup") + assert.Equal(t, "test"+uniqueID, WebAclName) assert.Contains(t, WebAclArn, "arn:aws:wafv2:eu-west-1:") - assert.Contains(t, WebAclArn, "regional/webacl/test-waf-setup") - assert.Equal(t, WebAclVisConfigMetricName, "test-waf-setup-waf-main-metrics") - assert.Equal(t, WebAclCapacity, "950") - assert.Equal(t, WebAclRuleNames, "AWSManagedRulesCommonRuleSet-rule-1, AWSManagedRulesKnownBadInputsRuleSet-rule-2, AWSManagedRulesPHPRuleSet-rule-3") + assert.Contains(t, WebAclArn, "regional/webacl/test"+uniqueID) + assert.Equal(t, "test"+uniqueID+"-waf-setup-waf-main-metrics", WebAclVisConfigMetricName) + assert.Equal(t, "950", WebAclCapacity) + assert.Equal(t, "[AWSManagedRulesCommonRuleSet-rule-1 AWSManagedRulesKnownBadInputsRuleSet-rule-2 AWSManagedRulesPHPRuleSet-rule-3]", WebAclRuleNames) assert.Contains(t, WebAclAssociationId, "arn:aws:wafv2:eu-west-1") - assert.Contains(t, WebAclAssociationId, "regional/webacl/test-waf-setup") + assert.Contains(t, WebAclAssociationId, "regional/webacl/"+resourceName) assert.Contains(t, WebAclAssociationResourceArn, "arn:aws:elasticloadbalancing:eu-west-1") - assert.Contains(t, WebAclAssociationResourceArn, "loadbalancer/app/alb-waf-example") + assert.Contains(t, WebAclAssociationResourceArn, "loadbalancer/app/"+resourceName+"-alb-waf-example") assert.Contains(t, WebAclAssociationAclArn, "arn:aws:wafv2:eu-west-1:") - assert.Contains(t, WebAclAssociationAclArn, "regional/webacl/test-waf-setup") + assert.Contains(t, WebAclAssociationAclArn, "regional/webacl/"+resourceName) assert.Contains(t, WebAclAssociationAlbListId, "arn:aws:wafv2:eu-west-1") - assert.Contains(t, WebAclAssociationAlbListId, "regional/webacl/test-waf-setup") + assert.Contains(t, WebAclAssociationAlbListId, "regional/webacl/"+resourceName) assert.Contains(t, WebAclAssociationAlbListResourceArn, "arn:aws:elasticloadbalancing:eu-west-1") - assert.Contains(t, WebAclAssociationAlbListResourceArn, "loadbalancer/app/alb-waf-example") + assert.Contains(t, WebAclAssociationAlbListResourceArn, "loadbalancer/app/"+resourceName+"-alb-waf-example") assert.Contains(t, WebAclAssociationAlbListAclArn, "arn:aws:wafv2:eu-west-1:") - assert.Contains(t, WebAclAssociationAlbListAclArn, "regional/webacl/test-waf-setup") + assert.Contains(t, WebAclAssociationAlbListAclArn, "regional/webacl/"+resourceName) assert.Contains(t, KinesisStreamArn, "arn:aws:firehose:eu-west-1") assert.Contains(t, KinesisStreamArn, "deliverystream/aws-waf-logs-kinesis-firehose-test-stream") assert.Contains(t, IamRoleArn, "arn:aws:iam::") assert.Contains(t, IamRoleArn, "role/firehose-stream-test-role") - assert.Equal(t, IamRoleId, "firehose-stream-test-role") - assert.Equal(t, IamRoleName, "firehose-stream-test-role") + assert.Equal(t, "firehose-stream-test-role", IamRoleId) + assert.Equal(t, "firehose-stream-test-role", IamRoleName) - assert.Equal(t, IamRolePolicyId, "firehose-stream-test-role:firehose-role-custom-policy") - assert.Equal(t, IamRolePolicyName, "firehose-role-custom-policy") - assert.Equal(t, IamRolePolicyRole, "firehose-stream-test-role") + assert.Equal(t, "firehose-stream-test-role:firehose-role-custom-policy", IamRolePolicyId) + assert.Equal(t, "firehose-role-custom-policy", IamRolePolicyName) + assert.Equal(t, "firehose-stream-test-role", IamRolePolicyRole) - assert.Equal(t, S3BucketArn, "arn:aws:s3:::aws-waf-firehose-stream-test-bucket") - assert.Equal(t, S3BucketId, "aws-waf-firehose-stream-test-bucket") + assert.Equal(t, "arn:aws:s3:::test"+uniqueID+"-aws-waf-firehose-stream-test-bucket", S3BucketArn) + assert.Equal(t, "test"+uniqueID+"-aws-waf-firehose-stream-test-bucket", S3BucketId) } diff --git a/test/waf_webaclv2_regex_pattern_test.go b/test/waf_webaclv2_regex_pattern_test.go index 2fdd57a..dd527d7 100644 --- a/test/waf_webaclv2_regex_pattern_test.go +++ b/test/waf_webaclv2_regex_pattern_test.go @@ -47,13 +47,13 @@ func TestWafWebAclV2RegexPattern(t *testing.T) { WebAclRuleNames := terraform.Output(t, terraformOptions, "web_acl_rule_names") // Verify we're getting back the outputs we expect - assert.Equal(t, WebAclName, "test"+uniqueID) + assert.Equal(t, "test"+uniqueID, WebAclName) assert.Contains(t, WebAclArn, "arn:aws:wafv2:eu-west-1:") assert.Contains(t, WebAclArn, "regional/webacl/test"+uniqueID) - assert.Equal(t, WebAclVisConfigMetricName, "test"+uniqueID+"-waf-setup-waf-main-metrics") - assert.Equal(t, WebAclCapacity, "35") + assert.Equal(t, "test"+uniqueID+"-waf-setup-waf-main-metrics", WebAclVisConfigMetricName) + assert.Equal(t, "35", WebAclCapacity) assert.Contains(t, BadBotsRegexArn, "arn:aws:wafv2:eu-west-1:") assert.Contains(t, BadBotsRegexArn, "regional/regexpatternset/BadBotsUserAgent/") - assert.Equal(t, BadBotsRegexName, "BadBotsUserAgent") - assert.Equal(t, WebAclRuleNames, "MatchRegexRule-1") -} \ No newline at end of file + assert.Equal(t, "BadBotsUserAgent", BadBotsRegexName) + assert.Equal(t, "[MatchRegexRule-1]", WebAclRuleNames) +} diff --git a/test/waf_webaclv2_sizeconstraint_test.go b/test/waf_webaclv2_sizeconstraint_test.go index cdaf309..56d9dca 100644 --- a/test/waf_webaclv2_sizeconstraint_test.go +++ b/test/waf_webaclv2_sizeconstraint_test.go @@ -43,10 +43,10 @@ func TestWafWebAclV2Sizeconstraint(t *testing.T) { WebAclRuleNames := terraform.Output(t, terraformOptions, "web_acl_rule_names") // Verify we're getting back the outputs we expect - assert.Equal(t, WebAclName, "test"+uniqueID) + assert.Equal(t, "test"+uniqueID, WebAclName) assert.Contains(t, WebAclArn, "arn:aws:wafv2:eu-west-1:") assert.Contains(t, WebAclArn, "regional/webacl/test"+uniqueID) - assert.Equal(t, WebAclVisConfigMetricName, "test"+uniqueID+"-waf-setup-waf-main-metrics") - assert.Equal(t, WebAclCapacity, "737") - assert.Equal(t, WebAclRuleNames, "BodySizeConstraint, block-all-post-requests, block-if-request-body-contains-hotmail-email, block-single-user, block-specific-uri-path, AWSManagedRulesCommonRuleSet-rule-1") -} \ No newline at end of file + assert.Equal(t, "test"+uniqueID+"-waf-setup-waf-main-metrics", WebAclVisConfigMetricName) + assert.Equal(t, "737", WebAclCapacity) + assert.Equal(t, "[BodySizeConstraint block-all-post-requests block-if-request-body-contains-hotmail-email block-single-user block-specific-uri-path AWSManagedRulesCommonRuleSet-rule-1]", WebAclRuleNames) +}