try out value_type size

stelligent · Mar 29, 2018 · 69db370 · 69db370
1 parent 4a94c9c
commit 69db370
Show file tree

Hide file tree

Showing 6 changed files with 148 additions and 75 deletions.
diff --git a/assertion/assertion.go b/assertion/assertion.go
@@ -9,7 +9,7 @@ func searchAndMatch(assertion Assertion, resource Resource, log LoggingFunction)
 	if err != nil {
 		return false, err
 	}
-	match, err := isMatch(v, assertion.Op, assertion.Value)
+	match, err := isMatch(v, assertion.Op, assertion.Value, assertion.ValueType)
 	log(fmt.Sprintf("Key: %s Output: %s Looking for %s %s", assertion.Key, v, assertion.Op, assertion.Value))
 	log(fmt.Sprintf("ResourceID: %s Type: %s %t",
 		resource.ID,

diff --git a/assertion/assertion_test.go b/assertion/assertion_test.go
@@ -31,6 +31,19 @@ func TestCheckAssertion(t *testing.T) {
 		},
 		Filename: "test.tf",
 	}
+	resourceWithTags := Resource{
+		ID:   "another_test_resource",
+		Type: "aws_instance",
+		Properties: map[string]interface{}{
+			"instance_type": "t2.micro",
+			"ami":           "ami-f2d3638a",
+			"tags": map[string]string{
+				"Environment": "Development",
+				"Project":     "Web",
+			},
+		},
+		Filename: "test.tf",
+	}
 
 	testCases := map[string]AssertionTestCase{
 		"testEq": {
@@ -41,7 +54,6 @@ func TestCheckAssertion(t *testing.T) {
 				Resource: "aws_instance",
 				Assertions: []Assertion{
 					Assertion{
-						Type:  "value",
 						Key:   "instance_type",
 						Op:    "eq",
 						Value: "t2.micro",
@@ -61,13 +73,11 @@ func TestCheckAssertion(t *testing.T) {
 					Assertion{
 						Or: []Assertion{
 							Assertion{
-								Type:  "value",
 								Key:   "instance_type",
 								Op:    "eq",
 								Value: "t2.micro",
 							},
 							Assertion{
-								Type:  "value",
 								Key:   "instance_type",
 								Op:    "eq",
 								Value: "m4.large",
@@ -89,13 +99,11 @@ func TestCheckAssertion(t *testing.T) {
 					Assertion{
 						Or: []Assertion{
 							Assertion{
-								Type:  "value",
 								Key:   "instance_type",
 								Op:    "eq",
 								Value: "t2.nano",
 							},
 							Assertion{
-								Type:  "value",
 								Key:   "instance_type",
 								Op:    "eq",
 								Value: "m4.large",
@@ -117,13 +125,11 @@ func TestCheckAssertion(t *testing.T) {
 					Assertion{
 						And: []Assertion{
 							Assertion{
-								Type:  "value",
 								Key:   "instance_type",
 								Op:    "eq",
 								Value: "t2.micro",
 							},
 							Assertion{
-								Type:  "value",
 								Key:   "ami",
 								Op:    "eq",
 								Value: "ami-f2d3638a",
@@ -145,13 +151,11 @@ func TestCheckAssertion(t *testing.T) {
 					Assertion{
 						And: []Assertion{
 							Assertion{
-								Type:  "value",
 								Key:   "instance_type",
 								Op:    "eq",
 								Value: "m3.medium",
 							},
 							Assertion{
-								Type:  "value",
 								Key:   "ami",
 								Op:    "eq",
 								Value: "ami-f2d3638a",
@@ -173,7 +177,6 @@ func TestCheckAssertion(t *testing.T) {
 					Assertion{
 						Not: []Assertion{
 							Assertion{
-								Type:  "value",
 								Key:   "instance_type",
 								Op:    "eq",
 								Value: "c4.large",
@@ -195,7 +198,6 @@ func TestCheckAssertion(t *testing.T) {
 					Assertion{
 						Not: []Assertion{
 							Assertion{
-								Type:  "value",
 								Key:   "instance_type",
 								Op:    "eq",
 								Value: "t2.micro",
@@ -219,13 +221,11 @@ func TestCheckAssertion(t *testing.T) {
 							Assertion{
 								Or: []Assertion{
 									Assertion{
-										Type:  "value",
 										Key:   "instance_type",
 										Op:    "eq",
 										Value: "t2.micro",
 									},
 									Assertion{
-										Type:  "value",
 										Key:   "instance_type",
 										Op:    "eq",
 										Value: "m3.medium",
@@ -239,6 +239,42 @@ func TestCheckAssertion(t *testing.T) {
 			simpleTestResource,
 			"FAILURE",
 		},
+		"testResourceCountFails": {
+			Rule{
+				ID:       "TESTCOUNT",
+				Message:  "Test Resource Count Fails",
+				Severity: "FAILURE",
+				Resource: "aws_instance",
+				Assertions: []Assertion{
+					Assertion{
+						Key:       "tags",
+						ValueType: "size",
+						Op:        "eq",
+						Value:     "3",
+					},
+				},
+			},
+			resourceWithTags,
+			"FAILURE",
+		},
+		"testResourceCountOK": {
+			Rule{
+				ID:       "TESTCOUNT",
+				Message:  "Test Resource Count OK",
+				Severity: "FAILURE",
+				Resource: "aws_instance",
+				Assertions: []Assertion{
+					Assertion{
+						Key:       "tags",
+						ValueType: "size",
+						Op:        "eq",
+						Value:     "2",
+					},
+				},
+			},
+			resourceWithTags,
+			"OK",
+		},
 	}
 
 	for k, tc := range testCases {
@@ -262,13 +298,11 @@ func TestNestedBooleans(t *testing.T) {
 					Assertion{
 						And: []Assertion{
 							Assertion{
-								Type:  "value",
 								Key:   "ipPermissions[].fromPort[]",
 								Op:    "contains",
 								Value: "22",
 							},
 							Assertion{
-								Type:  "value",
 								Key:   "ipPermissions[].ipRanges[]",
 								Op:    "contains",
 								Value: "0.0.0.0/0",

diff --git a/assertion/compare.go b/assertion/compare.go
@@ -0,0 +1,36 @@
+package assertion
+
+import (
+	"strconv"
+)
+
+func compare(data interface{}, value string, valueType string) int {
+	switch valueType {
+	case "size":
+		n, _ := strconv.Atoi(value)
+		l := 0
+		switch v := data.(type) {
+		case []string:
+			l = len(v)
+		case map[string]string:
+			l = len(v)
+		}
+		if l < n {
+			return -1
+		}
+		if l > n {
+			return 1
+		}
+		return 0
+	default:
+		tmp, _ := JSONStringify(data)
+		s := unquoted(tmp)
+		if s > value {
+			return 1
+		}
+		if s < value {
+			return -1
+		}
+		return 0
+	}
+}
diff --git a/assertion/engine.go b/assertion/engine.go
@@ -2,10 +2,10 @@ package assertion
 
 // Assertion expression for a resource
 type Assertion struct {
-	Type      string
 	Key       string
 	Op        string
 	Value     string
+	ValueType string
 	Or        []Assertion
 	And       []Assertion
 	Not       []Assertion

diff --git a/assertion/match.go b/assertion/match.go
@@ -29,35 +29,35 @@ func isObject(data interface{}) bool {
 	return ok
 }
 
-func isMatch(data interface{}, op string, value string) (bool, error) {
+func isMatch(data interface{}, op string, value string, valueType string) (bool, error) {
 	searchResult, err := JSONStringify(data)
 	if err != nil {
 		return false, err
 	}
 	searchResult = unquoted(searchResult)
 	switch op {
 	case "eq":
-		if searchResult == value {
+		if compare(data, value, valueType) == 0 {
 			return true, nil
 		}
 	case "ne":
-		if searchResult != value {
+		if compare(data, value, valueType) != 0 {
 			return true, nil
 		}
 	case "lt":
-		if searchResult < value {
+		if compare(data, value, valueType) < 0 {
 			return true, nil
 		}
 	case "le":
-		if searchResult <= value {
+		if compare(data, value, valueType) <= 0 {
 			return true, nil
 		}
 	case "gt":
-		if searchResult > value {
+		if compare(data, value, valueType) > 0 {
 			return true, nil
 		}
 	case "ge":
-		if searchResult >= value {
+		if compare(data, value, valueType) >= 0 {
 			return true, nil
 		}
 	case "in":