test: terraform plan parsing

src/cli/commands/test/iac-local-execution/parsers/terraform-plan-parser.ts

@@ -38,8 +38,11 @@ function extractChildModulesResources(
 ): Array<TerraformPlanResource> {
   const childModules =
     terraformPlanJson?.planned_values?.root_module?.child_modules || [];
-  const extractedChildModuleResources = childModules.flatMap(
-    (childModule) => childModule.resources,
+  const extractedChildModuleResources: Array<TerraformPlanResource> = [];
+  childModules.forEach((childModule) =>
+    childModule.resources.forEach((resource) =>
+      extractedChildModuleResources.push(resource),
+    ),
   );
   return extractedChildModuleResources;
 }

test/jest/unit/iac-unit-tests/terraform-plan-parser.fixtures.ts

@@ -0,0 +1,64 @@
+import * as fs from 'fs';
+import * as path from 'path';
+import {
+  IacFileData,
+  TerraformPlanJson,
+  TerraformScanInput,
+} from '../../../../src/cli/commands/test/iac-local-execution/types';
+
+const tfPlanFixture = fs.readFileSync(
+  path.resolve(__dirname, '../../../fixtures/iac/terraform-plan/tf-plan.json'),
+);
+
+export const iacFileData: IacFileData = {
+  fileContent: tfPlanFixture.toString(),
+  filePath: 'dont-care',
+  fileType: 'json',
+};
+
+const resource = {
+  ingress: {
+    cidr_blocks: ['0.0.0.0/0'],
+    description: null,
+    from_port: 0,
+    ipv6_cidr_blocks: null,
+    prefix_list_ids: null,
+    protocol: 'tcp',
+    self: false,
+    to_port: 65535,
+    type: 'ingress',
+  },
+};
+export const expectedParsingResult: TerraformScanInput = {
+  resource: {
+    aws_security_group: {
+      terra_ci_allow_outband: resource,
+      CHILD_MODULE_terra_ci_allow_outband_0: resource,
+    },
+  },
+  data: {},
+};
+
+const withoutChildModules = (JSON.parse(
+  tfPlanFixture.toString(),
+) as unknown) as TerraformPlanJson;
+delete withoutChildModules.planned_values.root_module.child_modules;
+export const iacFileDataNoChildModules: IacFileData = {
+  fileContent: JSON.stringify(withoutChildModules),
+  filePath: 'dont-care',
+  fileType: 'json',
+};
+
+export const invalidJsonIacFile = {
+  ...iacFileData,
+  fileContent: tfPlanFixture.toString().slice(1),
+};
+
+export const expectedParsingResultWithoutChildModules: TerraformScanInput = {
+  resource: {
+    aws_security_group: {
+      terra_ci_allow_outband: resource,
+    },
+  },
+  data: {},
+};

test/jest/unit/iac-unit-tests/terraform-plan-parser.spec.ts

@@ -0,0 +1,40 @@
+import { tryParsingTerraformPlan } from '../../../../src/cli/commands/test/iac-local-execution/parsers/terraform-plan-parser';
+import {
+  iacFileData,
+  invalidJsonIacFile,
+  iacFileDataNoChildModules,
+  expectedParsingResult,
+  expectedParsingResultWithoutChildModules,
+} from './terraform-plan-parser.fixtures';
+import { EngineType } from '../../../../src/cli/commands/test/iac-local-execution/types';
+
+describe('tryParsingTerraformPlan', () => {
+  it('throws an error for invalid JSON', () => {
+    expect(() => tryParsingTerraformPlan(invalidJsonIacFile)).toThrowError(
+      'Failed to parse Terraform plan JSON file.',
+    );
+  });
+
+  it('returns the expected resources', () => {
+    const parsedTerraformPlan = tryParsingTerraformPlan(iacFileData);
+    expect(parsedTerraformPlan[0]).toEqual({
+      ...iacFileData,
+      engineType: EngineType.Terraform,
+      jsonContent: expectedParsingResult,
+    });
+  });
+
+  it('does not fail if no child-modules are present', () => {
+    const parsedTerraformPlan = tryParsingTerraformPlan(
+      iacFileDataNoChildModules,
+    );
+    expect(parsedTerraformPlan[0]).toEqual({
+      ...iacFileDataNoChildModules,
+      engineType: EngineType.Terraform,
+      jsonContent: expectedParsingResultWithoutChildModules,
+    });
+  });
+
+  // TODO: add test for extracting a resource from a data input source
+  // deferred as it required to re-generate a new wasm fixture with a rule that applies to a data-source
+});