test: add testcase

aquasecurity · Mar 11, 2024 · 9058054 · 9058054
1 parent 8a74b14
commit 9058054
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 12 deletions.
diff --git a/pkg/iac/adapters/terraform/aws/iam/convert.go b/pkg/iac/adapters/terraform/aws/iam/convert.go
@@ -208,20 +208,15 @@ func findAllPolicies(modules terraform.Modules, attr *terraform.Attribute) []wra
 
 	policyDocIDs := attr.AsStringValues().AsStrings()
 	for _, policyDocID := range policyDocIDs {
-		policyDoc, err := modules.GetBlockById(policyDocID)
-		if err == nil {
-			document, err := ConvertTerraformDocument(modules, policyDoc)
-			if err == nil {
+		if policyDoc, err := modules.GetBlockById(policyDocID); err == nil {
+			if document, err := ConvertTerraformDocument(modules, policyDoc); err == nil {
 				documents = append(documents, *document)
 			}
-		} else {
-			parsed, err := iamgo.Parse([]byte(unescapeVars(policyDocID)))
-			if err == nil {
-				documents = append(documents, wrappedDocument{
-					Document: *parsed,
-					Source:   attr,
-				})
-			}
+		} else if parsed, err := iamgo.Parse([]byte(unescapeVars(policyDocID))); err == nil {
+			documents = append(documents, wrappedDocument{
+				Document: *parsed,
+				Source:   attr,
+			})
 		}
 	}
 	return documents

diff --git a/pkg/iac/adapters/terraform/aws/iam/policies_test.go b/pkg/iac/adapters/terraform/aws/iam/policies_test.go
@@ -384,6 +384,25 @@ data "aws_iam_policy_document" "policy" {
 				},
 			},
 		},
+		{
+			name: "invalid `override_policy_documents` attribute",
+			terraform: `resource "aws_iam_policy" "test_policy" {
+  name   = "test-policy"
+  policy = data.aws_iam_policy_document.policy.json
+}
+
+data "aws_iam_policy_document" "policy" {
+  source_policy_documents = data.aws_iam_policy_document.policy2.json
+}`,
+			expected: []iam.Policy{
+				{
+					Name: iacTypes.String("test-policy", iacTypes.NewTestMetadata()),
+					Document: iam.Document{
+						IsOffset: true,
+					},
+				},
+			},
+		},
 	}
 
 	for _, test := range tests {