Merge pull request #3823 from snyk/feat/iac-cloud-context

[CTX-58] feat: cloud context for IaC tests
snyk · Sep 6, 2022 · b46e07b · b46e07b
2 parents da41e69 + b9c1a10
commit b46e07b
Show file tree

Hide file tree

Showing 5 changed files with 25 additions and 0 deletions.
diff --git a/src/cli/commands/test/iac/local-execution/types.ts b/src/cli/commands/test/iac/local-execution/types.ts
@@ -203,6 +203,7 @@ export type IaCTestFlags = Pick<
   path?: string;
   // Allows the caller to provide the path to a WASM bundle.
   rules?: string;
+  'cloud-context'?: string;
   // Tags and attributes
   'project-tags'?: string;
   'project-environment'?: string;

diff --git a/src/cli/commands/test/iac/v2/assert-iac-options.ts b/src/cli/commands/test/iac/v2/assert-iac-options.ts
@@ -29,6 +29,7 @@ const keys: (keyof IaCTestFlags)[] = [
   'experimental',
   'var-file',
   'detectionDepth',
+  'cloud-context',
   // PolicyOptions
   'ignore-policy',
   'policy-path',
@@ -57,6 +58,10 @@ export function assertIacV2Options(options: IaCTestFlags): void {
   if (options.scan) {
     assertTerraformPlanModes(options.scan as string);
   }
+
+  if (options['cloud-context']) {
+    assertCloudContextOptions(options['cloud-context']);
+  }
 }
 
 function assertSeverityOptions(severity: SEVERITY) {
@@ -79,3 +84,15 @@ function assertVarFileOptions(filePath: string) {
     throw new FlagValueError('var-file', filePath, '.tfvars file');
   }
 }
+
+function assertCloudContextOptions(cloudContext: string) {
+  const validCloudContextOptions = ['aws'];
+
+  if (!validCloudContextOptions.includes(cloudContext)) {
+    throw new FlagValueError(
+      'cloud-context',
+      cloudContext,
+      validCloudContextOptions.join(', '),
+    );
+  }
+}
diff --git a/src/cli/commands/test/iac/v2/index.ts b/src/cli/commands/test/iac/v2/index.ts
@@ -60,6 +60,7 @@ async function prepareTestConfig(
   const policy = await findAndLoadPolicy(process.cwd(), 'iac', options);
   const scan = options.scan ?? 'resource-changes';
   const varFile = options['var-file'];
+  const cloudContext = getFlag(options, 'cloud-context');
 
   return {
     paths,
@@ -78,6 +79,7 @@ async function prepareTestConfig(
     scan,
     varFile,
     depthDetection,
+    cloudContext,
   };
 }
 

diff --git a/src/lib/iac/test/v2/scan/index.ts b/src/lib/iac/test/v2/scan/index.ts
@@ -156,6 +156,10 @@ function processFlags(
     flags.push('-var-file', options.varFile);
   }
 
+  if (options.cloudContext) {
+    flags.push('-cloud-context', options.cloudContext);
+  }
+
   return flags;
 }
 

diff --git a/src/lib/iac/test/v2/types.ts b/src/lib/iac/test/v2/types.ts
@@ -19,4 +19,5 @@ export interface TestConfig {
   scan: string;
   varFile?: string;
   depthDetection?: number;
+  cloudContext?: string;
 }