support for config_only option in api server file scan output (#579)

2. unit tests

pkg/http-server/file-scan.go

@@ -22,6 +22,7 @@ import (
 	"io/ioutil"
 	"net/http"
 	"os"
+	"strconv"
 	"strings"
 
 	"github.com/accurics/terrascan/pkg/runtime"
@@ -41,6 +42,7 @@ func (g *APIHandler) scanFile(w http.ResponseWriter, r *http.Request) {
 		cloudType  = strings.Split(params["cloud"], ",")
 		scanRules  = []string{}
 		skipRules  = []string{}
+		configOnly = false
 	)
 
 	// parse multipart form, 10 << 20 specifies maximum upload of 10 MB files
@@ -93,6 +95,18 @@ func (g *APIHandler) scanFile(w http.ResponseWriter, r *http.Request) {
 	// severity is the minimum severity level of violations that the user want to get informed about: low, medium or high
 	severity := r.FormValue("severity")
 
+	// read config_only from the form data
+	configOnlyValue := r.FormValue("config_only")
+	if configOnlyValue != "" {
+		configOnly, err = strconv.ParseBool(configOnlyValue)
+		if err != nil {
+			errMsg := fmt.Sprintf("error while reading 'config_only' value. error: '%v'", err)
+			zap.S().Error(errMsg)
+			apiErrorResponse(w, errMsg, http.StatusBadRequest)
+			return
+		}
+	}
+
 	if scanRulesValue != "" {
 		scanRules = strings.Split(scanRulesValue, ",")
 	}
@@ -127,7 +141,16 @@ func (g *APIHandler) scanFile(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	j, err := json.MarshalIndent(normalized, "", "  ")
+	var output interface{}
+
+	// if config only, return resource config else return violations
+	if configOnly {
+		output = normalized.ResourceConfig
+	} else {
+		output = normalized.Violations
+	}
+
+	j, err := json.MarshalIndent(output, "", "  ")
 	if err != nil {
 		errMsg := fmt.Sprintf("failed to create JSON. error: '%v'", err)
 		zap.S().Error(errMsg)

pkg/http-server/file-scan_test.go

@@ -9,6 +9,7 @@ import (
 	"net/http/httptest"
 	"os"
 	"path/filepath"
+	"strconv"
 	"strings"
 	"testing"
 
@@ -23,16 +24,18 @@ func TestUpload(t *testing.T) {
 	testParamName := "file"
 
 	table := []struct {
-		name       string
-		path       string
-		param      string
-		iacType    string
-		iacVersion string
-		cloudType  string
-		scanRules  []string
-		skipRules  []string
-		severity   string
-		wantStatus int
+		name              string
+		path              string
+		param             string
+		iacType           string
+		iacVersion        string
+		cloudType         string
+		scanRules         []string
+		skipRules         []string
+		severity          string
+		configOnly        bool
+		invalidConfigOnly bool
+		wantStatus        int
 	}{
 		{
 			name:       "valid file scan",
@@ -178,6 +181,24 @@ func TestUpload(t *testing.T) {
 				"AWS.CloudFront.Logging.Medium.0567", "AWS.CloudFront.Network Security.Low.0568"},
 			skipRules: []string{"AWS.CloudFront.Network Security.Low.0568"},
 		},
+		{
+			name:       "test for config only",
+			path:       testFilePath,
+			param:      testParamName,
+			iacType:    testIacType,
+			cloudType:  testCloudType,
+			wantStatus: http.StatusOK,
+			configOnly: true,
+		},
+		{
+			name:              "test for invalid value config only",
+			path:              testFilePath,
+			param:             testParamName,
+			iacType:           testIacType,
+			cloudType:         testCloudType,
+			wantStatus:        http.StatusBadRequest,
+			invalidConfigOnly: true,
+		},
 	}
 
 	for _, tt := range table {
@@ -220,6 +241,18 @@ func TestUpload(t *testing.T) {
 				}
 			}
 
+			if !tt.invalidConfigOnly {
+				if err = writer.WriteField("config_only", strconv.FormatBool(tt.configOnly)); err != nil {
+					writer.Close()
+					t.Error(err)
+				}
+			} else {
+				if err = writer.WriteField("config_only", "invalid"); err != nil {
+					writer.Close()
+					t.Error(err)
+				}
+			}
+
 			writer.Close()
 
 			// http request of the type "/v1/{iacType}/{iacVersion}/{cloudType}/file/scan"