make k8s source paths relative to the provided directory for scanning

* 1. k8s iac - filename should be relative
2. fix failing e2e tests

* incorporate review comments

pkg/iac-providers/kubernetes/v1/load-dir.go

@@ -43,10 +43,34 @@ func (k *K8sV1) LoadIacDir(absRootDir string) (output.AllResourceConfigs, error)
 			}
 
 			for key := range configData {
+				// the source path formed for each resources is absolute, which should be relative
+				resourceConfigs := configData[key]
+				makeSourcePathRelative(absRootDir, resourceConfigs)
+
 				allResourcesConfig[key] = append(allResourcesConfig[key], configData[key]...)
 			}
 		}
 	}
 
 	return allResourcesConfig, nil
 }
+
+// makeSourcePathRelative modifies the source path of each resource from absolute to relative path
+func makeSourcePathRelative(absRootDir string, resourceConfigs []output.ResourceConfig) {
+	for i := range resourceConfigs {
+		r := &resourceConfigs[i]
+		var err error
+
+		oldSource := r.Source
+
+		// update the source path
+		r.Source, err = filepath.Rel(absRootDir, r.Source)
+
+		// though this error should never occur, but, if occurs for some reason, assign the old value of source back
+		if err != nil {
+			r.Source = oldSource
+			zap.S().Debug("error while getting the relative path for", zap.String("IAC file", oldSource), zap.Error(err))
+			continue
+		}
+	}
+}

pkg/iac-providers/kubernetes/v1/load-dir_test.go

@@ -19,11 +19,13 @@ package k8sv1
 import (
 	"fmt"
 	"os"
+	"path/filepath"
 	"reflect"
 	"syscall"
 	"testing"
 
 	"github.com/accurics/terrascan/pkg/iac-providers/output"
+	"github.com/accurics/terrascan/pkg/utils"
 )
 
 func TestLoadIacDir(t *testing.T) {
@@ -89,3 +91,46 @@ func TestLoadIacDir(t *testing.T) {
 	}
 
 }
+
+func TestMakeSourcePathRelative(t *testing.T) {
+	dir1, dir2 := "Dir1", "Dir2"
+	sourcePath1 := filepath.Join(dir1, dir2, "filename.yaml")
+	sourcePath2 := filepath.Join(dir1, "someDir", "test.yaml")
+
+	testResourceConfigs := []output.ResourceConfig{
+		{
+			Source: sourcePath1,
+		},
+		{
+			Source: sourcePath2,
+		},
+	}
+
+	type args struct {
+		absRootDir      string
+		resourceConfigs []output.ResourceConfig
+	}
+	tests := []struct {
+		name                 string
+		expectedSourceValues []string
+		args                 args
+	}{
+		{
+			name:                 "test to verify path becomes relative",
+			expectedSourceValues: []string{filepath.Join(dir2, "filename.yaml"), filepath.Join("someDir", "test.yaml")},
+			args: args{
+				absRootDir:      dir1,
+				resourceConfigs: testResourceConfigs,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			makeSourcePathRelative(tt.args.absRootDir, tt.args.resourceConfigs)
+			updatedSourceValues := []string{tt.args.resourceConfigs[0].Source, tt.args.resourceConfigs[1].Source}
+			if !utils.IsSliceEqual(tt.expectedSourceValues, updatedSourceValues) {
+				t.Errorf("expected source values %v, got %v", tt.expectedSourceValues, updatedSourceValues)
+			}
+		})
+	}
+}

test/e2e/scan/golden/k8s_scans/k8s/kubernetes_ingress_violations/kubernetes_ingress_human.txt

@@ -1,7 +1,7 @@
 Violation Details -
 
 	Description    :	TLS disabled can affect the confidentiality of the data in transit
-	File           :	/Users/apple/go/src/github.com/patilpankaj212/terrascan/test/e2e/test_data/iac/k8s/kubernetes_ingress_violation/config.yaml
+	File           :	config.yaml
 	Line           :	1
 	Severity       :	HIGH
 

test/e2e/scan/golden/k8s_scans/k8s/kubernetes_ingress_violations/kubernetes_ingress_human_verbose.txt

@@ -1,7 +1,7 @@
 Violation Details -
 
 	Description    :	TLS disabled can affect the confidentiality of the data in transit
-	File           :	/Users/apple/go/src/github.com/patilpankaj212/terrascan/test/e2e/test_data/iac/k8s/kubernetes_ingress_violation/config.yaml
+	File           :	config.yaml
 	Line           :	1
 	Severity       :	HIGH
 	Rule Name      :	noHttps

test/e2e/scan/golden/k8s_scans/k8s/kubernetes_ingress_violations/kubernetes_ingress_json.txt

@@ -9,7 +9,7 @@
         "category": "Network Security",
         "resource_name": "ingress-demo-disallowed",
         "resource_type": "kubernetes_ingress",
-        "file": "/Users/apple/go/src/github.com/patilpankaj212/terrascan/test/e2e/test_data/iac/k8s/kubernetes_ingress_violation/config.yaml",
+        "file": "config.yaml",
         "line": 1
       }
     ],

test/e2e/scan/golden/k8s_scans/k8s/kubernetes_ingress_violations/kubernetes_ingress_junit_xml.txt

@@ -3,7 +3,7 @@
     <properties>
       <property name="Terrascan Version" value="v1.3.3"></property>
     </properties>
-    <testcase classname="/Users/apple/go/src/github.com/patilpankaj212/terrascan/test/e2e/test_data/iac/k8s/kubernetes_ingress_violation/config.yaml" name="[ERROR] resource: &#34;ingress-demo-disallowed&#34; at line: 1, violates: RULE - AC-K8-NS-IN-H-0020" severity="HIGH" category="Network Security">
+    <testcase classname="config.yaml" name="[ERROR] resource: &#34;ingress-demo-disallowed&#34; at line: 1, violates: RULE - AC-K8-NS-IN-H-0020" severity="HIGH" category="Network Security">
       <failure message="Description: TLS disabled can affect the confidentiality of the data in transit, File: /Users/apple/go/src/github.com/patilpankaj212/terrascan/test/e2e/test_data/iac/k8s/kubernetes_ingress_violation/config.yaml, Line: 1, Severity: HIGH, Rule Name: noHttps, Rule ID: AC-K8-NS-IN-H-0020, Resource Name: ingress-demo-disallowed, Resource Type: kubernetes_ingress, Category: Network Security" type=""></failure>
     </testcase>
   </testsuite>

test/e2e/scan/golden/k8s_scans/k8s/kubernetes_ingress_violations/kubernetes_ingress_xml.txt

@@ -1,7 +1,7 @@
 <results>
   <passed_rules></passed_rules>
   <violations>
-    <violation rule_name="noHttps" description="TLS disabled can affect the confidentiality of the data in transit" rule_id="AC-K8-NS-IN-H-0020" severity="HIGH" category="Network Security" resource_name="ingress-demo-disallowed" resource_type="kubernetes_ingress" file="/Users/apple/go/src/github.com/patilpankaj212/terrascan/test/e2e/test_data/iac/k8s/kubernetes_ingress_violation/config.yaml" line="1"></violation>
+    <violation rule_name="noHttps" description="TLS disabled can affect the confidentiality of the data in transit" rule_id="AC-K8-NS-IN-H-0020" severity="HIGH" category="Network Security" resource_name="ingress-demo-disallowed" resource_type="kubernetes_ingress" file="config.yaml" line="1"></violation>
   </violations>
   <skipped_violations></skipped_violations>
   <scan_summary file_folder="/Users/apple/go/src/github.com/patilpankaj212/terrascan/test/e2e/test_data/iac/k8s/kubernetes_ingress_violation" iac_type="k8s" scanned_at="2021-03-02 15:53:11.130276 +0000 UTC" policies_validated="7" violated_policies="1" low="0" medium="0" high="1"></scan_summary>

test/e2e/scan/golden/k8s_scans/k8s/kubernetes_ingress_violations/kubernetes_ingress_yaml.txt

@@ -7,7 +7,7 @@ results:
           category: Network Security
           resource_name: ingress-demo-disallowed
           resource_type: kubernetes_ingress
-          file: /Users/apple/go/src/github.com/patilpankaj212/terrascan/test/e2e/test_data/iac/k8s/kubernetes_ingress_violation/config.yaml
+          file: config.yaml
           line: 1
     skipped_violations: []
     scan_summary: