feat: Upgrade snyk-iac-test to v0.33.4

snyk · Oct 18, 2022 · ea931d1 · ea931d1
1 parent b22ea69
commit ea931d1
Show file tree

Hide file tree

Showing 14 changed files with 158 additions and 207 deletions.
diff --git a/src/cli/commands/test/iac/local-execution/process-results/results-formatter.ts b/src/cli/commands/test/iac/local-execution/process-results/results-formatter.ts
@@ -122,7 +122,9 @@ function formatScanResult(
     meta: {
       ...meta,
       projectId: '', // we do not have a project at this stage
-      policy: '', // we do not have the concept of policy
+      policy: '',
+      isPrivate: true,
+      isLicensesEnabled: false,
     },
     filesystemPolicy: false, // we do not have the concept of policy
     vulnerabilities: [],

diff --git a/src/cli/commands/test/iac/local-execution/types.ts b/src/cli/commands/test/iac/local-execution/types.ts
@@ -65,13 +65,24 @@ export interface IacShareResultsFormat {
   violatedPolicies: PolicyMetadata[];
 }
 
+export interface FormattedTestMeta {
+  isPrivate: boolean;
+  isLicensesEnabled: boolean;
+  org: string;
+  orgPublicId: string;
+  ignoreSettings?: IgnoreSettings | null;
+  projectId?: string;
+  policy?: string;
+  gitRemoteUrl?: string;
+}
+
 // This type is the integration point with the CLI test command, please note it is still partial in the experimental version
 export type FormattedResult = {
   result: {
     cloudConfigResults: Array<PolicyMetadata>;
     projectType: IacProjectTypes;
   };
-  meta: TestMeta;
+  meta: FormattedTestMeta;
   filesystemPolicy: boolean;
   vulnerabilities: AnnotatedIssue[];
   dependencyCount: number;
@@ -114,13 +125,10 @@ export interface IacOrgSettings {
 }
 
 export interface TestMeta {
-  isPrivate: boolean;
-  isLicensesEnabled: boolean;
   org: string;
   orgPublicId: string;
   ignoreSettings?: IgnoreSettings | null;
   projectId?: string;
-  policy?: string;
   gitRemoteUrl?: string;
 }
 
@@ -391,6 +399,8 @@ export enum IaCErrorCodes {
   FailedToMakeResourcesResolvers = 2115,
   ResourcesResolverError = 2116,
   FailedToProcessResults = 2200,
+  EntitlementNotEnabled = 2201,
+  ReadSettings = 2202,
 }
 
 export interface TestReturnValue {

diff --git a/src/cli/commands/test/iac/v2/index.ts b/src/cli/commands/test/iac/v2/index.ts
@@ -6,27 +6,18 @@ import { TestCommandResult } from '../../../types';
 import { buildSpinner, printHeader } from '../output';
 import { spinnerMessage } from '../../../../../lib/formatters/iac-output/text';
 import { buildOutput } from '../../../../../lib/iac/test/v2/output';
-import { getIacOrgSettings } from '../local-execution/org-settings/get-iac-org-settings';
-import { generateProjectAttributes } from '../../../monitor';
-import { parseTags } from '../local-execution';
 import { systemCachePath } from '../../../../../lib/iac/test/v2/scan';
 import { getFlag } from '../index';
 import { IaCTestFlags } from '../local-execution/types';
 import { findAndLoadPolicy } from '../../../../../lib/policy';
 import { assertIacV2Options } from './assert-iac-options';
-import { UnsupportedEntitlementError } from '../../../../../lib/errors/unsupported-entitlement-error';
 
 export async function test(
   paths: string[],
   options: IaCTestFlags,
 ): Promise<TestCommandResult> {
   assertIacV2Options(options);
   const testConfig = await prepareTestConfig(paths, options);
-  const { orgSettings } = testConfig;
-
-  if (!orgSettings.entitlements?.infrastructureAsCode) {
-    throw new UnsupportedEntitlementError('infrastructureAsCode');
-  }
 
   const testSpinner = buildSpinner(options);
 
@@ -40,7 +31,6 @@ export async function test(
     return buildOutput({
       scanResult,
       testSpinner,
-      orgSettings,
       options,
     });
   } finally {
@@ -55,13 +45,10 @@ async function prepareTestConfig(
   const iacCachePath = pathLib.join(systemCachePath, 'iac');
 
   const org = (options.org as string) || config.org;
-  const orgSettings = await getIacOrgSettings(org);
-  const projectTags = parseTags(options);
   const targetName = getFlag(options, 'target-name');
   const remoteRepoUrl = getFlag(options, 'remote-repo-url');
   const depthDetection =
     parseInt(getFlag(options, 'depth-detection') as string) || undefined;
-  const attributes = parseAttributes(options);
   const policy = await findAndLoadPolicy(process.cwd(), 'iac', options);
   const scan = options.scan ?? 'resource-changes';
   const varFile = options['var-file'];
@@ -71,13 +58,10 @@ async function prepareTestConfig(
   return {
     paths,
     iacCachePath,
-    orgSettings,
     userRulesBundlePath: config.IAC_BUNDLE_PATH,
     userPolicyEnginePath: config.IAC_POLICY_ENGINE_PATH,
     severityThreshold: options.severityThreshold,
     report: !!options.report,
-    attributes,
-    projectTags,
     targetReference: options['target-reference'],
     targetName,
     remoteRepoUrl,
@@ -87,11 +71,6 @@ async function prepareTestConfig(
     depthDetection,
     cloudContext,
     insecure,
+    org,
   };
 }
-
-function parseAttributes(options: IaCTestFlags) {
-  if (options.report) {
-    return generateProjectAttributes(options);
-  }
-}
diff --git a/src/lib/iac/test/v2/json.ts b/src/lib/iac/test/v2/json.ts
@@ -2,7 +2,6 @@
 // fields must be produced in the JSON output, and they must have those values
 // to keep backwards compatibility.
 
-import { IacOrgSettings } from '../../../../cli/commands/test/iac/local-execution/types';
 import { Resource, ScanError, TestOutput, Vulnerability } from './scan/results';
 import * as path from 'path';
 import { createErrorMappedResultsForJsonOutput } from '../../../formatters/test/format-test-results';
@@ -90,11 +89,9 @@ export interface IacDescription {
 export function convertEngineToJsonResults({
   results,
   projectName,
-  orgSettings,
 }: {
   results: TestOutput;
   projectName: string;
-  orgSettings: IacOrgSettings;
 }): Array<Result | ScanError> {
   const vulnerabilityGroups = groupVulnerabilitiesByFile(results); // all vulns groups by file
   const resourceGroups = groupResourcesByFile(results); // all resources grouped by file
@@ -110,12 +107,12 @@ export function convertEngineToJsonResults({
   }
 
   for (const [file, resources] of Object.entries(filesWithoutIssues)) {
-    output.push(resourcesToResult(orgSettings, projectName, file, resources));
+    output.push(resourcesToResult(results, projectName, file, resources));
   }
 
   for (const [file, vulnerabilities] of Object.entries(vulnerabilityGroups)) {
     output.push(
-      vulnerabilitiesToResult(orgSettings, projectName, file, vulnerabilities),
+      vulnerabilitiesToResult(results, projectName, file, vulnerabilities),
     );
   }
 
@@ -170,18 +167,14 @@ function findFilesWithoutIssues(
 }
 
 function resourcesToResult(
-  orgSettings: IacOrgSettings,
+  testOutput: TestOutput,
   projectName: string,
   file: string,
   resources: Resource[],
 ): Result {
   const kind = resourcesToKind(resources);
-  const ignoreSettings = orgSettingsToIgnoreSettings(orgSettings);
-  const meta = orgSettingsToMeta(orgSettings, ignoreSettings);
-
-  const {
-    meta: { org, isPrivate, policy },
-  } = orgSettings;
+  const ignoreSettings = testOutput.settings.ignoreSettings;
+  const meta = orgSettingsToMeta(testOutput, ignoreSettings);
 
   return {
     meta,
@@ -192,9 +185,9 @@ function resourcesToResult(
     ignoreSettings,
     targetFile: file,
     projectName,
-    org,
-    policy: policy || '',
-    isPrivate,
+    org: testOutput.settings.org,
+    policy: '',
+    isPrivate: true,
     targetFilePath: path.resolve(file),
     packageManager: kind,
     path: process.cwd(),
@@ -205,22 +198,18 @@ function resourcesToResult(
 }
 
 function vulnerabilitiesToResult(
-  orgSettings: IacOrgSettings,
+  testOutput: TestOutput,
   projectName: string,
   file: string,
   vulnerabilities: Vulnerability[],
 ): Result {
   const kind = vulnerabilitiesToKind(vulnerabilities);
-  const ignoreSettings = orgSettingsToIgnoreSettings(orgSettings);
-  const meta = orgSettingsToMeta(orgSettings, ignoreSettings);
+  const ignoreSettings = testOutput.settings.ignoreSettings;
+  const meta = orgSettingsToMeta(testOutput, ignoreSettings);
   const infrastructureAsCodeIssues = vulnerabilitiesToIacIssues(
     vulnerabilities,
   );
 
-  const {
-    meta: { org, isPrivate, policy },
-  } = orgSettings;
-
   return {
     meta,
     filesystemPolicy: false,
@@ -230,9 +219,9 @@ function vulnerabilitiesToResult(
     ignoreSettings,
     targetFile: file,
     projectName,
-    org,
-    policy: policy || '',
-    isPrivate,
+    org: testOutput.settings.org,
+    policy: '',
+    isPrivate: true,
     targetFilePath: path.resolve(file),
     packageManager: kind,
     path: process.cwd(),
@@ -306,33 +295,16 @@ function vulnerabilitiesToKind(
 }
 
 function orgSettingsToMeta(
-  orgSettings: IacOrgSettings,
+  testOutput: TestOutput,
   ignoreSettings: IgnoreSettings,
 ): Meta {
-  const {
-    meta: { isPrivate, isLicensesEnabled, org, policy },
-  } = orgSettings;
+  const org = testOutput.settings.org;
 
   return {
-    isPrivate,
-    isLicensesEnabled,
+    isPrivate: true,
+    isLicensesEnabled: false,
     org,
-    policy: policy || '',
+    policy: '',
     ignoreSettings,
   };
 }
-
-function orgSettingsToIgnoreSettings(
-  orgSettings: IacOrgSettings,
-): IgnoreSettings {
-  const {
-    meta: { ignoreSettings },
-  } = orgSettings;
-
-  return {
-    adminOnly: ignoreSettings?.adminOnly || false,
-    reasonRequired: ignoreSettings?.reasonRequired || false,
-    disregardFilesystemIgnores:
-      ignoreSettings?.disregardFilesystemIgnores || false,
-  };
-}
diff --git a/src/lib/iac/test/v2/local-cache/policy-engine/constants/utils.ts b/src/lib/iac/test/v2/local-cache/policy-engine/constants/utils.ts
@@ -1,12 +1,12 @@
 import * as os from 'os';
 
 const policyEngineChecksums = `
-06f0840a1429e0f2ebbd96e6d08a8e9c8a9c6184ff6172d3e7e1df4651540c8f  snyk-iac-test_0.33.3_Darwin_arm64
-28197818fb18cf07138733170008853f605596e4cb01b9dd5d8729dec21ad820  snyk-iac-test_0.33.3_Linux_x86_64
-364d196b1ec6cd866c2116cf2a0998fd75ed6981d2b338b4d0dc43d3c18ea9d1  snyk-iac-test_0.33.3_Windows_x86_64.exe
-57714bec7ca5cc141ff2aae3b692b70a81f32b026d1b81f23bd68bc39d57be71  snyk-iac-test_0.33.3_Darwin_x86_64
-8dd58fda7f864939b97f0d00246bd4915b9054f271e14bfa93b292ffdc6e9f34  snyk-iac-test_0.33.3_Linux_arm64
-d62e2dd1d51e3a1d75e62d7eb76820b5be146d49f449dc6c47c4edae11b5f219  snyk-iac-test_0.33.3_Windows_arm64.exe
+1784e3f36d6a13fe548cd5265eb40a6eb7989f1f29896325a8cef8cc44dd487c  snyk-iac-test_0.33.4_Linux_arm64
+2f4d3bc0f0e28e93fb1e2ba93f78b959148b38fddd9bda1aea150660f2937f14  snyk-iac-test_0.33.4_Windows_x86_64.exe
+7ddda2a45f3e887a11e0e17306f1c3d185f16c2dec7d066250bc5f5c1df462c0  snyk-iac-test_0.33.4_Darwin_arm64
+9356ca2db4460c0fb0048c77eae75a82f11ef7edf857508db8d2e3e517be5cf7  snyk-iac-test_0.33.4_Darwin_x86_64
+9b11f7b47e87b8877202964b911e3fced0d0ce17143d7f7b80aa4cc6055221fb  snyk-iac-test_0.33.4_Windows_arm64.exe
+9df046112b2fcdec96f9539a3dcdadda2ec89cf74cfa3d9b3e3cb60921473f9a  snyk-iac-test_0.33.4_Linux_x86_64
 `;
 
 export const policyEngineVersion = getPolicyEngineVersion();