refactor(terraform): make Scan method of Terraform plan scanner private (#9272)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
2025-12-05 20:40:16 -08:00 · 2025-08-02 10:59:13 +06:00
parent 2458d5e28a
commit c0bd700b29
2 changed files with 2 additions and 59 deletions
--- a/pkg/iac/scanners/terraformplan/snapshot/scanner.go
+++ b/pkg/iac/scanners/terraformplan/snapshot/scanner.go
@@ -63,10 +63,10 @@ func (s *Scanner) ScanFile(ctx context.Context, fsys fs.FS, filepath string) (sc
 		return nil, err
 	}
 	defer file.Close()
-	return s.Scan(ctx, file)
+	return s.scan(ctx, file)
 }

-func (s *Scanner) Scan(ctx context.Context, reader io.Reader) (scan.Results, error) {
+func (s *Scanner) scan(ctx context.Context, reader io.Reader) (scan.Results, error) {
 	snap, err := parseSnapshot(reader)
 	if err != nil {
 		return nil, err
--- a/pkg/iac/scanners/terraformplan/snapshot/scanner_test.go
+++ b/pkg/iac/scanners/terraformplan/snapshot/scanner_test.go
@@ -3,7 +3,6 @@ package snapshot
 import (
 	"os"
 	"path"
-	"path/filepath"
 	"sort"
 	"testing"

@@ -13,65 +12,9 @@ import (

 	"github.com/aquasecurity/trivy/pkg/iac/rego"
 	"github.com/aquasecurity/trivy/pkg/iac/scan"
-	"github.com/aquasecurity/trivy/pkg/iac/scanners/options"
 	tfscanner "github.com/aquasecurity/trivy/pkg/iac/scanners/terraform"
 )

-func initScanner(opts ...options.ScannerOption) *Scanner {
-	defaultOpts := []options.ScannerOption{
-		rego.WithEmbeddedPolicies(false),
-		rego.WithEmbeddedLibraries(true),
-		rego.WithPolicyNamespaces("user"),
-		rego.WithPolicyDirs("."),
-		rego.WithRegoErrorLimits(0),
-		tfscanner.ScannerWithSkipCachedModules(true),
-	}
-
-	opts = append(opts, defaultOpts...)
-	return New(opts...)
-}
-
-func TestScanner_Scan(t *testing.T) {
-	tests := []struct {
-		dir         string
-		expectedIDs []string
-	}{
-		{
-			dir:         "just-resource",
-			expectedIDs: []string{"ID001"},
-		},
-		{
-			dir:         "with-local-module",
-			expectedIDs: []string{"ID001"},
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.dir, func(t *testing.T) {
-			f, err := os.Open(filepath.Join("testdata", tt.dir, "tfplan"))
-			require.NoError(t, err)
-			defer f.Close()
-
-			policyFS := os.DirFS(filepath.Join("testdata", tt.dir, "checks"))
-
-			s := initScanner(rego.WithPolicyFilesystem(policyFS))
-			result, err := s.Scan(t.Context(), f)
-			require.NoError(t, err)
-
-			failed := result.GetFailed()
-
-			assert.Len(t, failed, len(tt.expectedIDs))
-
-			ids := lo.Map(failed, func(res scan.Result, _ int) string {
-				return res.Rule().AVDID
-			})
-			sort.Strings(ids)
-
-			assert.Equal(t, tt.expectedIDs, ids)
-		})
-	}
-}
-
 func Test_ScanFS(t *testing.T) {
 	t.Parallel()