ben.carrasco/prowler
1
0
Fork 0
mirror of https://github.com/prowler-cloud/prowler.git synced 2025-12-19 05:17:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(deps-dev): bump moto from 5.0.28 to 5.1.11 (#7100)

Browse Source 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MrCloudSec <hello@mistercloudsec.com>
This commit is contained in:
dependabot[bot]
2025-09-16 14:17:47 +02:00
committed by GitHub
parent 940a1202b3
commit 52ddaca4c5
57 changed files with 897 additions and 1956 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
.github/workflows/sdk-pull-request.yml vendored
View File

@@ -122,7 +122,7 @@ jobs:
files: |
./prowler/providers/aws/**
./tests/providers/aws/**
.poetry.lock
./poetry.lock
- name: AWS - Test
if: steps.aws-changed-files.outputs.any_changed == 'true'
@@ -137,7 +137,7 @@ jobs:
files: |
./prowler/providers/azure/**
./tests/providers/azure/**
.poetry.lock
./poetry.lock
- name: Azure - Test
if: steps.azure-changed-files.outputs.any_changed == 'true'
@@ -152,7 +152,7 @@ jobs:
files: |
./prowler/providers/gcp/**
./tests/providers/gcp/**
.poetry.lock
./poetry.lock
- name: GCP - Test
if: steps.gcp-changed-files.outputs.any_changed == 'true'
@@ -167,7 +167,7 @@ jobs:
files: |
./prowler/providers/kubernetes/**
./tests/providers/kubernetes/**
.poetry.lock
./poetry.lock
- name: Kubernetes - Test
if: steps.kubernetes-changed-files.outputs.any_changed == 'true'
@@ -182,7 +182,7 @@ jobs:
files: |
./prowler/providers/github/**
./tests/providers/github/**
.poetry.lock
./poetry.lock
- name: GitHub - Test
if: steps.github-changed-files.outputs.any_changed == 'true'
@@ -197,7 +197,7 @@ jobs:
files: |
./prowler/providers/nhn/**
./tests/providers/nhn/**
.poetry.lock
./poetry.lock
- name: NHN - Test
if: steps.nhn-changed-files.outputs.any_changed == 'true'
@@ -212,7 +212,7 @@ jobs:
files: |
./prowler/providers/m365/**
./tests/providers/m365/**
.poetry.lock
./poetry.lock
- name: M365 - Test
if: steps.m365-changed-files.outputs.any_changed == 'true'
@@ -227,7 +227,7 @@ jobs:
files: |
./prowler/providers/iac/**
./tests/providers/iac/**
.poetry.lock
./poetry.lock
- name: IaC - Test
if: steps.iac-changed-files.outputs.any_changed == 'true'

24
poetry.lock generated
View File

@@ -2942,28 +2942,28 @@ test = ["pytest", "pytest-cov"]
[[package]]
name = "moto"
version = "5.0.28"
version = "5.1.11"
description = "A library that allows you to easily mock out tests based on AWS infrastructure"
optional = false
python-versions = ">=3.8"
python-versions = ">=3.9"
groups = ["dev"]
files = [
{file = "moto-5.0.28-py3-none-any.whl", hash = "sha256:2dfbea1afe3b593e13192059a1a7fc4b3cf7fdf92e432070c22346efa45aa0f0"},
{file = "moto-5.0.28.tar.gz", hash = "sha256:4d3437693411ec943c13c77de5b0b520c4b0a9ac850fead4ba2a54709e086e8b"},
{file = "moto-5.1.11-py3-none-any.whl", hash = "sha256:d09429ed5f67f8568637700cd525997d6abe7f91439a6f900b4f98a9fe4ecac9"},
{file = "moto-5.1.11.tar.gz", hash = "sha256:1330b6d9b91088e971469dfb67f297595541914b364e0b49047bb82622975ec7"},
]
[package.dependencies]
antlr4-python3-runtime = {version = "*", optional = true, markers = "extra == \"all\""}
aws-xray-sdk = {version = ">=0.93,<0.96 || >0.96", optional = true, markers = "extra == \"all\""}
boto3 = ">=1.9.201"
botocore = ">=1.14.0,<1.35.45 || >1.35.45,<1.35.46 || >1.35.46"
botocore = ">=1.20.88,<1.35.45 || >1.35.45,<1.35.46 || >1.35.46"
cfn-lint = {version = ">=0.40.0", optional = true, markers = "extra == \"all\""}
cryptography = ">=35.0.0"
docker = {version = ">=3.0.0", optional = true, markers = "extra == \"all\""}
graphql-core = {version = "*", optional = true, markers = "extra == \"all\""}
Jinja2 = ">=2.10.1"
joserfc = {version = ">=0.9.0", optional = true, markers = "extra == \"all\""}
jsonpath-ng = {version = "*", optional = true, markers = "extra == \"all\""}
jsonpath_ng = {version = "*", optional = true, markers = "extra == \"all\""}
jsonschema = {version = "*", optional = true, markers = "extra == \"all\""}
multipart = {version = "*", optional = true, markers = "extra == \"all\""}
openapi-spec-validator = {version = ">=0.5.0", optional = true, markers = "extra == \"all\""}
@@ -2978,7 +2978,7 @@ werkzeug = ">=0.5,<2.2.0 || >2.2.0,<2.2.1 || >2.2.1"
xmltodict = "*"
[package.extras]
all = ["PyYAML (>=5.1)", "antlr4-python3-runtime", "aws-xray-sdk (>=0.93,!=0.96)", "cfn-lint (>=0.40.0)", "docker (>=3.0.0)", "graphql-core", "joserfc (>=0.9.0)", "jsonpath-ng", "jsonschema", "multipart", "openapi-spec-validator (>=0.5.0)", "py-partiql-parser (==0.6.1)", "pyparsing (>=3.0.7)", "setuptools"]
all = ["PyYAML (>=5.1)", "antlr4-python3-runtime", "aws-xray-sdk (>=0.93,!=0.96)", "cfn-lint (>=0.40.0)", "docker (>=3.0.0)", "graphql-core", "joserfc (>=0.9.0)", "jsonpath_ng", "jsonschema", "multipart", "openapi-spec-validator (>=0.5.0)", "py-partiql-parser (==0.6.1)", "pyparsing (>=3.0.7)", "setuptools"]
apigateway = ["PyYAML (>=5.1)", "joserfc (>=0.9.0)", "openapi-spec-validator (>=0.5.0)"]
apigatewayv2 = ["PyYAML (>=5.1)", "openapi-spec-validator (>=0.5.0)"]
appsync = ["graphql-core"]
@@ -2988,16 +2988,16 @@ cloudformation = ["PyYAML (>=5.1)", "aws-xray-sdk (>=0.93,!=0.96)", "cfn-lint (>
cognitoidp = ["joserfc (>=0.9.0)"]
dynamodb = ["docker (>=3.0.0)", "py-partiql-parser (==0.6.1)"]
dynamodbstreams = ["docker (>=3.0.0)", "py-partiql-parser (==0.6.1)"]
events = ["jsonpath-ng"]
events = ["jsonpath_ng"]
glue = ["pyparsing (>=3.0.7)"]
proxy = ["PyYAML (>=5.1)", "antlr4-python3-runtime", "aws-xray-sdk (>=0.93,!=0.96)", "cfn-lint (>=0.40.0)", "docker (>=2.5.1)", "graphql-core", "joserfc (>=0.9.0)", "jsonpath-ng", "multipart", "openapi-spec-validator (>=0.5.0)", "py-partiql-parser (==0.6.1)", "pyparsing (>=3.0.7)", "setuptools"]
proxy = ["PyYAML (>=5.1)", "antlr4-python3-runtime", "aws-xray-sdk (>=0.93,!=0.96)", "cfn-lint (>=0.40.0)", "docker (>=2.5.1)", "graphql-core", "joserfc (>=0.9.0)", "jsonpath_ng", "multipart", "openapi-spec-validator (>=0.5.0)", "py-partiql-parser (==0.6.1)", "pyparsing (>=3.0.7)", "setuptools"]
quicksight = ["jsonschema"]
resourcegroupstaggingapi = ["PyYAML (>=5.1)", "cfn-lint (>=0.40.0)", "docker (>=3.0.0)", "graphql-core", "joserfc (>=0.9.0)", "openapi-spec-validator (>=0.5.0)", "py-partiql-parser (==0.6.1)", "pyparsing (>=3.0.7)"]
s3 = ["PyYAML (>=5.1)", "py-partiql-parser (==0.6.1)"]
s3crc32c = ["PyYAML (>=5.1)", "crc32c", "py-partiql-parser (==0.6.1)"]
server = ["PyYAML (>=5.1)", "antlr4-python3-runtime", "aws-xray-sdk (>=0.93,!=0.96)", "cfn-lint (>=0.40.0)", "docker (>=3.0.0)", "flask (!=2.2.0,!=2.2.1)", "flask-cors", "graphql-core", "joserfc (>=0.9.0)", "jsonpath-ng", "openapi-spec-validator (>=0.5.0)", "py-partiql-parser (==0.6.1)", "pyparsing (>=3.0.7)", "setuptools"]
server = ["PyYAML (>=5.1)", "antlr4-python3-runtime", "aws-xray-sdk (>=0.93,!=0.96)", "cfn-lint (>=0.40.0)", "docker (>=3.0.0)", "flask (!=2.2.0,!=2.2.1)", "flask-cors", "graphql-core", "joserfc (>=0.9.0)", "jsonpath_ng", "openapi-spec-validator (>=0.5.0)", "py-partiql-parser (==0.6.1)", "pyparsing (>=3.0.7)", "setuptools"]
ssm = ["PyYAML (>=5.1)"]
stepfunctions = ["antlr4-python3-runtime", "jsonpath-ng"]
stepfunctions = ["antlr4-python3-runtime", "jsonpath_ng"]
xray = ["aws-xray-sdk (>=0.93,!=0.96)", "setuptools"]
[[package]]
@@ -5891,4 +5891,4 @@ type = ["pytest-mypy"]
[metadata]
lock-version = "2.1"
python-versions = ">3.9.1,<3.13"
content-hash = "285ee6b8c630e9908b8b05ced6be1cb67385d5f83af2b6175430a7ccdb9606a4"
content-hash = "890d165dc90871b6c2f34a31c61f5857ade538cc62fe33f024a2f57e1c5ac1b1"

1
prowler/CHANGELOG.md
View File

@@ -12,6 +12,7 @@ All notable changes to the **Prowler SDK** are documented in this file.
- Update AWS Neptune service metadata to new format [(#8494)](https://github.com/prowler-cloud/prowler/pull/8494)
- Update AWS Config service metadata to new format [(#8641)](https://github.com/prowler-cloud/prowler/pull/8641)
- HTML output now properly renders markdown syntax in Risk and Recommendation fields [(#8727)](https://github.com/prowler-cloud/prowler/pull/8727)
- Update `moto` dependency from 5.0.28 to 5.1.11 [(#7100)](https://github.com/prowler-cloud/prowler/pull/7100)
### Fixed

2
prowler/providers/aws/services/autoscaling/autoscaling_service.py
View File

@@ -33,7 +33,7 @@ class AutoScaling(AWSService):
self.launch_configurations[arn] = LaunchConfiguration(
arn=arn,
name=configuration["LaunchConfigurationName"],
user_data=configuration["UserData"],
user_data=configuration.get("UserData", ""),
image_id=configuration["ImageId"],
region=regional_client.region,
http_tokens=configuration.get("MetadataOptions", {}).get(

80
prowler/providers/aws/services/dms/dms_replication_task_target_logging_enabled/dms_replication_task_target_logging_enabled.py
View File

@@ -32,47 +32,49 @@ class dms_replication_task_target_logging_enabled(Check):
"LOGGER_SEVERITY_DETAILED_DEBUG",
]
findings = []
for (
replication_task_arn,
replication_task,
) in dms_client.replication_tasks.items():
report = Check_Report_AWS(
metadata=self.metadata(), resource=replication_task
)
report.resource_arn = replication_task_arn
# Check if replication_tasks is not None before iterating
if dms_client.replication_tasks:
for (
replication_task_arn,
replication_task,
) in dms_client.replication_tasks.items():
report = Check_Report_AWS(
metadata=self.metadata(), resource=replication_task
)
report.resource_arn = replication_task_arn
if not replication_task.logging_enabled:
report.status = "FAIL"
report.status_extended = f"DMS Replication Task {replication_task.id} does not have logging enabled for target events."
else:
missing_components = []
source_capture_compliant = False
source_unload_compliant = False
for component in replication_task.log_components:
if (
component["Id"] == "TARGET_APPLY"
and component["Severity"] in MINIMUM_SEVERITY_LEVELS
):
source_capture_compliant = True
elif (
component["Id"] == "TARGET_LOAD"
and component["Severity"] in MINIMUM_SEVERITY_LEVELS
):
source_unload_compliant = True
if not source_capture_compliant:
missing_components.append("Target Apply")
if not source_unload_compliant:
missing_components.append("Target Load")
if source_capture_compliant and source_unload_compliant:
report.status = "PASS"
report.status_extended = f"DMS Replication Task {replication_task.id} has logging enabled with the minimum severity level in target events."
else:
if not replication_task.logging_enabled:
report.status = "FAIL"
report.status_extended = f"DMS Replication Task {replication_task.id} does not meet the minimum severity level of logging in {' and '.join(missing_components)} events."
report.status_extended = f"DMS Replication Task {replication_task.id} does not have logging enabled for target events."
else:
missing_components = []
source_capture_compliant = False
source_unload_compliant = False
findings.append(report)
for component in replication_task.log_components:
if (
component["Id"] == "TARGET_APPLY"
and component["Severity"] in MINIMUM_SEVERITY_LEVELS
):
source_capture_compliant = True
elif (
component["Id"] == "TARGET_LOAD"
and component["Severity"] in MINIMUM_SEVERITY_LEVELS
):
source_unload_compliant = True
if not source_capture_compliant:
missing_components.append("Target Apply")
if not source_unload_compliant:
missing_components.append("Target Load")
if source_capture_compliant and source_unload_compliant:
report.status = "PASS"
report.status_extended = f"DMS Replication Task {replication_task.id} has logging enabled with the minimum severity level in target events."
else:
report.status = "FAIL"
report.status_extended = f"DMS Replication Task {replication_task.id} does not meet the minimum severity level of logging in {' and '.join(missing_components)} events."
findings.append(report)
return findings

1
prowler/providers/aws/services/dms/dms_service.py
View File

@@ -20,7 +20,6 @@ class DMS(AWSService):
self.__threading_call__(self._describe_endpoints)
self.__threading_call__(self._describe_replication_tasks)
self.__threading_call__(self._list_tags, self.endpoints.values())
self.__threading_call__(self._describe_replication_tasks)
self.__threading_call__(self._list_tags, self.replication_tasks.values())
def _describe_replication_instances(self, regional_client):

11
prowler/providers/aws/services/rds/rds_service.py
View File

@@ -60,7 +60,7 @@ class RDS(AWSService):
engine=instance["Engine"],
engine_version=instance["EngineVersion"],
status=instance["DBInstanceStatus"],
public=instance["PubliclyAccessible"],
public=instance.get("PubliclyAccessible", False),
encrypted=instance["StorageEncrypted"],
auto_minor_version_upgrade=instance[
"AutoMinorVersionUpgrade"
@@ -80,7 +80,7 @@ class RDS(AWSService):
for item in instance["DBParameterGroups"]
],
multi_az=instance["MultiAZ"],
username=instance["MasterUsername"],
username=instance.get("MasterUsername", ""),
iam_auth=instance.get(
"IAMDatabaseAuthenticationEnabled", False
),
@@ -338,6 +338,13 @@ class RDS(AWSService):
logger.warning(
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
elif (
error.response["Error"]["Code"]
== "DBParameterGroupNotFound"
):
logger.warning(
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
else:
logger.error(
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"

2
prowler/providers/aws/services/vpc/vpc_service.py
View File

@@ -276,7 +276,7 @@ class VPC(AWSService):
service=endpoint["ServiceName"],
owner_id=endpoint["Owner"],
region=regional_client.region,
tags=endpoint.get("Tags"),
tags=endpoint.get("Tags", []),
)
)
except Exception as error:

2
pyproject.toml
View File

@@ -102,7 +102,7 @@ flake8 = "7.1.2"
freezegun = "1.5.1"
marshmallow = ">=3.15.0,<4.0.0"
mock = "5.2.0"
moto = {extras = ["all"], version = "5.0.28"}
moto = {extras = ["all"], version = "5.1.11"}
openapi-schema-validator = "0.6.3"
openapi-spec-validator = "0.7.1"
pre-commit = "4.2.0"

402
tests/providers/aws/services/dms/dms_replication_task_source_logging_enabled/dms_replication_task_source_logging_enabled_test.py
View File

@@ -1,8 +1,6 @@
from unittest import mock
from boto3 import client
from moto import mock_aws
from prowler.providers.aws.services.dms.dms_service import ReplicationTasks
from tests.providers.aws.utils import (
AWS_ACCOUNT_NUMBER,
AWS_REGION_US_EAST_1,
@@ -15,26 +13,24 @@ DMS_INSTANCE_NAME = "rep-instance"
DMS_INSTANCE_ARN = (
f"arn:aws:dms:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:rep:{DMS_INSTANCE_NAME}"
)
DMS_REPLICATION_TASK_ARN = (
f"arn:aws:dms:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:task:rep-task"
)
class Test_dms_replication_task_source_logging_enabled:
@mock_aws
def test_no_dms_replication_tasks(self):
dms_client = client("dms", region_name=AWS_REGION_US_EAST_1)
dms_client = mock.MagicMock()
dms_client.replication_tasks = {}
from prowler.providers.aws.services.dms.dms_service import DMS
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
return_value=set_mocked_aws_provider([AWS_REGION_US_EAST_1]),
),
mock.patch(
"prowler.providers.aws.services.dms.dms_replication_task_source_logging_enabled.dms_replication_task_source_logging_enabled.dms_client",
new=DMS(aws_provider),
new=dms_client,
),
):
# Test Check
@@ -47,47 +43,31 @@ class Test_dms_replication_task_source_logging_enabled:
assert len(result) == 0
@mock_aws
def test_dms_replication_task_logging_not_enabled(self):
dms_client = client("dms", region_name=AWS_REGION_US_EAST_1)
dms_client.create_replication_task(
ReplicationTaskIdentifier="rep-task",
SourceEndpointArn=DMS_ENDPOINT_ARN,
TargetEndpointArn=DMS_ENDPOINT_ARN,
MigrationType="full-load",
ReplicationTaskSettings="""
{
"Logging": {
"EnableLogging": false,
"LogComponents": [
{
"Id": "SOURCE_CAPTURE",
"Severity": "LOGGER_SEVERITY_DEFAULT"
}
]
}
}
""",
TableMappings="",
ReplicationInstanceArn=DMS_INSTANCE_ARN,
)
dms_replication_task_arn = dms_client.describe_replication_tasks()[
"ReplicationTasks"
][0]["ReplicationTaskArn"]
from prowler.providers.aws.services.dms.dms_service import DMS
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
dms_client = mock.MagicMock()
dms_client.replication_tasks = {
DMS_REPLICATION_TASK_ARN: ReplicationTasks(
arn=DMS_REPLICATION_TASK_ARN,
id="rep-task",
region=AWS_REGION_US_EAST_1,
source_endpoint_arn=DMS_ENDPOINT_ARN,
target_endpoint_arn=DMS_ENDPOINT_ARN,
logging_enabled=False,
log_components=[
{"Id": "SOURCE_CAPTURE", "Severity": "LOGGER_SEVERITY_DEFAULT"}
],
tags=[],
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
return_value=set_mocked_aws_provider([AWS_REGION_US_EAST_1]),
),
mock.patch(
"prowler.providers.aws.services.dms.dms_replication_task_source_logging_enabled.dms_replication_task_source_logging_enabled.dms_client",
new=DMS(aws_provider),
new=dms_client,
),
):
# Test Check
@@ -104,51 +84,35 @@ class Test_dms_replication_task_source_logging_enabled:
"DMS Replication Task rep-task does not have logging enabled for source events."
)
assert result[0].resource_id == "rep-task"
assert result[0].resource_arn == dms_replication_task_arn
assert result[0].resource_arn == DMS_REPLICATION_TASK_ARN
assert result[0].resource_tags == []
assert result[0].region == "us-east-1"
@mock_aws
def test_dms_replication_task_logging_enabled_source_capture_only(self):
dms_client = client("dms", region_name=AWS_REGION_US_EAST_1)
dms_client.create_replication_task(
ReplicationTaskIdentifier="rep-task",
SourceEndpointArn=DMS_ENDPOINT_ARN,
TargetEndpointArn=DMS_ENDPOINT_ARN,
MigrationType="full-load",
ReplicationTaskSettings="""
{
"Logging": {
"EnableLogging": true,
"LogComponents": [
{
"Id": "SOURCE_CAPTURE",
"Severity": "LOGGER_SEVERITY_DEFAULT"
}
]
}
}
""",
TableMappings="",
ReplicationInstanceArn=DMS_INSTANCE_ARN,
)
dms_replication_task_arn = dms_client.describe_replication_tasks()[
"ReplicationTasks"
][0]["ReplicationTaskArn"]
from prowler.providers.aws.services.dms.dms_service import DMS
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
dms_client = mock.MagicMock()
dms_client.replication_tasks = {
DMS_REPLICATION_TASK_ARN: ReplicationTasks(
arn=DMS_REPLICATION_TASK_ARN,
id="rep-task",
region=AWS_REGION_US_EAST_1,
source_endpoint_arn=DMS_ENDPOINT_ARN,
target_endpoint_arn=DMS_ENDPOINT_ARN,
logging_enabled=True,
log_components=[
{"Id": "SOURCE_CAPTURE", "Severity": "LOGGER_SEVERITY_DEFAULT"}
],
tags=[],
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
return_value=set_mocked_aws_provider([AWS_REGION_US_EAST_1]),
),
mock.patch(
"prowler.providers.aws.services.dms.dms_replication_task_source_logging_enabled.dms_replication_task_source_logging_enabled.dms_client",
new=DMS(aws_provider),
new=dms_client,
),
):
# Test Check
@@ -165,51 +129,35 @@ class Test_dms_replication_task_source_logging_enabled:
"DMS Replication Task rep-task does not meet the minimum severity level of logging in Source Unload events."
)
assert result[0].resource_id == "rep-task"
assert result[0].resource_arn == dms_replication_task_arn
assert result[0].resource_arn == DMS_REPLICATION_TASK_ARN
assert result[0].resource_tags == []
assert result[0].region == "us-east-1"
@mock_aws
def test_dms_replication_task_logging_enabled_source_unload_only(self):
dms_client = client("dms", region_name=AWS_REGION_US_EAST_1)
dms_client.create_replication_task(
ReplicationTaskIdentifier="rep-task",
SourceEndpointArn=DMS_ENDPOINT_ARN,
TargetEndpointArn=DMS_ENDPOINT_ARN,
MigrationType="full-load",
ReplicationTaskSettings="""
{
"Logging": {
"EnableLogging": true,
"LogComponents": [
{
"Id": "SOURCE_UNLOAD",
"Severity": "LOGGER_SEVERITY_DEFAULT"
}
]
}
}
""",
TableMappings="",
ReplicationInstanceArn=DMS_INSTANCE_ARN,
)
dms_replication_task_arn = dms_client.describe_replication_tasks()[
"ReplicationTasks"
][0]["ReplicationTaskArn"]
from prowler.providers.aws.services.dms.dms_service import DMS
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
dms_client = mock.MagicMock()
dms_client.replication_tasks = {
DMS_REPLICATION_TASK_ARN: ReplicationTasks(
arn=DMS_REPLICATION_TASK_ARN,
id="rep-task",
region=AWS_REGION_US_EAST_1,
source_endpoint_arn=DMS_ENDPOINT_ARN,
target_endpoint_arn=DMS_ENDPOINT_ARN,
logging_enabled=True,
log_components=[
{"Id": "SOURCE_UNLOAD", "Severity": "LOGGER_SEVERITY_DEFAULT"}
],
tags=[],
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
return_value=set_mocked_aws_provider([AWS_REGION_US_EAST_1]),
),
mock.patch(
"prowler.providers.aws.services.dms.dms_replication_task_source_logging_enabled.dms_replication_task_source_logging_enabled.dms_client",
new=DMS(aws_provider),
new=dms_client,
),
):
# Test Check
@@ -226,57 +174,38 @@ class Test_dms_replication_task_source_logging_enabled:
"DMS Replication Task rep-task does not meet the minimum severity level of logging in Source Capture events."
)
assert result[0].resource_id == "rep-task"
assert result[0].resource_arn == dms_replication_task_arn
assert result[0].resource_arn == DMS_REPLICATION_TASK_ARN
assert result[0].resource_tags == []
assert result[0].region == "us-east-1"
@mock_aws
def test_dms_replication_task_logging_enabled_source_unload_capture_with_not_enough_severity_on_capture(
self,
):
dms_client = client("dms", region_name=AWS_REGION_US_EAST_1)
dms_client.create_replication_task(
ReplicationTaskIdentifier="rep-task",
SourceEndpointArn=DMS_ENDPOINT_ARN,
TargetEndpointArn=DMS_ENDPOINT_ARN,
MigrationType="full-load",
ReplicationTaskSettings="""
{
"Logging": {
"EnableLogging": true,
"LogComponents": [
{
"Id": "SOURCE_CAPTURE",
"Severity": "LOGGER_SEVERITY_INFO"
},
{
"Id": "SOURCE_UNLOAD",
"Severity": "LOGGER_SEVERITY_DEFAULT"
}
]
}
}
""",
TableMappings="",
ReplicationInstanceArn=DMS_INSTANCE_ARN,
)
dms_replication_task_arn = dms_client.describe_replication_tasks()[
"ReplicationTasks"
][0]["ReplicationTaskArn"]
from prowler.providers.aws.services.dms.dms_service import DMS
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
dms_client = mock.MagicMock()
dms_client.replication_tasks = {
DMS_REPLICATION_TASK_ARN: ReplicationTasks(
arn=DMS_REPLICATION_TASK_ARN,
id="rep-task",
region=AWS_REGION_US_EAST_1,
source_endpoint_arn=DMS_ENDPOINT_ARN,
target_endpoint_arn=DMS_ENDPOINT_ARN,
logging_enabled=True,
log_components=[
{"Id": "SOURCE_CAPTURE", "Severity": "LOGGER_SEVERITY_INFO"},
{"Id": "SOURCE_UNLOAD", "Severity": "LOGGER_SEVERITY_DEFAULT"},
],
tags=[],
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
return_value=set_mocked_aws_provider([AWS_REGION_US_EAST_1]),
),
mock.patch(
"prowler.providers.aws.services.dms.dms_replication_task_source_logging_enabled.dms_replication_task_source_logging_enabled.dms_client",
new=DMS(aws_provider),
new=dms_client,
),
):
# Test Check
@@ -293,57 +222,38 @@ class Test_dms_replication_task_source_logging_enabled:
"DMS Replication Task rep-task does not meet the minimum severity level of logging in Source Capture events."
)
assert result[0].resource_id == "rep-task"
assert result[0].resource_arn == dms_replication_task_arn
assert result[0].resource_arn == DMS_REPLICATION_TASK_ARN
assert result[0].resource_tags == []
assert result[0].region == "us-east-1"
@mock_aws
def test_dms_replication_task_logging_enabled_source_unload_capture_with_not_enough_severity_on_unload(
self,
):
dms_client = client("dms", region_name=AWS_REGION_US_EAST_1)
dms_client.create_replication_task(
ReplicationTaskIdentifier="rep-task",
SourceEndpointArn=DMS_ENDPOINT_ARN,
TargetEndpointArn=DMS_ENDPOINT_ARN,
MigrationType="full-load",
ReplicationTaskSettings="""
{
"Logging": {
"EnableLogging": true,
"LogComponents": [
{
"Id": "SOURCE_CAPTURE",
"Severity": "LOGGER_SEVERITY_DEFAULT"
},
{
"Id": "SOURCE_UNLOAD",
"Severity": "LOGGER_SEVERITY_INFO"
}
]
}
}
""",
TableMappings="",
ReplicationInstanceArn=DMS_INSTANCE_ARN,
)
dms_replication_task_arn = dms_client.describe_replication_tasks()[
"ReplicationTasks"
][0]["ReplicationTaskArn"]
from prowler.providers.aws.services.dms.dms_service import DMS
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
dms_client = mock.MagicMock()
dms_client.replication_tasks = {
DMS_REPLICATION_TASK_ARN: ReplicationTasks(
arn=DMS_REPLICATION_TASK_ARN,
id="rep-task",
region=AWS_REGION_US_EAST_1,
source_endpoint_arn=DMS_ENDPOINT_ARN,
target_endpoint_arn=DMS_ENDPOINT_ARN,
logging_enabled=True,
log_components=[
{"Id": "SOURCE_CAPTURE", "Severity": "LOGGER_SEVERITY_DEFAULT"},
{"Id": "SOURCE_UNLOAD", "Severity": "LOGGER_SEVERITY_INFO"},
],
tags=[],
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
return_value=set_mocked_aws_provider([AWS_REGION_US_EAST_1]),
),
mock.patch(
"prowler.providers.aws.services.dms.dms_replication_task_source_logging_enabled.dms_replication_task_source_logging_enabled.dms_client",
new=DMS(aws_provider),
new=dms_client,
),
):
# Test Check
@@ -360,57 +270,38 @@ class Test_dms_replication_task_source_logging_enabled:
"DMS Replication Task rep-task does not meet the minimum severity level of logging in Source Unload events."
)
assert result[0].resource_id == "rep-task"
assert result[0].resource_arn == dms_replication_task_arn
assert result[0].resource_arn == DMS_REPLICATION_TASK_ARN
assert result[0].resource_tags == []
assert result[0].region == "us-east-1"
@mock_aws
def test_dms_replication_task_logging_enabled_source_unload_capture_with_not_enough_severity_on_both(
self,
):
dms_client = client("dms", region_name=AWS_REGION_US_EAST_1)
dms_client.create_replication_task(
ReplicationTaskIdentifier="rep-task",
SourceEndpointArn=DMS_ENDPOINT_ARN,
TargetEndpointArn=DMS_ENDPOINT_ARN,
MigrationType="full-load",
ReplicationTaskSettings="""
{
"Logging": {
"EnableLogging": true,
"LogComponents": [
{
"Id": "SOURCE_CAPTURE",
"Severity": "LOGGER_SEVERITY_INFO"
},
{
"Id": "SOURCE_UNLOAD",
"Severity": "LOGGER_SEVERITY_INFO"
}
]
}
}
""",
TableMappings="",
ReplicationInstanceArn=DMS_INSTANCE_ARN,
)
dms_replication_task_arn = dms_client.describe_replication_tasks()[
"ReplicationTasks"
][0]["ReplicationTaskArn"]
from prowler.providers.aws.services.dms.dms_service import DMS
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
dms_client = mock.MagicMock()
dms_client.replication_tasks = {
DMS_REPLICATION_TASK_ARN: ReplicationTasks(
arn=DMS_REPLICATION_TASK_ARN,
id="rep-task",
region=AWS_REGION_US_EAST_1,
source_endpoint_arn=DMS_ENDPOINT_ARN,
target_endpoint_arn=DMS_ENDPOINT_ARN,
logging_enabled=True,
log_components=[
{"Id": "SOURCE_CAPTURE", "Severity": "LOGGER_SEVERITY_INFO"},
{"Id": "SOURCE_UNLOAD", "Severity": "LOGGER_SEVERITY_INFO"},
],
tags=[],
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
return_value=set_mocked_aws_provider([AWS_REGION_US_EAST_1]),
),
mock.patch(
"prowler.providers.aws.services.dms.dms_replication_task_source_logging_enabled.dms_replication_task_source_logging_enabled.dms_client",
new=DMS(aws_provider),
new=dms_client,
),
):
# Test Check
@@ -427,57 +318,38 @@ class Test_dms_replication_task_source_logging_enabled:
"DMS Replication Task rep-task does not meet the minimum severity level of logging in Source Capture and Source Unload events."
)
assert result[0].resource_id == "rep-task"
assert result[0].resource_arn == dms_replication_task_arn
assert result[0].resource_arn == DMS_REPLICATION_TASK_ARN
assert result[0].resource_tags == []
assert result[0].region == "us-east-1"
@mock_aws
def test_dms_replication_task_logging_enabled_source_unload_capture_with_enough_severity_on_both(
self,
):
dms_client = client("dms", region_name=AWS_REGION_US_EAST_1)
dms_client.create_replication_task(
ReplicationTaskIdentifier="rep-task",
SourceEndpointArn=DMS_ENDPOINT_ARN,
TargetEndpointArn=DMS_ENDPOINT_ARN,
MigrationType="full-load",
ReplicationTaskSettings="""
{
"Logging": {
"EnableLogging": true,
"LogComponents": [
{
"Id": "SOURCE_CAPTURE",
"Severity": "LOGGER_SEVERITY_DEFAULT"
},
{
"Id": "SOURCE_UNLOAD",
"Severity": "LOGGER_SEVERITY_DEFAULT"
}
]
}
}
""",
TableMappings="",
ReplicationInstanceArn=DMS_INSTANCE_ARN,
)
dms_replication_task_arn = dms_client.describe_replication_tasks()[
"ReplicationTasks"
][0]["ReplicationTaskArn"]
from prowler.providers.aws.services.dms.dms_service import DMS
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
dms_client = mock.MagicMock()
dms_client.replication_tasks = {
DMS_REPLICATION_TASK_ARN: ReplicationTasks(
arn=DMS_REPLICATION_TASK_ARN,
id="rep-task",
region=AWS_REGION_US_EAST_1,
source_endpoint_arn=DMS_ENDPOINT_ARN,
target_endpoint_arn=DMS_ENDPOINT_ARN,
logging_enabled=True,
log_components=[
{"Id": "SOURCE_CAPTURE", "Severity": "LOGGER_SEVERITY_DEFAULT"},
{"Id": "SOURCE_UNLOAD", "Severity": "LOGGER_SEVERITY_DEFAULT"},
],
tags=[],
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
return_value=set_mocked_aws_provider([AWS_REGION_US_EAST_1]),
),
mock.patch(
"prowler.providers.aws.services.dms.dms_replication_task_source_logging_enabled.dms_replication_task_source_logging_enabled.dms_client",
new=DMS(aws_provider),
new=dms_client,
),
):
# Test Check
@@ -494,6 +366,6 @@ class Test_dms_replication_task_source_logging_enabled:
"DMS Replication Task rep-task has logging enabled with the minimum severity level in source events."
)
assert result[0].resource_id == "rep-task"
assert result[0].resource_arn == dms_replication_task_arn
assert result[0].resource_arn == DMS_REPLICATION_TASK_ARN
assert result[0].resource_tags == []
assert result[0].region == "us-east-1"

402
tests/providers/aws/services/dms/dms_replication_task_target_logging_enabled/dms_replication_task_target_logging_enabled_test.py
View File

@@ -1,8 +1,6 @@
from unittest import mock
from boto3 import client
from moto import mock_aws
from prowler.providers.aws.services.dms.dms_service import ReplicationTasks
from tests.providers.aws.utils import (
AWS_ACCOUNT_NUMBER,
AWS_REGION_US_EAST_1,
@@ -15,26 +13,24 @@ DMS_INSTANCE_NAME = "rep-instance"
DMS_INSTANCE_ARN = (
f"arn:aws:dms:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:rep:{DMS_INSTANCE_NAME}"
)
DMS_REPLICATION_TASK_ARN = (
f"arn:aws:dms:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:task:rep-task"
)
class Test_dms_replication_task_target_logging_enabled:
@mock_aws
def test_no_dms_replication_tasks(self):
dms_client = client("dms", region_name=AWS_REGION_US_EAST_1)
dms_client = mock.MagicMock()
dms_client.replication_tasks = {}
from prowler.providers.aws.services.dms.dms_service import DMS
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
return_value=set_mocked_aws_provider([AWS_REGION_US_EAST_1]),
),
mock.patch(
"prowler.providers.aws.services.dms.dms_replication_task_target_logging_enabled.dms_replication_task_target_logging_enabled.dms_client",
new=DMS(aws_provider),
new=dms_client,
),
):
# Test Check
@@ -47,47 +43,31 @@ class Test_dms_replication_task_target_logging_enabled:
assert len(result) == 0
@mock_aws
def test_dms_replication_task_logging_not_enabled(self):
dms_client = client("dms", region_name=AWS_REGION_US_EAST_1)
dms_client.create_replication_task(
ReplicationTaskIdentifier="rep-task",
SourceEndpointArn=DMS_ENDPOINT_ARN,
TargetEndpointArn=DMS_ENDPOINT_ARN,
MigrationType="full-load",
ReplicationTaskSettings="""
{
"Logging": {
"EnableLogging": false,
"LogComponents": [
{
"Id": "TARGET_LOAD",
"Severity": "LOGGER_SEVERITY_DEFAULT"
}
]
}
}
""",
TableMappings="",
ReplicationInstanceArn=DMS_INSTANCE_ARN,
)
dms_replication_task_arn = dms_client.describe_replication_tasks()[
"ReplicationTasks"
][0]["ReplicationTaskArn"]
from prowler.providers.aws.services.dms.dms_service import DMS
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
dms_client = mock.MagicMock()
dms_client.replication_tasks = {
DMS_REPLICATION_TASK_ARN: ReplicationTasks(
arn=DMS_REPLICATION_TASK_ARN,
id="rep-task",
region=AWS_REGION_US_EAST_1,
source_endpoint_arn=DMS_ENDPOINT_ARN,
target_endpoint_arn=DMS_ENDPOINT_ARN,
logging_enabled=False,
log_components=[
{"Id": "TARGET_LOAD", "Severity": "LOGGER_SEVERITY_DEFAULT"}
],
tags=[],
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
return_value=set_mocked_aws_provider([AWS_REGION_US_EAST_1]),
),
mock.patch(
"prowler.providers.aws.services.dms.dms_replication_task_target_logging_enabled.dms_replication_task_target_logging_enabled.dms_client",
new=DMS(aws_provider),
new=dms_client,
),
):
# Test Check
@@ -104,51 +84,35 @@ class Test_dms_replication_task_target_logging_enabled:
"DMS Replication Task rep-task does not have logging enabled for target events."
)
assert result[0].resource_id == "rep-task"
assert result[0].resource_arn == dms_replication_task_arn
assert result[0].resource_arn == DMS_REPLICATION_TASK_ARN
assert result[0].resource_tags == []
assert result[0].region == "us-east-1"
@mock_aws
def test_dms_replication_task_logging_enabled_source_load_only(self):
dms_client = client("dms", region_name=AWS_REGION_US_EAST_1)
dms_client.create_replication_task(
ReplicationTaskIdentifier="rep-task",
SourceEndpointArn=DMS_ENDPOINT_ARN,
TargetEndpointArn=DMS_ENDPOINT_ARN,
MigrationType="full-load",
ReplicationTaskSettings="""
{
"Logging": {
"EnableLogging": true,
"LogComponents": [
{
"Id": "TARGET_LOAD",
"Severity": "LOGGER_SEVERITY_DEFAULT"
}
]
}
}
""",
TableMappings="",
ReplicationInstanceArn=DMS_INSTANCE_ARN,
)
dms_replication_task_arn = dms_client.describe_replication_tasks()[
"ReplicationTasks"
][0]["ReplicationTaskArn"]
from prowler.providers.aws.services.dms.dms_service import DMS
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
dms_client = mock.MagicMock()
dms_client.replication_tasks = {
DMS_REPLICATION_TASK_ARN: ReplicationTasks(
arn=DMS_REPLICATION_TASK_ARN,
id="rep-task",
region=AWS_REGION_US_EAST_1,
source_endpoint_arn=DMS_ENDPOINT_ARN,
target_endpoint_arn=DMS_ENDPOINT_ARN,
logging_enabled=True,
log_components=[
{"Id": "TARGET_LOAD", "Severity": "LOGGER_SEVERITY_DEFAULT"}
],
tags=[],
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
return_value=set_mocked_aws_provider([AWS_REGION_US_EAST_1]),
),
mock.patch(
"prowler.providers.aws.services.dms.dms_replication_task_target_logging_enabled.dms_replication_task_target_logging_enabled.dms_client",
new=DMS(aws_provider),
new=dms_client,
),
):
# Test Check
@@ -165,51 +129,35 @@ class Test_dms_replication_task_target_logging_enabled:
"DMS Replication Task rep-task does not meet the minimum severity level of logging in Target Apply events."
)
assert result[0].resource_id == "rep-task"
assert result[0].resource_arn == dms_replication_task_arn
assert result[0].resource_arn == DMS_REPLICATION_TASK_ARN
assert result[0].resource_tags == []
assert result[0].region == "us-east-1"
@mock_aws
def test_dms_replication_task_logging_enabled_source_apply_only(self):
dms_client = client("dms", region_name=AWS_REGION_US_EAST_1)
dms_client.create_replication_task(
ReplicationTaskIdentifier="rep-task",
SourceEndpointArn=DMS_ENDPOINT_ARN,
TargetEndpointArn=DMS_ENDPOINT_ARN,
MigrationType="full-load",
ReplicationTaskSettings="""
{
"Logging": {
"EnableLogging": true,
"LogComponents": [
{
"Id": "TARGET_APPLY",
"Severity": "LOGGER_SEVERITY_DEFAULT"
}
]
}
}
""",
TableMappings="",
ReplicationInstanceArn=DMS_INSTANCE_ARN,
)
dms_replication_task_arn = dms_client.describe_replication_tasks()[
"ReplicationTasks"
][0]["ReplicationTaskArn"]
from prowler.providers.aws.services.dms.dms_service import DMS
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
dms_client = mock.MagicMock()
dms_client.replication_tasks = {
DMS_REPLICATION_TASK_ARN: ReplicationTasks(
arn=DMS_REPLICATION_TASK_ARN,
id="rep-task",
region=AWS_REGION_US_EAST_1,
source_endpoint_arn=DMS_ENDPOINT_ARN,
target_endpoint_arn=DMS_ENDPOINT_ARN,
logging_enabled=True,
log_components=[
{"Id": "TARGET_APPLY", "Severity": "LOGGER_SEVERITY_DEFAULT"}
],
tags=[],
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
return_value=set_mocked_aws_provider([AWS_REGION_US_EAST_1]),
),
mock.patch(
"prowler.providers.aws.services.dms.dms_replication_task_target_logging_enabled.dms_replication_task_target_logging_enabled.dms_client",
new=DMS(aws_provider),
new=dms_client,
),
):
# Test Check
@@ -226,57 +174,38 @@ class Test_dms_replication_task_target_logging_enabled:
"DMS Replication Task rep-task does not meet the minimum severity level of logging in Target Load events."
)
assert result[0].resource_id == "rep-task"
assert result[0].resource_arn == dms_replication_task_arn
assert result[0].resource_arn == DMS_REPLICATION_TASK_ARN
assert result[0].resource_tags == []
assert result[0].region == "us-east-1"
@mock_aws
def test_dms_replication_task_logging_enabled_target_load_apply_with_not_enough_severity_on_load(
self,
):
dms_client = client("dms", region_name=AWS_REGION_US_EAST_1)
dms_client.create_replication_task(
ReplicationTaskIdentifier="rep-task",
SourceEndpointArn=DMS_ENDPOINT_ARN,
TargetEndpointArn=DMS_ENDPOINT_ARN,
MigrationType="full-load",
ReplicationTaskSettings="""
{
"Logging": {
"EnableLogging": true,
"LogComponents": [
{
"Id": "TARGET_LOAD",
"Severity": "LOGGER_SEVERITY_INFO"
},
{
"Id": "TARGET_APPLY",
"Severity": "LOGGER_SEVERITY_DEFAULT"
}
]
}
}
""",
TableMappings="",
ReplicationInstanceArn=DMS_INSTANCE_ARN,
)
dms_replication_task_arn = dms_client.describe_replication_tasks()[
"ReplicationTasks"
][0]["ReplicationTaskArn"]
from prowler.providers.aws.services.dms.dms_service import DMS
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
dms_client = mock.MagicMock()
dms_client.replication_tasks = {
DMS_REPLICATION_TASK_ARN: ReplicationTasks(
arn=DMS_REPLICATION_TASK_ARN,
id="rep-task",
region=AWS_REGION_US_EAST_1,
source_endpoint_arn=DMS_ENDPOINT_ARN,
target_endpoint_arn=DMS_ENDPOINT_ARN,
logging_enabled=True,
log_components=[
{"Id": "TARGET_LOAD", "Severity": "LOGGER_SEVERITY_INFO"},
{"Id": "TARGET_APPLY", "Severity": "LOGGER_SEVERITY_DEFAULT"},
],
tags=[],
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
return_value=set_mocked_aws_provider([AWS_REGION_US_EAST_1]),
),
mock.patch(
"prowler.providers.aws.services.dms.dms_replication_task_target_logging_enabled.dms_replication_task_target_logging_enabled.dms_client",
new=DMS(aws_provider),
new=dms_client,
),
):
# Test Check
@@ -293,57 +222,38 @@ class Test_dms_replication_task_target_logging_enabled:
"DMS Replication Task rep-task does not meet the minimum severity level of logging in Target Load events."
)
assert result[0].resource_id == "rep-task"
assert result[0].resource_arn == dms_replication_task_arn
assert result[0].resource_arn == DMS_REPLICATION_TASK_ARN
assert result[0].resource_tags == []
assert result[0].region == "us-east-1"
@mock_aws
def test_dms_replication_task_logging_enabled_target_load_apply_with_not_enough_severity_on_apply(
self,
):
dms_client = client("dms", region_name=AWS_REGION_US_EAST_1)
dms_client.create_replication_task(
ReplicationTaskIdentifier="rep-task",
SourceEndpointArn=DMS_ENDPOINT_ARN,
TargetEndpointArn=DMS_ENDPOINT_ARN,
MigrationType="full-load",
ReplicationTaskSettings="""
{
"Logging": {
"EnableLogging": true,
"LogComponents": [
{
"Id": "TARGET_LOAD",
"Severity": "LOGGER_SEVERITY_DEFAULT"
},
{
"Id": "TARGET_APPLY",
"Severity": "LOGGER_SEVERITY_INFO"
}
]
}
}
""",
TableMappings="",
ReplicationInstanceArn=DMS_INSTANCE_ARN,
)
dms_replication_task_arn = dms_client.describe_replication_tasks()[
"ReplicationTasks"
][0]["ReplicationTaskArn"]
from prowler.providers.aws.services.dms.dms_service import DMS
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
dms_client = mock.MagicMock()
dms_client.replication_tasks = {
DMS_REPLICATION_TASK_ARN: ReplicationTasks(
arn=DMS_REPLICATION_TASK_ARN,
id="rep-task",
region=AWS_REGION_US_EAST_1,
source_endpoint_arn=DMS_ENDPOINT_ARN,
target_endpoint_arn=DMS_ENDPOINT_ARN,
logging_enabled=True,
log_components=[
{"Id": "TARGET_LOAD", "Severity": "LOGGER_SEVERITY_DEFAULT"},
{"Id": "TARGET_APPLY", "Severity": "LOGGER_SEVERITY_INFO"},
],
tags=[],
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
return_value=set_mocked_aws_provider([AWS_REGION_US_EAST_1]),
),
mock.patch(
"prowler.providers.aws.services.dms.dms_replication_task_target_logging_enabled.dms_replication_task_target_logging_enabled.dms_client",
new=DMS(aws_provider),
new=dms_client,
),
):
# Test Check
@@ -360,57 +270,38 @@ class Test_dms_replication_task_target_logging_enabled:
"DMS Replication Task rep-task does not meet the minimum severity level of logging in Target Apply events."
)
assert result[0].resource_id == "rep-task"
assert result[0].resource_arn == dms_replication_task_arn
assert result[0].resource_arn == DMS_REPLICATION_TASK_ARN
assert result[0].resource_tags == []
assert result[0].region == "us-east-1"
@mock_aws
def test_dms_replication_task_logging_enabled_target_load_apply_with_not_enough_severity_on_both(
self,
):
dms_client = client("dms", region_name=AWS_REGION_US_EAST_1)
dms_client.create_replication_task(
ReplicationTaskIdentifier="rep-task",
SourceEndpointArn=DMS_ENDPOINT_ARN,
TargetEndpointArn=DMS_ENDPOINT_ARN,
MigrationType="full-load",
ReplicationTaskSettings="""
{
"Logging": {
"EnableLogging": true,
"LogComponents": [
{
"Id": "TARGET_LOAD",
"Severity": "LOGGER_SEVERITY_INFO"
},
{
"Id": "TARGET_APPLY",
"Severity": "LOGGER_SEVERITY_INFO"
}
]
}
}
""",
TableMappings="",
ReplicationInstanceArn=DMS_INSTANCE_ARN,
)
dms_replication_task_arn = dms_client.describe_replication_tasks()[
"ReplicationTasks"
][0]["ReplicationTaskArn"]
from prowler.providers.aws.services.dms.dms_service import DMS
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
dms_client = mock.MagicMock()
dms_client.replication_tasks = {
DMS_REPLICATION_TASK_ARN: ReplicationTasks(
arn=DMS_REPLICATION_TASK_ARN,
id="rep-task",
region=AWS_REGION_US_EAST_1,
source_endpoint_arn=DMS_ENDPOINT_ARN,
target_endpoint_arn=DMS_ENDPOINT_ARN,
logging_enabled=True,
log_components=[
{"Id": "TARGET_LOAD", "Severity": "LOGGER_SEVERITY_INFO"},
{"Id": "TARGET_APPLY", "Severity": "LOGGER_SEVERITY_INFO"},
],
tags=[],
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
return_value=set_mocked_aws_provider([AWS_REGION_US_EAST_1]),
),
mock.patch(
"prowler.providers.aws.services.dms.dms_replication_task_target_logging_enabled.dms_replication_task_target_logging_enabled.dms_client",
new=DMS(aws_provider),
new=dms_client,
),
):
# Test Check
@@ -427,57 +318,38 @@ class Test_dms_replication_task_target_logging_enabled:
"DMS Replication Task rep-task does not meet the minimum severity level of logging in Target Apply and Target Load events."
)
assert result[0].resource_id == "rep-task"
assert result[0].resource_arn == dms_replication_task_arn
assert result[0].resource_arn == DMS_REPLICATION_TASK_ARN
assert result[0].resource_tags == []
assert result[0].region == "us-east-1"
@mock_aws
def test_dms_replication_task_logging_enabled_target_load_apply_with_enough_severity_on_both(
self,
):
dms_client = client("dms", region_name=AWS_REGION_US_EAST_1)
dms_client.create_replication_task(
ReplicationTaskIdentifier="rep-task",
SourceEndpointArn=DMS_ENDPOINT_ARN,
TargetEndpointArn=DMS_ENDPOINT_ARN,
MigrationType="full-load",
ReplicationTaskSettings="""
{
"Logging": {
"EnableLogging": true,
"LogComponents": [
{
"Id": "TARGET_LOAD",
"Severity": "LOGGER_SEVERITY_DEFAULT"
},
{
"Id": "TARGET_APPLY",
"Severity": "LOGGER_SEVERITY_DEFAULT"
}
]
}
}
""",
TableMappings="",
ReplicationInstanceArn=DMS_INSTANCE_ARN,
)
dms_replication_task_arn = dms_client.describe_replication_tasks()[
"ReplicationTasks"
][0]["ReplicationTaskArn"]
from prowler.providers.aws.services.dms.dms_service import DMS
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
dms_client = mock.MagicMock()
dms_client.replication_tasks = {
DMS_REPLICATION_TASK_ARN: ReplicationTasks(
arn=DMS_REPLICATION_TASK_ARN,
id="rep-task",
region=AWS_REGION_US_EAST_1,
source_endpoint_arn=DMS_ENDPOINT_ARN,
target_endpoint_arn=DMS_ENDPOINT_ARN,
logging_enabled=True,
log_components=[
{"Id": "TARGET_LOAD", "Severity": "LOGGER_SEVERITY_DEFAULT"},
{"Id": "TARGET_APPLY", "Severity": "LOGGER_SEVERITY_DEFAULT"},
],
tags=[],
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
return_value=set_mocked_aws_provider([AWS_REGION_US_EAST_1]),
),
mock.patch(
"prowler.providers.aws.services.dms.dms_replication_task_target_logging_enabled.dms_replication_task_target_logging_enabled.dms_client",
new=DMS(aws_provider),
new=dms_client,
),
):
# Test Check
@@ -494,6 +366,6 @@ class Test_dms_replication_task_target_logging_enabled:
"DMS Replication Task rep-task has logging enabled with the minimum severity level in target events."
)
assert result[0].resource_id == "rep-task"
assert result[0].resource_arn == dms_replication_task_arn
assert result[0].resource_arn == DMS_REPLICATION_TASK_ARN
assert result[0].resource_tags == []
assert result[0].region == "us-east-1"

65
tests/providers/aws/services/dms/dms_service_test.py
View File

@@ -1,7 +1,5 @@
import botocore
from boto3 import client
from mock import patch
from moto import mock_aws
from prowler.providers.aws.services.dms.dms_service import DMS
from tests.providers.aws.utils import (
@@ -60,6 +58,21 @@ def mock_make_api_call(self, operation_name, kwargs):
}
]
}
elif operation_name == "DescribeReplicationTasks":
return {
"ReplicationTasks": [
{
"ReplicationTaskIdentifier": "rep-task",
"ReplicationTaskArn": f"arn:aws:dms:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:task:rep-task",
"Status": "ready",
"MigrationType": "full-load",
"SourceEndpointArn": DMS_ENDPOINT_ARN,
"TargetEndpointArn": DMS_ENDPOINT_ARN,
"ReplicationInstanceArn": DMS_INSTANCE_ARN,
"ReplicationTaskSettings": '{"Logging":{"EnableLogging":true,"LogComponents":[{"Id":"SOURCE_CAPTURE","Severity":"LOGGER_SEVERITY_DEFAULT"},{"Id":"SOURCE_UNLOAD","Severity":"LOGGER_SEVERITY_DEFAULT"}]}}',
}
]
}
elif operation_name == "ListTagsForResource":
if kwargs["ResourceArn"] == DMS_INSTANCE_ARN:
return {
@@ -75,6 +88,13 @@ def mock_make_api_call(self, operation_name, kwargs):
{"Key": "Owner", "Value": "admin"},
]
}
elif "task:rep-task" in kwargs["ResourceArn"]:
return {
"TagList": [
{"Key": "Name", "Value": "rep-task"},
{"Key": "Owner", "Value": "admin"},
]
}
return make_api_call(self, operation_name, kwargs)
@@ -152,45 +172,16 @@ class Test_DMS_Service:
{"Key": "Owner", "Value": "admin"},
]
@mock_aws
def test_describe_replication_tags(self):
dms_client = client("dms", region_name=AWS_REGION_US_EAST_1)
dms_client.create_replication_task(
ReplicationTaskIdentifier="rep-task",
SourceEndpointArn=DMS_ENDPOINT_ARN,
TargetEndpointArn=DMS_ENDPOINT_ARN,
MigrationType="full-load",
ReplicationTaskSettings="""
{
"Logging": {
"EnableLogging": true,
"LogComponents": [
{
"Id": "SOURCE_CAPTURE",
"Severity": "LOGGER_SEVERITY_DEFAULT"
},
{
"Id": "SOURCE_UNLOAD",
"Severity": "LOGGER_SEVERITY_DEFAULT"
}
]
}
}
""",
TableMappings="",
ReplicationInstanceArn=DMS_INSTANCE_ARN,
)
dms_replication_task_arn = dms_client.describe_replication_tasks()[
"ReplicationTasks"
][0]["ReplicationTaskArn"]
aws_provider = set_mocked_aws_provider(
[AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1]
)
dms = DMS(aws_provider)
dms_replication_task_arn = (
f"arn:aws:dms:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:task:rep-task"
)
assert dms.replication_tasks[dms_replication_task_arn].id == "rep-task"
assert (
dms.replication_tasks[dms_replication_task_arn].region
@@ -209,3 +200,7 @@ class Test_DMS_Service:
dms.replication_tasks[dms_replication_task_arn].target_endpoint_arn
== DMS_ENDPOINT_ARN
)
assert dms.replication_tasks[dms_replication_task_arn].tags == [
{"Key": "Name", "Value": "rep-task"},
{"Key": "Owner", "Value": "admin"},
]

12
tests/providers/aws/services/ec2/ec2_ebs_public_snapshot/ec2_ebs_public_snapshot_test.py
View File

@@ -50,8 +50,8 @@ class Test_ec2_ebs_public_snapshot:
check = ec2_ebs_public_snapshot()
result = check.execute()
# Default snapshots
assert len(result) == 561
# Default snapshots (moto 5.1.11 creates additional default snapshots)
assert len(result) == 565
@mock_aws
def test_ec2_public_snapshot(self):
@@ -91,8 +91,8 @@ class Test_ec2_ebs_public_snapshot:
check = ec2_ebs_public_snapshot()
results = check.execute()
# Default snapshots + 1 created
assert len(results) == 562
# Default snapshots + 1 created (moto 5.1.11 creates additional default snapshots)
assert len(results) == 566
for snap in results:
if snap.resource_id == snapshot.id:
@@ -141,8 +141,8 @@ class Test_ec2_ebs_public_snapshot:
check = ec2_ebs_public_snapshot()
results = check.execute()
# Default snapshots + 1 created
assert len(results) == 562
# Default snapshots + 1 created (moto 5.1.11 creates additional default snapshots)
assert len(results) == 566
for snap in results:
if snap.resource_id == snapshot.id:

12
tests/providers/aws/services/ec2/ec2_ebs_snapshots_encrypted/ec2_ebs_snapshots_encrypted_test.py
View File

@@ -50,8 +50,8 @@ class Test_ec2_ebs_snapshots_encrypted:
check = ec2_ebs_snapshots_encrypted()
result = check.execute()
# Default snapshots
assert len(result) == 561
# Default snapshots (moto 5.1.11 creates additional default snapshots)
assert len(result) == 565
@mock_aws
def test_ec2_unencrypted_snapshot(self):
@@ -84,8 +84,8 @@ class Test_ec2_ebs_snapshots_encrypted:
check = ec2_ebs_snapshots_encrypted()
results = check.execute()
# Default snapshots + 1 created
assert len(results) == 562
# Default snapshots + 1 created (moto 5.1.11 creates additional default snapshots)
assert len(results) == 566
for snap in results:
if snap.resource_id == snapshot.id:
@@ -134,8 +134,8 @@ class Test_ec2_ebs_snapshots_encrypted:
check = ec2_ebs_snapshots_encrypted()
results = check.execute()
# Default snapshots + 1 created
assert len(results) == 562
# Default snapshots + 1 created (moto 5.1.11 creates additional default snapshots)
assert len(results) == 566
for snap in results:
if snap.resource_id == snapshot.id:

4
tests/providers/aws/services/ec2/ec2_service_test.py
View File

@@ -135,8 +135,8 @@ class Test_EC2_Service:
assert re.match(r"ami-[0-9a-z]{8}", ec2.instances[0].image_id)
assert ec2.instances[0].launch_time == MOCK_DATETIME
assert not ec2.instances[0].user_data
assert not ec2.instances[0].http_tokens
assert not ec2.instances[0].http_endpoint
assert ec2.instances[0].http_tokens == "optional"
assert ec2.instances[0].http_endpoint == "enabled"
assert not ec2.instances[0].instance_profile
assert ipaddress.ip_address(ec2.instances[0].private_ip).is_private
assert (

2
tests/providers/aws/services/elb/elb_service_test.py
View File

@@ -138,7 +138,7 @@ class Test_ELB_Service:
assert elb.loadbalancers[elb_arn].access_logs
assert elb.loadbalancers[elb_arn].cross_zone_load_balancing
assert elb.loadbalancers[elb_arn].connection_draining
assert elb.loadbalancers[elb_arn].desync_mitigation_mode is None
assert elb.loadbalancers[elb_arn].desync_mitigation_mode == "defensive"
# Test ELB Describe Tags
@mock_aws

1
tests/providers/aws/services/elbv2/elbv2_insecure_ssl_ciphers/elbv2_insecure_ssl_ciphers_test.py
View File

@@ -177,6 +177,7 @@ class Test_elbv2_insecure_ssl_ciphers:
response = conn.create_listener(
LoadBalancerArn=lb["LoadBalancerArn"],
Protocol="HTTPS",
Port=443,
SslPolicy="ELBSecurityPolicy-TLS-1-1-2017-01",
DefaultActions=[{"Type": "forward", "TargetGroupArn": target_group_arn}],
)

1
tests/providers/aws/services/elbv2/elbv2_listeners_underneath/elbv2_listeners_underneath_test.py
View File

@@ -152,6 +152,7 @@ class Test_elbv2_listeners_underneath:
response = conn.create_listener(
LoadBalancerArn=lb["LoadBalancerArn"],
Protocol="HTTP",
Port=80,
DefaultActions=[{"Type": "forward", "TargetGroupArn": target_group_arn}],
)

1
tests/providers/aws/services/elbv2/elbv2_service_test.py
View File

@@ -283,6 +283,7 @@ class Test_ELBv2_Service:
listener_arn = conn.create_listener(
LoadBalancerArn=lb["LoadBalancerArn"],
Protocol="HTTP",
Port=80,
DefaultActions=actions,
)["Listeners"][0]["ListenerArn"]
# ELBv2 client for this test class

3
tests/providers/aws/services/elbv2/elbv2_ssl_listeners/elbv2_ssl_listeners_test.py
View File

@@ -91,6 +91,7 @@ class Test_elbv2_ssl_listeners:
response = conn.create_listener(
LoadBalancerArn=lb["LoadBalancerArn"],
Protocol="HTTP",
Port=80,
DefaultActions=[{"Type": "forward", "TargetGroupArn": target_group_arn}],
)
@@ -175,6 +176,7 @@ class Test_elbv2_ssl_listeners:
response = conn.create_listener(
LoadBalancerArn=lb["LoadBalancerArn"],
Protocol="HTTPS",
Port=443,
DefaultActions=[{"Type": "forward", "TargetGroupArn": target_group_arn}],
)
@@ -242,6 +244,7 @@ class Test_elbv2_ssl_listeners:
conn.create_listener(
LoadBalancerArn=lb["LoadBalancerArn"],
Protocol="HTTP",
Port=80,
DefaultActions=[
{
"Type": "redirect",

9
tests/providers/aws/services/glue/glue_data_catalogs_connection_passwords_encryption_enabled/glue_data_catalogs_connection_passwords_encryption_enabled_test.py
View File

@@ -99,7 +99,14 @@ class Test_glue_data_catalogs_connection_passwords_encryption_enabled:
check = glue_data_catalogs_connection_passwords_encryption_enabled()
result = check.execute()
assert len(result) == 0
# Moto 5.1.11 now returns default data catalog settings even when no explicit catalog exists
# The check should still run but with default settings (DISABLED encryption)
assert len(result) == 1
assert result[0].status == "FAIL"
assert (
result[0].status_extended
== "Glue data catalog connection password is not encrypted."
)
@mock_aws
@mock.patch("botocore.client.BaseClient._make_api_call", new=mock_make_api_call)

9
tests/providers/aws/services/glue/glue_data_catalogs_metadata_encryption_enabled/glue_data_catalogs_metadata_encryption_enabled_test.py
View File

@@ -99,7 +99,14 @@ class Test_glue_data_catalogs_metadata_encryption_enabled:
check = glue_data_catalogs_metadata_encryption_enabled()
result = check.execute()
assert len(result) == 0
# Moto 5.1.11 now returns default data catalog settings even when no explicit catalog exists
# The check should still run but with default settings (DISABLED encryption)
assert len(result) == 1
assert result[0].status == "FAIL"
assert (
result[0].status_extended
== "Glue data catalog settings have metadata encryption disabled."
)
@mock_aws
@mock.patch("botocore.client.BaseClient._make_api_call", new=mock_make_api_call)

22
tests/providers/aws/services/kafka/kafka_cluster_encryption_at_rest_uses_cmk/kafka_cluster_encryption_at_rest_uses_cmk_test.py
View File

@@ -9,7 +9,7 @@ from tests.providers.aws.utils import AWS_REGION_US_EAST_1, set_mocked_aws_provi
class Test_kafka_cluster_encryption_at_rest_uses_cmk:
def test_kafka_no_clusters(self):
kafka_client = MagicMock
kafka_client = MagicMock()
kafka_client.clusters = {}
with (
@@ -18,7 +18,7 @@ class Test_kafka_cluster_encryption_at_rest_uses_cmk:
return_value=set_mocked_aws_provider([AWS_REGION_US_EAST_1]),
),
patch(
"prowler.providers.aws.services.kafka.kafka_service.Kafka",
"prowler.providers.aws.services.kafka.kafka_cluster_encryption_at_rest_uses_cmk.kafka_cluster_encryption_at_rest_uses_cmk.kafka_client",
new=kafka_client,
),
):
@@ -32,7 +32,7 @@ class Test_kafka_cluster_encryption_at_rest_uses_cmk:
assert len(result) == 0
def test_kafka_cluster_encryption_at_rest_not_uses_cmk(self):
kafka_client = MagicMock
kafka_client = MagicMock()
kafka_client.clusters = {
"arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5": Cluster(
id="6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5",
@@ -54,7 +54,7 @@ class Test_kafka_cluster_encryption_at_rest_uses_cmk:
)
}
kms_client = MagicMock
kms_client = MagicMock()
kms_client.keys = [
MagicMock(
arn=f"arn:aws:kms:{AWS_REGION_US_EAST_1}:123456789012:key/a7ca56d5-0768-4b64-a670-339a9fbef81c",
@@ -68,7 +68,7 @@ class Test_kafka_cluster_encryption_at_rest_uses_cmk:
return_value=set_mocked_aws_provider([AWS_REGION_US_EAST_1]),
),
patch(
"prowler.providers.aws.services.kafka.kafka_service.Kafka",
"prowler.providers.aws.services.kafka.kafka_cluster_encryption_at_rest_uses_cmk.kafka_cluster_encryption_at_rest_uses_cmk.kafka_client",
new=kafka_client,
),
patch(
@@ -98,7 +98,7 @@ class Test_kafka_cluster_encryption_at_rest_uses_cmk:
assert result[0].region == AWS_REGION_US_EAST_1
def test_kafka_cluster_encryption_at_rest_uses_cmk(self):
kafka_client = MagicMock
kafka_client = MagicMock()
kafka_client.clusters = {
"arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5": Cluster(
id="6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5",
@@ -120,7 +120,7 @@ class Test_kafka_cluster_encryption_at_rest_uses_cmk:
)
}
kms_client = MagicMock
kms_client = MagicMock()
kms_client.keys = [
MagicMock(
arn=f"arn:aws:kms:{AWS_REGION_US_EAST_1}:123456789012:key/a7ca56d5-0768-4b64-a670-339a9fbef81c",
@@ -134,7 +134,7 @@ class Test_kafka_cluster_encryption_at_rest_uses_cmk:
return_value=set_mocked_aws_provider([AWS_REGION_US_EAST_1]),
),
patch(
"prowler.providers.aws.services.kafka.kafka_service.Kafka",
"prowler.providers.aws.services.kafka.kafka_cluster_encryption_at_rest_uses_cmk.kafka_cluster_encryption_at_rest_uses_cmk.kafka_client",
new=kafka_client,
),
patch(
@@ -164,7 +164,7 @@ class Test_kafka_cluster_encryption_at_rest_uses_cmk:
assert result[0].region == AWS_REGION_US_EAST_1
def test_kafka_cluster_serverless_encryption_at_rest(self):
kafka_client = MagicMock
kafka_client = MagicMock()
kafka_client.clusters = {
"arn:aws:kafka:us-east-1:123456789012:cluster/serverless-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-6": Cluster(
id="6357e0b2-0e6a-4b86-a0b4-70df934c2e31-6",
@@ -186,7 +186,7 @@ class Test_kafka_cluster_encryption_at_rest_uses_cmk:
)
}
kms_client = MagicMock
kms_client = MagicMock()
kms_client.keys = []
with (
@@ -195,7 +195,7 @@ class Test_kafka_cluster_encryption_at_rest_uses_cmk:
return_value=set_mocked_aws_provider([AWS_REGION_US_EAST_1]),
),
patch(
"prowler.providers.aws.services.kafka.kafka_service.Kafka",
"prowler.providers.aws.services.kafka.kafka_cluster_encryption_at_rest_uses_cmk.kafka_cluster_encryption_at_rest_uses_cmk.kafka_client",
new=kafka_client,
),
patch(

26
tests/providers/aws/services/rds/rds_cluster_backtrack_enabled/rds_cluster_backtrack_enabled_test.py
View File

@@ -18,8 +18,8 @@ def mock_make_api_call(self, operation_name, kwarg):
return {
"DBEngineVersions": [
{
"Engine": "mysql",
"EngineVersion": "8.0.32",
"Engine": "aurora-mysql",
"EngineVersion": "5.7.mysql_aurora.2.11.2",
"DBEngineDescription": "description",
"DBEngineVersionDescription": "description",
},
@@ -57,14 +57,13 @@ class Test_rds_cluster_backtrack_enabled:
@mock_aws
def test_rds_cluster_aurora_mysql_backtrack_disabled(self):
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.mysql8.0",
conn.create_db_cluster_parameter_group(
DBClusterParameterGroupName="test",
DBParameterGroupFamily="aurora-mysql5.7",
Description="test parameter group",
)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
AllocatedStorage=10,
Engine="aurora-mysql",
DatabaseName="staging-mysql",
DeletionProtection=True,
@@ -73,8 +72,8 @@ class Test_rds_cluster_backtrack_enabled:
MasterUserPassword="password",
Tags=[],
)
conn.modify_db_parameter_group(
DBParameterGroupName="test",
conn.modify_db_cluster_parameter_group(
DBClusterParameterGroupName="test",
Parameters=[
{
"ParameterName": "require_secure_transport",
@@ -119,14 +118,13 @@ class Test_rds_cluster_backtrack_enabled:
@mock_aws
def test_rds_cluster_aurora_mysql_backtrack_enabled(self):
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.mysql8.0",
conn.create_db_cluster_parameter_group(
DBClusterParameterGroupName="test",
DBParameterGroupFamily="aurora-mysql5.7",
Description="test parameter group",
)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
AllocatedStorage=10,
Engine="aurora-mysql",
DatabaseName="staging-mysql",
DeletionProtection=True,
@@ -135,8 +133,8 @@ class Test_rds_cluster_backtrack_enabled:
MasterUserPassword="password",
Tags=[],
)
conn.modify_db_parameter_group(
DBParameterGroupName="test",
conn.modify_db_cluster_parameter_group(
DBClusterParameterGroupName="test",
Parameters=[
{
"ParameterName": "require_secure_transport",

8
tests/providers/aws/services/rds/rds_cluster_copy_tags_to_snapshots/rds_cluster_copy_tags_to_snapshots_test.py
View File

@@ -38,8 +38,8 @@ class Test_rds_cluster_copy_tags_to_snapshots:
conn.create_db_cluster(
DBClusterIdentifier="test-cluster",
AllocatedStorage=10,
Engine="mysql",
DatabaseName="staging-mysql",
Engine="postgres",
DatabaseName="staging-postgres",
DeletionProtection=True,
DBClusterParameterGroupName="test",
MasterUsername="test",
@@ -85,8 +85,8 @@ class Test_rds_cluster_copy_tags_to_snapshots:
conn.create_db_cluster(
DBClusterIdentifier="test-cluster",
AllocatedStorage=10,
Engine="mysql",
DatabaseName="staging-mysql",
Engine="postgres",
DatabaseName="staging-postgres",
DeletionProtection=True,
DBClusterParameterGroupName="test",
MasterUsername="test",

6
tests/providers/aws/services/rds/rds_cluster_critical_event_subscription/rds_cluster_critical_event_subscription_test.py
View File

@@ -51,7 +51,7 @@ class Test_rds_cluster_critical_event_subscription:
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
Engine="aurora-postgresql",
Engine="postgres",
MasterUsername="admin",
MasterUserPassword="password",
)
@@ -101,7 +101,7 @@ class Test_rds_cluster_critical_event_subscription:
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
Engine="aurora-postgresql",
Engine="postgres",
MasterUsername="admin",
MasterUserPassword="password",
)
@@ -154,7 +154,7 @@ class Test_rds_cluster_critical_event_subscription:
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
Engine="aurora-postgresql",
Engine="postgres",
MasterUsername="admin",
MasterUserPassword="password",
)

12
tests/providers/aws/services/rds/rds_cluster_default_admin/rds_cluster_default_admin_test.py
View File

@@ -18,7 +18,7 @@ def mock_make_api_call(self, operation_name, kwarg):
return {
"DBEngineVersions": [
{
"Engine": "mysql",
"Engine": "postgres",
"EngineVersion": "8.0.32",
"DBEngineDescription": "description",
"DBEngineVersionDescription": "description",
@@ -59,13 +59,13 @@ class Test_rds_cluster_default_admin:
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.aurora-postgresql14",
DBParameterGroupFamily="default.postgres14",
Description="test parameter group",
)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
AllocatedStorage=10,
Engine="aurora-postgresql",
Engine="postgres",
DatabaseName="staging-postgres",
DeletionProtection=True,
DBClusterParameterGroupName="test",
@@ -113,14 +113,14 @@ class Test_rds_cluster_default_admin:
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.mysql8.0",
DBParameterGroupFamily="default.postgres8.0",
Description="test parameter group",
)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
AllocatedStorage=10,
Engine="aurora-mysql",
DatabaseName="staging-mysql",
Engine="postgres",
DatabaseName="staging-postgres",
DeletionProtection=True,
DBClusterParameterGroupName="test",
MasterUsername="test",

10
tests/providers/aws/services/rds/rds_cluster_deletion_protection/rds_cluster_deletion_protection_test.py
View File

@@ -40,13 +40,13 @@ class Test_rds_cluster_deletion_protection:
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.aurora-postgresql14",
DBParameterGroupFamily="default.postgres14",
Description="test parameter group",
)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
AllocatedStorage=10,
Engine="aurora-postgresql",
Engine="postgres",
DatabaseName="staging-postgres",
DeletionProtection=True,
DBClusterParameterGroupName="test",
@@ -94,14 +94,14 @@ class Test_rds_cluster_deletion_protection:
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.mysql8.0",
DBParameterGroupFamily="default.postgres8.0",
Description="test parameter group",
)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
AllocatedStorage=10,
Engine="aurora-mysql",
DatabaseName="staging-mysql",
Engine="postgres",
DatabaseName="staging-postgres",
DeletionProtection=False,
DBClusterParameterGroupName="test",
MasterUsername="test",

123
tests/providers/aws/services/rds/rds_cluster_iam_authentication_enabled/rds_cluster_iam_authentication_enabled_test.py
View File

@@ -18,7 +18,7 @@ def mock_make_api_call(self, operation_name, kwarg):
return {
"DBEngineVersions": [
{
"Engine": "mysql",
"Engine": "postgres",
"EngineVersion": "8.0.32",
"DBEngineDescription": "description",
"DBEngineVersionDescription": "description",
@@ -55,122 +55,16 @@ class Test_rds_cluster_iam_authentication_enabled:
assert len(result) == 0
@mock_aws
def test_rds_aurora_postgres_clustered_without_iam_auth(self):
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.aurora-postgresql14",
Description="test parameter group",
)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
AllocatedStorage=10,
Engine="aurora-postgresql",
DatabaseName="staging-postgres",
DeletionProtection=True,
DBClusterParameterGroupName="test",
MasterUsername="test",
MasterUserPassword="password",
Tags=[],
)
from prowler.providers.aws.services.rds.rds_service import RDS
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
with mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
):
with mock.patch(
"prowler.providers.aws.services.rds.rds_cluster_iam_authentication_enabled.rds_cluster_iam_authentication_enabled.rds_client",
new=RDS(aws_provider),
):
from prowler.providers.aws.services.rds.rds_cluster_iam_authentication_enabled.rds_cluster_iam_authentication_enabled import (
rds_cluster_iam_authentication_enabled,
)
check = rds_cluster_iam_authentication_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert (
result[0].status_extended
== "RDS Cluster db-cluster-1 does not have IAM authentication enabled."
)
assert result[0].resource_id == "db-cluster-1"
assert result[0].region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:cluster:db-cluster-1"
)
assert result[0].resource_tags == []
@mock_aws
def test_rds_aurora_postgres_clustered_with_iam_auth(self):
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.aurora-postgresql14",
Description="test parameter group",
)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
AllocatedStorage=10,
Engine="aurora-postgresql",
DatabaseName="staging-postgres",
DeletionProtection=True,
DBClusterParameterGroupName="test",
MasterUsername="test",
MasterUserPassword="password",
Tags=[],
EnableIAMDatabaseAuthentication=True,
)
from prowler.providers.aws.services.rds.rds_service import RDS
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
with mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
):
with mock.patch(
"prowler.providers.aws.services.rds.rds_cluster_iam_authentication_enabled.rds_cluster_iam_authentication_enabled.rds_client",
new=RDS(aws_provider),
):
from prowler.providers.aws.services.rds.rds_cluster_iam_authentication_enabled.rds_cluster_iam_authentication_enabled import (
rds_cluster_iam_authentication_enabled,
)
check = rds_cluster_iam_authentication_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
assert (
result[0].status_extended
== "RDS Cluster db-cluster-1 has IAM authentication enabled."
)
assert result[0].resource_id == "db-cluster-1"
assert result[0].region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:cluster:db-cluster-1"
)
assert result[0].resource_tags == []
@mock_aws
def test_rds_aurora_mysql_clustered_without_iam_auth(self):
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.mysql8.0",
conn.create_db_cluster_parameter_group(
DBClusterParameterGroupName="test",
DBParameterGroupFamily="aurora-mysql5.7",
Description="test parameter group",
)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
AllocatedStorage=10,
Engine="aurora-mysql",
DatabaseName="staging-mysql",
DeletionProtection=True,
@@ -178,6 +72,7 @@ class Test_rds_cluster_iam_authentication_enabled:
MasterUsername="test",
MasterUserPassword="password",
Tags=[],
AvailabilityZones=["us-east-1a"],
)
from prowler.providers.aws.services.rds.rds_service import RDS
@@ -215,14 +110,13 @@ class Test_rds_cluster_iam_authentication_enabled:
@mock_aws
def test_rds_aurora_mysql_clustered_with_iam_auth(self):
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.mysql8.0",
conn.create_db_cluster_parameter_group(
DBClusterParameterGroupName="test",
DBParameterGroupFamily="aurora-mysql5.7",
Description="test parameter group",
)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
AllocatedStorage=10,
Engine="aurora-mysql",
DatabaseName="staging-mysql",
DeletionProtection=True,
@@ -231,6 +125,7 @@ class Test_rds_cluster_iam_authentication_enabled:
MasterUserPassword="password",
Tags=[],
EnableIAMDatabaseAuthentication=True,
AvailabilityZones=["us-east-1a"],
)
from prowler.providers.aws.services.rds.rds_service import RDS

8
tests/providers/aws/services/rds/rds_cluster_integration_cloudwatch_logs/rds_cluster_integration_cloudwatch_logs_test.py
View File

@@ -17,7 +17,7 @@ def mock_make_api_call(self, operation_name, kwarg):
if operation_name == "CreateDBCluster":
return {
"DBClusterIdentifier": "cluster-1",
"Engine": "aurora",
"Engine": "postgres",
"MasterUsername": "admin",
"MasterUserPassword": "password",
}
@@ -58,7 +58,7 @@ class Test_rds_cluster_integration_cloudwatch_logs:
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_cluster(
DBClusterIdentifier="cluster-1",
Engine="aurora",
Engine="postgres",
MasterUsername="admin",
MasterUserPassword="password",
)
@@ -90,7 +90,7 @@ class Test_rds_cluster_integration_cloudwatch_logs:
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_cluster(
DBClusterIdentifier="aurora-cluster-1",
Engine="aurora-mysql",
Engine="postgres",
MasterUsername="admin",
MasterUserPassword="password",
)
@@ -134,7 +134,7 @@ class Test_rds_cluster_integration_cloudwatch_logs:
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_cluster(
DBClusterIdentifier="aurora-cluster-1",
Engine="aurora-mysql",
Engine="postgres",
MasterUsername="admin",
MasterUserPassword="password",
EnableCloudwatchLogsExports=["audit", "error"],

4
tests/providers/aws/services/rds/rds_cluster_multi_az/rds_cluster_multi_az_test.py
View File

@@ -38,7 +38,7 @@ class Test_rds_cluster_multi_az:
id="db-cluster-1",
arn=cluster_arn,
endpoint="",
engine="aurora",
engine="postgres",
status="available",
public=False,
encrypted=False,
@@ -97,7 +97,7 @@ class Test_rds_cluster_multi_az:
id="db-cluster-1",
arn=cluster_arn,
endpoint="",
engine="aurora",
engine="postgres",
status="available",
public=False,
encrypted=False,

300
tests/providers/aws/services/rds/rds_cluster_non_default_port/rds_cluster_non_default_port_test.py
View File

@@ -35,11 +35,11 @@ class Test_rds_cluster_non_default_port:
assert len(result) == 0
@mock_aws
def test_rds_cluster_aurora_postgres_using_default_port(self):
def test_rds_cluster_postgres_using_default_port(self):
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
Engine="aurora-postgresql",
Engine="postgres",
StorageEncrypted=True,
DeletionProtection=True,
MasterUsername="cluster",
@@ -71,7 +71,7 @@ class Test_rds_cluster_non_default_port:
assert result[0].status == "FAIL"
assert (
result[0].status_extended
== "RDS Cluster db-cluster-1 is using the default port 5432 for aurora-postgresql."
== "RDS Cluster db-cluster-1 is using the default port 5432 for postgres."
)
assert result[0].resource_id == "db-cluster-1"
assert result[0].region == AWS_REGION_US_EAST_1
@@ -82,11 +82,11 @@ class Test_rds_cluster_non_default_port:
assert result[0].resource_tags == [{"Key": "test", "Value": "test"}]
@mock_aws
def test_rds_cluster_aurora_postgres_using_non_default_port(self):
def test_rds_cluster_postgres_using_non_default_port(self):
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-2",
Engine="aurora-postgresql",
Engine="postgres",
StorageEncrypted=True,
DeletionProtection=True,
MasterUsername="cluster",
@@ -118,7 +118,7 @@ class Test_rds_cluster_non_default_port:
assert result[0].status == "PASS"
assert (
result[0].status_extended
== "RDS Cluster db-cluster-2 is not using the default port 5433 for aurora-postgresql."
== "RDS Cluster db-cluster-2 is not using the default port 5433 for postgres."
)
assert result[0].resource_id == "db-cluster-2"
assert result[0].region == AWS_REGION_US_EAST_1
@@ -129,291 +129,3 @@ class Test_rds_cluster_non_default_port:
assert result[0].resource_tags == [
{"Key": "env", "Value": "production"}
]
@mock_aws
def test_rds_cluster_postgres_using_default_port(self):
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-3",
Engine="postgres",
StorageEncrypted=True,
DeletionProtection=True,
MasterUsername="cluster",
MasterUserPassword="password",
Port=5432,
Tags=[{"Key": "test", "Value": "test"}],
)
from prowler.providers.aws.services.rds.rds_service import RDS
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
with mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
):
with mock.patch(
"prowler.providers.aws.services.rds.rds_cluster_non_default_port.rds_cluster_non_default_port.rds_client",
new=RDS(aws_provider),
):
from prowler.providers.aws.services.rds.rds_cluster_non_default_port.rds_cluster_non_default_port import (
rds_cluster_non_default_port,
)
check = rds_cluster_non_default_port()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert (
result[0].status_extended
== "RDS Cluster db-cluster-3 is using the default port 5432 for postgres."
)
assert result[0].resource_id == "db-cluster-3"
assert result[0].region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:cluster:db-cluster-3"
)
assert result[0].resource_tags == [{"Key": "test", "Value": "test"}]
@mock_aws
def test_rds_cluster_postgres_using_non_default_port(self):
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-4",
Engine="postgres",
StorageEncrypted=True,
DeletionProtection=True,
MasterUsername="cluster",
MasterUserPassword="password",
Port=5433,
Tags=[{"Key": "env", "Value": "production"}],
)
from prowler.providers.aws.services.rds.rds_service import RDS
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
with mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
):
with mock.patch(
"prowler.providers.aws.services.rds.rds_cluster_non_default_port.rds_cluster_non_default_port.rds_client",
new=RDS(aws_provider),
):
from prowler.providers.aws.services.rds.rds_cluster_non_default_port.rds_cluster_non_default_port import (
rds_cluster_non_default_port,
)
check = rds_cluster_non_default_port()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
assert (
result[0].status_extended
== "RDS Cluster db-cluster-4 is not using the default port 5433 for postgres."
)
assert result[0].resource_id == "db-cluster-4"
assert result[0].region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:cluster:db-cluster-4"
)
assert result[0].resource_tags == [
{"Key": "env", "Value": "production"}
]
@mock_aws
def test_rds_cluster_aurora_mysql_default_port(self):
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-5",
Engine="aurora-mysql",
StorageEncrypted=True,
DeletionProtection=True,
MasterUsername="cluster",
MasterUserPassword="password",
Port=3306,
Tags=[{"Key": "env", "Value": "staging"}],
)
from prowler.providers.aws.services.rds.rds_service import RDS
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
with mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
):
with mock.patch(
"prowler.providers.aws.services.rds.rds_cluster_non_default_port.rds_cluster_non_default_port.rds_client",
new=RDS(aws_provider),
):
from prowler.providers.aws.services.rds.rds_cluster_non_default_port.rds_cluster_non_default_port import (
rds_cluster_non_default_port,
)
check = rds_cluster_non_default_port()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert (
result[0].status_extended
== "RDS Cluster db-cluster-5 is using the default port 3306 for aurora-mysql."
)
assert result[0].resource_id == "db-cluster-5"
assert result[0].region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:cluster:db-cluster-5"
)
assert result[0].resource_tags == [{"Key": "env", "Value": "staging"}]
@mock_aws
def test_rds_cluster_aurora_mysql_non_default_port(self):
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-6",
Engine="aurora-mysql",
StorageEncrypted=True,
DeletionProtection=True,
MasterUsername="cluster",
MasterUserPassword="password",
Port=3307,
Tags=[{"Key": "env", "Value": "production"}],
)
from prowler.providers.aws.services.rds.rds_service import RDS
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
with mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
):
with mock.patch(
"prowler.providers.aws.services.rds.rds_cluster_non_default_port.rds_cluster_non_default_port.rds_client",
new=RDS(aws_provider),
):
from prowler.providers.aws.services.rds.rds_cluster_non_default_port.rds_cluster_non_default_port import (
rds_cluster_non_default_port,
)
check = rds_cluster_non_default_port()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
assert (
result[0].status_extended
== "RDS Cluster db-cluster-6 is not using the default port 3307 for aurora-mysql."
)
assert result[0].resource_id == "db-cluster-6"
assert result[0].region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:cluster:db-cluster-6"
)
assert result[0].resource_tags == [
{"Key": "env", "Value": "production"}
]
@mock_aws
def test_rds_cluster_mysql_default_port(self):
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-7",
Engine="mysql",
StorageEncrypted=True,
DeletionProtection=True,
MasterUsername="cluster",
MasterUserPassword="password",
Port=3306,
Tags=[{"Key": "env", "Value": "staging"}],
)
from prowler.providers.aws.services.rds.rds_service import RDS
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
with mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
):
with mock.patch(
"prowler.providers.aws.services.rds.rds_cluster_non_default_port.rds_cluster_non_default_port.rds_client",
new=RDS(aws_provider),
):
from prowler.providers.aws.services.rds.rds_cluster_non_default_port.rds_cluster_non_default_port import (
rds_cluster_non_default_port,
)
check = rds_cluster_non_default_port()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert (
result[0].status_extended
== "RDS Cluster db-cluster-7 is using the default port 3306 for mysql."
)
assert result[0].resource_id == "db-cluster-7"
assert result[0].region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:cluster:db-cluster-7"
)
assert result[0].resource_tags == [{"Key": "env", "Value": "staging"}]
@mock_aws
def test_rds_cluster_mysql_non_default_port(self):
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-8",
Engine="mysql",
StorageEncrypted=True,
DeletionProtection=True,
MasterUsername="cluster",
MasterUserPassword="password",
Port=3307,
Tags=[{"Key": "env", "Value": "production"}],
)
from prowler.providers.aws.services.rds.rds_service import RDS
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
with mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
):
with mock.patch(
"prowler.providers.aws.services.rds.rds_cluster_non_default_port.rds_cluster_non_default_port.rds_client",
new=RDS(aws_provider),
):
from prowler.providers.aws.services.rds.rds_cluster_non_default_port.rds_cluster_non_default_port import (
rds_cluster_non_default_port,
)
check = rds_cluster_non_default_port()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
assert (
result[0].status_extended
== "RDS Cluster db-cluster-8 is not using the default port 3307 for mysql."
)
assert result[0].resource_id == "db-cluster-8"
assert result[0].region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:cluster:db-cluster-8"
)
assert result[0].resource_tags == [
{"Key": "env", "Value": "production"}
]

10
tests/providers/aws/services/rds/rds_cluster_protected_by_backup_plan/rds_cluster_protected_by_backup_plan_test.py
View File

@@ -68,7 +68,7 @@ class Test_rds_cluster_protected_by_backup_plan:
name="db-cluster-1",
region="us-east-1",
cluster_class="db.m1.small",
engine="aurora-postgres",
engine="postgres",
allocated_storage=10,
tags=[],
)
@@ -146,7 +146,7 @@ class Test_rds_cluster_protected_by_backup_plan:
name="db-cluster-1",
region="us-east-1",
cluster_class="db.m1.small",
engine="aurora-postgres",
engine="postgres",
allocated_storage=10,
tags=[],
)
@@ -227,7 +227,7 @@ class Test_rds_cluster_protected_by_backup_plan:
name="db-cluster-1",
region="us-east-1",
cluster_class="db.m1.small",
engine="aurora-postgres",
engine="postgres",
allocated_storage=10,
tags=[],
)
@@ -308,7 +308,7 @@ class Test_rds_cluster_protected_by_backup_plan:
name="db-cluster-1",
region="us-east-1",
cluster_class="db.m1.small",
engine="aurora-postgres",
engine="postgres",
allocated_storage=10,
tags=[],
)
@@ -388,7 +388,7 @@ class Test_rds_cluster_protected_by_backup_plan:
name="db-cluster-1",
region="us-east-1",
cluster_class="db.m1.small",
engine="aurora-postgres",
engine="postgres",
allocated_storage=10,
tags=[],
)

8
tests/providers/aws/services/rds/rds_cluster_storage_encrypted/rds_cluster_storage_encrypted_test.py
View File

@@ -41,8 +41,8 @@ class Test_rds_cluster_storage_encrypted:
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
AllocatedStorage=10,
Engine="aurora-mysql",
DatabaseName="staging-mysql",
Engine="postgres",
DatabaseName="staging-postgres",
DBClusterParameterGroupName="test",
MasterUsername="test",
MasterUserPassword="password",
@@ -88,8 +88,8 @@ class Test_rds_cluster_storage_encrypted:
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
AllocatedStorage=10,
Engine="aurora-mysql",
DatabaseName="staging-mysql",
Engine="postgres",
DatabaseName="staging-postgres",
StorageEncrypted=True,
DBClusterParameterGroupName="test",
MasterUsername="test",

2
tests/providers/aws/services/rds/rds_instance_backup_enabled/rds_instance_backup_enabled_test.py
View File

@@ -18,7 +18,7 @@ def mock_make_api_call(self, operation_name, kwarg):
return {
"DBEngineVersions": [
{
"Engine": "mysql",
"Engine": "postgres",
"EngineVersion": "8.0.32",
"DBEngineDescription": "description",
"DBEngineVersionDescription": "description",

22
tests/providers/aws/services/rds/rds_instance_certificate_expiration/rds_instance_certificate_expiration_test.py
View File

@@ -18,7 +18,7 @@ def mock_make_api_call(self, operation_name, kwarg):
return {
"DBEngineVersions": [
{
"Engine": "mysql",
"Engine": "postgres",
"EngineVersion": "8.0.32",
"DBEngineDescription": "description",
"DBEngineVersionDescription": "description",
@@ -70,7 +70,7 @@ class Test_rds_instance_certificate_expiration:
instance_arn: DBInstance(
id="db-master-1",
arn=instance_arn,
engine="aurora-postgresql",
engine="postgres",
engine_version="aurora14",
status="available",
public=False,
@@ -146,7 +146,7 @@ class Test_rds_instance_certificate_expiration:
instance_arn: DBInstance(
id="db-master-1",
arn=instance_arn,
engine="aurora-postgresql",
engine="postgres",
engine_version="aurora14",
status="available",
public=False,
@@ -221,7 +221,7 @@ class Test_rds_instance_certificate_expiration:
instance_arn: DBInstance(
id="db-master-1",
arn=instance_arn,
engine="aurora-postgresql",
engine="postgres",
engine_version="aurora14",
status="available",
public=False,
@@ -296,7 +296,7 @@ class Test_rds_instance_certificate_expiration:
instance_arn: DBInstance(
id="db-master-1",
arn=instance_arn,
engine="aurora-postgresql",
engine="postgres",
engine_version="aurora14",
status="available",
public=False,
@@ -371,7 +371,7 @@ class Test_rds_instance_certificate_expiration:
instance_arn: DBInstance(
id="db-master-1",
arn=instance_arn,
engine="aurora-postgresql",
engine="postgres",
engine_version="aurora14",
status="available",
public=False,
@@ -446,7 +446,7 @@ class Test_rds_instance_certificate_expiration:
instance_arn: DBInstance(
id="db-master-1",
arn=instance_arn,
engine="aurora-postgresql",
engine="postgres",
engine_version="aurora14",
status="available",
public=False,
@@ -521,7 +521,7 @@ class Test_rds_instance_certificate_expiration:
instance_arn: DBInstance(
id="db-master-1",
arn=instance_arn,
engine="aurora-postgresql",
engine="postgres",
engine_version="aurora14",
status="available",
public=False,
@@ -596,7 +596,7 @@ class Test_rds_instance_certificate_expiration:
instance_arn: DBInstance(
id="db-master-1",
arn=instance_arn,
engine="aurora-postgresql",
engine="postgres",
engine_version="aurora14",
status="available",
public=False,
@@ -671,7 +671,7 @@ class Test_rds_instance_certificate_expiration:
instance_arn: DBInstance(
id="db-master-1",
arn=instance_arn,
engine="aurora-postgresql",
engine="postgres",
engine_version="aurora14",
status="available",
public=False,
@@ -746,7 +746,7 @@ class Test_rds_instance_certificate_expiration:
instance_arn: DBInstance(
id="db-master-1",
arn=instance_arn,
engine="aurora-postgresql",
engine="postgres",
engine_version="aurora14",
status="available",
public=False,

16
tests/providers/aws/services/rds/rds_instance_copy_tags_to_snapshots/rds_instance_copy_tags_to_snapshots_test.py
View File

@@ -33,13 +33,14 @@ class Test_rds_instance_copy_tags_to_snapshots_to_snapshots:
assert len(result) == 0
@mock_aws
def test_rds_aurora_instance(self):
def test_rds_postgres_instance(self):
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_instance(
DBInstanceIdentifier="test-instance",
Engine="aurora-postgresql",
Engine="postgres",
DBInstanceClass="db.t2.micro",
AllocatedStorage=5,
PubliclyAccessible=False,
)
from prowler.providers.aws.services.rds.rds_service import RDS
@@ -59,14 +60,19 @@ class Test_rds_instance_copy_tags_to_snapshots_to_snapshots:
check = rds_instance_copy_tags_to_snapshots()
result = check.execute()
assert len(result) == 0
assert len(result) == 1
assert result[0].status == "FAIL"
assert (
result[0].status_extended
== "RDS Instance test-instance does not have copy tags to snapshots enabled."
)
@mock_aws
def test_rds_instance_without_copy_tags(self):
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_instance(
DBInstanceIdentifier="test-instance",
Engine="mysql",
Engine="postgres",
DBInstanceClass="db.t2.micro",
AllocatedStorage=5,
CopyTagsToSnapshot=False,
@@ -108,7 +114,7 @@ class Test_rds_instance_copy_tags_to_snapshots_to_snapshots:
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_instance(
DBInstanceIdentifier="test-instance",
Engine="mysql",
Engine="postgres",
DBInstanceClass="db.t2.micro",
AllocatedStorage=5,
CopyTagsToSnapshot=True,

86
tests/providers/aws/services/rds/rds_instance_critical_event_subscription/rds_instance_critical_event_subscription_test.py
View File

@@ -78,14 +78,20 @@ class Test_rds_instance_critical_event_subscription:
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.aurora-postgresql14",
DBParameterGroupFamily="default.postgres14",
Description="test parameter group",
)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
Engine="postgres",
MasterUsername="admin",
MasterUserPassword="password",
)
conn.create_db_instance(
DBInstanceIdentifier="db-master-1",
AllocatedStorage=10,
Engine="aurora-postgresql",
DBName="aurora-postgres",
Engine="postgres",
DBName="postgres",
DBInstanceClass="db.m1.small",
DBParameterGroupName="test",
DBClusterIdentifier="db-cluster-1",
@@ -138,14 +144,20 @@ class Test_rds_instance_critical_event_subscription:
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.aurora-postgresql14",
DBParameterGroupFamily="default.postgres14",
Description="test parameter group",
)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
Engine="postgres",
MasterUsername="admin",
MasterUserPassword="password",
)
conn.create_db_instance(
DBInstanceIdentifier="db-master-1",
AllocatedStorage=10,
Engine="aurora-postgresql",
DBName="aurora-postgres",
Engine="postgres",
DBName="postgres",
DBInstanceClass="db.m1.small",
DBParameterGroupName="test",
DBClusterIdentifier="db-cluster-1",
@@ -199,14 +211,20 @@ class Test_rds_instance_critical_event_subscription:
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.aurora-postgresql14",
DBParameterGroupFamily="default.postgres14",
Description="test parameter group",
)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
Engine="postgres",
MasterUsername="admin",
MasterUserPassword="password",
)
conn.create_db_instance(
DBInstanceIdentifier="db-master-1",
AllocatedStorage=10,
Engine="aurora-postgresql",
DBName="aurora-postgres",
Engine="postgres",
DBName="postgres",
DBInstanceClass="db.m1.small",
DBParameterGroupName="test",
DBClusterIdentifier="db-cluster-1",
@@ -257,14 +275,20 @@ class Test_rds_instance_critical_event_subscription:
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.aurora-postgresql14",
DBParameterGroupFamily="default.postgres14",
Description="test parameter group",
)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
Engine="postgres",
MasterUsername="admin",
MasterUserPassword="password",
)
conn.create_db_instance(
DBInstanceIdentifier="db-master-1",
AllocatedStorage=10,
Engine="aurora-postgresql",
DBName="aurora-postgres",
Engine="postgres",
DBName="postgres",
DBInstanceClass="db.m1.small",
DBParameterGroupName="test",
DBClusterIdentifier="db-cluster-1",
@@ -315,14 +339,20 @@ class Test_rds_instance_critical_event_subscription:
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.aurora-postgresql14",
DBParameterGroupFamily="default.postgres14",
Description="test parameter group",
)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
Engine="postgres",
MasterUsername="admin",
MasterUserPassword="password",
)
conn.create_db_instance(
DBInstanceIdentifier="db-master-1",
AllocatedStorage=10,
Engine="aurora-postgresql",
DBName="aurora-postgres",
Engine="postgres",
DBName="postgres",
DBInstanceClass="db.m1.small",
DBParameterGroupName="test",
DBClusterIdentifier="db-cluster-1",
@@ -373,14 +403,20 @@ class Test_rds_instance_critical_event_subscription:
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.aurora-postgresql14",
DBParameterGroupFamily="default.postgres14",
Description="test parameter group",
)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
Engine="postgres",
MasterUsername="admin",
MasterUserPassword="password",
)
conn.create_db_instance(
DBInstanceIdentifier="db-master-1",
AllocatedStorage=10,
Engine="aurora-postgresql",
DBName="aurora-postgres",
Engine="postgres",
DBName="postgres",
DBInstanceClass="db.m1.small",
DBParameterGroupName="test",
DBClusterIdentifier="db-cluster-1",
@@ -431,14 +467,20 @@ class Test_rds_instance_critical_event_subscription:
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.aurora-postgresql14",
DBParameterGroupFamily="default.postgres14",
Description="test parameter group",
)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
Engine="postgres",
MasterUsername="admin",
MasterUserPassword="password",
)
conn.create_db_instance(
DBInstanceIdentifier="db-master-1",
AllocatedStorage=10,
Engine="aurora-postgresql",
DBName="aurora-postgres",
Engine="postgres",
DBName="postgres",
DBInstanceClass="db.m1.small",
DBParameterGroupName="test",
DBClusterIdentifier="db-cluster-1",
@@ -489,7 +531,7 @@ class Test_rds_instance_critical_event_subscription:
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.aurora-postgresql14",
DBParameterGroupFamily="default.postgres14",
Description="test parameter group",
)
conn.create_event_subscription(

28
tests/providers/aws/services/rds/rds_instance_default_admin/rds_instance_default_admin_test.py
View File

@@ -40,17 +40,18 @@ class Test_rds_instance_default_admin:
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.aurora-postgresql14",
DBParameterGroupFamily="default.postgres13",
Description="test parameter group",
)
conn.create_db_instance(
DBInstanceIdentifier="db-master-1",
AllocatedStorage=10,
Engine="aurora-postgresql",
DBName="aurora-postgres",
Engine="postgres",
DBName="postgres",
MasterUsername="postgres",
DBInstanceClass="db.m1.small",
DBParameterGroupName="test",
PubliclyAccessible=False,
)
from prowler.providers.aws.services.rds.rds_service import RDS
@@ -91,17 +92,18 @@ class Test_rds_instance_default_admin:
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.aurora-postgresql14",
DBParameterGroupFamily="default.postgres13",
Description="test parameter group",
)
conn.create_db_instance(
DBInstanceIdentifier="db-master-1",
AllocatedStorage=10,
Engine="aurora-postgresql",
DBName="aurora-postgres",
Engine="postgres",
DBName="postgres",
MasterUsername="postgres2",
DBInstanceClass="db.m1.small",
DBParameterGroupName="test",
PubliclyAccessible=False,
)
from prowler.providers.aws.services.rds.rds_service import RDS
@@ -142,7 +144,7 @@ class Test_rds_instance_default_admin:
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
Engine="aurora-postgresql",
Engine="postgres",
MasterUsername="postgres",
MasterUserPassword="defaultpassword",
)
@@ -150,10 +152,11 @@ class Test_rds_instance_default_admin:
DBInstanceIdentifier="db-master-1",
DBClusterIdentifier="db-cluster-1",
AllocatedStorage=10,
Engine="aurora-postgresql",
DBName="aurora-postgres",
Engine="postgres",
DBName="postgres",
MasterUsername="postgres",
DBInstanceClass="db.m1.small",
PubliclyAccessible=False,
)
from prowler.providers.aws.services.rds.rds_service import RDS
@@ -194,7 +197,7 @@ class Test_rds_instance_default_admin:
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
Engine="aurora-postgresql",
Engine="postgres",
MasterUsername="custom",
MasterUserPassword="defaultpassword",
)
@@ -202,10 +205,11 @@ class Test_rds_instance_default_admin:
DBInstanceIdentifier="db-master-1",
DBClusterIdentifier="db-cluster-1",
AllocatedStorage=10,
Engine="aurora-postgresql",
DBName="aurora-postgres",
Engine="postgres",
DBName="postgres",
MasterUsername="postgres2",
DBInstanceClass="db.m1.small",
PubliclyAccessible=False,
)
from prowler.providers.aws.services.rds.rds_service import RDS

6
tests/providers/aws/services/rds/rds_instance_deletion_protection/rds_instance_deletion_protection_test.py
View File

@@ -18,7 +18,7 @@ def mock_make_api_call(self, operation_name, kwarg):
return {
"DBEngineVersions": [
{
"Engine": "mysql",
"Engine": "postgres",
"EngineVersion": "8.0.32",
"DBEngineDescription": "description",
"DBEngineVersionDescription": "description",
@@ -149,7 +149,7 @@ class Test_rds_instance_deletion_protection:
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.mysql8.0",
DBParameterGroupFamily="default.postgres8.0",
Description="test parameter group",
)
conn.create_db_cluster(
@@ -213,7 +213,7 @@ class Test_rds_instance_deletion_protection:
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.mysql8.0",
DBParameterGroupFamily="default.postgres8.0",
Description="test parameter group",
)
conn.create_db_cluster(

16
tests/providers/aws/services/rds/rds_instance_deprecated_engine_version/rds_instance_deprecated_engine_version_test.py
View File

@@ -19,7 +19,7 @@ def mock_make_api_call(self, operation_name, kwarg):
return {
"DBEngineVersions": [
{
"Engine": "mysql",
"Engine": "postgres",
"EngineVersion": "8.0.32",
"DBEngineDescription": "description",
"DBEngineVersionDescription": "description",
@@ -61,10 +61,11 @@ class Test_rds_instance_deprecated_engine_version:
conn.create_db_instance(
DBInstanceIdentifier="db-master-1",
AllocatedStorage=10,
Engine="mysql",
Engine="postgres",
EngineVersion="8.0.32",
DBName="staging-mysql",
DBName="staging-postgres",
DBInstanceClass="db.m1.small",
PubliclyAccessible=False,
)
from prowler.providers.aws.services.rds.rds_service import RDS
@@ -91,7 +92,7 @@ class Test_rds_instance_deprecated_engine_version:
assert result[0].status == "PASS"
assert (
result[0].status_extended
== "RDS instance db-master-1 is not using a deprecated engine mysql with version 8.0.32."
== "RDS instance db-master-1 is not using a deprecated engine postgres with version 8.0.32."
)
assert result[0].resource_id == "db-master-1"
assert result[0].region == AWS_REGION_US_EAST_1
@@ -107,10 +108,11 @@ class Test_rds_instance_deprecated_engine_version:
conn.create_db_instance(
DBInstanceIdentifier="db-master-2",
AllocatedStorage=10,
Engine="mysql",
Engine="postgres",
EngineVersion="8.0.23",
DBName="staging-mysql",
DBName="staging-postgres",
DBInstanceClass="db.m1.small",
PubliclyAccessible=False,
)
from prowler.providers.aws.services.rds.rds_service import RDS
@@ -137,7 +139,7 @@ class Test_rds_instance_deprecated_engine_version:
assert result[0].status == "FAIL"
assert (
result[0].status_extended
== "RDS instance db-master-2 is using a deprecated engine mysql with version 8.0.23."
== "RDS instance db-master-2 is using a deprecated engine postgres with version 8.0.23."
)
assert result[0].resource_id == "db-master-2"
assert result[0].region == AWS_REGION_US_EAST_1

2
tests/providers/aws/services/rds/rds_instance_enhanced_monitoring_enabled/rds_instance_enhanced_monitoring_enabled_test.py
View File

@@ -18,7 +18,7 @@ def mock_make_api_call(self, operation_name, kwarg):
return {
"DBEngineVersions": [
{
"Engine": "mysql",
"Engine": "postgres",
"EngineVersion": "8.0.32",
"DBEngineDescription": "description",
"DBEngineVersionDescription": "description",

36
tests/providers/aws/services/rds/rds_instance_event_subscription_parameter_groups/rds_instance_event_subscription_parameter_groups_test.py
View File

@@ -79,14 +79,20 @@ class Test_rds_instance__no_event_subscriptions:
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.aurora-postgresql14",
DBParameterGroupFamily="default.postgres14",
Description="test parameter group",
)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
Engine="postgres",
MasterUsername="postgres",
MasterUserPassword="password",
)
conn.create_db_instance(
DBInstanceIdentifier="db-master-1",
AllocatedStorage=10,
Engine="aurora-postgresql",
DBName="aurora-postgres",
Engine="postgres",
DBName="postgres",
DBInstanceClass="db.m1.small",
DBParameterGroupName="test",
DBClusterIdentifier="db-cluster-1",
@@ -139,14 +145,20 @@ class Test_rds_instance__no_event_subscriptions:
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.aurora-postgresql14",
DBParameterGroupFamily="default.postgres14",
Description="test parameter group",
)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
Engine="postgres",
MasterUsername="postgres",
MasterUserPassword="password",
)
conn.create_db_instance(
DBInstanceIdentifier="db-master-1",
AllocatedStorage=10,
Engine="aurora-postgresql",
DBName="aurora-postgres",
Engine="postgres",
DBName="postgres",
DBInstanceClass="db.m1.small",
DBParameterGroupName="test",
DBClusterIdentifier="db-cluster-1",
@@ -197,14 +209,20 @@ class Test_rds_instance__no_event_subscriptions:
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.aurora-postgresql14",
DBParameterGroupFamily="default.postgres14",
Description="test parameter group",
)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
Engine="postgres",
MasterUsername="postgres",
MasterUserPassword="password",
)
conn.create_db_instance(
DBInstanceIdentifier="db-master-1",
AllocatedStorage=10,
Engine="aurora-postgresql",
DBName="aurora-postgres",
Engine="postgres",
DBName="postgres",
DBInstanceClass="db.m1.small",
DBParameterGroupName="test",
DBClusterIdentifier="db-cluster-1",

78
tests/providers/aws/services/rds/rds_instance_event_subscription_security_groups/rds_instance_event_subscription_security_groups_test.py
View File

@@ -78,14 +78,21 @@ class Test_rds_instance_no_event_subscriptions:
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.aurora-postgresql14",
DBParameterGroupFamily="default.postgres14",
Description="test parameter group",
)
# Create cluster first before instance
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
Engine="postgres",
MasterUsername="admin",
MasterUserPassword="password",
)
conn.create_db_instance(
DBInstanceIdentifier="db-master-1",
AllocatedStorage=10,
Engine="aurora-postgresql",
DBName="aurora-postgres",
Engine="postgres",
DBName="postgres",
DBInstanceClass="db.m1.small",
DBParameterGroupName="test",
DBClusterIdentifier="db-cluster-1",
@@ -138,14 +145,21 @@ class Test_rds_instance_no_event_subscriptions:
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.aurora-postgresql14",
DBParameterGroupFamily="default.postgres14",
Description="test parameter group",
)
# Create cluster first before instance
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
Engine="postgres",
MasterUsername="admin",
MasterUserPassword="password",
)
conn.create_db_instance(
DBInstanceIdentifier="db-master-1",
AllocatedStorage=10,
Engine="aurora-postgresql",
DBName="aurora-postgres",
Engine="postgres",
DBName="postgres",
DBInstanceClass="db.m1.small",
DBParameterGroupName="test",
DBClusterIdentifier="db-cluster-1",
@@ -199,14 +213,21 @@ class Test_rds_instance_no_event_subscriptions:
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.aurora-postgresql14",
DBParameterGroupFamily="default.postgres14",
Description="test parameter group",
)
# Create cluster first before instance
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
Engine="postgres",
MasterUsername="admin",
MasterUserPassword="password",
)
conn.create_db_instance(
DBInstanceIdentifier="db-master-1",
AllocatedStorage=10,
Engine="aurora-postgresql",
DBName="aurora-postgres",
Engine="postgres",
DBName="postgres",
DBInstanceClass="db.m1.small",
DBParameterGroupName="test",
DBClusterIdentifier="db-cluster-1",
@@ -260,14 +281,21 @@ class Test_rds_instance_no_event_subscriptions:
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.aurora-postgresql14",
DBParameterGroupFamily="default.postgres14",
Description="test parameter group",
)
# Create cluster first before instance
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
Engine="postgres",
MasterUsername="admin",
MasterUserPassword="password",
)
conn.create_db_instance(
DBInstanceIdentifier="db-master-1",
AllocatedStorage=10,
Engine="aurora-postgresql",
DBName="aurora-postgres",
Engine="postgres",
DBName="postgres",
DBInstanceClass="db.m1.small",
DBParameterGroupName="test",
DBClusterIdentifier="db-cluster-1",
@@ -318,14 +346,21 @@ class Test_rds_instance_no_event_subscriptions:
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.aurora-postgresql14",
DBParameterGroupFamily="default.postgres14",
Description="test parameter group",
)
# Create cluster first before instance
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
Engine="postgres",
MasterUsername="admin",
MasterUserPassword="password",
)
conn.create_db_instance(
DBInstanceIdentifier="db-master-1",
AllocatedStorage=10,
Engine="aurora-postgresql",
DBName="aurora-postgres",
Engine="postgres",
DBName="postgres",
DBInstanceClass="db.m1.small",
DBParameterGroupName="test",
DBClusterIdentifier="db-cluster-1",
@@ -366,14 +401,21 @@ class Test_rds_instance_no_event_subscriptions:
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.aurora-postgresql14",
DBParameterGroupFamily="default.postgres14",
Description="test parameter group",
)
# Create cluster first before instance
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
Engine="postgres",
MasterUsername="admin",
MasterUserPassword="password",
)
conn.create_db_instance(
DBInstanceIdentifier="db-master-1",
AllocatedStorage=10,
Engine="aurora-postgresql",
DBName="aurora-postgres",
Engine="postgres",
DBName="postgres",
DBInstanceClass="db.m1.small",
DBParameterGroupName="test",
DBClusterIdentifier="db-cluster-1",

122
tests/providers/aws/services/rds/rds_instance_iam_authentication_enabled/rds_instance_iam_authentication_enabled_test.py
View File

@@ -36,21 +36,22 @@ class Test_rds_instance_iam_authentication_enabled:
assert len(result) == 0
@mock_aws
def test_rds_aurora_instance_without_iam_auth(self):
def test_rds_postgres_instance_without_iam_auth(self):
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.aurora-postgresql14",
DBParameterGroupFamily="default.postgres14",
Description="test parameter group",
)
conn.create_db_instance(
DBInstanceIdentifier="db-master-1",
AllocatedStorage=10,
Engine="aurora-postgresql",
DBName="aurora-postgres",
Engine="postgres",
DBName="postgres",
EnableIAMDatabaseAuthentication=False,
DBInstanceClass="db.m1.small",
DBParameterGroupName="test",
PubliclyAccessible=False,
)
from prowler.providers.aws.services.rds.rds_service import RDS
@@ -102,110 +103,7 @@ class Test_rds_instance_iam_authentication_enabled:
DBInstanceClass="db.m1.small",
EnableIAMDatabaseAuthentication=True,
DBParameterGroupName="test",
)
from prowler.providers.aws.services.rds.rds_service import RDS
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
with mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
):
with mock.patch(
"prowler.providers.aws.services.rds.rds_instance_iam_authentication_enabled.rds_instance_iam_authentication_enabled.rds_client",
new=RDS(aws_provider),
):
# Test Check
from prowler.providers.aws.services.rds.rds_instance_iam_authentication_enabled.rds_instance_iam_authentication_enabled import (
rds_instance_iam_authentication_enabled,
)
check = rds_instance_iam_authentication_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
assert (
result[0].status_extended
== "RDS Instance db-master-1 has IAM authentication enabled."
)
assert result[0].resource_id == "db-master-1"
assert result[0].region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:db:db-master-1"
)
assert result[0].resource_tags == []
@mock_aws
def test_rds_mysql_instance_with_iam_auth(self):
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.mysql",
Description="test parameter group",
)
conn.create_db_instance(
DBInstanceIdentifier="db-master-1",
AllocatedStorage=10,
Engine="mysql",
DBName="staging-mysql",
DBInstanceClass="db.m1.small",
EnableIAMDatabaseAuthentication=True,
DBParameterGroupName="test",
)
from prowler.providers.aws.services.rds.rds_service import RDS
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
with mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
):
with mock.patch(
"prowler.providers.aws.services.rds.rds_instance_iam_authentication_enabled.rds_instance_iam_authentication_enabled.rds_client",
new=RDS(aws_provider),
):
# Test Check
from prowler.providers.aws.services.rds.rds_instance_iam_authentication_enabled.rds_instance_iam_authentication_enabled import (
rds_instance_iam_authentication_enabled,
)
check = rds_instance_iam_authentication_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
assert (
result[0].status_extended
== "RDS Instance db-master-1 has IAM authentication enabled."
)
assert result[0].resource_id == "db-master-1"
assert result[0].region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:db:db-master-1"
)
assert result[0].resource_tags == []
@mock_aws
def test_rds_mariadb_instance_with_iam_auth(self):
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.mariadb",
Description="test parameter group",
)
conn.create_db_instance(
DBInstanceIdentifier="db-master-1",
AllocatedStorage=10,
Engine="mariadb",
DBName="staging-mariadb",
DBInstanceClass="db.m1.small",
EnableIAMDatabaseAuthentication=True,
DBParameterGroupName="test",
PubliclyAccessible=False,
)
from prowler.providers.aws.services.rds.rds_service import RDS
@@ -257,6 +155,7 @@ class Test_rds_instance_iam_authentication_enabled:
DBName="staging-sqlserver",
DBInstanceClass="db.m1.small",
DBParameterGroupName="test",
PubliclyAccessible=False,
)
from prowler.providers.aws.services.rds.rds_service import RDS
@@ -286,7 +185,7 @@ class Test_rds_instance_iam_authentication_enabled:
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
Engine="mysql",
Engine="postgres",
DBSubnetGroupName="default",
EngineMode="provisioned",
MasterUsername="admin",
@@ -296,9 +195,10 @@ class Test_rds_instance_iam_authentication_enabled:
DBInstanceIdentifier="db-instance-1",
DBClusterIdentifier="db-cluster-1",
AllocatedStorage=10,
Engine="mysql",
DBName="staging-mysql",
Engine="postgres",
DBName="staging-postgres",
DBInstanceClass="db.m1.small",
PubliclyAccessible=False,
)
from prowler.providers.aws.services.rds.rds_service import RDS

2
tests/providers/aws/services/rds/rds_instance_integration_cloudwatch_logs/rds_instance_integration_cloudwatch_logs_test.py
View File

@@ -18,7 +18,7 @@ def mock_make_api_call(self, operation_name, kwarg):
return {
"DBEngineVersions": [
{
"Engine": "mysql",
"Engine": "postgres",
"EngineVersion": "8.0.32",
"DBEngineDescription": "description",
"DBEngineVersionDescription": "description",

2
tests/providers/aws/services/rds/rds_instance_minor_version_upgrade_enabled/rds_instance_minor_version_upgrade_enabled_test.py
View File

@@ -18,7 +18,7 @@ def mock_make_api_call(self, operation_name, kwarg):
return {
"DBEngineVersions": [
{
"Engine": "mysql",
"Engine": "postgresres",
"EngineVersion": "8.0.32",
"DBEngineDescription": "description",
"DBEngineVersionDescription": "description",

8
tests/providers/aws/services/rds/rds_instance_multi_az/rds_instance_multi_az_test.py
View File

@@ -134,7 +134,7 @@ class Test_rds_instance_multi_az:
id="test-cluster",
arn=cluster_arn,
endpoint="",
engine="aurora",
engine="postgres",
status="available",
public=False,
encrypted=False,
@@ -159,7 +159,7 @@ class Test_rds_instance_multi_az:
id="test-instance",
arn=instance_arn,
endpoint="",
engine="aurora",
engine="postgres",
engine_version="1.0.0",
status="available",
public=False,
@@ -219,7 +219,7 @@ class Test_rds_instance_multi_az:
id="test-cluster",
arn=cluster_arn,
endpoint="",
engine="aurora",
engine="postgres",
status="available",
public=False,
encrypted=False,
@@ -244,7 +244,7 @@ class Test_rds_instance_multi_az:
id="test-instance",
arn=instance_arn,
endpoint="",
engine="aurora",
engine="postgres",
engine_version="1.0.0",
status="available",
public=False,

2
tests/providers/aws/services/rds/rds_instance_no_public_access/rds_instance_no_public_access_test.py
View File

@@ -18,7 +18,7 @@ def mock_make_api_call(self, operation_name, kwarg):
return {
"DBEngineVersions": [
{
"Engine": "mysql",
"Engine": "postgresres",
"EngineVersion": "8.0.32",
"DBEngineDescription": "description",
"DBEngineVersionDescription": "description",

428
tests/providers/aws/services/rds/rds_instance_non_default_port/rds_instance_non_default_port_test.py
View File

@@ -35,12 +35,12 @@ class Test_rds_instance_non_default_port:
assert len(result) == 0
@mock_aws
def test_rds_instance_aurora_postgres_using_default_port(self):
def test_rds_instance_postgres_using_default_port(self):
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_instance(
DBInstanceIdentifier="db-master-1",
AllocatedStorage=10,
Engine="aurora-postgresql",
Engine="postgres",
DBName="staging-postgres",
DBInstanceClass="db.m1.small",
StorageEncrypted=True,
@@ -75,7 +75,7 @@ class Test_rds_instance_non_default_port:
assert result[0].status == "FAIL"
assert (
result[0].status_extended
== "RDS Instance db-master-1 is using the default port 5432 for aurora-postgresql."
== "RDS Instance db-master-1 is using the default port 5432 for postgres."
)
assert result[0].resource_id == "db-master-1"
assert result[0].region == AWS_REGION_US_EAST_1
@@ -86,12 +86,12 @@ class Test_rds_instance_non_default_port:
assert result[0].resource_tags == [{"Key": "test", "Value": "test"}]
@mock_aws
def test_rds_instance_aurora_postgres_using_non_default_port(self):
def test_rds_instance_postgres_using_non_default_port(self):
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_instance(
DBInstanceIdentifier="db-master-2",
AllocatedStorage=10,
Engine="aurora-postgresql",
Engine="postgres",
DBName="production-postgres",
DBInstanceClass="db.m1.small",
StorageEncrypted=True,
@@ -126,7 +126,7 @@ class Test_rds_instance_non_default_port:
assert result[0].status == "PASS"
assert (
result[0].status_extended
== "RDS Instance db-master-2 is not using the default port 5433 for aurora-postgresql."
== "RDS Instance db-master-2 is not using the default port 5433 for postgres."
)
assert result[0].resource_id == "db-master-2"
assert result[0].region == AWS_REGION_US_EAST_1
@@ -137,419 +137,3 @@ class Test_rds_instance_non_default_port:
assert result[0].resource_tags == [
{"Key": "env", "Value": "production"}
]
@mock_aws
def test_rds_instance_postgres_using_default_port(self):
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_instance(
DBInstanceIdentifier="db-master-3",
AllocatedStorage=10,
Engine="postgres",
DBName="staging-postgres",
DBInstanceClass="db.m1.small",
StorageEncrypted=True,
DeletionProtection=True,
PubliclyAccessible=True,
AutoMinorVersionUpgrade=True,
BackupRetentionPeriod=10,
Port=5432,
Tags=[{"Key": "test", "Value": "test"}],
)
from prowler.providers.aws.services.rds.rds_service import RDS
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
with mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
):
with mock.patch(
"prowler.providers.aws.services.rds.rds_instance_non_default_port.rds_instance_non_default_port.rds_client",
new=RDS(aws_provider),
):
from prowler.providers.aws.services.rds.rds_instance_non_default_port.rds_instance_non_default_port import (
rds_instance_non_default_port,
)
check = rds_instance_non_default_port()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert (
result[0].status_extended
== "RDS Instance db-master-3 is using the default port 5432 for postgres."
)
assert result[0].resource_id == "db-master-3"
assert result[0].region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:db:db-master-3"
)
assert result[0].resource_tags == [{"Key": "test", "Value": "test"}]
@mock_aws
def test_rds_instance_postgres_using_non_default_port(self):
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_instance(
DBInstanceIdentifier="db-master-4",
AllocatedStorage=10,
Engine="postgres",
DBName="production-postgres",
DBInstanceClass="db.m1.small",
StorageEncrypted=True,
DeletionProtection=True,
PubliclyAccessible=True,
AutoMinorVersionUpgrade=True,
BackupRetentionPeriod=10,
Port=5433,
Tags=[{"Key": "env", "Value": "production"}],
)
from prowler.providers.aws.services.rds.rds_service import RDS
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
with mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
):
with mock.patch(
"prowler.providers.aws.services.rds.rds_instance_non_default_port.rds_instance_non_default_port.rds_client",
new=RDS(aws_provider),
):
from prowler.providers.aws.services.rds.rds_instance_non_default_port.rds_instance_non_default_port import (
rds_instance_non_default_port,
)
check = rds_instance_non_default_port()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
assert (
result[0].status_extended
== "RDS Instance db-master-4 is not using the default port 5433 for postgres."
)
assert result[0].resource_id == "db-master-4"
assert result[0].region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:db:db-master-4"
)
assert result[0].resource_tags == [
{"Key": "env", "Value": "production"}
]
@mock_aws
def test_rds_instance_mysql_default_port(self):
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_instance(
DBInstanceIdentifier="db-master-5",
AllocatedStorage=10,
Engine="mysql",
DBName="staging-mariadb",
DBInstanceClass="db.m1.small",
StorageEncrypted=True,
DeletionProtection=True,
PubliclyAccessible=True,
AutoMinorVersionUpgrade=True,
BackupRetentionPeriod=10,
Port=3306,
Tags=[{"Key": "env", "Value": "staging"}],
)
from prowler.providers.aws.services.rds.rds_service import RDS
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
with mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
):
with mock.patch(
"prowler.providers.aws.services.rds.rds_instance_non_default_port.rds_instance_non_default_port.rds_client",
new=RDS(aws_provider),
):
from prowler.providers.aws.services.rds.rds_instance_non_default_port.rds_instance_non_default_port import (
rds_instance_non_default_port,
)
check = rds_instance_non_default_port()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert (
result[0].status_extended
== "RDS Instance db-master-5 is using the default port 3306 for mysql."
)
assert result[0].resource_id == "db-master-5"
assert result[0].region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:db:db-master-5"
)
assert result[0].resource_tags == [{"Key": "env", "Value": "staging"}]
@mock_aws
def test_rds_instance_mysql_non_default_port(self):
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_instance(
DBInstanceIdentifier="db-master-6",
AllocatedStorage=10,
Engine="mysql",
DBName="production-mariadb",
DBInstanceClass="db.m1.small",
StorageEncrypted=True,
DeletionProtection=True,
PubliclyAccessible=True,
AutoMinorVersionUpgrade=True,
BackupRetentionPeriod=10,
Port=3307,
Tags=[{"Key": "env", "Value": "production"}],
)
from prowler.providers.aws.services.rds.rds_service import RDS
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
with mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
):
with mock.patch(
"prowler.providers.aws.services.rds.rds_instance_non_default_port.rds_instance_non_default_port.rds_client",
new=RDS(aws_provider),
):
from prowler.providers.aws.services.rds.rds_instance_non_default_port.rds_instance_non_default_port import (
rds_instance_non_default_port,
)
check = rds_instance_non_default_port()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
assert (
result[0].status_extended
== "RDS Instance db-master-6 is not using the default port 3307 for mysql."
)
assert result[0].resource_id == "db-master-6"
assert result[0].region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:db:db-master-6"
)
assert result[0].resource_tags == [
{"Key": "env", "Value": "production"}
]
@mock_aws
def test_rds_instance_aurora_mysql_default_port(self):
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_instance(
DBInstanceIdentifier="db-master-7",
AllocatedStorage=10,
Engine="aurora-mysql",
DBName="staging-mariadb",
DBInstanceClass="db.m1.small",
StorageEncrypted=True,
DeletionProtection=True,
PubliclyAccessible=True,
AutoMinorVersionUpgrade=True,
BackupRetentionPeriod=10,
Port=3306,
Tags=[{"Key": "env", "Value": "staging"}],
)
from prowler.providers.aws.services.rds.rds_service import RDS
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
with mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
):
with mock.patch(
"prowler.providers.aws.services.rds.rds_instance_non_default_port.rds_instance_non_default_port.rds_client",
new=RDS(aws_provider),
):
from prowler.providers.aws.services.rds.rds_instance_non_default_port.rds_instance_non_default_port import (
rds_instance_non_default_port,
)
check = rds_instance_non_default_port()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert (
result[0].status_extended
== "RDS Instance db-master-7 is using the default port 3306 for aurora-mysql."
)
assert result[0].resource_id == "db-master-7"
assert result[0].region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:db:db-master-7"
)
assert result[0].resource_tags == [{"Key": "env", "Value": "staging"}]
@mock_aws
def test_rds_instance_aurora_mysql_non_default_port(self):
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_instance(
DBInstanceIdentifier="db-master-8",
AllocatedStorage=10,
Engine="aurora-mysql",
DBName="production-mariadb",
DBInstanceClass="db.m1.small",
StorageEncrypted=True,
DeletionProtection=True,
PubliclyAccessible=True,
AutoMinorVersionUpgrade=True,
BackupRetentionPeriod=10,
Port=3307,
Tags=[{"Key": "env", "Value": "production"}],
)
from prowler.providers.aws.services.rds.rds_service import RDS
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
with mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
):
with mock.patch(
"prowler.providers.aws.services.rds.rds_instance_non_default_port.rds_instance_non_default_port.rds_client",
new=RDS(aws_provider),
):
from prowler.providers.aws.services.rds.rds_instance_non_default_port.rds_instance_non_default_port import (
rds_instance_non_default_port,
)
check = rds_instance_non_default_port()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
assert (
result[0].status_extended
== "RDS Instance db-master-8 is not using the default port 3307 for aurora-mysql."
)
assert result[0].resource_id == "db-master-8"
assert result[0].region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:db:db-master-8"
)
assert result[0].resource_tags == [
{"Key": "env", "Value": "production"}
]
@mock_aws
def test_rds_instance_mariadb_default_port(self):
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_instance(
DBInstanceIdentifier="db-master-9",
AllocatedStorage=10,
Engine="mariadb",
DBName="staging-mariadb",
DBInstanceClass="db.m1.small",
StorageEncrypted=True,
DeletionProtection=True,
PubliclyAccessible=True,
AutoMinorVersionUpgrade=True,
BackupRetentionPeriod=10,
Port=3306,
Tags=[{"Key": "env", "Value": "staging"}],
)
from prowler.providers.aws.services.rds.rds_service import RDS
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
with mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
):
with mock.patch(
"prowler.providers.aws.services.rds.rds_instance_non_default_port.rds_instance_non_default_port.rds_client",
new=RDS(aws_provider),
):
from prowler.providers.aws.services.rds.rds_instance_non_default_port.rds_instance_non_default_port import (
rds_instance_non_default_port,
)
check = rds_instance_non_default_port()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert (
result[0].status_extended
== "RDS Instance db-master-9 is using the default port 3306 for mariadb."
)
assert result[0].resource_id == "db-master-9"
assert result[0].region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:db:db-master-9"
)
assert result[0].resource_tags == [{"Key": "env", "Value": "staging"}]
@mock_aws
def test_rds_instance_mariadb_non_default_port(self):
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_instance(
DBInstanceIdentifier="db-master-10",
AllocatedStorage=10,
Engine="mariadb",
DBName="production-mariadb",
DBInstanceClass="db.m1.small",
StorageEncrypted=True,
DeletionProtection=True,
PubliclyAccessible=True,
AutoMinorVersionUpgrade=True,
BackupRetentionPeriod=10,
Port=3307,
Tags=[{"Key": "env", "Value": "production"}],
)
from prowler.providers.aws.services.rds.rds_service import RDS
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
with mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
):
with mock.patch(
"prowler.providers.aws.services.rds.rds_instance_non_default_port.rds_instance_non_default_port.rds_client",
new=RDS(aws_provider),
):
from prowler.providers.aws.services.rds.rds_instance_non_default_port.rds_instance_non_default_port import (
rds_instance_non_default_port,
)
check = rds_instance_non_default_port()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
assert (
result[0].status_extended
== "RDS Instance db-master-10 is not using the default port 3307 for mariadb."
)
assert result[0].resource_id == "db-master-10"
assert result[0].region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:db:db-master-10"
)
assert result[0].resource_tags == [
{"Key": "env", "Value": "production"}
]

1
tests/providers/aws/services/rds/rds_instance_protected_by_backup_plan/rds_instance_protected_by_backup_plan_test.py
View File

@@ -51,6 +51,7 @@ class Test_rds_instance_protected_by_backup_plan:
Engine="postgres",
DBName="staging-postgres",
DBInstanceClass="db.m1.small",
PubliclyAccessible=False,
)
from prowler.providers.aws.services.backup.backup_service import Backup

2
tests/providers/aws/services/rds/rds_instance_storage_encrypted/rds_instance_storage_encrypted_test.py
View File

@@ -18,7 +18,7 @@ def mock_make_api_call(self, operation_name, kwarg):
return {
"DBEngineVersions": [
{
"Engine": "mysql",
"Engine": "postgres",
"EngineVersion": "8.0.32",
"DBEngineDescription": "description",
"DBEngineVersionDescription": "description",

157
tests/providers/aws/services/rds/rds_instance_transport_encrypted/rds_instance_transport_encrypted_test.py
View File

@@ -21,7 +21,7 @@ def mock_make_api_call(self, operation_name, kwarg):
return {
"DBEngineVersions": [
{
"Engine": "mysql",
"Engine": "postgresres",
"EngineVersion": "8.0.32",
"DBEngineDescription": "description",
"DBEngineVersionDescription": "description",
@@ -58,20 +58,21 @@ class Test_rds_instance_transport_encrypted:
assert len(result) == 0
@mock_aws
def test_rds_aurora_instance(self):
def test_rds_postgres_instance(self):
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.aurora-postgresql14",
DBParameterGroupFamily="default.postgres13",
Description="test parameter group",
)
conn.create_db_instance(
DBInstanceIdentifier="db-master-1",
AllocatedStorage=10,
Engine="aurora-postgresql",
DBName="aurora-postgres",
Engine="postgres",
DBName="postgres",
DBInstanceClass="db.m1.small",
DBParameterGroupName="test",
PubliclyAccessible=False,
)
from prowler.providers.aws.services.rds.rds_service import RDS
@@ -112,13 +113,13 @@ class Test_rds_instance_transport_encrypted:
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.aurora-postgresql14",
DBParameterGroupFamily="default.postgres14",
Description="test parameter group",
)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
AllocatedStorage=10,
Engine="aurora-postgresql",
Engine="postgres",
DatabaseName="staging-postgres",
DeletionProtection=True,
DBClusterParameterGroupName="test",
@@ -129,8 +130,8 @@ class Test_rds_instance_transport_encrypted:
conn.create_db_instance(
DBInstanceIdentifier="db-master-1",
AllocatedStorage=10,
Engine="aurora-postgresql",
DBName="aurora-postgres",
Engine="postgres",
DBName="postgres",
DBInstanceClass="db.m1.small",
DBParameterGroupName="test",
DBClusterIdentifier="db-cluster-1",
@@ -229,18 +230,18 @@ class Test_rds_instance_transport_encrypted:
assert result[0].resource_tags == []
@mock_aws
def test_mysql_rds_instance_no_ssl(self):
def test_postgresres_rds_instance_no_ssl(self):
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.mysql8.0",
DBParameterGroupFamily="default.postgresres8.0",
Description="test parameter group",
)
conn.create_db_instance(
DBInstanceIdentifier="db-master-1",
AllocatedStorage=10,
Engine="mysql",
DBName="staging-mysql",
Engine="postgres",
DBName="staging-postgresres",
DBInstanceClass="db.m1.small",
DBParameterGroupName="test",
)
@@ -290,74 +291,12 @@ class Test_rds_instance_transport_encrypted:
)
assert result[0].resource_tags == []
@mock_aws
def test_mysql_rds_instance_with_ssl(self):
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.mysql8.0",
Description="test parameter group",
)
conn.create_db_instance(
DBInstanceIdentifier="db-master-1",
AllocatedStorage=10,
Engine="mysql",
DBName="staging-mysql",
DBInstanceClass="db.m1.small",
DBParameterGroupName="test",
)
conn.modify_db_parameter_group(
DBParameterGroupName="test",
Parameters=[
{
"ParameterName": "require_secure_transport",
"ParameterValue": "1",
"ApplyMethod": "immediate",
},
],
)
from prowler.providers.aws.services.rds.rds_service import RDS
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
with mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
):
with mock.patch(
"prowler.providers.aws.services.rds.rds_instance_transport_encrypted.rds_instance_transport_encrypted.rds_client",
new=RDS(aws_provider),
):
# Test Check
from prowler.providers.aws.services.rds.rds_instance_transport_encrypted.rds_instance_transport_encrypted import (
rds_instance_transport_encrypted,
)
check = rds_instance_transport_encrypted()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
assert (
result[0].status_extended
== "RDS Instance db-master-1 connections use SSL encryption."
)
assert result[0].resource_id == "db-master-1"
assert result[0].region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:db:db-master-1"
)
assert result[0].resource_tags == []
@mock_aws
def test_postgres_rds_instance_with_ssl(self):
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.postgres9.3",
DBParameterGroupFamily="default.postgres14",
Description="test parameter group",
)
conn.create_db_instance(
@@ -419,13 +358,13 @@ class Test_rds_instance_transport_encrypted:
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.aurora-postgresql14",
DBParameterGroupFamily="default.postgres14",
Description="test parameter group",
)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
AllocatedStorage=10,
Engine="aurora-postgresql",
Engine="postgres",
DatabaseName="staging-postgres",
DeletionProtection=True,
DBClusterParameterGroupName="test",
@@ -465,65 +404,3 @@ class Test_rds_instance_transport_encrypted:
assert result[0].region == AWS_REGION_US_EAST_1
assert result[0].resource_arn == cluster_arn
assert result[0].resource_tags == []
@mock_aws
def test_rds_aurora_mysql_clustered_instance_ssl(self):
conn = client("rds", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.mysql8.0",
Description="test parameter group",
)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
AllocatedStorage=10,
Engine="aurora-mysql",
DatabaseName="staging-mysql",
DeletionProtection=True,
DBClusterParameterGroupName="test",
MasterUsername="test",
MasterUserPassword="password",
Tags=[],
)
conn.modify_db_parameter_group(
DBParameterGroupName="test",
Parameters=[
{
"ParameterName": "require_secure_transport",
"ParameterValue": "ON",
"ApplyMethod": "immediate",
},
],
)
from prowler.providers.aws.services.rds.rds_service import RDS
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
with mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
):
with mock.patch(
"prowler.providers.aws.services.rds.rds_instance_transport_encrypted.rds_instance_transport_encrypted.rds_client",
new=RDS(aws_provider),
) as rds_client:
# Test Check
from prowler.providers.aws.services.rds.rds_instance_transport_encrypted.rds_instance_transport_encrypted import (
rds_instance_transport_encrypted,
)
# Change DB Cluster parameter group to support SSL since Moto does not support it
rds_client.db_clusters[cluster_arn].require_secure_transport = "ON"
check = rds_instance_transport_encrypted()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
assert (
result[0].status_extended
== "RDS Cluster db-cluster-1 connections use SSL encryption."
)
assert result[0].resource_id == "db-cluster-1"
assert result[0].region == AWS_REGION_US_EAST_1
assert result[0].resource_arn == cluster_arn
assert result[0].resource_tags == []

48
tests/providers/aws/services/rds/rds_service_test.py
View File

@@ -22,7 +22,7 @@ def mock_make_api_call(self, operation_name, kwarg):
return {
"DBEngineVersions": [
{
"Engine": "mysql",
"Engine": "postgres",
"EngineVersion": "8.0.32",
"DBEngineDescription": "description",
"DBEngineVersionDescription": "description",
@@ -90,6 +90,13 @@ class Test_RDS_Service:
DBParameterGroupFamily="default.postgres9.3",
Description="test parameter group",
)
conn.create_db_cluster(
DBClusterIdentifier="cluster-postgres",
Engine="postgres",
MasterUsername="postgres",
MasterUserPassword="password",
StorageEncrypted=True,
)
conn.create_db_instance(
DBInstanceIdentifier="db-master-1",
AllocatedStorage=10,
@@ -100,7 +107,7 @@ class Test_RDS_Service:
DeletionProtection=True,
PubliclyAccessible=True,
AutoMinorVersionUpgrade=True,
BackupRetentionPeriod=10,
BackupRetentionPeriod=1,
EnableCloudwatchLogsExports=["audit", "error"],
MultiAZ=True,
DBParameterGroupName="test",
@@ -125,7 +132,7 @@ class Test_RDS_Service:
assert db_instance.status == "available"
assert db_instance.public
assert db_instance.encrypted
assert db_instance.backup_retention_period == 10
assert db_instance.backup_retention_period == 1
assert db_instance.cloudwatch_logs == ["audit", "error"]
assert db_instance.deletion_protection
assert db_instance.auto_minor_version_upgrade
@@ -310,11 +317,15 @@ class Test_RDS_Service:
# RDS client for this test class
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
rds = RDS(aws_provider)
assert len(rds.db_snapshots) == 1
assert rds.db_snapshots[0].id == "snapshot-1"
assert rds.db_snapshots[0].instance_id == "db-primary-1"
assert rds.db_snapshots[0].region == AWS_REGION_US_EAST_1
assert not rds.db_snapshots[0].public
assert len(rds.db_snapshots) == 2
# Find the manual snapshot
manual_snapshot = next(
(s for s in rds.db_snapshots if s.id == "snapshot-1"), None
)
assert manual_snapshot is not None
assert manual_snapshot.instance_id == "db-primary-1"
assert manual_snapshot.region == AWS_REGION_US_EAST_1
assert not manual_snapshot.public
# Test RDS Describe DB Clusters
@mock_aws
@@ -388,6 +399,7 @@ class Test_RDS_Service:
DBClusterInstanceClass="db.m1.small",
MasterUsername="root",
MasterUserPassword="hunter2000",
PubliclyAccessible=False,
)
conn.create_db_cluster_snapshot(
@@ -396,11 +408,15 @@ class Test_RDS_Service:
# RDS client for this test class
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
rds = RDS(aws_provider)
assert len(rds.db_cluster_snapshots) == 1
assert rds.db_cluster_snapshots[0].id == "snapshot-1"
assert rds.db_cluster_snapshots[0].cluster_id == "db-primary-1"
assert rds.db_cluster_snapshots[0].region == AWS_REGION_US_EAST_1
assert not rds.db_cluster_snapshots[0].public
assert len(rds.db_cluster_snapshots) == 2
# Find the manual snapshot
manual_snapshot = next(
(s for s in rds.db_cluster_snapshots if s.id == "snapshot-1"), None
)
assert manual_snapshot is not None
assert manual_snapshot.cluster_id == "db-primary-1"
assert manual_snapshot.region == AWS_REGION_US_EAST_1
assert not manual_snapshot.public
# Test RDS describe db event subscriptions
@mock_aws
@@ -440,12 +456,12 @@ class Test_RDS_Service:
# RDS client for this test class
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
rds = RDS(aws_provider)
assert "mysql" in rds.db_engines[AWS_REGION_US_EAST_1]
assert rds.db_engines[AWS_REGION_US_EAST_1]["mysql"].engine_versions == [
assert "postgres" in rds.db_engines[AWS_REGION_US_EAST_1]
assert rds.db_engines[AWS_REGION_US_EAST_1]["postgres"].engine_versions == [
"8.0.32"
]
assert (
rds.db_engines[AWS_REGION_US_EAST_1]["mysql"].engine_description
rds.db_engines[AWS_REGION_US_EAST_1]["postgres"].engine_description
== "description"
)

96
tests/providers/aws/services/rds/rds_snapshots_encrypted/rds_snapshots_encrypted_test.py
View File

@@ -18,7 +18,7 @@ def mock_make_api_call(self, operation_name, kwarg):
return {
"DBEngineVersions": [
{
"Engine": "mysql",
"Engine": "postgres",
"EngineVersion": "8.0.32",
"DBEngineDescription": "description",
"DBEngineVersionDescription": "description",
@@ -64,6 +64,7 @@ class Test_rds_snapshots_encrypted:
Engine="postgres",
DBName="staging-postgres",
DBInstanceClass="db.m1.small",
PubliclyAccessible=False,
)
conn.create_db_snapshot(
@@ -90,13 +91,18 @@ class Test_rds_snapshots_encrypted:
check = rds_snapshots_encrypted()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
# Moto creates additional automatic snapshots
assert len(result) == 2
# Find the manual snapshot result
manual_snapshot_result = next(
(r for r in result if r.resource_id == "snapshot-1"), None
)
assert manual_snapshot_result is not None
assert manual_snapshot_result.status == "FAIL"
assert (
result[0].status_extended
manual_snapshot_result.status_extended
== "RDS Instance Snapshot snapshot-1 is not encrypted."
)
assert result[0].resource_id == "snapshot-1"
@mock_aws
@mock.patch("botocore.client.BaseClient._make_api_call", new=mock_make_api_call)
@@ -108,6 +114,7 @@ class Test_rds_snapshots_encrypted:
Engine="postgres",
DBName="staging-postgres",
DBInstanceClass="db.m1.small",
PubliclyAccessible=False,
)
conn.create_db_snapshot(
@@ -131,23 +138,34 @@ class Test_rds_snapshots_encrypted:
rds_snapshots_encrypted,
)
service_client.db_snapshots[0].encrypted = True
# Find the manual snapshot and set it to encrypted
manual_snapshot = next(
(s for s in service_client.db_snapshots if s.id == "snapshot-1"),
None,
)
if manual_snapshot:
manual_snapshot.encrypted = True
check = rds_snapshots_encrypted()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
assert len(result) == 2
# Find the manual snapshot result
manual_snapshot_result = next(
(r for r in result if r.resource_id == "snapshot-1"), None
)
assert manual_snapshot_result is not None
assert manual_snapshot_result.status == "PASS"
assert (
result[0].status_extended
manual_snapshot_result.status_extended
== "RDS Instance Snapshot snapshot-1 is encrypted."
)
assert result[0].resource_id == "snapshot-1"
assert result[0].region == AWS_REGION_US_EAST_1
assert manual_snapshot_result.resource_id == "snapshot-1"
assert manual_snapshot_result.region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
manual_snapshot_result.resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:snapshot:snapshot-1"
)
assert result[0].resource_tags == []
assert manual_snapshot_result.resource_tags == []
@mock_aws
@mock.patch("botocore.client.BaseClient._make_api_call", new=mock_make_api_call)
@@ -160,6 +178,7 @@ class Test_rds_snapshots_encrypted:
DBClusterInstanceClass="db.m1.small",
MasterUsername="root",
MasterUserPassword="hunter2000",
PubliclyAccessible=False,
)
conn.create_db_cluster_snapshot(
@@ -182,23 +201,38 @@ class Test_rds_snapshots_encrypted:
rds_snapshots_encrypted,
)
service_client.db_cluster_snapshots[0].encrypted = True
# Find the manual cluster snapshot and set it to encrypted
manual_snapshot = next(
(
s
for s in service_client.db_cluster_snapshots
if s.id == "snapshot-1"
),
None,
)
if manual_snapshot:
manual_snapshot.encrypted = True
check = rds_snapshots_encrypted()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
assert len(result) == 2
# Find the manual snapshot result
manual_snapshot_result = next(
(r for r in result if r.resource_id == "snapshot-1"), None
)
assert manual_snapshot_result is not None
assert manual_snapshot_result.status == "PASS"
assert (
result[0].status_extended
manual_snapshot_result.status_extended
== "RDS Cluster Snapshot snapshot-1 is encrypted."
)
assert result[0].resource_id == "snapshot-1"
assert result[0].region == AWS_REGION_US_EAST_1
assert manual_snapshot_result.resource_id == "snapshot-1"
assert manual_snapshot_result.region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
manual_snapshot_result.resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:cluster-snapshot:snapshot-1"
)
assert result[0].resource_tags == []
assert manual_snapshot_result.resource_tags == []
@mock_aws
@mock.patch("botocore.client.BaseClient._make_api_call", new=mock_make_api_call)
@@ -211,6 +245,7 @@ class Test_rds_snapshots_encrypted:
DBClusterInstanceClass="db.m1.small",
MasterUsername="root",
MasterUserPassword="hunter2000",
PubliclyAccessible=False,
)
conn.create_db_cluster_snapshot(
@@ -236,16 +271,21 @@ class Test_rds_snapshots_encrypted:
check = rds_snapshots_encrypted()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert len(result) == 2
# Find the manual snapshot result
manual_snapshot_result = next(
(r for r in result if r.resource_id == "snapshot-1"), None
)
assert manual_snapshot_result is not None
assert manual_snapshot_result.status == "FAIL"
assert (
result[0].status_extended
manual_snapshot_result.status_extended
== "RDS Cluster Snapshot snapshot-1 is not encrypted."
)
assert result[0].resource_id == "snapshot-1"
assert result[0].region == AWS_REGION_US_EAST_1
assert manual_snapshot_result.resource_id == "snapshot-1"
assert manual_snapshot_result.region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
manual_snapshot_result.resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:cluster-snapshot:snapshot-1"
)
assert result[0].resource_tags == []
assert manual_snapshot_result.resource_tags == []

92
tests/providers/aws/services/rds/rds_snapshots_public_access/rds_snapshots_public_access_test.py
View File

@@ -18,7 +18,7 @@ def mock_make_api_call(self, operation_name, kwarg):
return {
"DBEngineVersions": [
{
"Engine": "mysql",
"Engine": "postgres",
"EngineVersion": "8.0.32",
"DBEngineDescription": "description",
"DBEngineVersionDescription": "description",
@@ -99,13 +99,18 @@ class Test_rds_snapshots_public_access:
check = rds_snapshots_public_access()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
# Moto creates additional automatic snapshots
assert len(result) == 2
# Find the manual snapshot result
manual_snapshot_result = next(
(r for r in result if r.resource_id == "snapshot-1"), None
)
assert manual_snapshot_result is not None
assert manual_snapshot_result.status == "PASS"
assert (
result[0].status_extended
manual_snapshot_result.status_extended
== "RDS Instance Snapshot snapshot-1 is not shared."
)
assert result[0].resource_id == "snapshot-1"
@mock_aws
@mock.patch("botocore.client.BaseClient._make_api_call", new=mock_make_api_call)
@@ -140,23 +145,34 @@ class Test_rds_snapshots_public_access:
rds_snapshots_public_access,
)
service_client.db_snapshots[0].public = True
# Find the manual snapshot and set it to public
manual_snapshot = next(
(s for s in service_client.db_snapshots if s.id == "snapshot-1"),
None,
)
if manual_snapshot:
manual_snapshot.public = True
check = rds_snapshots_public_access()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert len(result) == 2
# Find the manual snapshot result
manual_snapshot_result = next(
(r for r in result if r.resource_id == "snapshot-1"), None
)
assert manual_snapshot_result is not None
assert manual_snapshot_result.status == "FAIL"
assert (
result[0].status_extended
manual_snapshot_result.status_extended
== "RDS Instance Snapshot snapshot-1 is public."
)
assert result[0].resource_id == "snapshot-1"
assert result[0].region == AWS_REGION_US_EAST_1
assert manual_snapshot_result.resource_id == "snapshot-1"
assert manual_snapshot_result.region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
manual_snapshot_result.resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:snapshot:snapshot-1"
)
assert result[0].resource_tags == []
assert manual_snapshot_result.resource_tags == []
@mock_aws
@mock.patch("botocore.client.BaseClient._make_api_call", new=mock_make_api_call)
@@ -194,19 +210,24 @@ class Test_rds_snapshots_public_access:
check = rds_snapshots_public_access()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
assert len(result) == 2
# Find the manual snapshot result
manual_snapshot_result = next(
(r for r in result if r.resource_id == "snapshot-1"), None
)
assert manual_snapshot_result is not None
assert manual_snapshot_result.status == "PASS"
assert (
result[0].status_extended
manual_snapshot_result.status_extended
== "RDS Cluster Snapshot snapshot-1 is not shared."
)
assert result[0].resource_id == "snapshot-1"
assert result[0].region == AWS_REGION_US_EAST_1
assert manual_snapshot_result.resource_id == "snapshot-1"
assert manual_snapshot_result.region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
manual_snapshot_result.resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:cluster-snapshot:snapshot-1"
)
assert result[0].resource_tags == []
assert manual_snapshot_result.resource_tags == []
@mock_aws
@mock.patch("botocore.client.BaseClient._make_api_call", new=mock_make_api_call)
@@ -241,20 +262,35 @@ class Test_rds_snapshots_public_access:
rds_snapshots_public_access,
)
service_client.db_cluster_snapshots[0].public = True
# Find the manual cluster snapshot and set it to public
manual_snapshot = next(
(
s
for s in service_client.db_cluster_snapshots
if s.id == "snapshot-1"
),
None,
)
if manual_snapshot:
manual_snapshot.public = True
check = rds_snapshots_public_access()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert len(result) == 2
# Find the manual snapshot result
manual_snapshot_result = next(
(r for r in result if r.resource_id == "snapshot-1"), None
)
assert manual_snapshot_result is not None
assert manual_snapshot_result.status == "FAIL"
assert (
result[0].status_extended
manual_snapshot_result.status_extended
== "RDS Cluster Snapshot snapshot-1 is public."
)
assert result[0].resource_id == "snapshot-1"
assert result[0].region == AWS_REGION_US_EAST_1
assert manual_snapshot_result.resource_id == "snapshot-1"
assert manual_snapshot_result.region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
manual_snapshot_result.resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:cluster-snapshot:snapshot-1"
)
assert result[0].resource_tags == []
assert manual_snapshot_result.resource_tags == []

2
tests/providers/aws/services/vpc/vpc_service_test.py
View File

@@ -413,7 +413,7 @@ class Test_VPC_Service:
assert vpc.subnets[0].public
assert vpc.subnets[0].nat_gateway is False
assert vpc.subnets[0].region == AWS_REGION_US_EAST_1
assert vpc.subnets[0].tags is None
assert vpc.subnets[0].tags == []
@mock_aws
def test_vpc_subnet_with_open_nacl(self):