feat(azure): filtering scans at resource group level (#10657)

Signed-off-by: Legin-ML <leginml2004@gmail.com>
This commit is contained in:
Legin
2026-07-02 14:57:53 +05:30
committed by GitHub
parent b6f74c7284
commit 537c3ea71e
91 changed files with 4461 additions and 99 deletions
+4
View File
@@ -9,6 +9,8 @@ from prowler.providers.azure.models import AzureIdentityInfo, AzureRegionConfig
AZURE_SUBSCRIPTION_ID = str(uuid4())
AZURE_SUBSCRIPTION_NAME = "Subscription Name"
AZURE_SUBSCRIPTION_DISPLAY = f"{AZURE_SUBSCRIPTION_NAME} ({AZURE_SUBSCRIPTION_ID})"
RESOURCE_GROUP = "rg"
RESOURCE_GROUP_LIST = [RESOURCE_GROUP, "rg2"]
# Azure Identity
IDENTITY_ID = "00000000-0000-0000-0000-000000000000"
@@ -30,6 +32,7 @@ def set_mocked_azure_provider(
audit_config: dict = None,
azure_region_config: AzureRegionConfig = AzureRegionConfig(),
locations: list = None,
resource_groups: dict = None,
) -> AzureProvider:
provider = MagicMock()
@@ -39,5 +42,6 @@ def set_mocked_azure_provider(
provider.identity = identity
provider.audit_config = audit_config
provider.region_config = azure_region_config
provider.resource_groups = resource_groups
return provider
@@ -552,6 +552,102 @@ class TestAzureProvider:
assert regions == expected_regions
class TestAzureProviderValidateResourceGroups:
@patch(
"prowler.providers.azure.azure_provider.AzureProvider.__init__",
return_value=None,
)
def _make_provider(self, _mock_init, subscriptions=None):
provider = AzureProvider()
provider._identity = MagicMock()
provider._identity.subscriptions = subscriptions or {str(uuid4()): "Sub"}
provider._session = MagicMock()
provider._region_config = MagicMock()
return provider
@patch("prowler.providers.azure.azure_provider.ResourceManagementClient")
def test_validate_resource_groups_exact_match(self, mock_rm_client):
provider = self._make_provider()
sub_name = list(provider._identity.subscriptions.keys())[0]
mock_rg = MagicMock()
mock_rg.name = "mygroup"
mock_resource_groups = MagicMock()
mock_resource_groups.list.return_value = [mock_rg]
mock_rm_client.return_value.resource_groups = mock_resource_groups
result = provider.validate_resource_groups(["mygroup"])
assert result[sub_name] == ["mygroup"]
@patch("prowler.providers.azure.azure_provider.ResourceManagementClient")
def test_validate_resource_groups_mixed_case(self, mock_rm_client):
provider = self._make_provider()
sub_name = list(provider._identity.subscriptions.keys())[0]
mock_rg = MagicMock()
mock_rg.name = "MyGroup"
mock_resource_groups = MagicMock()
mock_resource_groups.list.return_value = [mock_rg]
mock_rm_client.return_value.resource_groups = mock_resource_groups
result = provider.validate_resource_groups(["mygroup"])
assert result[sub_name] == ["MyGroup"]
mock_resource_groups.list.assert_called_once()
@patch("prowler.providers.azure.azure_provider.ResourceManagementClient")
def test_validate_resource_groups_multiple_rgs(self, mock_rm_client):
provider = self._make_provider()
sub_name = list(provider._identity.subscriptions.keys())[0]
rg1, rg2 = MagicMock(), MagicMock()
rg1.name = "rg1"
rg2.name = "rg2"
mock_resource_groups = MagicMock()
mock_resource_groups.list.return_value = [rg1, rg2]
mock_rm_client.return_value.resource_groups = mock_resource_groups
result = provider.validate_resource_groups(["rg1", "rg2"])
assert set(result[sub_name]) == {"rg1", "rg2"}
@patch("prowler.providers.azure.azure_provider.ResourceManagementClient")
def test_validate_resource_groups_not_found(self, mock_rm_client):
provider = self._make_provider()
sub_name = list(provider._identity.subscriptions.keys())[0]
mock_rg = MagicMock()
mock_rg.name = "existing"
mock_resource_groups = MagicMock()
mock_resource_groups.list.return_value = [mock_rg]
mock_rm_client.return_value.resource_groups = mock_resource_groups
result = provider.validate_resource_groups(["nonexistent"])
assert result[sub_name] == []
def test_validate_resource_groups_empty_input(self):
provider = self._make_provider()
result = provider.validate_resource_groups([])
assert result == {}
@patch("prowler.providers.azure.azure_provider.ResourceManagementClient")
def test_validate_resource_groups_strips_whitespace(self, mock_rm_client):
provider = self._make_provider()
sub_name = list(provider._identity.subscriptions.keys())[0]
mock_rg = MagicMock()
mock_rg.name = "rg-prod"
mock_resource_groups = MagicMock()
mock_resource_groups.list.return_value = [mock_rg]
mock_rm_client.return_value.resource_groups = mock_resource_groups
result = provider.validate_resource_groups([" rg-prod "])
assert result[sub_name] == ["rg-prod"]
class TestAzureProviderSetupIdentitySubscriptions:
"""Regression tests ensuring identity.subscriptions preserves every
subscription even when multiple Azure subscriptions share the same
@@ -1,4 +1,4 @@
from unittest.mock import patch
from unittest.mock import MagicMock, patch
from prowler.providers.azure.services.aisearch.aisearch_service import (
AISearch,
@@ -6,9 +6,13 @@ from prowler.providers.azure.services.aisearch.aisearch_service import (
)
from tests.providers.azure.azure_fixtures import (
AZURE_SUBSCRIPTION_ID,
RESOURCE_GROUP,
RESOURCE_GROUP_LIST,
set_mocked_azure_provider,
)
AISEARCH_SERVICE_ID = f"/subscriptions/{AZURE_SUBSCRIPTION_ID}/resourceGroups/{RESOURCE_GROUP}/providers/Microsoft.Search/searchServices/search1"
def mock_storage_get_aisearch_services(_):
return {
@@ -58,3 +62,121 @@ class Test_AISearch_Service:
assert aisearch.aisearch_services[AZURE_SUBSCRIPTION_ID][
"aisearch_service_id-1"
].public_network_access
class Test_AISearch_Service_get_aisearch_services:
def test_get_aisearch_services_no_resource_groups(self):
mock_service = MagicMock()
mock_service.id = AISEARCH_SERVICE_ID
mock_service.name = "search1"
mock_service.location = "westeurope"
mock_service.public_network_access = "Enabled"
mock_client = MagicMock()
mock_client.services.list_by_subscription.return_value = [mock_service]
with patch(
"prowler.providers.azure.services.aisearch.aisearch_service.AISearch._get_aisearch_services",
return_value={},
):
aisearch = AISearch(set_mocked_azure_provider())
aisearch.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
aisearch.resource_groups = None
result = aisearch._get_aisearch_services()
mock_client.services.list_by_subscription.assert_called_once()
mock_client.services.list_by_resource_group.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
assert (
result[AZURE_SUBSCRIPTION_ID][AISEARCH_SERVICE_ID].public_network_access
is True
)
def test_get_aisearch_services_with_resource_group(self):
mock_service = MagicMock()
mock_service.id = AISEARCH_SERVICE_ID
mock_service.name = "search1"
mock_service.location = "westeurope"
mock_service.public_network_access = "Disabled"
mock_client = MagicMock()
mock_client.services.list_by_resource_group.return_value = [mock_service]
with patch(
"prowler.providers.azure.services.aisearch.aisearch_service.AISearch._get_aisearch_services",
return_value={},
):
aisearch = AISearch(set_mocked_azure_provider())
aisearch.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
aisearch.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
result = aisearch._get_aisearch_services()
mock_client.services.list_by_resource_group.assert_called_once_with(
resource_group_name=RESOURCE_GROUP
)
mock_client.services.list_by_subscription.assert_not_called()
assert (
result[AZURE_SUBSCRIPTION_ID][AISEARCH_SERVICE_ID].public_network_access
is False
)
def test_get_aisearch_services_empty_resource_group_for_subscription(self):
mock_client = MagicMock()
with patch(
"prowler.providers.azure.services.aisearch.aisearch_service.AISearch._get_aisearch_services",
return_value={},
):
aisearch = AISearch(set_mocked_azure_provider())
aisearch.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
aisearch.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
result = aisearch._get_aisearch_services()
mock_client.services.list_by_resource_group.assert_not_called()
mock_client.services.list_by_subscription.assert_not_called()
assert result[AZURE_SUBSCRIPTION_ID] == {}
def test_get_aisearch_services_with_multiple_resource_groups(self):
mock_client = MagicMock()
mock_client.services = MagicMock()
mock_client.services.list_by_resource_group.return_value = []
with patch(
"prowler.providers.azure.services.aisearch.aisearch_service.AISearch._get_aisearch_services",
return_value={},
):
aisearch = AISearch(set_mocked_azure_provider())
aisearch.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
aisearch.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
result = aisearch._get_aisearch_services()
assert mock_client.services.list_by_resource_group.call_count == 2
assert AZURE_SUBSCRIPTION_ID in result
def test_get_aisearch_services_with_mixed_case_resource_group(self):
mock_client = MagicMock()
mock_client.services = MagicMock()
mock_client.services.list_by_resource_group.return_value = []
with patch(
"prowler.providers.azure.services.aisearch.aisearch_service.AISearch._get_aisearch_services",
return_value={},
):
aisearch = AISearch(set_mocked_azure_provider())
aisearch.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
aisearch.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
aisearch._get_aisearch_services()
mock_client.services.list_by_resource_group.assert_called_once_with(
resource_group_name="RG"
)
@@ -1,8 +1,10 @@
from unittest.mock import patch
from unittest.mock import MagicMock, patch
from prowler.providers.azure.services.aks.aks_service import AKS, Cluster
from tests.providers.azure.azure_fixtures import (
AZURE_SUBSCRIPTION_ID,
RESOURCE_GROUP,
RESOURCE_GROUP_LIST,
set_mocked_azure_provider,
)
@@ -66,3 +68,128 @@ class Test_AKS_Service:
aks.clusters[AZURE_SUBSCRIPTION_ID]["cluster_id-1"].location == "westeurope"
)
assert aks.clusters[AZURE_SUBSCRIPTION_ID]["cluster_id-1"].rbac_enabled
class Test_AKS_get_clusters:
def test_get_clusters_no_resource_groups(self):
mock_cluster = MagicMock()
mock_cluster.id = "cluster_id-1"
mock_cluster.name = "cluster_name"
mock_cluster.fqdn = "public_fqdn"
mock_cluster.private_fqdn = "private_fqdn"
mock_cluster.location = "westeurope"
mock_cluster.kubernetes_version = "1.28.0"
mock_cluster.network_profile = None
mock_cluster.agent_pool_profiles = []
mock_cluster.enable_rbac = False
mock_client = MagicMock()
mock_client.managed_clusters.list.return_value = [mock_cluster]
with patch(
"prowler.providers.azure.services.aks.aks_service.AKS._get_clusters",
return_value={},
):
aks = AKS(set_mocked_azure_provider())
aks.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
aks.resource_groups = None
result = aks._get_clusters()
mock_client.managed_clusters.list.assert_called_once()
mock_client.managed_clusters.list_by_resource_group.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
assert "cluster_id-1" in result[AZURE_SUBSCRIPTION_ID]
def test_get_clusters_with_resource_group(self):
mock_cluster = MagicMock()
mock_cluster.id = "cluster_id-1"
mock_cluster.name = "cluster_name"
mock_cluster.fqdn = "public_fqdn"
mock_cluster.private_fqdn = "private_fqdn"
mock_cluster.location = "westeurope"
mock_cluster.kubernetes_version = "1.28.0"
mock_cluster.network_profile = None
mock_cluster.agent_pool_profiles = []
mock_cluster.enable_rbac = False
mock_client = MagicMock()
mock_client.managed_clusters.list_by_resource_group.return_value = [
mock_cluster
]
with patch(
"prowler.providers.azure.services.aks.aks_service.AKS._get_clusters",
return_value={},
):
aks = AKS(set_mocked_azure_provider())
aks.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
aks.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
result = aks._get_clusters()
mock_client.managed_clusters.list_by_resource_group.assert_called_once_with(
resource_group_name=RESOURCE_GROUP
)
mock_client.managed_clusters.list.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
assert "cluster_id-1" in result[AZURE_SUBSCRIPTION_ID]
def test_get_clusters_empty_resource_group_for_subscription(self):
mock_client = MagicMock()
with patch(
"prowler.providers.azure.services.aks.aks_service.AKS._get_clusters",
return_value={},
):
aks = AKS(set_mocked_azure_provider())
aks.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
aks.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
result = aks._get_clusters()
mock_client.managed_clusters.list_by_resource_group.assert_not_called()
mock_client.managed_clusters.list.assert_not_called()
assert result[AZURE_SUBSCRIPTION_ID] == {}
def test_get_clusters_with_multiple_resource_groups(self):
mock_client = MagicMock()
mock_client.managed_clusters = MagicMock()
mock_client.managed_clusters.list_by_resource_group.return_value = []
with patch(
"prowler.providers.azure.services.aks.aks_service.AKS._get_clusters",
return_value={},
):
aks = AKS(set_mocked_azure_provider())
aks.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
aks.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
result = aks._get_clusters()
assert mock_client.managed_clusters.list_by_resource_group.call_count == 2
assert AZURE_SUBSCRIPTION_ID in result
def test_get_clusters_with_mixed_case_resource_group(self):
mock_client = MagicMock()
mock_client.managed_clusters = MagicMock()
mock_client.managed_clusters.list_by_resource_group.return_value = []
with patch(
"prowler.providers.azure.services.aks.aks_service.AKS._get_clusters",
return_value={},
):
aks = AKS(set_mocked_azure_provider())
aks.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
aks.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
aks._get_clusters()
mock_client.managed_clusters.list_by_resource_group.assert_called_once_with(
resource_group_name="RG"
)
@@ -1,6 +1,6 @@
from datetime import timedelta
from unittest import TestCase, mock
from unittest.mock import patch
from unittest.mock import MagicMock, patch
from azure.mgmt.loganalytics.models import Workspace
from azure.mgmt.monitor.models import DiagnosticSettingsResource
@@ -9,6 +9,8 @@ from azure.monitor.query import LogsQueryResult
from tests.providers.azure.azure_fixtures import (
AZURE_SUBSCRIPTION_ID,
AZURE_SUBSCRIPTION_NAME,
RESOURCE_GROUP,
RESOURCE_GROUP_LIST,
set_mocked_azure_provider,
)
@@ -16,7 +18,6 @@ from tests.providers.azure.azure_fixtures import (
APIM_INSTANCE_ID = f"/subscriptions/{AZURE_SUBSCRIPTION_ID}/resourceGroups/rg/providers/Microsoft.ApiManagement/service/apim1"
APIM_INSTANCE_NAME = "apim1"
LOCATION = "West US"
RESOURCE_GROUP = "rg"
WORKSPACE_ID = f"/subscriptions/{AZURE_SUBSCRIPTION_ID}/resourcegroups/rg/providers/microsoft.operationalinsights/workspaces/loganalytics"
WORKSPACE_CUSTOMER_ID = "12345678-1234-1234-1234-1234567890ab"
@@ -323,3 +324,168 @@ class Test_APIM_Service(TestCase):
instance = apim.instances[AZURE_SUBSCRIPTION_ID][0]
result = apim.get_llm_operations_logs(AZURE_SUBSCRIPTION_ID, instance)
self.assertEqual(result, [{"log": "data"}])
class Test_APIM_get_instances:
def test_get_instances_no_resource_groups(self):
mock_instance = MagicMock()
mock_instance.id = APIM_INSTANCE_ID
mock_instance.name = APIM_INSTANCE_NAME
mock_instance.location = LOCATION
mock_client = MagicMock()
mock_client.api_management_service.list.return_value = [mock_instance]
mock_provider = mock.MagicMock()
mock_provider.identity = mock.MagicMock()
with (
patch(
"prowler.providers.azure.azure_provider.Provider.get_global_provider",
return_value=mock_provider,
),
patch(
"prowler.providers.azure.services.apim.apim_service.APIM._get_instances",
return_value={},
),
):
from prowler.providers.azure.services.apim.apim_service import APIM
apim = APIM(set_mocked_azure_provider())
apim.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
apim.resource_groups = None
with patch.object(apim, "_get_log_analytics_workspace_id", return_value=None):
result = apim._get_instances()
mock_client.api_management_service.list.assert_called_once()
mock_client.api_management_service.list_by_resource_group.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
assert len(result[AZURE_SUBSCRIPTION_ID]) == 1
assert result[AZURE_SUBSCRIPTION_ID][0].id == APIM_INSTANCE_ID
def test_get_instances_with_resource_group(self):
mock_instance = MagicMock()
mock_instance.id = APIM_INSTANCE_ID
mock_instance.name = APIM_INSTANCE_NAME
mock_instance.location = LOCATION
mock_client = MagicMock()
mock_client.api_management_service.list_by_resource_group.return_value = [
mock_instance
]
mock_provider = mock.MagicMock()
mock_provider.identity = mock.MagicMock()
with (
patch(
"prowler.providers.azure.azure_provider.Provider.get_global_provider",
return_value=mock_provider,
),
patch(
"prowler.providers.azure.services.apim.apim_service.APIM._get_instances",
return_value={},
),
):
from prowler.providers.azure.services.apim.apim_service import APIM
apim = APIM(set_mocked_azure_provider())
apim.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
apim.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
with patch.object(apim, "_get_log_analytics_workspace_id", return_value=None):
result = apim._get_instances()
mock_client.api_management_service.list_by_resource_group.assert_called_once_with(
resource_group_name=RESOURCE_GROUP
)
mock_client.api_management_service.list.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
assert len(result[AZURE_SUBSCRIPTION_ID]) == 1
assert result[AZURE_SUBSCRIPTION_ID][0].name == APIM_INSTANCE_NAME
def test_get_instances_empty_resource_group_for_subscription(self):
mock_client = MagicMock()
mock_provider = mock.MagicMock()
mock_provider.identity = mock.MagicMock()
with (
patch(
"prowler.providers.azure.azure_provider.Provider.get_global_provider",
return_value=mock_provider,
),
patch(
"prowler.providers.azure.services.apim.apim_service.APIM._get_instances",
return_value={},
),
):
from prowler.providers.azure.services.apim.apim_service import APIM
apim = APIM(set_mocked_azure_provider())
apim.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
apim.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
result = apim._get_instances()
mock_client.api_management_service.list_by_resource_group.assert_not_called()
mock_client.api_management_service.list.assert_not_called()
assert result[AZURE_SUBSCRIPTION_ID] == []
def test_get_instances_with_multiple_resource_groups(self):
mock_client = MagicMock()
mock_provider = mock.MagicMock()
mock_provider.identity = mock.MagicMock()
with (
patch(
"prowler.providers.azure.azure_provider.Provider.get_global_provider",
return_value=mock_provider,
),
patch(
"prowler.providers.azure.services.apim.apim_service.APIM._get_instances",
return_value={},
),
):
from prowler.providers.azure.services.apim.apim_service import APIM
apim = APIM(set_mocked_azure_provider())
apim.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
apim.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
with patch.object(apim, "_get_log_analytics_workspace_id", return_value=None):
result = apim._get_instances()
assert mock_client.api_management_service.list_by_resource_group.call_count == 2
assert AZURE_SUBSCRIPTION_ID in result
def test_get_instances_with_mixed_case_resource_group(self):
mock_client = MagicMock()
mock_provider = mock.MagicMock()
mock_provider.identity = mock.MagicMock()
with (
patch(
"prowler.providers.azure.azure_provider.Provider.get_global_provider",
return_value=mock_provider,
),
patch(
"prowler.providers.azure.services.apim.apim_service.APIM._get_instances",
return_value={},
),
):
from prowler.providers.azure.services.apim.apim_service import APIM
apim = APIM(set_mocked_azure_provider())
apim.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
apim.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
with patch.object(apim, "_get_log_analytics_workspace_id", return_value=None):
apim._get_instances()
mock_client.api_management_service.list_by_resource_group.assert_called_once_with(
resource_group_name="RG"
)
@@ -5,6 +5,8 @@ from azure.mgmt.web.models import ManagedServiceIdentity, SiteConfigResource
from tests.providers.azure.azure_fixtures import (
AZURE_SUBSCRIPTION_ID,
RESOURCE_GROUP,
RESOURCE_GROUP_LIST,
set_mocked_azure_provider,
)
@@ -244,3 +246,279 @@ class Test_App_Service:
].name
== "functionapp-1"
)
class Test_App_get_apps:
def test_get_apps_no_resource_groups(self):
mock_client = MagicMock()
mock_client.web_apps.list.return_value = []
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_azure_provider(),
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
):
from prowler.providers.azure.services.app.app_service import App
app = App(set_mocked_azure_provider())
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
app.resource_groups = None
result = app._get_apps()
mock_client.web_apps.list.assert_called_once()
mock_client.web_apps.list_by_resource_group.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_apps_with_resource_group(self):
mock_client = MagicMock()
mock_client.web_apps.list_by_resource_group.return_value = []
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_azure_provider(),
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
):
from prowler.providers.azure.services.app.app_service import App
app = App(set_mocked_azure_provider())
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
app.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
result = app._get_apps()
mock_client.web_apps.list_by_resource_group.assert_called_once_with(
resource_group_name=RESOURCE_GROUP
)
mock_client.web_apps.list.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_apps_empty_resource_group_for_subscription(self):
mock_client = MagicMock()
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_azure_provider(),
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
):
from prowler.providers.azure.services.app.app_service import App
app = App(set_mocked_azure_provider())
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
app.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
result = app._get_apps()
mock_client.web_apps.list_by_resource_group.assert_not_called()
mock_client.web_apps.list.assert_not_called()
assert result[AZURE_SUBSCRIPTION_ID] == {}
class Test_App_get_functions:
def test_get_functions_no_resource_groups(self):
mock_client = MagicMock()
mock_client.web_apps.list.return_value = []
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_azure_provider(),
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
):
from prowler.providers.azure.services.app.app_service import App
app = App(set_mocked_azure_provider())
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
app.resource_groups = None
result = app._get_functions()
mock_client.web_apps.list.assert_called_once()
mock_client.web_apps.list_by_resource_group.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_functions_with_resource_group(self):
mock_client = MagicMock()
mock_client.web_apps.list_by_resource_group.return_value = []
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_azure_provider(),
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
):
from prowler.providers.azure.services.app.app_service import App
app = App(set_mocked_azure_provider())
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
app.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
result = app._get_functions()
mock_client.web_apps.list_by_resource_group.assert_called_once_with(
resource_group_name=RESOURCE_GROUP
)
mock_client.web_apps.list.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_functions_empty_resource_group_for_subscription(self):
mock_client = MagicMock()
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_azure_provider(),
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
):
from prowler.providers.azure.services.app.app_service import App
app = App(set_mocked_azure_provider())
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
app.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
result = app._get_functions()
mock_client.web_apps.list_by_resource_group.assert_not_called()
mock_client.web_apps.list.assert_not_called()
assert result[AZURE_SUBSCRIPTION_ID] == {}
def test_get_apps_with_multiple_resource_groups(self):
mock_client = MagicMock()
mock_client.web_apps.list_by_resource_group.return_value = []
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_azure_provider(),
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
):
from prowler.providers.azure.services.app.app_service import App
app = App(set_mocked_azure_provider())
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
app.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
result = app._get_apps()
assert mock_client.web_apps.list_by_resource_group.call_count == 2
assert AZURE_SUBSCRIPTION_ID in result
def test_get_apps_with_mixed_case_resource_group(self):
mock_client = MagicMock()
mock_client.web_apps.list_by_resource_group.return_value = []
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_azure_provider(),
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
):
from prowler.providers.azure.services.app.app_service import App
app = App(set_mocked_azure_provider())
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
app.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
app._get_apps()
mock_client.web_apps.list_by_resource_group.assert_called_once_with(
resource_group_name="RG"
)
class Test_App_get_functions_extra:
def test_get_functions_with_multiple_resource_groups(self):
mock_client = MagicMock()
mock_client.web_apps.list_by_resource_group.return_value = []
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_azure_provider(),
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
):
from prowler.providers.azure.services.app.app_service import App
app = App(set_mocked_azure_provider())
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
app.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
result = app._get_functions()
assert mock_client.web_apps.list_by_resource_group.call_count == 2
assert AZURE_SUBSCRIPTION_ID in result
def test_get_functions_with_mixed_case_resource_group(self):
mock_client = MagicMock()
mock_client.web_apps.list_by_resource_group.return_value = []
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_azure_provider(),
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
):
from prowler.providers.azure.services.app.app_service import App
app = App(set_mocked_azure_provider())
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
app.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
app._get_functions()
mock_client.web_apps.list_by_resource_group.assert_called_once_with(
resource_group_name="RG"
)
@@ -1,4 +1,4 @@
from unittest.mock import patch
from unittest.mock import MagicMock, patch
from prowler.providers.azure.services.appinsights.appinsights_service import (
AppInsights,
@@ -6,6 +6,8 @@ from prowler.providers.azure.services.appinsights.appinsights_service import (
)
from tests.providers.azure.azure_fixtures import (
AZURE_SUBSCRIPTION_ID,
RESOURCE_GROUP,
RESOURCE_GROUP_LIST,
set_mocked_azure_provider,
)
@@ -54,3 +56,121 @@ class Test_AppInsights_Service:
appinsights.components[AZURE_SUBSCRIPTION_ID]["app_id-1"].location
== "westeurope"
)
class Test_AppInsights_get_components:
def test_get_components_no_resource_groups(self):
mock_component = MagicMock()
mock_component.app_id = "comp-app-id"
mock_component.id = "/subscriptions/sub/rg/appinsights"
mock_component.name = "ai-component"
mock_component.location = "westeurope"
mock_component.instrumentation_key = "ikey-123"
mock_client = MagicMock()
mock_client.components = MagicMock()
mock_client.components.list.return_value = [mock_component]
with patch(
"prowler.providers.azure.services.appinsights.appinsights_service.AppInsights._get_components",
return_value={},
):
app_insights = AppInsights(set_mocked_azure_provider())
app_insights.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
app_insights.resource_groups = None
result = app_insights._get_components()
mock_client.components.list.assert_called_once()
mock_client.components.list_by_resource_group.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
assert "comp-app-id" in result[AZURE_SUBSCRIPTION_ID]
def test_get_components_with_resource_group(self):
mock_component = MagicMock()
mock_component.app_id = "comp-app-id"
mock_component.id = "/subscriptions/sub/rg/appinsights"
mock_component.name = "ai-component"
mock_component.location = "westeurope"
mock_component.instrumentation_key = "ikey-123"
mock_client = MagicMock()
mock_client.components = MagicMock()
mock_client.components.list_by_resource_group.return_value = [mock_component]
with patch(
"prowler.providers.azure.services.appinsights.appinsights_service.AppInsights._get_components",
return_value={},
):
app_insights = AppInsights(set_mocked_azure_provider())
app_insights.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
app_insights.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
result = app_insights._get_components()
mock_client.components.list_by_resource_group.assert_called_once_with(
resource_group_name=RESOURCE_GROUP
)
mock_client.components.list.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
assert "comp-app-id" in result[AZURE_SUBSCRIPTION_ID]
def test_get_components_empty_resource_group_for_subscription(self):
mock_client = MagicMock()
mock_client.components = MagicMock()
with patch(
"prowler.providers.azure.services.appinsights.appinsights_service.AppInsights._get_components",
return_value={},
):
app_insights = AppInsights(set_mocked_azure_provider())
app_insights.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
app_insights.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
result = app_insights._get_components()
mock_client.components.list_by_resource_group.assert_not_called()
mock_client.components.list.assert_not_called()
assert result[AZURE_SUBSCRIPTION_ID] == {}
def test_get_components_with_multiple_resource_groups(self):
mock_client = MagicMock()
mock_client.components = MagicMock()
mock_client.components.list_by_resource_group.return_value = []
with patch(
"prowler.providers.azure.services.appinsights.appinsights_service.AppInsights._get_components",
return_value={},
):
app_insights = AppInsights(set_mocked_azure_provider())
app_insights.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
app_insights.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
result = app_insights._get_components()
assert mock_client.components.list_by_resource_group.call_count == 2
assert AZURE_SUBSCRIPTION_ID in result
def test_get_components_with_mixed_case_resource_group(self):
mock_client = MagicMock()
mock_client.components = MagicMock()
mock_client.components.list_by_resource_group.return_value = []
with patch(
"prowler.providers.azure.services.appinsights.appinsights_service.AppInsights._get_components",
return_value={},
):
app_insights = AppInsights(set_mocked_azure_provider())
app_insights.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
app_insights.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
app_insights._get_components()
mock_client.components.list_by_resource_group.assert_called_once_with(
resource_group_name="RG"
)
@@ -3,6 +3,8 @@ from uuid import uuid4
from tests.providers.azure.azure_fixtures import (
AZURE_SUBSCRIPTION_ID,
RESOURCE_GROUP,
RESOURCE_GROUP_LIST,
set_mocked_azure_provider,
)
@@ -89,3 +91,208 @@ class TestContainerRegistryService:
assert monitor_setting["logs"][0]["enabled"] is True
assert monitor_setting["logs"][1]["category"] == "AdminLogs"
assert monitor_setting["logs"][1]["enabled"] is False
class Test_ContainerRegistry_get_registries:
def test_get_container_registries_no_resource_groups(self):
from unittest.mock import MagicMock, patch
mock_client = MagicMock()
mock_client.registries.list.return_value = []
mock_provider = MagicMock()
mock_provider.identity = MagicMock()
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=mock_provider,
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
patch(
"prowler.providers.azure.services.containerregistry.containerregistry_service.ContainerRegistry._get_container_registries",
return_value={},
),
):
from prowler.providers.azure.services.containerregistry.containerregistry_service import (
ContainerRegistry,
)
cr = ContainerRegistry(set_mocked_azure_provider())
cr.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
cr.resource_groups = None
with patch(
"prowler.providers.azure.services.containerregistry.containerregistry_service.monitor_client"
):
result = cr._get_container_registries()
mock_client.registries.list.assert_called_once()
mock_client.registries.list_by_resource_group.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_container_registries_with_resource_group(self):
from unittest.mock import MagicMock, patch
mock_client = MagicMock()
mock_client.registries.list_by_resource_group.return_value = []
mock_provider = MagicMock()
mock_provider.identity = MagicMock()
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=mock_provider,
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
patch(
"prowler.providers.azure.services.containerregistry.containerregistry_service.ContainerRegistry._get_container_registries",
return_value={},
),
):
from prowler.providers.azure.services.containerregistry.containerregistry_service import (
ContainerRegistry,
)
cr = ContainerRegistry(set_mocked_azure_provider())
cr.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
cr.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
with patch(
"prowler.providers.azure.services.containerregistry.containerregistry_service.monitor_client"
):
result = cr._get_container_registries()
mock_client.registries.list_by_resource_group.assert_called_once_with(
resource_group_name=RESOURCE_GROUP
)
mock_client.registries.list.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_container_registries_empty_resource_group_for_subscription(self):
from unittest.mock import MagicMock, patch
mock_client = MagicMock()
mock_provider = MagicMock()
mock_provider.identity = MagicMock()
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=mock_provider,
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
patch(
"prowler.providers.azure.services.containerregistry.containerregistry_service.ContainerRegistry._get_container_registries",
return_value={},
),
):
from prowler.providers.azure.services.containerregistry.containerregistry_service import (
ContainerRegistry,
)
cr = ContainerRegistry(set_mocked_azure_provider())
cr.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
cr.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
with patch(
"prowler.providers.azure.services.containerregistry.containerregistry_service.monitor_client"
):
result = cr._get_container_registries()
mock_client.registries.list_by_resource_group.assert_not_called()
mock_client.registries.list.assert_not_called()
assert result[AZURE_SUBSCRIPTION_ID] == {}
def test_get_container_registries_with_multiple_resource_groups(self):
from unittest.mock import MagicMock, patch
mock_client = MagicMock()
mock_client.registries.list_by_resource_group.return_value = []
mock_provider = MagicMock()
mock_provider.identity = MagicMock()
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=mock_provider,
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
patch(
"prowler.providers.azure.services.containerregistry.containerregistry_service.ContainerRegistry._get_container_registries",
return_value={},
),
):
from prowler.providers.azure.services.containerregistry.containerregistry_service import (
ContainerRegistry,
)
cr = ContainerRegistry(set_mocked_azure_provider())
cr.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
cr.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
with patch(
"prowler.providers.azure.services.containerregistry.containerregistry_service.monitor_client"
):
result = cr._get_container_registries()
assert mock_client.registries.list_by_resource_group.call_count == len(
RESOURCE_GROUP_LIST
)
mock_client.registries.list.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_container_registries_with_mixed_case_resource_group(self):
from unittest.mock import MagicMock, patch
mock_client = MagicMock()
mock_client.registries.list_by_resource_group.return_value = []
mock_provider = MagicMock()
mock_provider.identity = MagicMock()
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=mock_provider,
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
patch(
"prowler.providers.azure.services.containerregistry.containerregistry_service.ContainerRegistry._get_container_registries",
return_value={},
),
):
from prowler.providers.azure.services.containerregistry.containerregistry_service import (
ContainerRegistry,
)
cr = ContainerRegistry(set_mocked_azure_provider())
cr.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
cr.resource_groups = {AZURE_SUBSCRIPTION_ID: ["MyRegistry-RG"]}
with patch(
"prowler.providers.azure.services.containerregistry.containerregistry_service.monitor_client"
):
cr._get_container_registries()
mock_client.registries.list_by_resource_group.assert_called_once_with(
resource_group_name="MyRegistry-RG"
)
@@ -1,8 +1,10 @@
from unittest.mock import patch
from unittest.mock import MagicMock, patch
from prowler.providers.azure.services.cosmosdb.cosmosdb_service import Account, CosmosDB
from tests.providers.azure.azure_fixtures import (
AZURE_SUBSCRIPTION_ID,
RESOURCE_GROUP,
RESOURCE_GROUP_LIST,
set_mocked_azure_provider,
)
@@ -133,3 +135,114 @@ class Test_CosmosDB_Service_None_Handling:
== "Microsoft.Network/privateEndpoints"
)
assert account.disable_local_auth is True
class Test_CosmosDB_get_accounts:
def test_get_accounts_no_resource_groups(self):
mock_client = MagicMock()
mock_client.database_accounts.list.return_value = []
with patch(
"prowler.providers.azure.services.cosmosdb.cosmosdb_service.CosmosDB._get_accounts",
return_value={},
):
cosmosdb = CosmosDB(set_mocked_azure_provider())
cosmosdb.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
cosmosdb.resource_groups = None
result = cosmosdb._get_accounts()
mock_client.database_accounts.list.assert_called_once()
mock_client.database_accounts.list_by_resource_group.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_accounts_with_resource_group(self):
mock_account = MagicMock()
mock_account.id = "account-id"
mock_account.name = "my-cosmos"
mock_account.kind = "GlobalDocumentDB"
mock_account.location = "eastus"
mock_account.type = "Microsoft.DocumentDB/databaseAccounts"
mock_account.tags = {}
mock_account.is_virtual_network_filter_enabled = False
mock_account.private_endpoint_connections = []
mock_account.disable_local_auth = False
mock_client = MagicMock()
mock_client.database_accounts.list_by_resource_group.return_value = [
mock_account
]
with patch(
"prowler.providers.azure.services.cosmosdb.cosmosdb_service.CosmosDB._get_accounts",
return_value={},
):
cosmosdb = CosmosDB(set_mocked_azure_provider())
cosmosdb.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
cosmosdb.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
result = cosmosdb._get_accounts()
mock_client.database_accounts.list_by_resource_group.assert_called_once_with(
resource_group_name=RESOURCE_GROUP
)
mock_client.database_accounts.list.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
assert len(result[AZURE_SUBSCRIPTION_ID]) == 1
def test_get_accounts_empty_resource_group_for_subscription(self):
mock_client = MagicMock()
with patch(
"prowler.providers.azure.services.cosmosdb.cosmosdb_service.CosmosDB._get_accounts",
return_value={},
):
cosmosdb = CosmosDB(set_mocked_azure_provider())
cosmosdb.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
cosmosdb.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
result = cosmosdb._get_accounts()
mock_client.database_accounts.list_by_resource_group.assert_not_called()
mock_client.database_accounts.list.assert_not_called()
assert result[AZURE_SUBSCRIPTION_ID] == []
def test_get_accounts_with_multiple_resource_groups(self):
mock_client = MagicMock()
mock_client.database_accounts.list_by_resource_group.return_value = []
with patch(
"prowler.providers.azure.services.cosmosdb.cosmosdb_service.CosmosDB._get_accounts",
return_value={},
):
cosmosdb = CosmosDB(set_mocked_azure_provider())
cosmosdb.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
cosmosdb.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
result = cosmosdb._get_accounts()
assert mock_client.database_accounts.list_by_resource_group.call_count == 2
assert AZURE_SUBSCRIPTION_ID in result
def test_get_accounts_with_mixed_case_resource_group(self):
mock_client = MagicMock()
mock_client.database_accounts.list_by_resource_group.return_value = []
with patch(
"prowler.providers.azure.services.cosmosdb.cosmosdb_service.CosmosDB._get_accounts",
return_value={},
):
cosmosdb = CosmosDB(set_mocked_azure_provider())
cosmosdb.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
cosmosdb.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
cosmosdb._get_accounts()
mock_client.database_accounts.list_by_resource_group.assert_called_once_with(
resource_group_name="RG"
)
@@ -1,4 +1,4 @@
from unittest.mock import patch
from unittest.mock import MagicMock, patch
from prowler.providers.azure.services.databricks.databricks_service import (
Databricks,
@@ -7,6 +7,8 @@ from prowler.providers.azure.services.databricks.databricks_service import (
)
from tests.providers.azure.azure_fixtures import (
AZURE_SUBSCRIPTION_ID,
RESOURCE_GROUP,
RESOURCE_GROUP_LIST,
set_mocked_azure_provider,
)
@@ -94,3 +96,123 @@ class Test_Databricks_Service_No_Encryption:
assert workspace.location == "eastus"
assert workspace.custom_managed_vnet_id == "test-vnet-id"
assert workspace.managed_disk_encryption is None
class Test_Databricks_get_workspaces:
def test_get_workspaces_no_resource_groups(self):
mock_workspace = MagicMock()
mock_workspace.id = "ws-id-1"
mock_workspace.name = "my-workspace"
mock_workspace.location = "eastus"
mock_workspace.parameters = None
mock_workspace.encryption = None
mock_workspace.public_network_access = None
mock_client = MagicMock()
mock_client.workspaces = MagicMock()
mock_client.workspaces.list_by_subscription.return_value = [mock_workspace]
with patch(
"prowler.providers.azure.services.databricks.databricks_service.Databricks._get_workspaces",
return_value={},
):
databricks = Databricks(set_mocked_azure_provider())
databricks.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
databricks.resource_groups = None
result = databricks._get_workspaces()
mock_client.workspaces.list_by_subscription.assert_called_once()
mock_client.workspaces.list_by_resource_group.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
assert "ws-id-1" in result[AZURE_SUBSCRIPTION_ID]
def test_get_workspaces_with_resource_group(self):
mock_workspace = MagicMock()
mock_workspace.id = "ws-id-1"
mock_workspace.name = "my-workspace"
mock_workspace.location = "eastus"
mock_workspace.parameters = None
mock_workspace.encryption = None
mock_workspace.public_network_access = None
mock_client = MagicMock()
mock_client.workspaces = MagicMock()
mock_client.workspaces.list_by_resource_group.return_value = [mock_workspace]
with patch(
"prowler.providers.azure.services.databricks.databricks_service.Databricks._get_workspaces",
return_value={},
):
databricks = Databricks(set_mocked_azure_provider())
databricks.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
databricks.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
result = databricks._get_workspaces()
mock_client.workspaces.list_by_resource_group.assert_called_once_with(
resource_group_name=RESOURCE_GROUP
)
mock_client.workspaces.list_by_subscription.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
assert "ws-id-1" in result[AZURE_SUBSCRIPTION_ID]
def test_get_workspaces_empty_resource_group_for_subscription(self):
mock_client = MagicMock()
mock_client.workspaces = MagicMock()
with patch(
"prowler.providers.azure.services.databricks.databricks_service.Databricks._get_workspaces",
return_value={},
):
databricks = Databricks(set_mocked_azure_provider())
databricks.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
databricks.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
result = databricks._get_workspaces()
mock_client.workspaces.list_by_resource_group.assert_not_called()
mock_client.workspaces.list_by_subscription.assert_not_called()
assert result[AZURE_SUBSCRIPTION_ID] == {}
def test_get_workspaces_with_multiple_resource_groups(self):
mock_client = MagicMock()
mock_client.workspaces = MagicMock()
mock_client.workspaces.list_by_resource_group.return_value = []
with patch(
"prowler.providers.azure.services.databricks.databricks_service.Databricks._get_workspaces",
return_value={},
):
databricks = Databricks(set_mocked_azure_provider())
databricks.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
databricks.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
result = databricks._get_workspaces()
assert mock_client.workspaces.list_by_resource_group.call_count == 2
assert AZURE_SUBSCRIPTION_ID in result
def test_get_workspaces_with_mixed_case_resource_group(self):
mock_client = MagicMock()
mock_client.workspaces = MagicMock()
mock_client.workspaces.list_by_resource_group.return_value = []
with patch(
"prowler.providers.azure.services.databricks.databricks_service.Databricks._get_workspaces",
return_value={},
):
databricks = Databricks(set_mocked_azure_provider())
databricks.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
databricks.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
databricks._get_workspaces()
mock_client.workspaces.list_by_resource_group.assert_called_once_with(
resource_group_name="RG"
)
@@ -16,6 +16,7 @@ from tests.providers.azure.azure_fixtures import (
class Test_defender_additional_email_configured_with_a_security_contact:
def test_defender_no_subscriptions(self):
defender_client = mock.MagicMock()
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.security_contact_configurations = {}
@@ -40,6 +41,7 @@ class Test_defender_additional_email_configured_with_a_security_contact:
def test_defender_no_additional_emails(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock()
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.security_contact_configurations = {
AZURE_SUBSCRIPTION_ID: {
@@ -87,6 +89,7 @@ class Test_defender_additional_email_configured_with_a_security_contact:
def test_defender_additional_email_configured(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock()
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.security_contact_configurations = {
AZURE_SUBSCRIPTION_ID: {
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
class Test_defender_assessments_vm_endpoint_protection_installed:
def test_defender_no_subscriptions(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.assessments = {}
@@ -36,6 +37,7 @@ class Test_defender_assessments_vm_endpoint_protection_installed:
def test_defender_subscriptions_with_no_assessments(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.assessments = {AZURE_SUBSCRIPTION_ID: {}}
@@ -59,6 +61,7 @@ class Test_defender_assessments_vm_endpoint_protection_installed:
def test_defender_subscriptions_with_healthy_assessments(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
resource_id = str(uuid4())
defender_client.assessments = {
@@ -98,6 +101,7 @@ class Test_defender_assessments_vm_endpoint_protection_installed:
def test_defender_subscriptions_with_unhealthy_assessments(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
resource_id = str(uuid4())
defender_client.assessments = {
@@ -16,6 +16,7 @@ from tests.providers.azure.azure_fixtures import (
class Test_defender_attack_path_notifications_properly_configured:
def test_no_subscriptions(self):
defender_client = mock.MagicMock()
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.security_contact_configurations = {}
defender_client.audit_config = {}
@@ -41,6 +42,7 @@ class Test_defender_attack_path_notifications_properly_configured:
resource_id = str(uuid4())
contact_name = "default"
defender_client = mock.MagicMock()
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.security_contact_configurations = {
AZURE_SUBSCRIPTION_ID: {
@@ -89,6 +91,7 @@ class Test_defender_attack_path_notifications_properly_configured:
resource_id = str(uuid4())
contact_name = "default"
defender_client = mock.MagicMock()
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.security_contact_configurations = {
AZURE_SUBSCRIPTION_ID: {
@@ -139,6 +142,7 @@ class Test_defender_attack_path_notifications_properly_configured:
resource_id = str(uuid4())
contact_name = "default"
defender_client = mock.MagicMock()
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.security_contact_configurations = {
AZURE_SUBSCRIPTION_ID: {
@@ -189,6 +193,7 @@ class Test_defender_attack_path_notifications_properly_configured:
resource_id = str(uuid4())
contact_name = "default"
defender_client = mock.MagicMock()
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.security_contact_configurations = {
AZURE_SUBSCRIPTION_ID: {
@@ -237,6 +242,7 @@ class Test_defender_attack_path_notifications_properly_configured:
resource_id = str(uuid4())
contact_name = "default"
defender_client = mock.MagicMock()
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.security_contact_configurations = {
AZURE_SUBSCRIPTION_ID: {
@@ -285,6 +291,7 @@ class Test_defender_attack_path_notifications_properly_configured:
resource_id = str(uuid4())
contact_name = "default"
defender_client = mock.MagicMock()
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.security_contact_configurations = {
AZURE_SUBSCRIPTION_ID: {
@@ -333,6 +340,7 @@ class Test_defender_attack_path_notifications_properly_configured:
resource_id = str(uuid4())
contact_name = "default"
defender_client = mock.MagicMock()
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.security_contact_configurations = {
AZURE_SUBSCRIPTION_ID: {
@@ -15,6 +15,7 @@ from tests.providers.azure.azure_fixtures import (
class Test_defender_auto_provisioning_log_analytics_agent_vms_on:
def test_defender_no_app_services(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.auto_provisioning_settings = {}
@@ -39,6 +40,7 @@ class Test_defender_auto_provisioning_log_analytics_agent_vms_on:
def test_defender_auto_provisioning_log_analytics_off(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.auto_provisioning_settings = {
AZURE_SUBSCRIPTION_ID: {
@@ -80,6 +82,7 @@ class Test_defender_auto_provisioning_log_analytics_agent_vms_on:
def test_defender_auto_provisioning_log_analytics_on(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.auto_provisioning_settings = {
AZURE_SUBSCRIPTION_ID: {
@@ -121,6 +124,7 @@ class Test_defender_auto_provisioning_log_analytics_agent_vms_on:
def test_defender_auto_provisioning_log_analytics_on_and_off(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.auto_provisioning_settings = {
AZURE_SUBSCRIPTION_ID: {
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
class Test_defender_auto_provisioning_vulnerabilty_assessments_machines_on:
def test_defender_no_app_services(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.assessments = {}
@@ -37,6 +38,7 @@ class Test_defender_auto_provisioning_vulnerabilty_assessments_machines_on:
def test_defender_machines_no_vulnerability_assessment_solution(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.assessments = {
AZURE_SUBSCRIPTION_ID: {
@@ -77,6 +79,7 @@ class Test_defender_auto_provisioning_vulnerabilty_assessments_machines_on:
def test_defender_machines_vulnerability_assessment_solution(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.assessments = {
AZURE_SUBSCRIPTION_ID: {
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
class Test_defender_container_images_resolved_vulnerabilities:
def test_defender_no_subscriptions(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.assessments = {}
@@ -36,6 +37,7 @@ class Test_defender_container_images_resolved_vulnerabilities:
def test_defender_subscription_empty(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.assessments = {AZURE_SUBSCRIPTION_ID: {}}
@@ -59,6 +61,7 @@ class Test_defender_container_images_resolved_vulnerabilities:
def test_defender_subscription_no_assesment(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.assessments = {
AZURE_SUBSCRIPTION_ID: {
@@ -90,6 +93,7 @@ class Test_defender_container_images_resolved_vulnerabilities:
def test_defender_subscription_assesment_unhealthy(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.assessments = {
AZURE_SUBSCRIPTION_ID: {
@@ -139,6 +143,7 @@ class Test_defender_container_images_resolved_vulnerabilities:
def test_defender_subscription_assesment_healthy(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.assessments = {
AZURE_SUBSCRIPTION_ID: {
@@ -188,6 +193,7 @@ class Test_defender_container_images_resolved_vulnerabilities:
def test_defender_subscription_assesment_not_applicable(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.assessments = {
AZURE_SUBSCRIPTION_ID: {
@@ -14,6 +14,7 @@ from tests.providers.azure.azure_fixtures import (
class Test_defender_container_images_scan_enabled:
def test_defender_no_subscriptions(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {}
@@ -37,6 +38,7 @@ class Test_defender_container_images_scan_enabled:
def test_defender_subscription_empty(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {AZURE_SUBSCRIPTION_ID: {}}
@@ -60,6 +62,7 @@ class Test_defender_container_images_scan_enabled:
def test_defender_subscription_no_containers(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {
AZURE_SUBSCRIPTION_ID: {
@@ -92,6 +95,7 @@ class Test_defender_container_images_scan_enabled:
def test_defender_subscription_containers_no_extensions(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {
AZURE_SUBSCRIPTION_ID: {
@@ -137,6 +141,7 @@ class Test_defender_container_images_scan_enabled:
def test_defender_subscription_containers_container_images_scan_off(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {
AZURE_SUBSCRIPTION_ID: {
@@ -182,6 +187,7 @@ class Test_defender_container_images_scan_enabled:
def test_defender_subscription_containers_container_images_scan_on(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {
AZURE_SUBSCRIPTION_ID: {
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
class Test_defender_ensure_defender_for_app_services_is_on:
def test_defender_no_app_services(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {}
@@ -37,6 +38,7 @@ class Test_defender_ensure_defender_for_app_services_is_on:
def test_defender_app_services_pricing_tier_not_standard(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {
AZURE_SUBSCRIPTION_ID: {
@@ -78,6 +80,7 @@ class Test_defender_ensure_defender_for_app_services_is_on:
def test_defender_app_services_pricing_tier_standard(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {
AZURE_SUBSCRIPTION_ID: {
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
class Test_defender_ensure_defender_for_arm_is_on:
def test_defender_no_arm(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {}
@@ -37,6 +38,7 @@ class Test_defender_ensure_defender_for_arm_is_on:
def test_defender_arm_pricing_tier_not_standard(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {
AZURE_SUBSCRIPTION_ID: {
@@ -78,6 +80,7 @@ class Test_defender_ensure_defender_for_arm_is_on:
def test_defender_arm_pricing_tier_standard(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {
AZURE_SUBSCRIPTION_ID: {
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
class Test_defender_ensure_defender_for_azure_sql_databases_is_on:
def test_defender_no_sql_databases(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {}
@@ -37,6 +38,7 @@ class Test_defender_ensure_defender_for_azure_sql_databases_is_on:
def test_defender_sql_databases_pricing_tier_not_standard(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {
AZURE_SUBSCRIPTION_ID: {
@@ -78,6 +80,7 @@ class Test_defender_ensure_defender_for_azure_sql_databases_is_on:
def test_defender_sql_databases_pricing_tier_standard(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {
AZURE_SUBSCRIPTION_ID: {
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
class Test_defender_ensure_defender_for_containers_is_on:
def test_defender_no_container_registries(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {}
@@ -37,6 +38,7 @@ class Test_defender_ensure_defender_for_containers_is_on:
def test_defender_container_registries_pricing_tier_not_standard(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {
AZURE_SUBSCRIPTION_ID: {
@@ -78,6 +80,7 @@ class Test_defender_ensure_defender_for_containers_is_on:
def test_defender_container_registries_pricing_tier_standard(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {
AZURE_SUBSCRIPTION_ID: {
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
class Test_defender_ensure_defender_for_cosmosdb_is_on:
def test_defender_no_cosmosdb(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {}
@@ -37,6 +38,7 @@ class Test_defender_ensure_defender_for_cosmosdb_is_on:
def test_defender_cosmosdb_pricing_tier_not_standard(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {
AZURE_SUBSCRIPTION_ID: {
@@ -78,6 +80,7 @@ class Test_defender_ensure_defender_for_cosmosdb_is_on:
def test_defender_cosmosdb_pricing_tier_standard(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {
AZURE_SUBSCRIPTION_ID: {
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
class Test_defender_ensure_defender_for_databases_is_on:
def test_defender_no_databases(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {}
@@ -37,6 +38,7 @@ class Test_defender_ensure_defender_for_databases_is_on:
def test_defender_databases_sql_servers(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {
AZURE_SUBSCRIPTION_ID: {
@@ -70,6 +72,7 @@ class Test_defender_ensure_defender_for_databases_is_on:
def test_defender_databases_sql_server_virtual_machines(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {
AZURE_SUBSCRIPTION_ID: {
@@ -103,6 +106,7 @@ class Test_defender_ensure_defender_for_databases_is_on:
def test_defender_databases_open_source_relation_databases(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {
AZURE_SUBSCRIPTION_ID: {
@@ -136,6 +140,7 @@ class Test_defender_ensure_defender_for_databases_is_on:
def test_defender_databases_cosmosdbs(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {
AZURE_SUBSCRIPTION_ID: {
@@ -169,6 +174,7 @@ class Test_defender_ensure_defender_for_databases_is_on:
def test_defender_databases_all_standard(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {
AZURE_SUBSCRIPTION_ID: {
@@ -228,6 +234,7 @@ class Test_defender_ensure_defender_for_databases_is_on:
def test_defender_databases_cosmosdb_not_standard(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {
AZURE_SUBSCRIPTION_ID: {
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
class Test_defender_ensure_defender_for_dns_is_on:
def test_defender_no_dns(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {}
@@ -37,6 +38,7 @@ class Test_defender_ensure_defender_for_dns_is_on:
def test_defender_dns_pricing_tier_not_standard(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {
AZURE_SUBSCRIPTION_ID: {
@@ -78,6 +80,7 @@ class Test_defender_ensure_defender_for_dns_is_on:
def test_defender_dns_pricing_tier_standard(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {
AZURE_SUBSCRIPTION_ID: {
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
class Test_defender_ensure_defender_for_keyvault_is_on:
def test_defender_no_keyvaults(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {}
@@ -37,6 +38,7 @@ class Test_defender_ensure_defender_for_keyvault_is_on:
def test_defender_keyvaults_pricing_tier_not_standard(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {
AZURE_SUBSCRIPTION_ID: {
@@ -78,6 +80,7 @@ class Test_defender_ensure_defender_for_keyvault_is_on:
def test_defender_keyvaults_pricing_tier_standard(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {
AZURE_SUBSCRIPTION_ID: {
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
class Test_defender_ensure_defender_for_os_relational_databases_is_on:
def test_defender_no_os_relational_databases(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {}
@@ -37,6 +38,7 @@ class Test_defender_ensure_defender_for_os_relational_databases_is_on:
def test_defender_os_relational_databases_pricing_tier_not_standard(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {
AZURE_SUBSCRIPTION_ID: {
@@ -81,6 +83,7 @@ class Test_defender_ensure_defender_for_os_relational_databases_is_on:
def test_defender_os_relational_databases_pricing_tier_standard(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {
AZURE_SUBSCRIPTION_ID: {
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
class Test_defender_ensure_defender_for_server_is_on:
def test_defender_no_server(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {}
@@ -37,6 +38,7 @@ class Test_defender_ensure_defender_for_server_is_on:
def test_defender_server_pricing_tier_not_standard(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {
AZURE_SUBSCRIPTION_ID: {
@@ -78,6 +80,7 @@ class Test_defender_ensure_defender_for_server_is_on:
def test_defender_server_pricing_tier_standard(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {
AZURE_SUBSCRIPTION_ID: {
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
class Test_defender_ensure_defender_for_sql_servers_is_on:
def test_defender_no_server(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {}
@@ -37,6 +38,7 @@ class Test_defender_ensure_defender_for_sql_servers_is_on:
def test_defender_server_pricing_tier_not_standard(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {
AZURE_SUBSCRIPTION_ID: {
@@ -78,6 +80,7 @@ class Test_defender_ensure_defender_for_sql_servers_is_on:
def test_defender_server_pricing_tier_standard(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {
AZURE_SUBSCRIPTION_ID: {
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
class Test_defender_ensure_defender_for_storage_is_on:
def test_defender_no_server(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {}
@@ -37,6 +38,7 @@ class Test_defender_ensure_defender_for_storage_is_on:
def test_defender_server_pricing_tier_not_standard(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {
AZURE_SUBSCRIPTION_ID: {
@@ -78,6 +80,7 @@ class Test_defender_ensure_defender_for_storage_is_on:
def test_defender_server_pricing_tier_standard(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.pricings = {
AZURE_SUBSCRIPTION_ID: {
@@ -15,6 +15,7 @@ from tests.providers.azure.azure_fixtures import (
class Test_defender_ensure_iot_hub_defender_is_on:
def test_defender_no_subscriptions(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.iot_security_solutions = {}
@@ -38,6 +39,7 @@ class Test_defender_ensure_iot_hub_defender_is_on:
def test_defender_no_iot_hub_solutions(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.iot_security_solutions = {AZURE_SUBSCRIPTION_ID: {}}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
@@ -69,6 +71,7 @@ class Test_defender_ensure_iot_hub_defender_is_on:
def test_defender_iot_hub_solution_disabled(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.iot_security_solutions = {
AZURE_SUBSCRIPTION_ID: {
@@ -106,6 +109,7 @@ class Test_defender_ensure_iot_hub_defender_is_on:
def test_defender_iot_hub_solution_enabled(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.iot_security_solutions = {
AZURE_SUBSCRIPTION_ID: {
@@ -145,6 +149,7 @@ class Test_defender_ensure_iot_hub_defender_is_on:
resource_id_enabled = str(uuid4())
resource_id_disabled = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.iot_security_solutions = {
AZURE_SUBSCRIPTION_ID: {
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
class Test_defender_ensure_mcas_is_enabled:
def test_defender_no_settings(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.settings = {}
@@ -37,6 +38,7 @@ class Test_defender_ensure_mcas_is_enabled:
def test_defender_mcas_disabled(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.settings = {
AZURE_SUBSCRIPTION_ID: {
@@ -79,6 +81,7 @@ class Test_defender_ensure_mcas_is_enabled:
def test_defender_mcas_enabled(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.settings = {
AZURE_SUBSCRIPTION_ID: {
@@ -120,6 +123,7 @@ class Test_defender_ensure_mcas_is_enabled:
def test_defender_mcas_no_settings(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.settings = {AZURE_SUBSCRIPTION_ID: {}}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
@@ -16,6 +16,7 @@ from tests.providers.azure.azure_fixtures import (
class Test_defender_ensure_notify_alerts_severity_is_high:
def test_defender_no_subscriptions(self):
defender_client = mock.MagicMock()
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.security_contact_configurations = {}
@@ -40,6 +41,7 @@ class Test_defender_ensure_notify_alerts_severity_is_high:
def test_defender_severity_alerts_critical(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock()
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.security_contact_configurations = {
AZURE_SUBSCRIPTION_ID: {
@@ -87,6 +89,7 @@ class Test_defender_ensure_notify_alerts_severity_is_high:
def test_defender_severity_alerts_high(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock()
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.security_contact_configurations = {
AZURE_SUBSCRIPTION_ID: {
@@ -135,6 +138,7 @@ class Test_defender_ensure_notify_alerts_severity_is_high:
def test_defender_severity_alerts_low(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock()
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.security_contact_configurations = {
AZURE_SUBSCRIPTION_ID: {
@@ -182,6 +186,7 @@ class Test_defender_ensure_notify_alerts_severity_is_high:
def test_defender_default_security_contact_not_found(self):
defender_client = mock.MagicMock()
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.security_contact_configurations = {
AZURE_SUBSCRIPTION_ID: {
@@ -16,6 +16,7 @@ from tests.providers.azure.azure_fixtures import (
class Test_defender_ensure_notify_emails_to_owners:
def test_defender_no_subscriptions(self):
defender_client = mock.MagicMock()
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.security_contact_configurations = {}
@@ -40,6 +41,7 @@ class Test_defender_ensure_notify_emails_to_owners:
def test_defender_no_notify_emails_to_owners(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock()
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.security_contact_configurations = {
AZURE_SUBSCRIPTION_ID: {
@@ -80,6 +82,7 @@ class Test_defender_ensure_notify_emails_to_owners:
def test_defender_notify_emails_to_owners_off(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock()
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.security_contact_configurations = {
AZURE_SUBSCRIPTION_ID: {
@@ -127,6 +130,7 @@ class Test_defender_ensure_notify_emails_to_owners:
def test_defender_notify_emails_to_owners(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock()
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.security_contact_configurations = {
AZURE_SUBSCRIPTION_ID: {
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
class Test_defender_ensure_system_updates_are_applied:
def test_defender_no_app_services(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.assessments = {}
@@ -37,6 +38,7 @@ class Test_defender_ensure_system_updates_are_applied:
def test_defender_machines_no_log_analytics_installed(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.assessments = {
AZURE_SUBSCRIPTION_ID: {
@@ -89,6 +91,7 @@ class Test_defender_ensure_system_updates_are_applied:
):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.assessments = {
AZURE_SUBSCRIPTION_ID: {
@@ -139,6 +142,7 @@ class Test_defender_ensure_system_updates_are_applied:
def test_defender_machines_no_system_updates_installed(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.assessments = {
AZURE_SUBSCRIPTION_ID: {
@@ -191,6 +195,7 @@ class Test_defender_ensure_system_updates_are_applied:
):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.assessments = {
AZURE_SUBSCRIPTION_ID: {
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
class Test_defender_ensure_wdatp_is_enabled:
def test_defender_no_settings(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.settings = {}
@@ -37,6 +38,7 @@ class Test_defender_ensure_wdatp_is_enabled:
def test_defender_wdatp_disabled(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.settings = {
AZURE_SUBSCRIPTION_ID: {
@@ -79,6 +81,7 @@ class Test_defender_ensure_wdatp_is_enabled:
def test_defender_wdatp_enabled(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.settings = {
AZURE_SUBSCRIPTION_ID: {
@@ -120,6 +123,7 @@ class Test_defender_ensure_wdatp_is_enabled:
def test_defender_wdatp_no_settings(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.settings = {AZURE_SUBSCRIPTION_ID: {}}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
@@ -1,5 +1,5 @@
from datetime import timedelta
from unittest.mock import patch
from unittest.mock import MagicMock, patch
from prowler.providers.azure.services.defender.defender_service import (
Assesment,
@@ -13,6 +13,8 @@ from prowler.providers.azure.services.defender.defender_service import (
)
from tests.providers.azure.azure_fixtures import (
AZURE_SUBSCRIPTION_ID,
RESOURCE_GROUP,
RESOURCE_GROUP_LIST,
set_mocked_azure_provider,
)
@@ -358,3 +360,263 @@ class Test_Defender_Service_Assessments_None_Handling:
"Assessment Unhealthy"
]
assert assessment_unhealthy.status == "Unhealthy"
DEFENDER_INIT_PATCHES = [
"prowler.providers.azure.services.defender.defender_service.Defender._get_pricings",
"prowler.providers.azure.services.defender.defender_service.Defender._get_auto_provisioning_settings",
"prowler.providers.azure.services.defender.defender_service.Defender._get_assessments",
"prowler.providers.azure.services.defender.defender_service.Defender._get_settings",
"prowler.providers.azure.services.defender.defender_service.Defender._get_security_contacts",
"prowler.providers.azure.services.defender.defender_service.Defender._get_iot_security_solutions",
"prowler.providers.azure.services.defender.defender_service.Defender._get_jit_policies",
]
class Test_Defender_get_iot_security_solutions:
def test_get_iot_security_solutions_no_resource_groups(self):
mock_client = MagicMock()
mock_client.iot_security_solution.list_by_subscription.return_value = []
with (
patch(DEFENDER_INIT_PATCHES[0], return_value={}),
patch(DEFENDER_INIT_PATCHES[1], return_value={}),
patch(DEFENDER_INIT_PATCHES[2], return_value={}),
patch(DEFENDER_INIT_PATCHES[3], return_value={}),
patch(DEFENDER_INIT_PATCHES[4], return_value={}),
patch(DEFENDER_INIT_PATCHES[5], return_value={}),
patch(DEFENDER_INIT_PATCHES[6], return_value={}),
):
defender = Defender(set_mocked_azure_provider())
defender.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
defender.resource_groups = None
result = defender._get_iot_security_solutions()
mock_client.iot_security_solution.list_by_subscription.assert_called_once()
mock_client.iot_security_solution.list_by_resource_group.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_iot_security_solutions_with_resource_group(self):
mock_client = MagicMock()
mock_client.iot_security_solution.list_by_resource_group.return_value = []
with (
patch(DEFENDER_INIT_PATCHES[0], return_value={}),
patch(DEFENDER_INIT_PATCHES[1], return_value={}),
patch(DEFENDER_INIT_PATCHES[2], return_value={}),
patch(DEFENDER_INIT_PATCHES[3], return_value={}),
patch(DEFENDER_INIT_PATCHES[4], return_value={}),
patch(DEFENDER_INIT_PATCHES[5], return_value={}),
patch(DEFENDER_INIT_PATCHES[6], return_value={}),
):
defender = Defender(set_mocked_azure_provider())
defender.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
defender.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
result = defender._get_iot_security_solutions()
mock_client.iot_security_solution.list_by_resource_group.assert_called_once_with(
resource_group_name=RESOURCE_GROUP
)
mock_client.iot_security_solution.list_by_subscription.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_iot_security_solutions_empty_resource_group_for_subscription(self):
mock_client = MagicMock()
with (
patch(DEFENDER_INIT_PATCHES[0], return_value={}),
patch(DEFENDER_INIT_PATCHES[1], return_value={}),
patch(DEFENDER_INIT_PATCHES[2], return_value={}),
patch(DEFENDER_INIT_PATCHES[3], return_value={}),
patch(DEFENDER_INIT_PATCHES[4], return_value={}),
patch(DEFENDER_INIT_PATCHES[5], return_value={}),
patch(DEFENDER_INIT_PATCHES[6], return_value={}),
):
defender = Defender(set_mocked_azure_provider())
defender.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
defender.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
result = defender._get_iot_security_solutions()
mock_client.iot_security_solution.list_by_resource_group.assert_not_called()
mock_client.iot_security_solution.list_by_subscription.assert_not_called()
assert result[AZURE_SUBSCRIPTION_ID] == {}
class Test_Defender_get_jit_policies:
def test_get_jit_policies_no_resource_groups(self):
mock_client = MagicMock()
mock_client.jit_network_access_policies.list.return_value = []
with (
patch(DEFENDER_INIT_PATCHES[0], return_value={}),
patch(DEFENDER_INIT_PATCHES[1], return_value={}),
patch(DEFENDER_INIT_PATCHES[2], return_value={}),
patch(DEFENDER_INIT_PATCHES[3], return_value={}),
patch(DEFENDER_INIT_PATCHES[4], return_value={}),
patch(DEFENDER_INIT_PATCHES[5], return_value={}),
patch(DEFENDER_INIT_PATCHES[6], return_value={}),
):
defender = Defender(set_mocked_azure_provider())
defender.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
defender.resource_groups = None
result = defender._get_jit_policies()
mock_client.jit_network_access_policies.list.assert_called_once()
mock_client.jit_network_access_policies.list_by_resource_group.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_jit_policies_with_resource_group(self):
mock_client = MagicMock()
mock_client.jit_network_access_policies.list_by_resource_group.return_value = []
with (
patch(DEFENDER_INIT_PATCHES[0], return_value={}),
patch(DEFENDER_INIT_PATCHES[1], return_value={}),
patch(DEFENDER_INIT_PATCHES[2], return_value={}),
patch(DEFENDER_INIT_PATCHES[3], return_value={}),
patch(DEFENDER_INIT_PATCHES[4], return_value={}),
patch(DEFENDER_INIT_PATCHES[5], return_value={}),
patch(DEFENDER_INIT_PATCHES[6], return_value={}),
):
defender = Defender(set_mocked_azure_provider())
defender.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
defender.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
result = defender._get_jit_policies()
mock_client.jit_network_access_policies.list_by_resource_group.assert_called_once_with(
resource_group_name=RESOURCE_GROUP
)
mock_client.jit_network_access_policies.list.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_jit_policies_empty_resource_group_for_subscription(self):
mock_client = MagicMock()
with (
patch(DEFENDER_INIT_PATCHES[0], return_value={}),
patch(DEFENDER_INIT_PATCHES[1], return_value={}),
patch(DEFENDER_INIT_PATCHES[2], return_value={}),
patch(DEFENDER_INIT_PATCHES[3], return_value={}),
patch(DEFENDER_INIT_PATCHES[4], return_value={}),
patch(DEFENDER_INIT_PATCHES[5], return_value={}),
patch(DEFENDER_INIT_PATCHES[6], return_value={}),
):
defender = Defender(set_mocked_azure_provider())
defender.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
defender.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
result = defender._get_jit_policies()
mock_client.jit_network_access_policies.list_by_resource_group.assert_not_called()
mock_client.jit_network_access_policies.list.assert_not_called()
assert result[AZURE_SUBSCRIPTION_ID] == {}
def test_get_iot_security_solutions_with_multiple_resource_groups(self):
mock_client = MagicMock()
mock_client.iot_security_solution.list_by_resource_group.return_value = []
with (
patch(DEFENDER_INIT_PATCHES[0], return_value={}),
patch(DEFENDER_INIT_PATCHES[1], return_value={}),
patch(DEFENDER_INIT_PATCHES[2], return_value={}),
patch(DEFENDER_INIT_PATCHES[3], return_value={}),
patch(DEFENDER_INIT_PATCHES[4], return_value={}),
patch(DEFENDER_INIT_PATCHES[5], return_value={}),
patch(DEFENDER_INIT_PATCHES[6], return_value={}),
):
defender = Defender(set_mocked_azure_provider())
defender.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
defender.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
result = defender._get_iot_security_solutions()
assert mock_client.iot_security_solution.list_by_resource_group.call_count == 2
assert AZURE_SUBSCRIPTION_ID in result
def test_get_iot_security_solutions_with_mixed_case_resource_group(self):
mock_client = MagicMock()
mock_client.iot_security_solution.list_by_resource_group.return_value = []
with (
patch(DEFENDER_INIT_PATCHES[0], return_value={}),
patch(DEFENDER_INIT_PATCHES[1], return_value={}),
patch(DEFENDER_INIT_PATCHES[2], return_value={}),
patch(DEFENDER_INIT_PATCHES[3], return_value={}),
patch(DEFENDER_INIT_PATCHES[4], return_value={}),
patch(DEFENDER_INIT_PATCHES[5], return_value={}),
patch(DEFENDER_INIT_PATCHES[6], return_value={}),
):
defender = Defender(set_mocked_azure_provider())
defender.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
defender.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
defender._get_iot_security_solutions()
mock_client.iot_security_solution.list_by_resource_group.assert_called_once_with(
resource_group_name="RG"
)
class Test_Defender_get_jit_policies_extra:
def test_get_jit_policies_with_multiple_resource_groups(self):
mock_client = MagicMock()
mock_client.jit_network_access_policies.list_by_resource_group.return_value = []
with (
patch(DEFENDER_INIT_PATCHES[0], return_value={}),
patch(DEFENDER_INIT_PATCHES[1], return_value={}),
patch(DEFENDER_INIT_PATCHES[2], return_value={}),
patch(DEFENDER_INIT_PATCHES[3], return_value={}),
patch(DEFENDER_INIT_PATCHES[4], return_value={}),
patch(DEFENDER_INIT_PATCHES[5], return_value={}),
patch(DEFENDER_INIT_PATCHES[6], return_value={}),
):
defender = Defender(set_mocked_azure_provider())
defender.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
defender.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
result = defender._get_jit_policies()
assert (
mock_client.jit_network_access_policies.list_by_resource_group.call_count
== 2
)
assert AZURE_SUBSCRIPTION_ID in result
def test_get_jit_policies_with_mixed_case_resource_group(self):
mock_client = MagicMock()
mock_client.jit_network_access_policies.list_by_resource_group.return_value = []
with (
patch(DEFENDER_INIT_PATCHES[0], return_value={}),
patch(DEFENDER_INIT_PATCHES[1], return_value={}),
patch(DEFENDER_INIT_PATCHES[2], return_value={}),
patch(DEFENDER_INIT_PATCHES[3], return_value={}),
patch(DEFENDER_INIT_PATCHES[4], return_value={}),
patch(DEFENDER_INIT_PATCHES[5], return_value={}),
patch(DEFENDER_INIT_PATCHES[6], return_value={}),
):
defender = Defender(set_mocked_azure_provider())
defender.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
defender.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
defender._get_jit_policies()
mock_client.jit_network_access_policies.list_by_resource_group.assert_called_once_with(
resource_group_name="RG"
)
@@ -7,7 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
class Test_entra_conditional_access_policy_require_mfa_for_admin_portals:
def test_entra_no_subscriptions(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -30,7 +30,7 @@ class Test_entra_conditional_access_policy_require_mfa_for_admin_portals:
def test_entra_tenant_no_policies(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -61,6 +61,7 @@ class Test_entra_conditional_access_policy_require_mfa_for_admin_portals:
def test_entra_tenant_policy_no_mfa(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
policy_id = str(uuid4())
with (
@@ -105,6 +106,7 @@ class Test_entra_conditional_access_policy_require_mfa_for_admin_portals:
def test_entra_tenant_policy_mfa(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
policy_id = str(uuid4())
with (
@@ -149,6 +151,7 @@ class Test_entra_conditional_access_policy_require_mfa_for_admin_portals:
def test_entra_tenant_policy_mfa_disabled(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
policy_id = str(uuid4())
with (
@@ -193,6 +196,7 @@ class Test_entra_conditional_access_policy_require_mfa_for_admin_portals:
def test_entra_tenant_policy_mfa_no_target(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
policy_id = str(uuid4())
with (
@@ -237,6 +241,7 @@ class Test_entra_conditional_access_policy_require_mfa_for_admin_portals:
def test_entra_tenant_policy_mfa_no_users(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
policy_id = str(uuid4())
with (
@@ -7,7 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
class Test_entra_conditional_access_policy_require_mfa_for_management_api:
def test_entra_no_subscriptions(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -30,7 +30,7 @@ class Test_entra_conditional_access_policy_require_mfa_for_management_api:
def test_entra_tenant_no_policies(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -61,6 +61,7 @@ class Test_entra_conditional_access_policy_require_mfa_for_management_api:
def test_entra_tenant_policy_no_mfa(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
policy_id = str(uuid4())
with (
@@ -105,6 +106,7 @@ class Test_entra_conditional_access_policy_require_mfa_for_management_api:
def test_entra_tenant_policy_mfa(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
policy_id = str(uuid4())
with (
@@ -149,6 +151,7 @@ class Test_entra_conditional_access_policy_require_mfa_for_management_api:
def test_entra_tenant_policy_mfa_disabled(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
policy_id = str(uuid4())
with (
@@ -193,6 +196,7 @@ class Test_entra_conditional_access_policy_require_mfa_for_management_api:
def test_entra_tenant_policy_mfa_no_target(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
policy_id = str(uuid4())
with (
@@ -237,6 +241,7 @@ class Test_entra_conditional_access_policy_require_mfa_for_management_api:
def test_entra_tenant_policy_mfa_no_users(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
policy_id = str(uuid4())
with (
@@ -7,7 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
class Test_entra_global_admin_in_less_than_five_users:
def test_entra_no_tenants(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -32,7 +32,7 @@ class Test_entra_global_admin_in_less_than_five_users:
def test_entra_tenant_empty(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -57,7 +57,7 @@ class Test_entra_global_admin_in_less_than_five_users:
def test_entra_less_than_five_global_admins(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -110,7 +110,7 @@ class Test_entra_global_admin_in_less_than_five_users:
def test_entra_more_than_five_global_admins(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -178,7 +178,7 @@ class Test_entra_global_admin_in_less_than_five_users:
def test_entra_exactly_five_global_admins(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -7,7 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
class Test_entra_non_privileged_user_has_mfa:
def test_entra_no_tenants(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -30,7 +30,7 @@ class Test_entra_non_privileged_user_has_mfa:
def test_entra_tenant_no_users(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -53,6 +53,7 @@ class Test_entra_non_privileged_user_has_mfa:
def test_entra_user_no_privileged_no_mfa(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
user_id = str(uuid4())
with (
@@ -100,6 +101,7 @@ class Test_entra_non_privileged_user_has_mfa:
def test_entra_user_no_privileged_mfa(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
user_id = str(uuid4())
with (
@@ -144,6 +146,7 @@ class Test_entra_non_privileged_user_has_mfa:
def test_entra_disabled_user_no_privileged_no_mfa(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
user_id = str(uuid4())
with (
@@ -184,6 +187,7 @@ class Test_entra_non_privileged_user_has_mfa:
def test_entra_disabled_user_no_privileged_mfa(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
user_id = str(uuid4())
with (
@@ -224,6 +228,7 @@ class Test_entra_non_privileged_user_has_mfa:
def test_entra_user_privileged_no_mfa(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
user_id = str(uuid4())
with (
@@ -265,6 +270,7 @@ class Test_entra_non_privileged_user_has_mfa:
def test_entra_user_privileged_mfa(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
user_id = str(uuid4())
with (
@@ -7,6 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
class Test_entra_policy_default_users_cannot_create_security_groups:
def test_entra_no_tenants(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
entra_client.authorization_policy = {}
with (
@@ -29,6 +30,7 @@ class Test_entra_policy_default_users_cannot_create_security_groups:
def test_entra_tenant_empty(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
id = str(uuid4())
with (
@@ -75,6 +77,7 @@ class Test_entra_policy_default_users_cannot_create_security_groups:
self,
):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
id = str(uuid4())
with (
@@ -124,6 +127,7 @@ class Test_entra_policy_default_users_cannot_create_security_groups:
self,
):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
id = str(uuid4())
with (
@@ -7,7 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
class Test_entra_policy_ensure_default_user_cannot_create_apps:
def test_entra_no_tenants(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -30,6 +30,7 @@ class Test_entra_policy_ensure_default_user_cannot_create_apps:
def test_entra_tenant_empty(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
id = str(uuid4())
with (
@@ -75,7 +76,7 @@ class Test_entra_policy_ensure_default_user_cannot_create_apps:
def test_entra_default_user_role_permissions_not_allowed_to_create_apps(self):
id = str(uuid4())
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -122,7 +123,7 @@ class Test_entra_policy_ensure_default_user_cannot_create_apps:
def test_entra_default_user_role_permissions_allowed_to_create_apps(self):
id = str(uuid4())
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -7,6 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
class Test_entra_policy_ensure_default_user_cannot_create_tenants:
def test_entra_no_tenants(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
entra_client.authorization_policy = {}
with (
@@ -29,6 +30,7 @@ class Test_entra_policy_ensure_default_user_cannot_create_tenants:
def test_entra_empty_tenant(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
id = str(uuid4())
with (
@@ -74,7 +76,7 @@ class Test_entra_policy_ensure_default_user_cannot_create_tenants:
def test_entra_default_user_role_permissions_not_allowed_to_create_tenants(self):
id = str(uuid4())
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -121,7 +123,7 @@ class Test_entra_policy_ensure_default_user_cannot_create_tenants:
def test_entra_default_user_role_permissions_allowed_to_create_tenants(self):
id = str(uuid4())
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -7,7 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
class Test_entra_policy_guest_invite_only_for_admin_roles:
def test_entra_no_tenants(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -30,6 +30,7 @@ class Test_entra_policy_guest_invite_only_for_admin_roles:
def test_entra_empty_tenant(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
id = str(uuid4())
with (
@@ -76,6 +77,7 @@ class Test_entra_policy_guest_invite_only_for_admin_roles:
def test_entra_tenant_policy_allow_invites_from_everyone(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
id = str(uuid4())
with (
@@ -120,6 +122,7 @@ class Test_entra_policy_guest_invite_only_for_admin_roles:
def test_entra_tenant_policy_allow_invites_from_admins(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
id = str(uuid4())
with (
@@ -164,6 +167,7 @@ class Test_entra_policy_guest_invite_only_for_admin_roles:
def test_entra_tenant_policy_allow_invites_from_none(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
id = str(uuid4())
with (
@@ -7,7 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
class Test_entra_policy_guest_users_access_restrictions:
def test_entra_no_tenants(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -30,6 +30,7 @@ class Test_entra_policy_guest_users_access_restrictions:
def test_entra_tenant_empty(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
id = str(uuid4())
with (
@@ -74,6 +75,7 @@ class Test_entra_policy_guest_users_access_restrictions:
def test_entra_tenant_policy_access_same_as_member(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
id = str(uuid4())
with (
@@ -117,6 +119,7 @@ class Test_entra_policy_guest_users_access_restrictions:
def test_entra_tenant_policy_limited_access(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
id = str(uuid4())
with (
@@ -160,6 +163,7 @@ class Test_entra_policy_guest_users_access_restrictions:
def test_entra_tenant_policy_access_restricted(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
id = str(uuid4())
with (
@@ -7,7 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
class Test_entra_policy_restricts_user_consent_for_apps:
def test_entra_no_tenants(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -30,6 +30,7 @@ class Test_entra_policy_restricts_user_consent_for_apps:
def test_entra_tenant_empty(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
id = str(uuid4())
with (
@@ -74,7 +75,7 @@ class Test_entra_policy_restricts_user_consent_for_apps:
def test_entra_tenant_no_default_user_role_permissions(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -116,7 +117,7 @@ class Test_entra_policy_restricts_user_consent_for_apps:
def test_entra_tenant_no_consent(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -162,7 +163,7 @@ class Test_entra_policy_restricts_user_consent_for_apps:
def test_entra_tenant_legacy_consent(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -7,7 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
class Test_entra_policy_user_consent_for_verified_apps:
def test_entra_no_subscriptions(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -30,7 +30,7 @@ class Test_entra_policy_user_consent_for_verified_apps:
def test_entra_tenant_no_consent(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -76,7 +76,7 @@ class Test_entra_policy_user_consent_for_verified_apps:
def test_entra_tenant_legacy_consent(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -7,7 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
class Test_entra_privileged_user_has_mfa:
def test_entra_no_tenants(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -30,7 +30,7 @@ class Test_entra_privileged_user_has_mfa:
def test_entra_tenant_no_users(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -53,6 +53,7 @@ class Test_entra_privileged_user_has_mfa:
def test_entra_user_no_privileged_no_mfa(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
user_id = str(uuid4())
with (
@@ -92,6 +93,7 @@ class Test_entra_privileged_user_has_mfa:
def test_entra_user_no_privileged_mfa(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
user_id = str(uuid4())
with (
@@ -131,6 +133,7 @@ class Test_entra_privileged_user_has_mfa:
def test_entra_user_privileged_no_mfa(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
user_id = str(uuid4())
with (
@@ -177,6 +180,7 @@ class Test_entra_privileged_user_has_mfa:
def test_entra_user_privileged_mfa(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
user_id = str(uuid4())
with (
@@ -7,7 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
class Test_entra_security_defaults_enabled:
def test_entra_no_tenants(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -30,7 +30,7 @@ class Test_entra_security_defaults_enabled:
def test_entra_tenant_empty(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -58,7 +58,7 @@ class Test_entra_security_defaults_enabled:
def test_entra_security_default_enabled(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -93,7 +93,7 @@ class Test_entra_security_defaults_enabled:
def test_entra_security_default_disabled(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -10,7 +10,7 @@ from tests.providers.azure.azure_fixtures import (
class Test_entra_trusted_named_locations_exists:
def test_entra_no_tenants(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -34,7 +34,7 @@ class Test_entra_trusted_named_locations_exists:
def test_entra_tenant_empty(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -67,7 +67,7 @@ class Test_entra_trusted_named_locations_exists:
def test_entra_named_location_with_ip_ranges(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -111,7 +111,7 @@ class Test_entra_trusted_named_locations_exists:
def test_entra_named_location_without_ip_ranges(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -156,7 +156,7 @@ class Test_entra_trusted_named_locations_exists:
def test_entra_new_named_location_with_ip_ranges_not_trusted(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -14,10 +14,11 @@ from tests.providers.azure.azure_fixtures import (
class Test_iam_assignment_priviledge_access_vm_has_mfa:
def test_iam_no_roles(self):
iam_client = mock.MagicMock
iam_client.resource_groups = {}
iam_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
entra_client = mock.MagicMock
entra_client.resource_groups = {}
entra_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -41,9 +42,11 @@ class Test_iam_assignment_priviledge_access_vm_has_mfa:
def test_entra_user_with_vm_access_has_mfa(self):
iam_client = mock.MagicMock
iam_client.resource_groups = {}
iam_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
role_assigment_id = str(uuid4())
entra_client = mock.MagicMock
entra_client.resource_groups = {}
entra_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
user_id = str(uuid4())
@@ -112,9 +115,11 @@ class Test_iam_assignment_priviledge_access_vm_has_mfa:
def test_entra_user_with_vm_access_has_mfa_no_mfa(self):
iam_client = mock.MagicMock
iam_client.resource_groups = {}
iam_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
role_assigment_id = str(uuid4())
entra_client = mock.MagicMock
entra_client.resource_groups = {}
entra_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
user_id = str(uuid4())
@@ -183,9 +188,11 @@ class Test_iam_assignment_priviledge_access_vm_has_mfa:
def test_entra_user_with_vm_access_has_mfa_no_user(self):
iam_client = mock.MagicMock
iam_client.resource_groups = {}
iam_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
role_assigment_id = str(uuid4())
entra_client = mock.MagicMock
entra_client.resource_groups = {}
entra_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
user_id = str(uuid4())
@@ -237,9 +244,11 @@ class Test_iam_assignment_priviledge_access_vm_has_mfa:
def test_entra_user_with_vm_access_has_mfa_no_role(self):
iam_client = mock.MagicMock
iam_client.resource_groups = {}
iam_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
role_assigment_id = str(uuid4())
entra_client = mock.MagicMock
entra_client.resource_groups = {}
entra_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
user_id = str(uuid4())
@@ -11,7 +11,7 @@ from tests.providers.azure.azure_fixtures import (
class Test_entra_users_cannot_create_microsoft_365_groups:
def test_entra_no_tenant(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -35,7 +35,7 @@ class Test_entra_users_cannot_create_microsoft_365_groups:
def test_entra_tenant_empty(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -65,7 +65,7 @@ class Test_entra_users_cannot_create_microsoft_365_groups:
def test_entra_users_cannot_create_microsoft_365_groups(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -114,7 +114,7 @@ class Test_entra_users_cannot_create_microsoft_365_groups:
def test_entra_users_can_create_microsoft_365_groups(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -161,7 +161,7 @@ class Test_entra_users_cannot_create_microsoft_365_groups:
def test_entra_users_can_create_microsoft_365_groups_no_setting(self):
entra_client = mock.MagicMock
entra_client.resource_groups = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
@@ -0,0 +1,162 @@
from unittest.mock import MagicMock, patch
from prowler.providers.azure.services.iam.iam_service import IAM
from tests.providers.azure.azure_fixtures import (
AZURE_SUBSCRIPTION_ID,
RESOURCE_GROUP,
set_mocked_azure_provider,
)
class Test_IAM_get_roles:
def test_get_roles_no_resource_groups(self):
mock_client = MagicMock()
mock_client.role_definitions.list.return_value = []
with (
patch(
"prowler.providers.azure.services.iam.iam_service.IAM._get_roles",
return_value=({}, {}),
),
patch(
"prowler.providers.azure.services.iam.iam_service.IAM._get_role_assignments",
return_value={},
),
):
iam = IAM(set_mocked_azure_provider())
iam.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
iam.resource_groups = None
builtin, custom = iam._get_roles()
mock_client.role_definitions.list.assert_called_once()
assert AZURE_SUBSCRIPTION_ID in builtin
assert AZURE_SUBSCRIPTION_ID in custom
def test_get_roles_with_resource_group(self):
mock_client = MagicMock()
mock_client.role_definitions.list.return_value = []
with (
patch(
"prowler.providers.azure.services.iam.iam_service.IAM._get_roles",
return_value=({}, {}),
),
patch(
"prowler.providers.azure.services.iam.iam_service.IAM._get_role_assignments",
return_value={},
),
):
iam = IAM(set_mocked_azure_provider())
iam.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
iam.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
builtin, custom = iam._get_roles()
mock_client.role_definitions.list.assert_called_once()
assert AZURE_SUBSCRIPTION_ID in builtin
assert AZURE_SUBSCRIPTION_ID in custom
def test_get_roles_empty_resource_group_for_subscription(self):
mock_client = MagicMock()
mock_client.role_definitions.list.return_value = []
with (
patch(
"prowler.providers.azure.services.iam.iam_service.IAM._get_roles",
return_value=({}, {}),
),
patch(
"prowler.providers.azure.services.iam.iam_service.IAM._get_role_assignments",
return_value={},
),
):
iam = IAM(set_mocked_azure_provider())
iam.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
iam.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
builtin, custom = iam._get_roles()
mock_client.role_definitions.list.assert_called_once()
assert AZURE_SUBSCRIPTION_ID in builtin
assert AZURE_SUBSCRIPTION_ID in custom
class Test_IAM_get_role_assignments:
def test_get_role_assignments_no_resource_groups(self):
mock_client = MagicMock()
mock_client.role_assignments = MagicMock()
mock_client.role_assignments.list_for_subscription.return_value = []
with (
patch(
"prowler.providers.azure.services.iam.iam_service.IAM._get_roles",
return_value=({}, {}),
),
patch(
"prowler.providers.azure.services.iam.iam_service.IAM._get_role_assignments",
return_value={},
),
):
iam = IAM(set_mocked_azure_provider())
iam.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
iam.resource_groups = None
result = iam._get_role_assignments()
mock_client.role_assignments.list_for_subscription.assert_called_once()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_role_assignments_with_resource_group(self):
mock_client = MagicMock()
mock_client.role_assignments = MagicMock()
mock_client.role_assignments.list_for_subscription.return_value = []
with (
patch(
"prowler.providers.azure.services.iam.iam_service.IAM._get_roles",
return_value=({}, {}),
),
patch(
"prowler.providers.azure.services.iam.iam_service.IAM._get_role_assignments",
return_value={},
),
):
iam = IAM(set_mocked_azure_provider())
iam.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
iam.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
result = iam._get_role_assignments()
mock_client.role_assignments.list_for_subscription.assert_called_once()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_role_assignments_empty_resource_group_for_subscription(self):
mock_client = MagicMock()
mock_client.role_assignments = MagicMock()
mock_client.role_assignments.list_for_subscription.return_value = []
with (
patch(
"prowler.providers.azure.services.iam.iam_service.IAM._get_roles",
return_value=({}, {}),
),
patch(
"prowler.providers.azure.services.iam.iam_service.IAM._get_role_assignments",
return_value={},
),
):
iam = IAM(set_mocked_azure_provider())
iam.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
iam.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
result = iam._get_role_assignments()
mock_client.role_assignments.list_for_subscription.assert_called_once()
assert AZURE_SUBSCRIPTION_ID in result
@@ -14,6 +14,7 @@ from tests.providers.azure.azure_fixtures import (
class Test_iam_custom_role_has_permissions_to_administer_resource_locks:
def test_iam_no_roles(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.custom_roles = {}
@@ -39,6 +40,7 @@ class Test_iam_custom_role_has_permissions_to_administer_resource_locks:
self,
):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
role_name = "test-role"
defender_client.custom_roles = {
@@ -95,6 +97,7 @@ class Test_iam_custom_role_has_permissions_to_administer_resource_locks:
self,
):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
role_name = "test-role"
defender_client.custom_roles = {
@@ -144,6 +147,7 @@ class Test_iam_custom_role_has_permissions_to_administer_resource_locks:
self,
):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
role_name = "test-role"
role_name2 = "test-role2"
@@ -212,6 +216,7 @@ class Test_iam_custom_role_has_permissions_to_administer_resource_locks:
def test_iam_custom_roles_empty_list_but_with_key(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.custom_roles = {AZURE_SUBSCRIPTION_ID: {}}
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
class Test_iam_role_user_access_admin_restricted:
def test_iam_no_role_assignments(self):
iam_client = mock.MagicMock
iam_client.resource_groups = {}
iam_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
iam_client.role_assignments = {}
iam_client.roles = {}
@@ -37,6 +38,7 @@ class Test_iam_role_user_access_admin_restricted:
def test_iam_user_access_administrator_role_assigned(self):
iam_client = mock.MagicMock
iam_client.resource_groups = {}
role_id = str(uuid4())
role_assignment_id = str(uuid4())
agent_id = str(uuid4())
@@ -97,6 +99,7 @@ class Test_iam_role_user_access_admin_restricted:
def test_iam_non_user_access_administrator_role_assigned(self):
iam_client = mock.MagicMock
iam_client.resource_groups = {}
role_id = str(uuid4())
role_assignment_id = str(uuid4())
agent_id = str(uuid4())
@@ -14,6 +14,7 @@ from tests.providers.azure.azure_fixtures import (
class Test_iam_subscription_roles_owner_custom_not_created:
def test_iam_no_roles(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
defender_client.custom_roles = {}
@@ -37,6 +38,7 @@ class Test_iam_subscription_roles_owner_custom_not_created:
def test_iam_custom_owner_role_created_with_all(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
role_name = "test-role"
defender_client.custom_roles = {
@@ -84,6 +86,7 @@ class Test_iam_subscription_roles_owner_custom_not_created:
def test_iam_custom_owner_role_created_with_no_permissions(self):
defender_client = mock.MagicMock
defender_client.resource_groups = {}
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
role_name = "test-role"
defender_client.custom_roles = {
@@ -3,6 +3,8 @@ from unittest.mock import MagicMock, patch
from tests.providers.azure.azure_fixtures import (
AZURE_SUBSCRIPTION_ID,
RESOURCE_GROUP,
RESOURCE_GROUP_LIST,
set_mocked_azure_provider,
)
@@ -263,3 +265,208 @@ class Test_keyvault_service:
.storage_account_name
== "storage_account_name"
)
class Test_KeyVault_get_key_vaults:
def test_get_key_vaults_no_resource_groups(self):
mock_client = MagicMock()
mock_client.vaults = MagicMock()
mock_client.vaults.list_by_subscription.return_value = []
mock_provider = MagicMock()
mock_provider.identity = MagicMock()
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=mock_provider,
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
patch(
"prowler.providers.azure.services.keyvault.keyvault_service.KeyVault._get_key_vaults",
return_value={},
),
):
from prowler.providers.azure.services.keyvault.keyvault_service import (
KeyVault,
)
keyvault = KeyVault(set_mocked_azure_provider())
keyvault.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
keyvault.resource_groups = None
provider = set_mocked_azure_provider()
with patch(
"prowler.providers.azure.services.keyvault.keyvault_service.monitor_client"
):
result = keyvault._get_key_vaults(provider)
mock_client.vaults.list_by_subscription.assert_called_once()
mock_client.vaults.list_by_resource_group.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_key_vaults_with_resource_group(self):
mock_client = MagicMock()
mock_client.vaults = MagicMock()
mock_client.vaults.list_by_resource_group.return_value = []
mock_provider = MagicMock()
mock_provider.identity = MagicMock()
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=mock_provider,
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
patch(
"prowler.providers.azure.services.keyvault.keyvault_service.KeyVault._get_key_vaults",
return_value={},
),
):
from prowler.providers.azure.services.keyvault.keyvault_service import (
KeyVault,
)
keyvault = KeyVault(set_mocked_azure_provider())
keyvault.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
keyvault.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
provider = set_mocked_azure_provider()
with patch(
"prowler.providers.azure.services.keyvault.keyvault_service.monitor_client"
):
result = keyvault._get_key_vaults(provider)
mock_client.vaults.list_by_resource_group.assert_called_once_with(
resource_group_name=RESOURCE_GROUP
)
mock_client.vaults.list_by_subscription.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_key_vaults_empty_resource_group_for_subscription(self):
mock_client = MagicMock()
mock_client.vaults = MagicMock()
mock_provider = MagicMock()
mock_provider.identity = MagicMock()
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=mock_provider,
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
patch(
"prowler.providers.azure.services.keyvault.keyvault_service.KeyVault._get_key_vaults",
return_value={},
),
):
from prowler.providers.azure.services.keyvault.keyvault_service import (
KeyVault,
)
keyvault = KeyVault(set_mocked_azure_provider())
keyvault.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
keyvault.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
provider = set_mocked_azure_provider()
with patch(
"prowler.providers.azure.services.keyvault.keyvault_service.monitor_client"
):
result = keyvault._get_key_vaults(provider)
mock_client.vaults.list_by_resource_group.assert_not_called()
mock_client.vaults.list_by_subscription.assert_not_called()
assert result[AZURE_SUBSCRIPTION_ID] == []
def test_get_key_vaults_with_multiple_resource_groups(self):
mock_client = MagicMock()
mock_client.vaults = MagicMock()
mock_client.vaults.list_by_resource_group.return_value = []
mock_provider = MagicMock()
mock_provider.identity = MagicMock()
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=mock_provider,
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
patch(
"prowler.providers.azure.services.keyvault.keyvault_service.KeyVault._get_key_vaults",
return_value={},
),
):
from prowler.providers.azure.services.keyvault.keyvault_service import (
KeyVault,
)
keyvault = KeyVault(set_mocked_azure_provider())
keyvault.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
keyvault.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
provider = set_mocked_azure_provider()
with patch(
"prowler.providers.azure.services.keyvault.keyvault_service.monitor_client"
):
result = keyvault._get_key_vaults(provider)
assert mock_client.vaults.list_by_resource_group.call_count == len(
RESOURCE_GROUP_LIST
)
mock_client.vaults.list_by_subscription.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_key_vaults_with_mixed_case_resource_group(self):
mock_client = MagicMock()
mock_client.vaults = MagicMock()
mock_client.vaults.list_by_resource_group.return_value = []
mock_provider = MagicMock()
mock_provider.identity = MagicMock()
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=mock_provider,
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
patch(
"prowler.providers.azure.services.keyvault.keyvault_service.KeyVault._get_key_vaults",
return_value={},
),
):
from prowler.providers.azure.services.keyvault.keyvault_service import (
KeyVault,
)
keyvault = KeyVault(set_mocked_azure_provider())
keyvault.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
keyvault.resource_groups = {AZURE_SUBSCRIPTION_ID: ["MyRG"]}
provider = set_mocked_azure_provider()
with patch(
"prowler.providers.azure.services.keyvault.keyvault_service.monitor_client"
):
keyvault._get_key_vaults(provider)
mock_client.vaults.list_by_resource_group.assert_called_once_with(
resource_group_name="MyRG"
)
@@ -1,4 +1,4 @@
from unittest.mock import patch
from unittest.mock import MagicMock, patch
from prowler.providers.azure.services.mysql.mysql_service import (
Configuration,
@@ -7,6 +7,8 @@ from prowler.providers.azure.services.mysql.mysql_service import (
)
from tests.providers.azure.azure_fixtures import (
AZURE_SUBSCRIPTION_ID,
RESOURCE_GROUP,
RESOURCE_GROUP_LIST,
set_mocked_azure_provider,
)
@@ -117,3 +119,131 @@ class Test_MySQL_Service:
assert configurations["test"].resource_id == "/subscriptions/resource_id"
assert configurations["test"].description == "description"
assert configurations["test"].value == "value"
class Test_MySQL_get_flexible_servers:
def test_get_flexible_servers_no_resource_groups(self):
mock_client = MagicMock()
mock_client.servers.list.return_value = []
with (
patch(
"prowler.providers.azure.services.mysql.mysql_service.MySQL._get_flexible_servers",
return_value={},
),
patch(
"prowler.providers.azure.services.mysql.mysql_service.MySQL._get_configurations",
return_value={},
),
):
mysql = MySQL(set_mocked_azure_provider())
mysql.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
mysql.resource_groups = None
result = mysql._get_flexible_servers()
mock_client.servers.list.assert_called_once()
mock_client.servers.list_by_resource_group.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_flexible_servers_with_resource_group(self):
mock_client = MagicMock()
mock_client.servers.list_by_resource_group.return_value = []
with (
patch(
"prowler.providers.azure.services.mysql.mysql_service.MySQL._get_flexible_servers",
return_value={},
),
patch(
"prowler.providers.azure.services.mysql.mysql_service.MySQL._get_configurations",
return_value={},
),
):
mysql = MySQL(set_mocked_azure_provider())
mysql.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
mysql.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
result = mysql._get_flexible_servers()
mock_client.servers.list_by_resource_group.assert_called_once_with(
resource_group_name=RESOURCE_GROUP
)
mock_client.servers.list.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_flexible_servers_empty_resource_group_for_subscription(self):
mock_client = MagicMock()
with (
patch(
"prowler.providers.azure.services.mysql.mysql_service.MySQL._get_flexible_servers",
return_value={},
),
patch(
"prowler.providers.azure.services.mysql.mysql_service.MySQL._get_configurations",
return_value={},
),
):
mysql = MySQL(set_mocked_azure_provider())
mysql.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
mysql.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
result = mysql._get_flexible_servers()
mock_client.servers.list_by_resource_group.assert_not_called()
mock_client.servers.list.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
assert result[AZURE_SUBSCRIPTION_ID] == {}
def test_get_flexible_servers_with_multiple_resource_groups(self):
mock_client = MagicMock()
mock_client.servers.list_by_resource_group.return_value = []
with (
patch(
"prowler.providers.azure.services.mysql.mysql_service.MySQL._get_flexible_servers",
return_value={},
),
patch(
"prowler.providers.azure.services.mysql.mysql_service.MySQL._get_configurations",
return_value={},
),
):
mysql = MySQL(set_mocked_azure_provider())
mysql.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
mysql.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
result = mysql._get_flexible_servers()
assert mock_client.servers.list_by_resource_group.call_count == 2
assert AZURE_SUBSCRIPTION_ID in result
def test_get_flexible_servers_with_mixed_case_resource_group(self):
mock_client = MagicMock()
mock_client.servers.list_by_resource_group.return_value = []
with (
patch(
"prowler.providers.azure.services.mysql.mysql_service.MySQL._get_flexible_servers",
return_value={},
),
patch(
"prowler.providers.azure.services.mysql.mysql_service.MySQL._get_configurations",
return_value={},
),
):
mysql = MySQL(set_mocked_azure_provider())
mysql.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
mysql.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
mysql._get_flexible_servers()
mock_client.servers.list_by_resource_group.assert_called_once_with(
resource_group_name="RG"
)
@@ -1,4 +1,4 @@
from unittest.mock import patch
from unittest.mock import MagicMock, patch
from azure.mgmt.network.models import FlowLog
@@ -8,9 +8,12 @@ from prowler.providers.azure.services.network.network_service import (
NetworkWatcher,
PublicIp,
SecurityGroup,
VirtualNetwork,
)
from tests.providers.azure.azure_fixtures import (
AZURE_SUBSCRIPTION_ID,
RESOURCE_GROUP,
RESOURCE_GROUP_LIST,
set_mocked_azure_provider,
)
@@ -66,6 +69,20 @@ def mock_network_get_public_ip_addresses(_):
}
def mock_network_get_virtual_networks(_):
return {
AZURE_SUBSCRIPTION_ID: [
VirtualNetwork(
id="id",
name="name",
location="location",
enable_ddos_protection=False,
subnets=[],
)
]
}
@patch(
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
new=mock_network_get_security_groups,
@@ -82,6 +99,10 @@ def mock_network_get_public_ip_addresses(_):
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
new=mock_network_get_public_ip_addresses,
)
@patch(
"prowler.providers.azure.services.network.network_service.Network._get_virtual_networks",
new=mock_network_get_virtual_networks,
)
class Test_Network_Service:
def test_get_client(self):
network = Network(set_mocked_azure_provider())
@@ -162,3 +183,905 @@ class Test_Network_Service:
network.public_ip_addresses[AZURE_SUBSCRIPTION_ID][0].ip_address
== "ip_address"
)
class Test_Network_get_security_groups:
def test_get_security_groups_no_resource_groups(self):
mock_client = MagicMock()
mock_client.network_security_groups.list_all.return_value = []
with (
patch(
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
new=mock_network_get_security_groups,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
new=mock_network_get_bastion_hosts,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
new=mock_network_get_network_watchers,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
new=mock_network_get_public_ip_addresses,
),
):
network = Network(set_mocked_azure_provider())
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
network.resource_groups = None
result = network._get_security_groups()
mock_client.network_security_groups.list_all.assert_called_once()
mock_client.network_security_groups.list.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_security_groups_with_resource_group(self):
mock_client = MagicMock()
mock_client.network_security_groups.list.return_value = []
with (
patch(
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
new=mock_network_get_security_groups,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
new=mock_network_get_bastion_hosts,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
new=mock_network_get_network_watchers,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
new=mock_network_get_public_ip_addresses,
),
):
network = Network(set_mocked_azure_provider())
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
network.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
result = network._get_security_groups()
mock_client.network_security_groups.list.assert_called_once_with(
resource_group_name=RESOURCE_GROUP
)
mock_client.network_security_groups.list_all.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_security_groups_empty_resource_group_for_subscription(self):
mock_client = MagicMock()
with (
patch(
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
new=mock_network_get_security_groups,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
new=mock_network_get_bastion_hosts,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
new=mock_network_get_network_watchers,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
new=mock_network_get_public_ip_addresses,
),
):
network = Network(set_mocked_azure_provider())
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
network.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
result = network._get_security_groups()
mock_client.network_security_groups.list.assert_not_called()
mock_client.network_security_groups.list_all.assert_not_called()
assert result[AZURE_SUBSCRIPTION_ID] == []
class Test_Network_get_network_watchers:
def test_get_network_watchers_no_resource_groups(self):
mock_client = MagicMock()
mock_client.network_watchers = MagicMock()
mock_client.network_watchers.list_all.return_value = []
with (
patch(
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
new=mock_network_get_security_groups,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
new=mock_network_get_bastion_hosts,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
new=mock_network_get_network_watchers,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
new=mock_network_get_public_ip_addresses,
),
):
network = Network(set_mocked_azure_provider())
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
network.resource_groups = None
result = network._get_network_watchers()
mock_client.network_watchers.list_all.assert_called_once()
mock_client.network_watchers.list.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_network_watchers_with_resource_group(self):
mock_client = MagicMock()
mock_client.network_watchers = MagicMock()
mock_client.network_watchers.list_all.return_value = []
with (
patch(
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
new=mock_network_get_security_groups,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
new=mock_network_get_bastion_hosts,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
new=mock_network_get_network_watchers,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
new=mock_network_get_public_ip_addresses,
),
):
network = Network(set_mocked_azure_provider())
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
network.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
result = network._get_network_watchers()
mock_client.network_watchers.list_all.assert_called_once()
mock_client.network_watchers.list.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_network_watchers_empty_resource_group_for_subscription(self):
mock_client = MagicMock()
mock_client.network_watchers = MagicMock()
mock_client.network_watchers.list_all.return_value = []
with (
patch(
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
new=mock_network_get_security_groups,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
new=mock_network_get_bastion_hosts,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
new=mock_network_get_network_watchers,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
new=mock_network_get_public_ip_addresses,
),
):
network = Network(set_mocked_azure_provider())
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
network.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
result = network._get_network_watchers()
mock_client.network_watchers.list_all.assert_called_once()
mock_client.network_watchers.list.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
class Test_Network_get_bastion_hosts:
def test_get_bastion_hosts_no_resource_groups(self):
mock_client = MagicMock()
mock_client.bastion_hosts = MagicMock()
mock_client.bastion_hosts.list.return_value = []
with (
patch(
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
new=mock_network_get_security_groups,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
new=mock_network_get_bastion_hosts,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
new=mock_network_get_network_watchers,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
new=mock_network_get_public_ip_addresses,
),
):
network = Network(set_mocked_azure_provider())
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
network.resource_groups = None
result = network._get_bastion_hosts()
mock_client.bastion_hosts.list.assert_called_once()
mock_client.bastion_hosts.list_by_resource_group.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_bastion_hosts_with_resource_group(self):
mock_client = MagicMock()
mock_client.bastion_hosts = MagicMock()
mock_client.bastion_hosts.list_by_resource_group.return_value = []
with (
patch(
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
new=mock_network_get_security_groups,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
new=mock_network_get_bastion_hosts,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
new=mock_network_get_network_watchers,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
new=mock_network_get_public_ip_addresses,
),
):
network = Network(set_mocked_azure_provider())
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
network.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
result = network._get_bastion_hosts()
mock_client.bastion_hosts.list_by_resource_group.assert_called_once_with(
resource_group_name=RESOURCE_GROUP
)
mock_client.bastion_hosts.list.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_bastion_hosts_empty_resource_group_for_subscription(self):
mock_client = MagicMock()
mock_client.bastion_hosts = MagicMock()
with (
patch(
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
new=mock_network_get_security_groups,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
new=mock_network_get_bastion_hosts,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
new=mock_network_get_network_watchers,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
new=mock_network_get_public_ip_addresses,
),
):
network = Network(set_mocked_azure_provider())
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
network.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
result = network._get_bastion_hosts()
mock_client.bastion_hosts.list_by_resource_group.assert_not_called()
mock_client.bastion_hosts.list.assert_not_called()
assert result[AZURE_SUBSCRIPTION_ID] == []
class Test_Network_get_public_ip_addresses:
def test_get_public_ip_addresses_no_resource_groups(self):
mock_client = MagicMock()
mock_client.public_ip_addresses = MagicMock()
mock_client.public_ip_addresses.list_all.return_value = []
with (
patch(
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
new=mock_network_get_security_groups,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
new=mock_network_get_bastion_hosts,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
new=mock_network_get_network_watchers,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
new=mock_network_get_public_ip_addresses,
),
):
network = Network(set_mocked_azure_provider())
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
network.resource_groups = None
result = network._get_public_ip_addresses()
mock_client.public_ip_addresses.list_all.assert_called_once()
mock_client.public_ip_addresses.list.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_public_ip_addresses_with_resource_group(self):
mock_client = MagicMock()
mock_client.public_ip_addresses = MagicMock()
mock_client.public_ip_addresses.list.return_value = []
with (
patch(
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
new=mock_network_get_security_groups,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
new=mock_network_get_bastion_hosts,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
new=mock_network_get_network_watchers,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
new=mock_network_get_public_ip_addresses,
),
):
network = Network(set_mocked_azure_provider())
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
network.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
result = network._get_public_ip_addresses()
mock_client.public_ip_addresses.list.assert_called_once_with(
resource_group_name=RESOURCE_GROUP
)
mock_client.public_ip_addresses.list_all.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_public_ip_addresses_empty_resource_group_for_subscription(self):
mock_client = MagicMock()
mock_client.public_ip_addresses = MagicMock()
with (
patch(
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
new=mock_network_get_security_groups,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
new=mock_network_get_bastion_hosts,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
new=mock_network_get_network_watchers,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
new=mock_network_get_public_ip_addresses,
),
):
network = Network(set_mocked_azure_provider())
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
network.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
result = network._get_public_ip_addresses()
mock_client.public_ip_addresses.list.assert_not_called()
mock_client.public_ip_addresses.list_all.assert_not_called()
assert result[AZURE_SUBSCRIPTION_ID] == []
def test_get_security_groups_with_multiple_resource_groups(self):
mock_client = MagicMock()
mock_client.network_security_groups = MagicMock()
mock_client.network_security_groups.list.return_value = []
with (
patch(
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
new=mock_network_get_security_groups,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
new=mock_network_get_bastion_hosts,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
new=mock_network_get_network_watchers,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
new=mock_network_get_public_ip_addresses,
),
):
network = Network(set_mocked_azure_provider())
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
network.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
result = network._get_security_groups()
assert mock_client.network_security_groups.list.call_count == 2
assert AZURE_SUBSCRIPTION_ID in result
def test_get_security_groups_with_mixed_case_resource_group(self):
mock_client = MagicMock()
mock_client.network_security_groups = MagicMock()
mock_client.network_security_groups.list.return_value = []
with (
patch(
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
new=mock_network_get_security_groups,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
new=mock_network_get_bastion_hosts,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
new=mock_network_get_network_watchers,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
new=mock_network_get_public_ip_addresses,
),
):
network = Network(set_mocked_azure_provider())
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
network.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
network._get_security_groups()
mock_client.network_security_groups.list.assert_called_once_with(
resource_group_name="RG"
)
class Test_Network_get_network_watchers_extra:
def test_get_network_watchers_with_multiple_resource_groups(self):
mock_client = MagicMock()
mock_client.network_watchers = MagicMock()
mock_client.network_watchers.list_all.return_value = []
with (
patch(
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
new=mock_network_get_security_groups,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
new=mock_network_get_bastion_hosts,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
new=mock_network_get_network_watchers,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
new=mock_network_get_public_ip_addresses,
),
):
network = Network(set_mocked_azure_provider())
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
network.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
result = network._get_network_watchers()
mock_client.network_watchers.list_all.assert_called_once()
mock_client.network_watchers.list.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_network_watchers_with_mixed_case_resource_group(self):
mock_client = MagicMock()
mock_client.network_watchers = MagicMock()
mock_client.network_watchers.list_all.return_value = []
with (
patch(
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
new=mock_network_get_security_groups,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
new=mock_network_get_bastion_hosts,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
new=mock_network_get_network_watchers,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
new=mock_network_get_public_ip_addresses,
),
):
network = Network(set_mocked_azure_provider())
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
network.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
network._get_network_watchers()
mock_client.network_watchers.list_all.assert_called_once()
mock_client.network_watchers.list.assert_not_called()
class Test_Network_get_bastion_hosts_extra:
def test_get_bastion_hosts_with_multiple_resource_groups(self):
mock_client = MagicMock()
mock_client.bastion_hosts = MagicMock()
mock_client.bastion_hosts.list_by_resource_group.return_value = []
with (
patch(
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
new=mock_network_get_security_groups,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
new=mock_network_get_bastion_hosts,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
new=mock_network_get_network_watchers,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
new=mock_network_get_public_ip_addresses,
),
):
network = Network(set_mocked_azure_provider())
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
network.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
result = network._get_bastion_hosts()
assert mock_client.bastion_hosts.list_by_resource_group.call_count == 2
assert AZURE_SUBSCRIPTION_ID in result
def test_get_bastion_hosts_with_mixed_case_resource_group(self):
mock_client = MagicMock()
mock_client.bastion_hosts = MagicMock()
mock_client.bastion_hosts.list_by_resource_group.return_value = []
with (
patch(
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
new=mock_network_get_security_groups,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
new=mock_network_get_bastion_hosts,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
new=mock_network_get_network_watchers,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
new=mock_network_get_public_ip_addresses,
),
):
network = Network(set_mocked_azure_provider())
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
network.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
network._get_bastion_hosts()
mock_client.bastion_hosts.list_by_resource_group.assert_called_once_with(
resource_group_name="RG"
)
class Test_Network_get_public_ip_addresses_extra:
def test_get_public_ip_addresses_with_multiple_resource_groups(self):
mock_client = MagicMock()
mock_client.public_ip_addresses = MagicMock()
mock_client.public_ip_addresses.list.return_value = []
with (
patch(
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
new=mock_network_get_security_groups,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
new=mock_network_get_bastion_hosts,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
new=mock_network_get_network_watchers,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
new=mock_network_get_public_ip_addresses,
),
):
network = Network(set_mocked_azure_provider())
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
network.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
result = network._get_public_ip_addresses()
assert mock_client.public_ip_addresses.list.call_count == 2
assert AZURE_SUBSCRIPTION_ID in result
def test_get_public_ip_addresses_with_mixed_case_resource_group(self):
mock_client = MagicMock()
mock_client.public_ip_addresses = MagicMock()
mock_client.public_ip_addresses.list.return_value = []
with (
patch(
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
new=mock_network_get_security_groups,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
new=mock_network_get_bastion_hosts,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
new=mock_network_get_network_watchers,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
new=mock_network_get_public_ip_addresses,
),
):
network = Network(set_mocked_azure_provider())
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
network.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
network._get_public_ip_addresses()
mock_client.public_ip_addresses.list.assert_called_once_with(
resource_group_name="RG"
)
class Test_Network_get_virtual_networks_extra:
def _ctx(self):
return (
patch(
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
new=mock_network_get_security_groups,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
new=mock_network_get_bastion_hosts,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
new=mock_network_get_network_watchers,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
new=mock_network_get_public_ip_addresses,
),
)
def test_get_virtual_networks_no_resource_groups(self):
mock_client = MagicMock()
mock_client.virtual_networks = MagicMock()
mock_client.virtual_networks.list_all.return_value = []
with (
patch(
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
new=mock_network_get_security_groups,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
new=mock_network_get_bastion_hosts,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
new=mock_network_get_network_watchers,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
new=mock_network_get_public_ip_addresses,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_virtual_networks",
new=mock_network_get_virtual_networks,
),
):
network = Network(set_mocked_azure_provider())
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
network.resource_groups = None
result = network._get_virtual_networks()
mock_client.virtual_networks.list_all.assert_called_once()
mock_client.virtual_networks.list.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_virtual_networks_with_resource_group(self):
mock_client = MagicMock()
mock_client.virtual_networks = MagicMock()
mock_client.virtual_networks.list.return_value = []
with (
patch(
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
new=mock_network_get_security_groups,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
new=mock_network_get_bastion_hosts,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
new=mock_network_get_network_watchers,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
new=mock_network_get_public_ip_addresses,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_virtual_networks",
new=mock_network_get_virtual_networks,
),
):
network = Network(set_mocked_azure_provider())
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
network.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
result = network._get_virtual_networks()
mock_client.virtual_networks.list.assert_called_once_with(
resource_group_name=RESOURCE_GROUP
)
mock_client.virtual_networks.list_all.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_virtual_networks_empty_resource_group_for_subscription(self):
mock_client = MagicMock()
mock_client.virtual_networks = MagicMock()
with (
patch(
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
new=mock_network_get_security_groups,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
new=mock_network_get_bastion_hosts,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
new=mock_network_get_network_watchers,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
new=mock_network_get_public_ip_addresses,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_virtual_networks",
new=mock_network_get_virtual_networks,
),
):
network = Network(set_mocked_azure_provider())
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
network.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
result = network._get_virtual_networks()
mock_client.virtual_networks.list.assert_not_called()
mock_client.virtual_networks.list_all.assert_not_called()
assert result[AZURE_SUBSCRIPTION_ID] == []
def test_get_virtual_networks_with_multiple_resource_groups(self):
mock_client = MagicMock()
mock_client.virtual_networks = MagicMock()
mock_client.virtual_networks.list.return_value = []
with (
patch(
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
new=mock_network_get_security_groups,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
new=mock_network_get_bastion_hosts,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
new=mock_network_get_network_watchers,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
new=mock_network_get_public_ip_addresses,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_virtual_networks",
new=mock_network_get_virtual_networks,
),
):
network = Network(set_mocked_azure_provider())
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
network.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
result = network._get_virtual_networks()
assert mock_client.virtual_networks.list.call_count == 2
assert AZURE_SUBSCRIPTION_ID in result
def test_get_virtual_networks_with_mixed_case_resource_group(self):
mock_client = MagicMock()
mock_client.virtual_networks = MagicMock()
mock_client.virtual_networks.list.return_value = []
with (
patch(
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
new=mock_network_get_security_groups,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
new=mock_network_get_bastion_hosts,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
new=mock_network_get_network_watchers,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
new=mock_network_get_public_ip_addresses,
),
patch(
"prowler.providers.azure.services.network.network_service.Network._get_virtual_networks",
new=mock_network_get_virtual_networks,
),
):
network = Network(set_mocked_azure_provider())
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
network.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
network._get_virtual_networks()
mock_client.virtual_networks.list.assert_called_once_with(
resource_group_name="RG"
)
@@ -1,4 +1,4 @@
from unittest.mock import patch
from unittest.mock import MagicMock, patch
from prowler.providers.azure.services.policy.policy_service import (
Policy,
@@ -6,6 +6,8 @@ from prowler.providers.azure.services.policy.policy_service import (
)
from tests.providers.azure.azure_fixtures import (
AZURE_SUBSCRIPTION_ID,
RESOURCE_GROUP,
RESOURCE_GROUP_LIST,
set_mocked_azure_provider,
)
@@ -52,3 +54,99 @@ class Test_Policy_Service:
policy.policy_assigments[AZURE_SUBSCRIPTION_ID]["policy-1"].enforcement_mode
== "Default"
)
class Test_Policy_get_policy_assigments:
def test_get_policy_assigments_no_resource_groups(self):
mock_client = MagicMock()
mock_client.policy_assignments.list.return_value = []
with patch(
"prowler.providers.azure.services.policy.policy_service.Policy._get_policy_assigments",
return_value={},
):
policy = Policy(set_mocked_azure_provider())
policy.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
policy.resource_groups = None
result = policy._get_policy_assigments()
mock_client.policy_assignments.list.assert_called_once()
mock_client.policy_assignments.list_for_resource_group.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_policy_assigments_with_resource_group(self):
mock_client = MagicMock()
mock_client.policy_assignments.list.return_value = []
with patch(
"prowler.providers.azure.services.policy.policy_service.Policy._get_policy_assigments",
return_value={},
):
policy = Policy(set_mocked_azure_provider())
policy.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
policy.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
result = policy._get_policy_assigments()
mock_client.policy_assignments.list.assert_called_once()
mock_client.policy_assignments.list_for_resource_group.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_policy_assigments_empty_resource_group_for_subscription(self):
mock_client = MagicMock()
mock_client.policy_assignments.list.return_value = []
with patch(
"prowler.providers.azure.services.policy.policy_service.Policy._get_policy_assigments",
return_value={},
):
policy = Policy(set_mocked_azure_provider())
policy.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
policy.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
result = policy._get_policy_assigments()
mock_client.policy_assignments.list.assert_called_once()
mock_client.policy_assignments.list_for_resource_group.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_policy_assigments_with_multiple_resource_groups(self):
mock_client = MagicMock()
mock_client.policy_assignments.list.return_value = []
with patch(
"prowler.providers.azure.services.policy.policy_service.Policy._get_policy_assigments",
return_value={},
):
policy = Policy(set_mocked_azure_provider())
policy.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
policy.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
result = policy._get_policy_assigments()
mock_client.policy_assignments.list.assert_called_once()
mock_client.policy_assignments.list_for_resource_group.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_policy_assigments_with_mixed_case_resource_group(self):
mock_client = MagicMock()
mock_client.policy_assignments.list.return_value = []
with patch(
"prowler.providers.azure.services.policy.policy_service.Policy._get_policy_assigments",
return_value={},
):
policy = Policy(set_mocked_azure_provider())
policy.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
policy.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
policy._get_policy_assigments()
mock_client.policy_assignments.list.assert_called_once()
mock_client.policy_assignments.list_for_resource_group.assert_not_called()
@@ -11,6 +11,8 @@ from prowler.providers.azure.services.postgresql.postgresql_service import (
)
from tests.providers.azure.azure_fixtures import (
AZURE_SUBSCRIPTION_ID,
RESOURCE_GROUP,
RESOURCE_GROUP_LIST,
set_mocked_azure_provider,
)
@@ -243,6 +245,103 @@ class Test_SqlServer_Service:
)
class Test_PostgreSQL_get_flexible_servers:
def test_get_flexible_servers_no_resource_groups(self):
mock_client = MagicMock()
mock_client.servers.list.return_value = []
with patch(
"prowler.providers.azure.services.postgresql.postgresql_service.PostgreSQL._get_flexible_servers",
return_value={},
):
postgresql = PostgreSQL(set_mocked_azure_provider())
postgresql.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
postgresql.resource_groups = None
result = postgresql._get_flexible_servers()
mock_client.servers.list.assert_called_once()
mock_client.servers.list_by_resource_group.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_flexible_servers_with_resource_group(self):
mock_client = MagicMock()
mock_client.servers.list_by_resource_group.return_value = []
with patch(
"prowler.providers.azure.services.postgresql.postgresql_service.PostgreSQL._get_flexible_servers",
return_value={},
):
postgresql = PostgreSQL(set_mocked_azure_provider())
postgresql.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
postgresql.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
result = postgresql._get_flexible_servers()
mock_client.servers.list_by_resource_group.assert_called_once_with(
resource_group_name=RESOURCE_GROUP
)
mock_client.servers.list.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_flexible_servers_empty_resource_group_for_subscription(self):
mock_client = MagicMock()
with patch(
"prowler.providers.azure.services.postgresql.postgresql_service.PostgreSQL._get_flexible_servers",
return_value={},
):
postgresql = PostgreSQL(set_mocked_azure_provider())
postgresql.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
postgresql.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
result = postgresql._get_flexible_servers()
mock_client.servers.list_by_resource_group.assert_not_called()
mock_client.servers.list.assert_not_called()
assert result[AZURE_SUBSCRIPTION_ID] == []
def test_get_flexible_servers_with_multiple_resource_groups(self):
mock_client = MagicMock()
mock_client.servers.list_by_resource_group.return_value = []
with patch(
"prowler.providers.azure.services.postgresql.postgresql_service.PostgreSQL._get_flexible_servers",
return_value={},
):
postgresql = PostgreSQL(set_mocked_azure_provider())
postgresql.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
postgresql.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
result = postgresql._get_flexible_servers()
assert mock_client.servers.list_by_resource_group.call_count == 2
assert AZURE_SUBSCRIPTION_ID in result
def test_get_flexible_servers_with_mixed_case_resource_group(self):
mock_client = MagicMock()
mock_client.servers.list_by_resource_group.return_value = []
with patch(
"prowler.providers.azure.services.postgresql.postgresql_service.PostgreSQL._get_flexible_servers",
return_value={},
):
postgresql = PostgreSQL(set_mocked_azure_provider())
postgresql.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
postgresql.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
postgresql._get_flexible_servers()
mock_client.servers.list_by_resource_group.assert_called_once_with(
resource_group_name="RG"
)
def _make_server(name):
server = MagicMock()
server.id = (
@@ -1,11 +1,18 @@
from types import SimpleNamespace
from unittest import mock
from unittest.mock import MagicMock, patch
from prowler.providers.azure.services.recovery.recovery_service import (
BackupVault,
Recovery,
RecoveryBackup,
)
from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION_ID
from tests.providers.azure.azure_fixtures import (
AZURE_SUBSCRIPTION_ID,
RESOURCE_GROUP,
RESOURCE_GROUP_LIST,
set_mocked_azure_provider,
)
VAULT_ID = (
f"/subscriptions/{AZURE_SUBSCRIPTION_ID}/resourceGroups/rg1/"
@@ -20,6 +27,139 @@ class BackupClientFake:
self.backup_policies.list.return_value = policies
class Test_Recovery_get_vaults:
def test_get_vaults_no_resource_groups(self):
mock_client = MagicMock()
mock_client.vaults = MagicMock()
mock_client.vaults.list_by_subscription_id.return_value = []
with (
patch(
"prowler.providers.azure.services.recovery.recovery_service.Recovery._get_vaults",
return_value={},
),
patch(
"prowler.providers.azure.services.recovery.recovery_service.RecoveryBackup",
),
):
recovery = Recovery(set_mocked_azure_provider())
recovery.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
recovery.resource_groups = None
result = recovery._get_vaults()
mock_client.vaults.list_by_subscription_id.assert_called_once()
mock_client.vaults.list_by_resource_group.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_vaults_with_resource_group(self):
mock_vault = MagicMock()
mock_vault.id = "vault-id-1"
mock_vault.name = "my-vault"
mock_vault.location = "eastus"
mock_client = MagicMock()
mock_client.vaults = MagicMock()
mock_client.vaults.list_by_resource_group.return_value = [mock_vault]
with (
patch(
"prowler.providers.azure.services.recovery.recovery_service.Recovery._get_vaults",
return_value={},
),
patch(
"prowler.providers.azure.services.recovery.recovery_service.RecoveryBackup",
),
):
recovery = Recovery(set_mocked_azure_provider())
recovery.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
recovery.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
result = recovery._get_vaults()
mock_client.vaults.list_by_resource_group.assert_called_once_with(
resource_group_name=RESOURCE_GROUP
)
mock_client.vaults.list_by_subscription_id.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
assert "vault-id-1" in result[AZURE_SUBSCRIPTION_ID]
def test_get_vaults_empty_resource_group_for_subscription(self):
mock_client = MagicMock()
mock_client.vaults = MagicMock()
with (
patch(
"prowler.providers.azure.services.recovery.recovery_service.Recovery._get_vaults",
return_value={},
),
patch(
"prowler.providers.azure.services.recovery.recovery_service.RecoveryBackup",
),
):
recovery = Recovery(set_mocked_azure_provider())
recovery.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
recovery.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
result = recovery._get_vaults()
mock_client.vaults.list_by_resource_group.assert_not_called()
mock_client.vaults.list_by_subscription_id.assert_not_called()
assert result[AZURE_SUBSCRIPTION_ID] == {}
def test_get_vaults_with_multiple_resource_groups(self):
mock_client = MagicMock()
mock_client.vaults = MagicMock()
mock_client.vaults.list_by_resource_group.return_value = []
with (
patch(
"prowler.providers.azure.services.recovery.recovery_service.Recovery._get_vaults",
return_value={},
),
patch(
"prowler.providers.azure.services.recovery.recovery_service.RecoveryBackup",
),
):
recovery = Recovery(set_mocked_azure_provider())
recovery.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
recovery.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
result = recovery._get_vaults()
assert mock_client.vaults.list_by_resource_group.call_count == 2
assert AZURE_SUBSCRIPTION_ID in result
def test_get_vaults_with_mixed_case_resource_group(self):
mock_client = MagicMock()
mock_client.vaults = MagicMock()
mock_client.vaults.list_by_resource_group.return_value = []
with (
patch(
"prowler.providers.azure.services.recovery.recovery_service.Recovery._get_vaults",
return_value={},
),
patch(
"prowler.providers.azure.services.recovery.recovery_service.RecoveryBackup",
),
):
recovery = Recovery(set_mocked_azure_provider())
recovery.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
recovery.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
recovery._get_vaults()
mock_client.vaults.list_by_resource_group.assert_called_once_with(
resource_group_name="RG"
)
class Test_RecoveryBackup_Service:
def test_get_backup_policies_lists_unprotected_vault_policies(self):
policy = SimpleNamespace(
@@ -1,4 +1,4 @@
from unittest.mock import patch
from unittest.mock import MagicMock, patch
from azure.mgmt.sql.models import (
EncryptionProtector,
@@ -16,6 +16,8 @@ from prowler.providers.azure.services.sqlserver.sqlserver_service import (
)
from tests.providers.azure.azure_fixtures import (
AZURE_SUBSCRIPTION_ID,
RESOURCE_GROUP,
RESOURCE_GROUP_LIST,
set_mocked_azure_provider,
)
@@ -245,3 +247,100 @@ class Test_SqlServer_Service:
].security_alert_policies.state
== "Disabled"
)
class Test_SQLServer_get_sql_servers:
def test_get_sql_servers_no_resource_groups(self):
mock_client = MagicMock()
mock_client.servers.list.return_value = []
with patch(
"prowler.providers.azure.services.sqlserver.sqlserver_service.SQLServer._get_sql_servers",
return_value={},
):
sql_server = SQLServer(set_mocked_azure_provider())
sql_server.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
sql_server.resource_groups = None
result = sql_server._get_sql_servers()
mock_client.servers.list.assert_called_once()
mock_client.servers.list_by_resource_group.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_sql_servers_with_resource_group(self):
mock_client = MagicMock()
mock_client.servers.list_by_resource_group.return_value = []
with patch(
"prowler.providers.azure.services.sqlserver.sqlserver_service.SQLServer._get_sql_servers",
return_value={},
):
sql_server = SQLServer(set_mocked_azure_provider())
sql_server.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
sql_server.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
result = sql_server._get_sql_servers()
mock_client.servers.list_by_resource_group.assert_called_once_with(
resource_group_name=RESOURCE_GROUP
)
mock_client.servers.list.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_sql_servers_empty_resource_group_for_subscription(self):
mock_client = MagicMock()
with patch(
"prowler.providers.azure.services.sqlserver.sqlserver_service.SQLServer._get_sql_servers",
return_value={},
):
sql_server = SQLServer(set_mocked_azure_provider())
sql_server.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
sql_server.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
result = sql_server._get_sql_servers()
mock_client.servers.list_by_resource_group.assert_not_called()
mock_client.servers.list.assert_not_called()
assert result[AZURE_SUBSCRIPTION_ID] == []
def test_get_sql_servers_with_multiple_resource_groups(self):
mock_client = MagicMock()
mock_client.servers.list_by_resource_group.return_value = []
with patch(
"prowler.providers.azure.services.sqlserver.sqlserver_service.SQLServer._get_sql_servers",
return_value={},
):
sql_server = SQLServer(set_mocked_azure_provider())
sql_server.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
sql_server.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
result = sql_server._get_sql_servers()
assert mock_client.servers.list_by_resource_group.call_count == 2
assert AZURE_SUBSCRIPTION_ID in result
def test_get_sql_servers_with_mixed_case_resource_group(self):
mock_client = MagicMock()
mock_client.servers.list_by_resource_group.return_value = []
with patch(
"prowler.providers.azure.services.sqlserver.sqlserver_service.SQLServer._get_sql_servers",
return_value={},
):
sql_server = SQLServer(set_mocked_azure_provider())
sql_server.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
sql_server.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
sql_server._get_sql_servers()
mock_client.servers.list_by_resource_group.assert_called_once_with(
resource_group_name="RG"
)
@@ -1,4 +1,4 @@
from unittest.mock import patch
from unittest.mock import MagicMock, patch
from prowler.providers.azure.services.storage.storage_service import (
Account,
@@ -11,6 +11,8 @@ from prowler.providers.azure.services.storage.storage_service import (
)
from tests.providers.azure.azure_fixtures import (
AZURE_SUBSCRIPTION_ID,
RESOURCE_GROUP,
RESOURCE_GROUP_LIST,
set_mocked_azure_provider,
)
@@ -387,3 +389,155 @@ class Test_Storage_Service_Retention_Policy_None_Handling:
is False
)
assert account.file_service_properties.share_delete_retention_policy.days == 0
class Test_Storage_get_storage_accounts:
def test_get_storage_accounts_no_resource_groups(self):
mock_client = MagicMock()
mock_client.storage_accounts = MagicMock()
mock_client.storage_accounts.list.return_value = []
with (
patch(
"prowler.providers.azure.services.storage.storage_service.Storage._get_storage_accounts",
return_value={},
),
patch(
"prowler.providers.azure.services.storage.storage_service.Storage._get_blob_properties",
return_value=None,
),
patch(
"prowler.providers.azure.services.storage.storage_service.Storage._get_file_share_properties",
return_value=None,
),
):
storage = Storage(set_mocked_azure_provider())
storage.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
storage.resource_groups = None
result = storage._get_storage_accounts()
mock_client.storage_accounts.list.assert_called_once()
mock_client.storage_accounts.list_by_resource_group.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_storage_accounts_with_resource_group(self):
mock_client = MagicMock()
mock_client.storage_accounts = MagicMock()
mock_client.storage_accounts.list_by_resource_group.return_value = []
with (
patch(
"prowler.providers.azure.services.storage.storage_service.Storage._get_storage_accounts",
return_value={},
),
patch(
"prowler.providers.azure.services.storage.storage_service.Storage._get_blob_properties",
return_value=None,
),
patch(
"prowler.providers.azure.services.storage.storage_service.Storage._get_file_share_properties",
return_value=None,
),
):
storage = Storage(set_mocked_azure_provider())
storage.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
storage.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
result = storage._get_storage_accounts()
mock_client.storage_accounts.list_by_resource_group.assert_called_once_with(
resource_group_name=RESOURCE_GROUP
)
mock_client.storage_accounts.list.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_storage_accounts_empty_resource_group_for_subscription(self):
mock_client = MagicMock()
mock_client.storage_accounts = MagicMock()
with (
patch(
"prowler.providers.azure.services.storage.storage_service.Storage._get_storage_accounts",
return_value={},
),
patch(
"prowler.providers.azure.services.storage.storage_service.Storage._get_blob_properties",
return_value=None,
),
patch(
"prowler.providers.azure.services.storage.storage_service.Storage._get_file_share_properties",
return_value=None,
),
):
storage = Storage(set_mocked_azure_provider())
storage.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
storage.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
result = storage._get_storage_accounts()
mock_client.storage_accounts.list_by_resource_group.assert_not_called()
mock_client.storage_accounts.list.assert_not_called()
assert result[AZURE_SUBSCRIPTION_ID] == []
def test_get_storage_accounts_with_multiple_resource_groups(self):
mock_client = MagicMock()
mock_client.storage_accounts = MagicMock()
mock_client.storage_accounts.list_by_resource_group.return_value = []
with (
patch(
"prowler.providers.azure.services.storage.storage_service.Storage._get_storage_accounts",
return_value={},
),
patch(
"prowler.providers.azure.services.storage.storage_service.Storage._get_blob_properties",
return_value=None,
),
patch(
"prowler.providers.azure.services.storage.storage_service.Storage._get_file_share_properties",
return_value=None,
),
):
storage = Storage(set_mocked_azure_provider())
storage.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
storage.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
result = storage._get_storage_accounts()
assert mock_client.storage_accounts.list_by_resource_group.call_count == 2
assert AZURE_SUBSCRIPTION_ID in result
def test_get_storage_accounts_with_mixed_case_resource_group(self):
mock_client = MagicMock()
mock_client.storage_accounts = MagicMock()
mock_client.storage_accounts.list_by_resource_group.return_value = []
with (
patch(
"prowler.providers.azure.services.storage.storage_service.Storage._get_storage_accounts",
return_value={},
),
patch(
"prowler.providers.azure.services.storage.storage_service.Storage._get_blob_properties",
return_value=None,
),
patch(
"prowler.providers.azure.services.storage.storage_service.Storage._get_file_share_properties",
return_value=None,
),
):
storage = Storage(set_mocked_azure_provider())
storage.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
storage.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
storage._get_storage_accounts()
mock_client.storage_accounts.list_by_resource_group.assert_called_once_with(
resource_group_name="RG"
)
@@ -14,6 +14,8 @@ from prowler.providers.azure.services.vm.vm_service import (
)
from tests.providers.azure.azure_fixtures import (
AZURE_SUBSCRIPTION_ID,
RESOURCE_GROUP,
RESOURCE_GROUP_LIST,
set_mocked_azure_provider,
)
@@ -465,3 +467,328 @@ class Test_VirtualMachine_SecurityProfile_Validation:
assert isinstance(vm.security_profile.uefi_settings, UefiSettings)
assert vm.security_profile.uefi_settings.secure_boot_enabled is True
assert vm.security_profile.uefi_settings.v_tpm_enabled is True
class Test_VM_get_virtual_machines:
def test_get_virtual_machines_no_resource_groups(self):
mock_client = MagicMock()
mock_client.virtual_machines = MagicMock()
mock_client.virtual_machines.list_all.return_value = []
with (
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
patch.object(VirtualMachines, "_get_disks", return_value={}),
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
):
vm_service = VirtualMachines(set_mocked_azure_provider())
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
vm_service.resource_groups = None
result = vm_service._get_virtual_machines()
mock_client.virtual_machines.list_all.assert_called_once()
mock_client.virtual_machines.list.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_virtual_machines_with_resource_group(self):
mock_client = MagicMock()
mock_client.virtual_machines = MagicMock()
mock_client.virtual_machines.list.return_value = []
with (
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
patch.object(VirtualMachines, "_get_disks", return_value={}),
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
):
vm_service = VirtualMachines(set_mocked_azure_provider())
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
vm_service.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
result = vm_service._get_virtual_machines()
mock_client.virtual_machines.list.assert_called_once_with(
resource_group_name=RESOURCE_GROUP
)
mock_client.virtual_machines.list_all.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_virtual_machines_empty_resource_group_for_subscription(self):
mock_client = MagicMock()
mock_client.virtual_machines = MagicMock()
with (
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
patch.object(VirtualMachines, "_get_disks", return_value={}),
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
):
vm_service = VirtualMachines(set_mocked_azure_provider())
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
vm_service.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
result = vm_service._get_virtual_machines()
mock_client.virtual_machines.list.assert_not_called()
mock_client.virtual_machines.list_all.assert_not_called()
assert result[AZURE_SUBSCRIPTION_ID] == {}
class Test_VM_get_disks:
def test_get_disks_no_resource_groups(self):
mock_client = MagicMock()
mock_client.disks = MagicMock()
mock_client.disks.list.return_value = []
with (
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
patch.object(VirtualMachines, "_get_disks", return_value={}),
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
):
vm_service = VirtualMachines(set_mocked_azure_provider())
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
vm_service.resource_groups = None
result = vm_service._get_disks()
mock_client.disks.list.assert_called_once()
mock_client.disks.list_by_resource_group.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_disks_with_resource_group(self):
mock_client = MagicMock()
mock_client.disks = MagicMock()
mock_client.disks.list_by_resource_group.return_value = []
with (
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
patch.object(VirtualMachines, "_get_disks", return_value={}),
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
):
vm_service = VirtualMachines(set_mocked_azure_provider())
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
vm_service.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
result = vm_service._get_disks()
mock_client.disks.list_by_resource_group.assert_called_once_with(
resource_group_name=RESOURCE_GROUP
)
mock_client.disks.list.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_disks_empty_resource_group_for_subscription(self):
mock_client = MagicMock()
mock_client.disks = MagicMock()
with (
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
patch.object(VirtualMachines, "_get_disks", return_value={}),
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
):
vm_service = VirtualMachines(set_mocked_azure_provider())
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
vm_service.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
result = vm_service._get_disks()
mock_client.disks.list_by_resource_group.assert_not_called()
mock_client.disks.list.assert_not_called()
assert result[AZURE_SUBSCRIPTION_ID] == {}
class Test_VM_get_vm_scale_sets:
def test_get_vm_scale_sets_no_resource_groups(self):
mock_client = MagicMock()
mock_client.virtual_machine_scale_sets = MagicMock()
mock_client.virtual_machine_scale_sets.list_all.return_value = []
with (
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
patch.object(VirtualMachines, "_get_disks", return_value={}),
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
):
vm_service = VirtualMachines(set_mocked_azure_provider())
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
vm_service.resource_groups = None
result = vm_service._get_vm_scale_sets()
mock_client.virtual_machine_scale_sets.list_all.assert_called_once()
mock_client.virtual_machine_scale_sets.list.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_vm_scale_sets_with_resource_group(self):
mock_client = MagicMock()
mock_client.virtual_machine_scale_sets = MagicMock()
mock_client.virtual_machine_scale_sets.list.return_value = []
with (
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
patch.object(VirtualMachines, "_get_disks", return_value={}),
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
):
vm_service = VirtualMachines(set_mocked_azure_provider())
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
vm_service.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
result = vm_service._get_vm_scale_sets()
mock_client.virtual_machine_scale_sets.list.assert_called_once_with(
resource_group_name=RESOURCE_GROUP
)
mock_client.virtual_machine_scale_sets.list_all.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_vm_scale_sets_empty_resource_group_for_subscription(self):
mock_client = MagicMock()
mock_client.virtual_machine_scale_sets = MagicMock()
with (
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
patch.object(VirtualMachines, "_get_disks", return_value={}),
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
):
vm_service = VirtualMachines(set_mocked_azure_provider())
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
vm_service.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
result = vm_service._get_vm_scale_sets()
mock_client.virtual_machine_scale_sets.list.assert_not_called()
mock_client.virtual_machine_scale_sets.list_all.assert_not_called()
assert result[AZURE_SUBSCRIPTION_ID] == {}
def test_get_virtual_machines_with_multiple_resource_groups(self):
mock_client = MagicMock()
mock_client.virtual_machines = MagicMock()
mock_client.virtual_machines.list.return_value = []
with (
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
patch.object(VirtualMachines, "_get_disks", return_value={}),
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
):
vm_service = VirtualMachines(set_mocked_azure_provider())
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
vm_service.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
result = vm_service._get_virtual_machines()
assert mock_client.virtual_machines.list.call_count == 2
assert AZURE_SUBSCRIPTION_ID in result
def test_get_virtual_machines_with_mixed_case_resource_group(self):
mock_client = MagicMock()
mock_client.virtual_machines = MagicMock()
mock_client.virtual_machines.list.return_value = []
with (
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
patch.object(VirtualMachines, "_get_disks", return_value={}),
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
):
vm_service = VirtualMachines(set_mocked_azure_provider())
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
vm_service.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
vm_service._get_virtual_machines()
mock_client.virtual_machines.list.assert_called_once_with(
resource_group_name="RG"
)
class Test_VM_get_disks_extra:
def test_get_disks_with_multiple_resource_groups(self):
mock_client = MagicMock()
mock_client.disks = MagicMock()
mock_client.disks.list_by_resource_group.return_value = []
with (
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
patch.object(VirtualMachines, "_get_disks", return_value={}),
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
):
vm_service = VirtualMachines(set_mocked_azure_provider())
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
vm_service.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
result = vm_service._get_disks()
assert mock_client.disks.list_by_resource_group.call_count == 2
assert AZURE_SUBSCRIPTION_ID in result
def test_get_disks_with_mixed_case_resource_group(self):
mock_client = MagicMock()
mock_client.disks = MagicMock()
mock_client.disks.list_by_resource_group.return_value = []
with (
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
patch.object(VirtualMachines, "_get_disks", return_value={}),
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
):
vm_service = VirtualMachines(set_mocked_azure_provider())
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
vm_service.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
vm_service._get_disks()
mock_client.disks.list_by_resource_group.assert_called_once_with(
resource_group_name="RG"
)
class Test_VM_get_vm_scale_sets_extra:
def test_get_vm_scale_sets_with_multiple_resource_groups(self):
mock_client = MagicMock()
mock_client.virtual_machine_scale_sets = MagicMock()
mock_client.virtual_machine_scale_sets.list.return_value = []
with (
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
patch.object(VirtualMachines, "_get_disks", return_value={}),
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
):
vm_service = VirtualMachines(set_mocked_azure_provider())
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
vm_service.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
result = vm_service._get_vm_scale_sets()
assert mock_client.virtual_machine_scale_sets.list.call_count == 2
assert AZURE_SUBSCRIPTION_ID in result
def test_get_vm_scale_sets_with_mixed_case_resource_group(self):
mock_client = MagicMock()
mock_client.virtual_machine_scale_sets = MagicMock()
mock_client.virtual_machine_scale_sets.list.return_value = []
with (
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
patch.object(VirtualMachines, "_get_disks", return_value={}),
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
):
vm_service = VirtualMachines(set_mocked_azure_provider())
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
vm_service.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
vm_service._get_vm_scale_sets()
mock_client.virtual_machine_scale_sets.list.assert_called_once_with(
resource_group_name="RG"
)