mirror of
https://github.com/prowler-cloud/prowler.git
synced 2026-07-04 19:21:51 +00:00
feat(azure): filtering scans at resource group level (#10657)
Signed-off-by: Legin-ML <leginml2004@gmail.com>
This commit is contained in:
@@ -9,6 +9,8 @@ from prowler.providers.azure.models import AzureIdentityInfo, AzureRegionConfig
|
||||
AZURE_SUBSCRIPTION_ID = str(uuid4())
|
||||
AZURE_SUBSCRIPTION_NAME = "Subscription Name"
|
||||
AZURE_SUBSCRIPTION_DISPLAY = f"{AZURE_SUBSCRIPTION_NAME} ({AZURE_SUBSCRIPTION_ID})"
|
||||
RESOURCE_GROUP = "rg"
|
||||
RESOURCE_GROUP_LIST = [RESOURCE_GROUP, "rg2"]
|
||||
|
||||
# Azure Identity
|
||||
IDENTITY_ID = "00000000-0000-0000-0000-000000000000"
|
||||
@@ -30,6 +32,7 @@ def set_mocked_azure_provider(
|
||||
audit_config: dict = None,
|
||||
azure_region_config: AzureRegionConfig = AzureRegionConfig(),
|
||||
locations: list = None,
|
||||
resource_groups: dict = None,
|
||||
) -> AzureProvider:
|
||||
|
||||
provider = MagicMock()
|
||||
@@ -39,5 +42,6 @@ def set_mocked_azure_provider(
|
||||
provider.identity = identity
|
||||
provider.audit_config = audit_config
|
||||
provider.region_config = azure_region_config
|
||||
provider.resource_groups = resource_groups
|
||||
|
||||
return provider
|
||||
|
||||
@@ -552,6 +552,102 @@ class TestAzureProvider:
|
||||
assert regions == expected_regions
|
||||
|
||||
|
||||
class TestAzureProviderValidateResourceGroups:
|
||||
@patch(
|
||||
"prowler.providers.azure.azure_provider.AzureProvider.__init__",
|
||||
return_value=None,
|
||||
)
|
||||
def _make_provider(self, _mock_init, subscriptions=None):
|
||||
provider = AzureProvider()
|
||||
provider._identity = MagicMock()
|
||||
provider._identity.subscriptions = subscriptions or {str(uuid4()): "Sub"}
|
||||
provider._session = MagicMock()
|
||||
provider._region_config = MagicMock()
|
||||
return provider
|
||||
|
||||
@patch("prowler.providers.azure.azure_provider.ResourceManagementClient")
|
||||
def test_validate_resource_groups_exact_match(self, mock_rm_client):
|
||||
provider = self._make_provider()
|
||||
sub_name = list(provider._identity.subscriptions.keys())[0]
|
||||
|
||||
mock_rg = MagicMock()
|
||||
mock_rg.name = "mygroup"
|
||||
mock_resource_groups = MagicMock()
|
||||
mock_resource_groups.list.return_value = [mock_rg]
|
||||
mock_rm_client.return_value.resource_groups = mock_resource_groups
|
||||
|
||||
result = provider.validate_resource_groups(["mygroup"])
|
||||
|
||||
assert result[sub_name] == ["mygroup"]
|
||||
|
||||
@patch("prowler.providers.azure.azure_provider.ResourceManagementClient")
|
||||
def test_validate_resource_groups_mixed_case(self, mock_rm_client):
|
||||
provider = self._make_provider()
|
||||
sub_name = list(provider._identity.subscriptions.keys())[0]
|
||||
|
||||
mock_rg = MagicMock()
|
||||
mock_rg.name = "MyGroup"
|
||||
mock_resource_groups = MagicMock()
|
||||
mock_resource_groups.list.return_value = [mock_rg]
|
||||
mock_rm_client.return_value.resource_groups = mock_resource_groups
|
||||
|
||||
result = provider.validate_resource_groups(["mygroup"])
|
||||
|
||||
assert result[sub_name] == ["MyGroup"]
|
||||
mock_resource_groups.list.assert_called_once()
|
||||
|
||||
@patch("prowler.providers.azure.azure_provider.ResourceManagementClient")
|
||||
def test_validate_resource_groups_multiple_rgs(self, mock_rm_client):
|
||||
provider = self._make_provider()
|
||||
sub_name = list(provider._identity.subscriptions.keys())[0]
|
||||
|
||||
rg1, rg2 = MagicMock(), MagicMock()
|
||||
rg1.name = "rg1"
|
||||
rg2.name = "rg2"
|
||||
mock_resource_groups = MagicMock()
|
||||
mock_resource_groups.list.return_value = [rg1, rg2]
|
||||
mock_rm_client.return_value.resource_groups = mock_resource_groups
|
||||
|
||||
result = provider.validate_resource_groups(["rg1", "rg2"])
|
||||
|
||||
assert set(result[sub_name]) == {"rg1", "rg2"}
|
||||
|
||||
@patch("prowler.providers.azure.azure_provider.ResourceManagementClient")
|
||||
def test_validate_resource_groups_not_found(self, mock_rm_client):
|
||||
provider = self._make_provider()
|
||||
sub_name = list(provider._identity.subscriptions.keys())[0]
|
||||
|
||||
mock_rg = MagicMock()
|
||||
mock_rg.name = "existing"
|
||||
mock_resource_groups = MagicMock()
|
||||
mock_resource_groups.list.return_value = [mock_rg]
|
||||
mock_rm_client.return_value.resource_groups = mock_resource_groups
|
||||
|
||||
result = provider.validate_resource_groups(["nonexistent"])
|
||||
|
||||
assert result[sub_name] == []
|
||||
|
||||
def test_validate_resource_groups_empty_input(self):
|
||||
provider = self._make_provider()
|
||||
result = provider.validate_resource_groups([])
|
||||
assert result == {}
|
||||
|
||||
@patch("prowler.providers.azure.azure_provider.ResourceManagementClient")
|
||||
def test_validate_resource_groups_strips_whitespace(self, mock_rm_client):
|
||||
provider = self._make_provider()
|
||||
sub_name = list(provider._identity.subscriptions.keys())[0]
|
||||
|
||||
mock_rg = MagicMock()
|
||||
mock_rg.name = "rg-prod"
|
||||
mock_resource_groups = MagicMock()
|
||||
mock_resource_groups.list.return_value = [mock_rg]
|
||||
mock_rm_client.return_value.resource_groups = mock_resource_groups
|
||||
|
||||
result = provider.validate_resource_groups([" rg-prod "])
|
||||
|
||||
assert result[sub_name] == ["rg-prod"]
|
||||
|
||||
|
||||
class TestAzureProviderSetupIdentitySubscriptions:
|
||||
"""Regression tests ensuring identity.subscriptions preserves every
|
||||
subscription even when multiple Azure subscriptions share the same
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
from unittest.mock import patch
|
||||
from unittest.mock import MagicMock, patch
|
||||
|
||||
from prowler.providers.azure.services.aisearch.aisearch_service import (
|
||||
AISearch,
|
||||
@@ -6,9 +6,13 @@ from prowler.providers.azure.services.aisearch.aisearch_service import (
|
||||
)
|
||||
from tests.providers.azure.azure_fixtures import (
|
||||
AZURE_SUBSCRIPTION_ID,
|
||||
RESOURCE_GROUP,
|
||||
RESOURCE_GROUP_LIST,
|
||||
set_mocked_azure_provider,
|
||||
)
|
||||
|
||||
AISEARCH_SERVICE_ID = f"/subscriptions/{AZURE_SUBSCRIPTION_ID}/resourceGroups/{RESOURCE_GROUP}/providers/Microsoft.Search/searchServices/search1"
|
||||
|
||||
|
||||
def mock_storage_get_aisearch_services(_):
|
||||
return {
|
||||
@@ -58,3 +62,121 @@ class Test_AISearch_Service:
|
||||
assert aisearch.aisearch_services[AZURE_SUBSCRIPTION_ID][
|
||||
"aisearch_service_id-1"
|
||||
].public_network_access
|
||||
|
||||
|
||||
class Test_AISearch_Service_get_aisearch_services:
|
||||
def test_get_aisearch_services_no_resource_groups(self):
|
||||
mock_service = MagicMock()
|
||||
mock_service.id = AISEARCH_SERVICE_ID
|
||||
mock_service.name = "search1"
|
||||
mock_service.location = "westeurope"
|
||||
mock_service.public_network_access = "Enabled"
|
||||
|
||||
mock_client = MagicMock()
|
||||
mock_client.services.list_by_subscription.return_value = [mock_service]
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.aisearch.aisearch_service.AISearch._get_aisearch_services",
|
||||
return_value={},
|
||||
):
|
||||
aisearch = AISearch(set_mocked_azure_provider())
|
||||
|
||||
aisearch.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
aisearch.resource_groups = None
|
||||
|
||||
result = aisearch._get_aisearch_services()
|
||||
|
||||
mock_client.services.list_by_subscription.assert_called_once()
|
||||
mock_client.services.list_by_resource_group.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
assert (
|
||||
result[AZURE_SUBSCRIPTION_ID][AISEARCH_SERVICE_ID].public_network_access
|
||||
is True
|
||||
)
|
||||
|
||||
def test_get_aisearch_services_with_resource_group(self):
|
||||
mock_service = MagicMock()
|
||||
mock_service.id = AISEARCH_SERVICE_ID
|
||||
mock_service.name = "search1"
|
||||
mock_service.location = "westeurope"
|
||||
mock_service.public_network_access = "Disabled"
|
||||
|
||||
mock_client = MagicMock()
|
||||
mock_client.services.list_by_resource_group.return_value = [mock_service]
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.aisearch.aisearch_service.AISearch._get_aisearch_services",
|
||||
return_value={},
|
||||
):
|
||||
aisearch = AISearch(set_mocked_azure_provider())
|
||||
|
||||
aisearch.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
aisearch.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||
|
||||
result = aisearch._get_aisearch_services()
|
||||
|
||||
mock_client.services.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name=RESOURCE_GROUP
|
||||
)
|
||||
mock_client.services.list_by_subscription.assert_not_called()
|
||||
assert (
|
||||
result[AZURE_SUBSCRIPTION_ID][AISEARCH_SERVICE_ID].public_network_access
|
||||
is False
|
||||
)
|
||||
|
||||
def test_get_aisearch_services_empty_resource_group_for_subscription(self):
|
||||
mock_client = MagicMock()
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.aisearch.aisearch_service.AISearch._get_aisearch_services",
|
||||
return_value={},
|
||||
):
|
||||
aisearch = AISearch(set_mocked_azure_provider())
|
||||
|
||||
aisearch.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
aisearch.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||
|
||||
result = aisearch._get_aisearch_services()
|
||||
|
||||
mock_client.services.list_by_resource_group.assert_not_called()
|
||||
mock_client.services.list_by_subscription.assert_not_called()
|
||||
assert result[AZURE_SUBSCRIPTION_ID] == {}
|
||||
|
||||
def test_get_aisearch_services_with_multiple_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.services = MagicMock()
|
||||
mock_client.services.list_by_resource_group.return_value = []
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.aisearch.aisearch_service.AISearch._get_aisearch_services",
|
||||
return_value={},
|
||||
):
|
||||
aisearch = AISearch(set_mocked_azure_provider())
|
||||
|
||||
aisearch.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
aisearch.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||
|
||||
result = aisearch._get_aisearch_services()
|
||||
|
||||
assert mock_client.services.list_by_resource_group.call_count == 2
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_aisearch_services_with_mixed_case_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.services = MagicMock()
|
||||
mock_client.services.list_by_resource_group.return_value = []
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.aisearch.aisearch_service.AISearch._get_aisearch_services",
|
||||
return_value={},
|
||||
):
|
||||
aisearch = AISearch(set_mocked_azure_provider())
|
||||
|
||||
aisearch.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
aisearch.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||
|
||||
aisearch._get_aisearch_services()
|
||||
|
||||
mock_client.services.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name="RG"
|
||||
)
|
||||
|
||||
@@ -1,8 +1,10 @@
|
||||
from unittest.mock import patch
|
||||
from unittest.mock import MagicMock, patch
|
||||
|
||||
from prowler.providers.azure.services.aks.aks_service import AKS, Cluster
|
||||
from tests.providers.azure.azure_fixtures import (
|
||||
AZURE_SUBSCRIPTION_ID,
|
||||
RESOURCE_GROUP,
|
||||
RESOURCE_GROUP_LIST,
|
||||
set_mocked_azure_provider,
|
||||
)
|
||||
|
||||
@@ -66,3 +68,128 @@ class Test_AKS_Service:
|
||||
aks.clusters[AZURE_SUBSCRIPTION_ID]["cluster_id-1"].location == "westeurope"
|
||||
)
|
||||
assert aks.clusters[AZURE_SUBSCRIPTION_ID]["cluster_id-1"].rbac_enabled
|
||||
|
||||
|
||||
class Test_AKS_get_clusters:
|
||||
def test_get_clusters_no_resource_groups(self):
|
||||
mock_cluster = MagicMock()
|
||||
mock_cluster.id = "cluster_id-1"
|
||||
mock_cluster.name = "cluster_name"
|
||||
mock_cluster.fqdn = "public_fqdn"
|
||||
mock_cluster.private_fqdn = "private_fqdn"
|
||||
mock_cluster.location = "westeurope"
|
||||
mock_cluster.kubernetes_version = "1.28.0"
|
||||
mock_cluster.network_profile = None
|
||||
mock_cluster.agent_pool_profiles = []
|
||||
mock_cluster.enable_rbac = False
|
||||
|
||||
mock_client = MagicMock()
|
||||
mock_client.managed_clusters.list.return_value = [mock_cluster]
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.aks.aks_service.AKS._get_clusters",
|
||||
return_value={},
|
||||
):
|
||||
aks = AKS(set_mocked_azure_provider())
|
||||
|
||||
aks.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
aks.resource_groups = None
|
||||
|
||||
result = aks._get_clusters()
|
||||
|
||||
mock_client.managed_clusters.list.assert_called_once()
|
||||
mock_client.managed_clusters.list_by_resource_group.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
assert "cluster_id-1" in result[AZURE_SUBSCRIPTION_ID]
|
||||
|
||||
def test_get_clusters_with_resource_group(self):
|
||||
mock_cluster = MagicMock()
|
||||
mock_cluster.id = "cluster_id-1"
|
||||
mock_cluster.name = "cluster_name"
|
||||
mock_cluster.fqdn = "public_fqdn"
|
||||
mock_cluster.private_fqdn = "private_fqdn"
|
||||
mock_cluster.location = "westeurope"
|
||||
mock_cluster.kubernetes_version = "1.28.0"
|
||||
mock_cluster.network_profile = None
|
||||
mock_cluster.agent_pool_profiles = []
|
||||
mock_cluster.enable_rbac = False
|
||||
|
||||
mock_client = MagicMock()
|
||||
mock_client.managed_clusters.list_by_resource_group.return_value = [
|
||||
mock_cluster
|
||||
]
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.aks.aks_service.AKS._get_clusters",
|
||||
return_value={},
|
||||
):
|
||||
aks = AKS(set_mocked_azure_provider())
|
||||
|
||||
aks.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
aks.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||
|
||||
result = aks._get_clusters()
|
||||
|
||||
mock_client.managed_clusters.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name=RESOURCE_GROUP
|
||||
)
|
||||
mock_client.managed_clusters.list.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
assert "cluster_id-1" in result[AZURE_SUBSCRIPTION_ID]
|
||||
|
||||
def test_get_clusters_empty_resource_group_for_subscription(self):
|
||||
mock_client = MagicMock()
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.aks.aks_service.AKS._get_clusters",
|
||||
return_value={},
|
||||
):
|
||||
aks = AKS(set_mocked_azure_provider())
|
||||
|
||||
aks.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
aks.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||
|
||||
result = aks._get_clusters()
|
||||
|
||||
mock_client.managed_clusters.list_by_resource_group.assert_not_called()
|
||||
mock_client.managed_clusters.list.assert_not_called()
|
||||
assert result[AZURE_SUBSCRIPTION_ID] == {}
|
||||
|
||||
def test_get_clusters_with_multiple_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.managed_clusters = MagicMock()
|
||||
mock_client.managed_clusters.list_by_resource_group.return_value = []
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.aks.aks_service.AKS._get_clusters",
|
||||
return_value={},
|
||||
):
|
||||
aks = AKS(set_mocked_azure_provider())
|
||||
|
||||
aks.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
aks.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||
|
||||
result = aks._get_clusters()
|
||||
|
||||
assert mock_client.managed_clusters.list_by_resource_group.call_count == 2
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_clusters_with_mixed_case_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.managed_clusters = MagicMock()
|
||||
mock_client.managed_clusters.list_by_resource_group.return_value = []
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.aks.aks_service.AKS._get_clusters",
|
||||
return_value={},
|
||||
):
|
||||
aks = AKS(set_mocked_azure_provider())
|
||||
|
||||
aks.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
aks.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||
|
||||
aks._get_clusters()
|
||||
|
||||
mock_client.managed_clusters.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name="RG"
|
||||
)
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
from datetime import timedelta
|
||||
from unittest import TestCase, mock
|
||||
from unittest.mock import patch
|
||||
from unittest.mock import MagicMock, patch
|
||||
|
||||
from azure.mgmt.loganalytics.models import Workspace
|
||||
from azure.mgmt.monitor.models import DiagnosticSettingsResource
|
||||
@@ -9,6 +9,8 @@ from azure.monitor.query import LogsQueryResult
|
||||
from tests.providers.azure.azure_fixtures import (
|
||||
AZURE_SUBSCRIPTION_ID,
|
||||
AZURE_SUBSCRIPTION_NAME,
|
||||
RESOURCE_GROUP,
|
||||
RESOURCE_GROUP_LIST,
|
||||
set_mocked_azure_provider,
|
||||
)
|
||||
|
||||
@@ -16,7 +18,6 @@ from tests.providers.azure.azure_fixtures import (
|
||||
APIM_INSTANCE_ID = f"/subscriptions/{AZURE_SUBSCRIPTION_ID}/resourceGroups/rg/providers/Microsoft.ApiManagement/service/apim1"
|
||||
APIM_INSTANCE_NAME = "apim1"
|
||||
LOCATION = "West US"
|
||||
RESOURCE_GROUP = "rg"
|
||||
WORKSPACE_ID = f"/subscriptions/{AZURE_SUBSCRIPTION_ID}/resourcegroups/rg/providers/microsoft.operationalinsights/workspaces/loganalytics"
|
||||
WORKSPACE_CUSTOMER_ID = "12345678-1234-1234-1234-1234567890ab"
|
||||
|
||||
@@ -323,3 +324,168 @@ class Test_APIM_Service(TestCase):
|
||||
instance = apim.instances[AZURE_SUBSCRIPTION_ID][0]
|
||||
result = apim.get_llm_operations_logs(AZURE_SUBSCRIPTION_ID, instance)
|
||||
self.assertEqual(result, [{"log": "data"}])
|
||||
|
||||
|
||||
class Test_APIM_get_instances:
|
||||
def test_get_instances_no_resource_groups(self):
|
||||
mock_instance = MagicMock()
|
||||
mock_instance.id = APIM_INSTANCE_ID
|
||||
mock_instance.name = APIM_INSTANCE_NAME
|
||||
mock_instance.location = LOCATION
|
||||
|
||||
mock_client = MagicMock()
|
||||
mock_client.api_management_service.list.return_value = [mock_instance]
|
||||
|
||||
mock_provider = mock.MagicMock()
|
||||
mock_provider.identity = mock.MagicMock()
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.azure_provider.Provider.get_global_provider",
|
||||
return_value=mock_provider,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.apim.apim_service.APIM._get_instances",
|
||||
return_value={},
|
||||
),
|
||||
):
|
||||
from prowler.providers.azure.services.apim.apim_service import APIM
|
||||
|
||||
apim = APIM(set_mocked_azure_provider())
|
||||
|
||||
apim.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
apim.resource_groups = None
|
||||
|
||||
with patch.object(apim, "_get_log_analytics_workspace_id", return_value=None):
|
||||
result = apim._get_instances()
|
||||
|
||||
mock_client.api_management_service.list.assert_called_once()
|
||||
mock_client.api_management_service.list_by_resource_group.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
assert len(result[AZURE_SUBSCRIPTION_ID]) == 1
|
||||
assert result[AZURE_SUBSCRIPTION_ID][0].id == APIM_INSTANCE_ID
|
||||
|
||||
def test_get_instances_with_resource_group(self):
|
||||
mock_instance = MagicMock()
|
||||
mock_instance.id = APIM_INSTANCE_ID
|
||||
mock_instance.name = APIM_INSTANCE_NAME
|
||||
mock_instance.location = LOCATION
|
||||
|
||||
mock_client = MagicMock()
|
||||
mock_client.api_management_service.list_by_resource_group.return_value = [
|
||||
mock_instance
|
||||
]
|
||||
|
||||
mock_provider = mock.MagicMock()
|
||||
mock_provider.identity = mock.MagicMock()
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.azure_provider.Provider.get_global_provider",
|
||||
return_value=mock_provider,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.apim.apim_service.APIM._get_instances",
|
||||
return_value={},
|
||||
),
|
||||
):
|
||||
from prowler.providers.azure.services.apim.apim_service import APIM
|
||||
|
||||
apim = APIM(set_mocked_azure_provider())
|
||||
|
||||
apim.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
apim.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||
|
||||
with patch.object(apim, "_get_log_analytics_workspace_id", return_value=None):
|
||||
result = apim._get_instances()
|
||||
|
||||
mock_client.api_management_service.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name=RESOURCE_GROUP
|
||||
)
|
||||
mock_client.api_management_service.list.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
assert len(result[AZURE_SUBSCRIPTION_ID]) == 1
|
||||
assert result[AZURE_SUBSCRIPTION_ID][0].name == APIM_INSTANCE_NAME
|
||||
|
||||
def test_get_instances_empty_resource_group_for_subscription(self):
|
||||
mock_client = MagicMock()
|
||||
|
||||
mock_provider = mock.MagicMock()
|
||||
mock_provider.identity = mock.MagicMock()
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.azure_provider.Provider.get_global_provider",
|
||||
return_value=mock_provider,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.apim.apim_service.APIM._get_instances",
|
||||
return_value={},
|
||||
),
|
||||
):
|
||||
from prowler.providers.azure.services.apim.apim_service import APIM
|
||||
|
||||
apim = APIM(set_mocked_azure_provider())
|
||||
|
||||
apim.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
apim.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||
|
||||
result = apim._get_instances()
|
||||
|
||||
mock_client.api_management_service.list_by_resource_group.assert_not_called()
|
||||
mock_client.api_management_service.list.assert_not_called()
|
||||
assert result[AZURE_SUBSCRIPTION_ID] == []
|
||||
|
||||
def test_get_instances_with_multiple_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
|
||||
mock_provider = mock.MagicMock()
|
||||
mock_provider.identity = mock.MagicMock()
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.azure_provider.Provider.get_global_provider",
|
||||
return_value=mock_provider,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.apim.apim_service.APIM._get_instances",
|
||||
return_value={},
|
||||
),
|
||||
):
|
||||
from prowler.providers.azure.services.apim.apim_service import APIM
|
||||
|
||||
apim = APIM(set_mocked_azure_provider())
|
||||
|
||||
apim.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
apim.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||
|
||||
with patch.object(apim, "_get_log_analytics_workspace_id", return_value=None):
|
||||
result = apim._get_instances()
|
||||
|
||||
assert mock_client.api_management_service.list_by_resource_group.call_count == 2
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_instances_with_mixed_case_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
|
||||
mock_provider = mock.MagicMock()
|
||||
mock_provider.identity = mock.MagicMock()
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.azure_provider.Provider.get_global_provider",
|
||||
return_value=mock_provider,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.apim.apim_service.APIM._get_instances",
|
||||
return_value={},
|
||||
),
|
||||
):
|
||||
from prowler.providers.azure.services.apim.apim_service import APIM
|
||||
|
||||
apim = APIM(set_mocked_azure_provider())
|
||||
|
||||
apim.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
apim.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||
|
||||
with patch.object(apim, "_get_log_analytics_workspace_id", return_value=None):
|
||||
apim._get_instances()
|
||||
|
||||
mock_client.api_management_service.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name="RG"
|
||||
)
|
||||
|
||||
@@ -5,6 +5,8 @@ from azure.mgmt.web.models import ManagedServiceIdentity, SiteConfigResource
|
||||
|
||||
from tests.providers.azure.azure_fixtures import (
|
||||
AZURE_SUBSCRIPTION_ID,
|
||||
RESOURCE_GROUP,
|
||||
RESOURCE_GROUP_LIST,
|
||||
set_mocked_azure_provider,
|
||||
)
|
||||
|
||||
@@ -244,3 +246,279 @@ class Test_App_Service:
|
||||
].name
|
||||
== "functionapp-1"
|
||||
)
|
||||
|
||||
|
||||
class Test_App_get_apps:
|
||||
def test_get_apps_no_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.web_apps.list.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=set_mocked_azure_provider(),
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||
new=MagicMock(),
|
||||
),
|
||||
):
|
||||
from prowler.providers.azure.services.app.app_service import App
|
||||
|
||||
app = App(set_mocked_azure_provider())
|
||||
|
||||
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
app.resource_groups = None
|
||||
|
||||
result = app._get_apps()
|
||||
|
||||
mock_client.web_apps.list.assert_called_once()
|
||||
mock_client.web_apps.list_by_resource_group.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_apps_with_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.web_apps.list_by_resource_group.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=set_mocked_azure_provider(),
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||
new=MagicMock(),
|
||||
),
|
||||
):
|
||||
from prowler.providers.azure.services.app.app_service import App
|
||||
|
||||
app = App(set_mocked_azure_provider())
|
||||
|
||||
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
app.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||
|
||||
result = app._get_apps()
|
||||
|
||||
mock_client.web_apps.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name=RESOURCE_GROUP
|
||||
)
|
||||
mock_client.web_apps.list.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_apps_empty_resource_group_for_subscription(self):
|
||||
mock_client = MagicMock()
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=set_mocked_azure_provider(),
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||
new=MagicMock(),
|
||||
),
|
||||
):
|
||||
from prowler.providers.azure.services.app.app_service import App
|
||||
|
||||
app = App(set_mocked_azure_provider())
|
||||
|
||||
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
app.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||
|
||||
result = app._get_apps()
|
||||
|
||||
mock_client.web_apps.list_by_resource_group.assert_not_called()
|
||||
mock_client.web_apps.list.assert_not_called()
|
||||
assert result[AZURE_SUBSCRIPTION_ID] == {}
|
||||
|
||||
|
||||
class Test_App_get_functions:
|
||||
def test_get_functions_no_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.web_apps.list.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=set_mocked_azure_provider(),
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||
new=MagicMock(),
|
||||
),
|
||||
):
|
||||
from prowler.providers.azure.services.app.app_service import App
|
||||
|
||||
app = App(set_mocked_azure_provider())
|
||||
|
||||
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
app.resource_groups = None
|
||||
|
||||
result = app._get_functions()
|
||||
|
||||
mock_client.web_apps.list.assert_called_once()
|
||||
mock_client.web_apps.list_by_resource_group.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_functions_with_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.web_apps.list_by_resource_group.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=set_mocked_azure_provider(),
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||
new=MagicMock(),
|
||||
),
|
||||
):
|
||||
from prowler.providers.azure.services.app.app_service import App
|
||||
|
||||
app = App(set_mocked_azure_provider())
|
||||
|
||||
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
app.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||
|
||||
result = app._get_functions()
|
||||
|
||||
mock_client.web_apps.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name=RESOURCE_GROUP
|
||||
)
|
||||
mock_client.web_apps.list.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_functions_empty_resource_group_for_subscription(self):
|
||||
mock_client = MagicMock()
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=set_mocked_azure_provider(),
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||
new=MagicMock(),
|
||||
),
|
||||
):
|
||||
from prowler.providers.azure.services.app.app_service import App
|
||||
|
||||
app = App(set_mocked_azure_provider())
|
||||
|
||||
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
app.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||
|
||||
result = app._get_functions()
|
||||
|
||||
mock_client.web_apps.list_by_resource_group.assert_not_called()
|
||||
mock_client.web_apps.list.assert_not_called()
|
||||
assert result[AZURE_SUBSCRIPTION_ID] == {}
|
||||
|
||||
def test_get_apps_with_multiple_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.web_apps.list_by_resource_group.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=set_mocked_azure_provider(),
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||
new=MagicMock(),
|
||||
),
|
||||
):
|
||||
from prowler.providers.azure.services.app.app_service import App
|
||||
|
||||
app = App(set_mocked_azure_provider())
|
||||
|
||||
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
app.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||
|
||||
result = app._get_apps()
|
||||
|
||||
assert mock_client.web_apps.list_by_resource_group.call_count == 2
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_apps_with_mixed_case_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.web_apps.list_by_resource_group.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=set_mocked_azure_provider(),
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||
new=MagicMock(),
|
||||
),
|
||||
):
|
||||
from prowler.providers.azure.services.app.app_service import App
|
||||
|
||||
app = App(set_mocked_azure_provider())
|
||||
|
||||
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
app.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||
|
||||
app._get_apps()
|
||||
|
||||
mock_client.web_apps.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name="RG"
|
||||
)
|
||||
|
||||
|
||||
class Test_App_get_functions_extra:
|
||||
def test_get_functions_with_multiple_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.web_apps.list_by_resource_group.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=set_mocked_azure_provider(),
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||
new=MagicMock(),
|
||||
),
|
||||
):
|
||||
from prowler.providers.azure.services.app.app_service import App
|
||||
|
||||
app = App(set_mocked_azure_provider())
|
||||
|
||||
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
app.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||
|
||||
result = app._get_functions()
|
||||
|
||||
assert mock_client.web_apps.list_by_resource_group.call_count == 2
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_functions_with_mixed_case_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.web_apps.list_by_resource_group.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=set_mocked_azure_provider(),
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||
new=MagicMock(),
|
||||
),
|
||||
):
|
||||
from prowler.providers.azure.services.app.app_service import App
|
||||
|
||||
app = App(set_mocked_azure_provider())
|
||||
|
||||
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
app.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||
|
||||
app._get_functions()
|
||||
|
||||
mock_client.web_apps.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name="RG"
|
||||
)
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
from unittest.mock import patch
|
||||
from unittest.mock import MagicMock, patch
|
||||
|
||||
from prowler.providers.azure.services.appinsights.appinsights_service import (
|
||||
AppInsights,
|
||||
@@ -6,6 +6,8 @@ from prowler.providers.azure.services.appinsights.appinsights_service import (
|
||||
)
|
||||
from tests.providers.azure.azure_fixtures import (
|
||||
AZURE_SUBSCRIPTION_ID,
|
||||
RESOURCE_GROUP,
|
||||
RESOURCE_GROUP_LIST,
|
||||
set_mocked_azure_provider,
|
||||
)
|
||||
|
||||
@@ -54,3 +56,121 @@ class Test_AppInsights_Service:
|
||||
appinsights.components[AZURE_SUBSCRIPTION_ID]["app_id-1"].location
|
||||
== "westeurope"
|
||||
)
|
||||
|
||||
|
||||
class Test_AppInsights_get_components:
|
||||
def test_get_components_no_resource_groups(self):
|
||||
mock_component = MagicMock()
|
||||
mock_component.app_id = "comp-app-id"
|
||||
mock_component.id = "/subscriptions/sub/rg/appinsights"
|
||||
mock_component.name = "ai-component"
|
||||
mock_component.location = "westeurope"
|
||||
mock_component.instrumentation_key = "ikey-123"
|
||||
|
||||
mock_client = MagicMock()
|
||||
mock_client.components = MagicMock()
|
||||
mock_client.components.list.return_value = [mock_component]
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.appinsights.appinsights_service.AppInsights._get_components",
|
||||
return_value={},
|
||||
):
|
||||
app_insights = AppInsights(set_mocked_azure_provider())
|
||||
|
||||
app_insights.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
app_insights.resource_groups = None
|
||||
|
||||
result = app_insights._get_components()
|
||||
|
||||
mock_client.components.list.assert_called_once()
|
||||
mock_client.components.list_by_resource_group.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
assert "comp-app-id" in result[AZURE_SUBSCRIPTION_ID]
|
||||
|
||||
def test_get_components_with_resource_group(self):
|
||||
mock_component = MagicMock()
|
||||
mock_component.app_id = "comp-app-id"
|
||||
mock_component.id = "/subscriptions/sub/rg/appinsights"
|
||||
mock_component.name = "ai-component"
|
||||
mock_component.location = "westeurope"
|
||||
mock_component.instrumentation_key = "ikey-123"
|
||||
|
||||
mock_client = MagicMock()
|
||||
mock_client.components = MagicMock()
|
||||
mock_client.components.list_by_resource_group.return_value = [mock_component]
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.appinsights.appinsights_service.AppInsights._get_components",
|
||||
return_value={},
|
||||
):
|
||||
app_insights = AppInsights(set_mocked_azure_provider())
|
||||
|
||||
app_insights.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
app_insights.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||
|
||||
result = app_insights._get_components()
|
||||
|
||||
mock_client.components.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name=RESOURCE_GROUP
|
||||
)
|
||||
mock_client.components.list.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
assert "comp-app-id" in result[AZURE_SUBSCRIPTION_ID]
|
||||
|
||||
def test_get_components_empty_resource_group_for_subscription(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.components = MagicMock()
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.appinsights.appinsights_service.AppInsights._get_components",
|
||||
return_value={},
|
||||
):
|
||||
app_insights = AppInsights(set_mocked_azure_provider())
|
||||
|
||||
app_insights.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
app_insights.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||
|
||||
result = app_insights._get_components()
|
||||
|
||||
mock_client.components.list_by_resource_group.assert_not_called()
|
||||
mock_client.components.list.assert_not_called()
|
||||
assert result[AZURE_SUBSCRIPTION_ID] == {}
|
||||
|
||||
def test_get_components_with_multiple_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.components = MagicMock()
|
||||
mock_client.components.list_by_resource_group.return_value = []
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.appinsights.appinsights_service.AppInsights._get_components",
|
||||
return_value={},
|
||||
):
|
||||
app_insights = AppInsights(set_mocked_azure_provider())
|
||||
|
||||
app_insights.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
app_insights.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||
|
||||
result = app_insights._get_components()
|
||||
|
||||
assert mock_client.components.list_by_resource_group.call_count == 2
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_components_with_mixed_case_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.components = MagicMock()
|
||||
mock_client.components.list_by_resource_group.return_value = []
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.appinsights.appinsights_service.AppInsights._get_components",
|
||||
return_value={},
|
||||
):
|
||||
app_insights = AppInsights(set_mocked_azure_provider())
|
||||
|
||||
app_insights.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
app_insights.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||
|
||||
app_insights._get_components()
|
||||
|
||||
mock_client.components.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name="RG"
|
||||
)
|
||||
|
||||
@@ -3,6 +3,8 @@ from uuid import uuid4
|
||||
|
||||
from tests.providers.azure.azure_fixtures import (
|
||||
AZURE_SUBSCRIPTION_ID,
|
||||
RESOURCE_GROUP,
|
||||
RESOURCE_GROUP_LIST,
|
||||
set_mocked_azure_provider,
|
||||
)
|
||||
|
||||
@@ -89,3 +91,208 @@ class TestContainerRegistryService:
|
||||
assert monitor_setting["logs"][0]["enabled"] is True
|
||||
assert monitor_setting["logs"][1]["category"] == "AdminLogs"
|
||||
assert monitor_setting["logs"][1]["enabled"] is False
|
||||
|
||||
|
||||
class Test_ContainerRegistry_get_registries:
|
||||
def test_get_container_registries_no_resource_groups(self):
|
||||
from unittest.mock import MagicMock, patch
|
||||
|
||||
mock_client = MagicMock()
|
||||
mock_client.registries.list.return_value = []
|
||||
|
||||
mock_provider = MagicMock()
|
||||
mock_provider.identity = MagicMock()
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=mock_provider,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||
new=MagicMock(),
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.containerregistry.containerregistry_service.ContainerRegistry._get_container_registries",
|
||||
return_value={},
|
||||
),
|
||||
):
|
||||
from prowler.providers.azure.services.containerregistry.containerregistry_service import (
|
||||
ContainerRegistry,
|
||||
)
|
||||
|
||||
cr = ContainerRegistry(set_mocked_azure_provider())
|
||||
|
||||
cr.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
cr.resource_groups = None
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.containerregistry.containerregistry_service.monitor_client"
|
||||
):
|
||||
result = cr._get_container_registries()
|
||||
|
||||
mock_client.registries.list.assert_called_once()
|
||||
mock_client.registries.list_by_resource_group.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_container_registries_with_resource_group(self):
|
||||
from unittest.mock import MagicMock, patch
|
||||
|
||||
mock_client = MagicMock()
|
||||
mock_client.registries.list_by_resource_group.return_value = []
|
||||
|
||||
mock_provider = MagicMock()
|
||||
mock_provider.identity = MagicMock()
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=mock_provider,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||
new=MagicMock(),
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.containerregistry.containerregistry_service.ContainerRegistry._get_container_registries",
|
||||
return_value={},
|
||||
),
|
||||
):
|
||||
from prowler.providers.azure.services.containerregistry.containerregistry_service import (
|
||||
ContainerRegistry,
|
||||
)
|
||||
|
||||
cr = ContainerRegistry(set_mocked_azure_provider())
|
||||
|
||||
cr.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
cr.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.containerregistry.containerregistry_service.monitor_client"
|
||||
):
|
||||
result = cr._get_container_registries()
|
||||
|
||||
mock_client.registries.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name=RESOURCE_GROUP
|
||||
)
|
||||
mock_client.registries.list.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_container_registries_empty_resource_group_for_subscription(self):
|
||||
from unittest.mock import MagicMock, patch
|
||||
|
||||
mock_client = MagicMock()
|
||||
|
||||
mock_provider = MagicMock()
|
||||
mock_provider.identity = MagicMock()
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=mock_provider,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||
new=MagicMock(),
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.containerregistry.containerregistry_service.ContainerRegistry._get_container_registries",
|
||||
return_value={},
|
||||
),
|
||||
):
|
||||
from prowler.providers.azure.services.containerregistry.containerregistry_service import (
|
||||
ContainerRegistry,
|
||||
)
|
||||
|
||||
cr = ContainerRegistry(set_mocked_azure_provider())
|
||||
|
||||
cr.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
cr.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.containerregistry.containerregistry_service.monitor_client"
|
||||
):
|
||||
result = cr._get_container_registries()
|
||||
|
||||
mock_client.registries.list_by_resource_group.assert_not_called()
|
||||
mock_client.registries.list.assert_not_called()
|
||||
assert result[AZURE_SUBSCRIPTION_ID] == {}
|
||||
|
||||
def test_get_container_registries_with_multiple_resource_groups(self):
|
||||
from unittest.mock import MagicMock, patch
|
||||
|
||||
mock_client = MagicMock()
|
||||
mock_client.registries.list_by_resource_group.return_value = []
|
||||
|
||||
mock_provider = MagicMock()
|
||||
mock_provider.identity = MagicMock()
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=mock_provider,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||
new=MagicMock(),
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.containerregistry.containerregistry_service.ContainerRegistry._get_container_registries",
|
||||
return_value={},
|
||||
),
|
||||
):
|
||||
from prowler.providers.azure.services.containerregistry.containerregistry_service import (
|
||||
ContainerRegistry,
|
||||
)
|
||||
|
||||
cr = ContainerRegistry(set_mocked_azure_provider())
|
||||
|
||||
cr.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
cr.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.containerregistry.containerregistry_service.monitor_client"
|
||||
):
|
||||
result = cr._get_container_registries()
|
||||
|
||||
assert mock_client.registries.list_by_resource_group.call_count == len(
|
||||
RESOURCE_GROUP_LIST
|
||||
)
|
||||
mock_client.registries.list.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_container_registries_with_mixed_case_resource_group(self):
|
||||
from unittest.mock import MagicMock, patch
|
||||
|
||||
mock_client = MagicMock()
|
||||
mock_client.registries.list_by_resource_group.return_value = []
|
||||
|
||||
mock_provider = MagicMock()
|
||||
mock_provider.identity = MagicMock()
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=mock_provider,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||
new=MagicMock(),
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.containerregistry.containerregistry_service.ContainerRegistry._get_container_registries",
|
||||
return_value={},
|
||||
),
|
||||
):
|
||||
from prowler.providers.azure.services.containerregistry.containerregistry_service import (
|
||||
ContainerRegistry,
|
||||
)
|
||||
|
||||
cr = ContainerRegistry(set_mocked_azure_provider())
|
||||
|
||||
cr.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
cr.resource_groups = {AZURE_SUBSCRIPTION_ID: ["MyRegistry-RG"]}
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.containerregistry.containerregistry_service.monitor_client"
|
||||
):
|
||||
cr._get_container_registries()
|
||||
|
||||
mock_client.registries.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name="MyRegistry-RG"
|
||||
)
|
||||
|
||||
@@ -1,8 +1,10 @@
|
||||
from unittest.mock import patch
|
||||
from unittest.mock import MagicMock, patch
|
||||
|
||||
from prowler.providers.azure.services.cosmosdb.cosmosdb_service import Account, CosmosDB
|
||||
from tests.providers.azure.azure_fixtures import (
|
||||
AZURE_SUBSCRIPTION_ID,
|
||||
RESOURCE_GROUP,
|
||||
RESOURCE_GROUP_LIST,
|
||||
set_mocked_azure_provider,
|
||||
)
|
||||
|
||||
@@ -133,3 +135,114 @@ class Test_CosmosDB_Service_None_Handling:
|
||||
== "Microsoft.Network/privateEndpoints"
|
||||
)
|
||||
assert account.disable_local_auth is True
|
||||
|
||||
|
||||
class Test_CosmosDB_get_accounts:
|
||||
def test_get_accounts_no_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.database_accounts.list.return_value = []
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.cosmosdb.cosmosdb_service.CosmosDB._get_accounts",
|
||||
return_value={},
|
||||
):
|
||||
cosmosdb = CosmosDB(set_mocked_azure_provider())
|
||||
|
||||
cosmosdb.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
cosmosdb.resource_groups = None
|
||||
|
||||
result = cosmosdb._get_accounts()
|
||||
|
||||
mock_client.database_accounts.list.assert_called_once()
|
||||
mock_client.database_accounts.list_by_resource_group.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_accounts_with_resource_group(self):
|
||||
mock_account = MagicMock()
|
||||
mock_account.id = "account-id"
|
||||
mock_account.name = "my-cosmos"
|
||||
mock_account.kind = "GlobalDocumentDB"
|
||||
mock_account.location = "eastus"
|
||||
mock_account.type = "Microsoft.DocumentDB/databaseAccounts"
|
||||
mock_account.tags = {}
|
||||
mock_account.is_virtual_network_filter_enabled = False
|
||||
mock_account.private_endpoint_connections = []
|
||||
mock_account.disable_local_auth = False
|
||||
|
||||
mock_client = MagicMock()
|
||||
mock_client.database_accounts.list_by_resource_group.return_value = [
|
||||
mock_account
|
||||
]
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.cosmosdb.cosmosdb_service.CosmosDB._get_accounts",
|
||||
return_value={},
|
||||
):
|
||||
cosmosdb = CosmosDB(set_mocked_azure_provider())
|
||||
|
||||
cosmosdb.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
cosmosdb.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||
|
||||
result = cosmosdb._get_accounts()
|
||||
|
||||
mock_client.database_accounts.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name=RESOURCE_GROUP
|
||||
)
|
||||
mock_client.database_accounts.list.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
assert len(result[AZURE_SUBSCRIPTION_ID]) == 1
|
||||
|
||||
def test_get_accounts_empty_resource_group_for_subscription(self):
|
||||
mock_client = MagicMock()
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.cosmosdb.cosmosdb_service.CosmosDB._get_accounts",
|
||||
return_value={},
|
||||
):
|
||||
cosmosdb = CosmosDB(set_mocked_azure_provider())
|
||||
|
||||
cosmosdb.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
cosmosdb.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||
|
||||
result = cosmosdb._get_accounts()
|
||||
|
||||
mock_client.database_accounts.list_by_resource_group.assert_not_called()
|
||||
mock_client.database_accounts.list.assert_not_called()
|
||||
assert result[AZURE_SUBSCRIPTION_ID] == []
|
||||
|
||||
def test_get_accounts_with_multiple_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.database_accounts.list_by_resource_group.return_value = []
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.cosmosdb.cosmosdb_service.CosmosDB._get_accounts",
|
||||
return_value={},
|
||||
):
|
||||
cosmosdb = CosmosDB(set_mocked_azure_provider())
|
||||
|
||||
cosmosdb.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
cosmosdb.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||
|
||||
result = cosmosdb._get_accounts()
|
||||
|
||||
assert mock_client.database_accounts.list_by_resource_group.call_count == 2
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_accounts_with_mixed_case_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.database_accounts.list_by_resource_group.return_value = []
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.cosmosdb.cosmosdb_service.CosmosDB._get_accounts",
|
||||
return_value={},
|
||||
):
|
||||
cosmosdb = CosmosDB(set_mocked_azure_provider())
|
||||
|
||||
cosmosdb.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
cosmosdb.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||
|
||||
cosmosdb._get_accounts()
|
||||
|
||||
mock_client.database_accounts.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name="RG"
|
||||
)
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
from unittest.mock import patch
|
||||
from unittest.mock import MagicMock, patch
|
||||
|
||||
from prowler.providers.azure.services.databricks.databricks_service import (
|
||||
Databricks,
|
||||
@@ -7,6 +7,8 @@ from prowler.providers.azure.services.databricks.databricks_service import (
|
||||
)
|
||||
from tests.providers.azure.azure_fixtures import (
|
||||
AZURE_SUBSCRIPTION_ID,
|
||||
RESOURCE_GROUP,
|
||||
RESOURCE_GROUP_LIST,
|
||||
set_mocked_azure_provider,
|
||||
)
|
||||
|
||||
@@ -94,3 +96,123 @@ class Test_Databricks_Service_No_Encryption:
|
||||
assert workspace.location == "eastus"
|
||||
assert workspace.custom_managed_vnet_id == "test-vnet-id"
|
||||
assert workspace.managed_disk_encryption is None
|
||||
|
||||
|
||||
class Test_Databricks_get_workspaces:
|
||||
def test_get_workspaces_no_resource_groups(self):
|
||||
mock_workspace = MagicMock()
|
||||
mock_workspace.id = "ws-id-1"
|
||||
mock_workspace.name = "my-workspace"
|
||||
mock_workspace.location = "eastus"
|
||||
mock_workspace.parameters = None
|
||||
mock_workspace.encryption = None
|
||||
mock_workspace.public_network_access = None
|
||||
|
||||
mock_client = MagicMock()
|
||||
mock_client.workspaces = MagicMock()
|
||||
mock_client.workspaces.list_by_subscription.return_value = [mock_workspace]
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.databricks.databricks_service.Databricks._get_workspaces",
|
||||
return_value={},
|
||||
):
|
||||
databricks = Databricks(set_mocked_azure_provider())
|
||||
|
||||
databricks.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
databricks.resource_groups = None
|
||||
|
||||
result = databricks._get_workspaces()
|
||||
|
||||
mock_client.workspaces.list_by_subscription.assert_called_once()
|
||||
mock_client.workspaces.list_by_resource_group.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
assert "ws-id-1" in result[AZURE_SUBSCRIPTION_ID]
|
||||
|
||||
def test_get_workspaces_with_resource_group(self):
|
||||
mock_workspace = MagicMock()
|
||||
mock_workspace.id = "ws-id-1"
|
||||
mock_workspace.name = "my-workspace"
|
||||
mock_workspace.location = "eastus"
|
||||
mock_workspace.parameters = None
|
||||
mock_workspace.encryption = None
|
||||
mock_workspace.public_network_access = None
|
||||
|
||||
mock_client = MagicMock()
|
||||
mock_client.workspaces = MagicMock()
|
||||
mock_client.workspaces.list_by_resource_group.return_value = [mock_workspace]
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.databricks.databricks_service.Databricks._get_workspaces",
|
||||
return_value={},
|
||||
):
|
||||
databricks = Databricks(set_mocked_azure_provider())
|
||||
|
||||
databricks.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
databricks.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||
|
||||
result = databricks._get_workspaces()
|
||||
|
||||
mock_client.workspaces.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name=RESOURCE_GROUP
|
||||
)
|
||||
mock_client.workspaces.list_by_subscription.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
assert "ws-id-1" in result[AZURE_SUBSCRIPTION_ID]
|
||||
|
||||
def test_get_workspaces_empty_resource_group_for_subscription(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.workspaces = MagicMock()
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.databricks.databricks_service.Databricks._get_workspaces",
|
||||
return_value={},
|
||||
):
|
||||
databricks = Databricks(set_mocked_azure_provider())
|
||||
|
||||
databricks.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
databricks.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||
|
||||
result = databricks._get_workspaces()
|
||||
|
||||
mock_client.workspaces.list_by_resource_group.assert_not_called()
|
||||
mock_client.workspaces.list_by_subscription.assert_not_called()
|
||||
assert result[AZURE_SUBSCRIPTION_ID] == {}
|
||||
|
||||
def test_get_workspaces_with_multiple_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.workspaces = MagicMock()
|
||||
mock_client.workspaces.list_by_resource_group.return_value = []
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.databricks.databricks_service.Databricks._get_workspaces",
|
||||
return_value={},
|
||||
):
|
||||
databricks = Databricks(set_mocked_azure_provider())
|
||||
|
||||
databricks.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
databricks.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||
|
||||
result = databricks._get_workspaces()
|
||||
|
||||
assert mock_client.workspaces.list_by_resource_group.call_count == 2
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_workspaces_with_mixed_case_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.workspaces = MagicMock()
|
||||
mock_client.workspaces.list_by_resource_group.return_value = []
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.databricks.databricks_service.Databricks._get_workspaces",
|
||||
return_value={},
|
||||
):
|
||||
databricks = Databricks(set_mocked_azure_provider())
|
||||
|
||||
databricks.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
databricks.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||
|
||||
databricks._get_workspaces()
|
||||
|
||||
mock_client.workspaces.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name="RG"
|
||||
)
|
||||
|
||||
+3
@@ -16,6 +16,7 @@ from tests.providers.azure.azure_fixtures import (
|
||||
class Test_defender_additional_email_configured_with_a_security_contact:
|
||||
def test_defender_no_subscriptions(self):
|
||||
defender_client = mock.MagicMock()
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.security_contact_configurations = {}
|
||||
|
||||
@@ -40,6 +41,7 @@ class Test_defender_additional_email_configured_with_a_security_contact:
|
||||
def test_defender_no_additional_emails(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock()
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.security_contact_configurations = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -87,6 +89,7 @@ class Test_defender_additional_email_configured_with_a_security_contact:
|
||||
def test_defender_additional_email_configured(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock()
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.security_contact_configurations = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
|
||||
+4
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
||||
class Test_defender_assessments_vm_endpoint_protection_installed:
|
||||
def test_defender_no_subscriptions(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.assessments = {}
|
||||
|
||||
@@ -36,6 +37,7 @@ class Test_defender_assessments_vm_endpoint_protection_installed:
|
||||
|
||||
def test_defender_subscriptions_with_no_assessments(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.assessments = {AZURE_SUBSCRIPTION_ID: {}}
|
||||
|
||||
@@ -59,6 +61,7 @@ class Test_defender_assessments_vm_endpoint_protection_installed:
|
||||
|
||||
def test_defender_subscriptions_with_healthy_assessments(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
resource_id = str(uuid4())
|
||||
defender_client.assessments = {
|
||||
@@ -98,6 +101,7 @@ class Test_defender_assessments_vm_endpoint_protection_installed:
|
||||
|
||||
def test_defender_subscriptions_with_unhealthy_assessments(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
resource_id = str(uuid4())
|
||||
defender_client.assessments = {
|
||||
|
||||
+8
@@ -16,6 +16,7 @@ from tests.providers.azure.azure_fixtures import (
|
||||
class Test_defender_attack_path_notifications_properly_configured:
|
||||
def test_no_subscriptions(self):
|
||||
defender_client = mock.MagicMock()
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.security_contact_configurations = {}
|
||||
defender_client.audit_config = {}
|
||||
@@ -41,6 +42,7 @@ class Test_defender_attack_path_notifications_properly_configured:
|
||||
resource_id = str(uuid4())
|
||||
contact_name = "default"
|
||||
defender_client = mock.MagicMock()
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.security_contact_configurations = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -89,6 +91,7 @@ class Test_defender_attack_path_notifications_properly_configured:
|
||||
resource_id = str(uuid4())
|
||||
contact_name = "default"
|
||||
defender_client = mock.MagicMock()
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.security_contact_configurations = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -139,6 +142,7 @@ class Test_defender_attack_path_notifications_properly_configured:
|
||||
resource_id = str(uuid4())
|
||||
contact_name = "default"
|
||||
defender_client = mock.MagicMock()
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.security_contact_configurations = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -189,6 +193,7 @@ class Test_defender_attack_path_notifications_properly_configured:
|
||||
resource_id = str(uuid4())
|
||||
contact_name = "default"
|
||||
defender_client = mock.MagicMock()
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.security_contact_configurations = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -237,6 +242,7 @@ class Test_defender_attack_path_notifications_properly_configured:
|
||||
resource_id = str(uuid4())
|
||||
contact_name = "default"
|
||||
defender_client = mock.MagicMock()
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.security_contact_configurations = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -285,6 +291,7 @@ class Test_defender_attack_path_notifications_properly_configured:
|
||||
resource_id = str(uuid4())
|
||||
contact_name = "default"
|
||||
defender_client = mock.MagicMock()
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.security_contact_configurations = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -333,6 +340,7 @@ class Test_defender_attack_path_notifications_properly_configured:
|
||||
resource_id = str(uuid4())
|
||||
contact_name = "default"
|
||||
defender_client = mock.MagicMock()
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.security_contact_configurations = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
|
||||
+4
@@ -15,6 +15,7 @@ from tests.providers.azure.azure_fixtures import (
|
||||
class Test_defender_auto_provisioning_log_analytics_agent_vms_on:
|
||||
def test_defender_no_app_services(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.auto_provisioning_settings = {}
|
||||
|
||||
@@ -39,6 +40,7 @@ class Test_defender_auto_provisioning_log_analytics_agent_vms_on:
|
||||
def test_defender_auto_provisioning_log_analytics_off(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.auto_provisioning_settings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -80,6 +82,7 @@ class Test_defender_auto_provisioning_log_analytics_agent_vms_on:
|
||||
def test_defender_auto_provisioning_log_analytics_on(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.auto_provisioning_settings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -121,6 +124,7 @@ class Test_defender_auto_provisioning_log_analytics_agent_vms_on:
|
||||
def test_defender_auto_provisioning_log_analytics_on_and_off(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.auto_provisioning_settings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
|
||||
+3
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
||||
class Test_defender_auto_provisioning_vulnerabilty_assessments_machines_on:
|
||||
def test_defender_no_app_services(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.assessments = {}
|
||||
|
||||
@@ -37,6 +38,7 @@ class Test_defender_auto_provisioning_vulnerabilty_assessments_machines_on:
|
||||
def test_defender_machines_no_vulnerability_assessment_solution(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.assessments = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -77,6 +79,7 @@ class Test_defender_auto_provisioning_vulnerabilty_assessments_machines_on:
|
||||
def test_defender_machines_vulnerability_assessment_solution(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.assessments = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
|
||||
+6
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
||||
class Test_defender_container_images_resolved_vulnerabilities:
|
||||
def test_defender_no_subscriptions(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.assessments = {}
|
||||
|
||||
@@ -36,6 +37,7 @@ class Test_defender_container_images_resolved_vulnerabilities:
|
||||
|
||||
def test_defender_subscription_empty(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.assessments = {AZURE_SUBSCRIPTION_ID: {}}
|
||||
|
||||
@@ -59,6 +61,7 @@ class Test_defender_container_images_resolved_vulnerabilities:
|
||||
|
||||
def test_defender_subscription_no_assesment(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.assessments = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -90,6 +93,7 @@ class Test_defender_container_images_resolved_vulnerabilities:
|
||||
|
||||
def test_defender_subscription_assesment_unhealthy(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.assessments = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -139,6 +143,7 @@ class Test_defender_container_images_resolved_vulnerabilities:
|
||||
|
||||
def test_defender_subscription_assesment_healthy(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.assessments = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -188,6 +193,7 @@ class Test_defender_container_images_resolved_vulnerabilities:
|
||||
|
||||
def test_defender_subscription_assesment_not_applicable(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.assessments = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
|
||||
+6
@@ -14,6 +14,7 @@ from tests.providers.azure.azure_fixtures import (
|
||||
class Test_defender_container_images_scan_enabled:
|
||||
def test_defender_no_subscriptions(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {}
|
||||
|
||||
@@ -37,6 +38,7 @@ class Test_defender_container_images_scan_enabled:
|
||||
|
||||
def test_defender_subscription_empty(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {AZURE_SUBSCRIPTION_ID: {}}
|
||||
|
||||
@@ -60,6 +62,7 @@ class Test_defender_container_images_scan_enabled:
|
||||
|
||||
def test_defender_subscription_no_containers(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -92,6 +95,7 @@ class Test_defender_container_images_scan_enabled:
|
||||
|
||||
def test_defender_subscription_containers_no_extensions(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -137,6 +141,7 @@ class Test_defender_container_images_scan_enabled:
|
||||
|
||||
def test_defender_subscription_containers_container_images_scan_off(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -182,6 +187,7 @@ class Test_defender_container_images_scan_enabled:
|
||||
|
||||
def test_defender_subscription_containers_container_images_scan_on(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
|
||||
+3
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
||||
class Test_defender_ensure_defender_for_app_services_is_on:
|
||||
def test_defender_no_app_services(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {}
|
||||
|
||||
@@ -37,6 +38,7 @@ class Test_defender_ensure_defender_for_app_services_is_on:
|
||||
def test_defender_app_services_pricing_tier_not_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -78,6 +80,7 @@ class Test_defender_ensure_defender_for_app_services_is_on:
|
||||
def test_defender_app_services_pricing_tier_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
|
||||
+3
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
||||
class Test_defender_ensure_defender_for_arm_is_on:
|
||||
def test_defender_no_arm(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {}
|
||||
|
||||
@@ -37,6 +38,7 @@ class Test_defender_ensure_defender_for_arm_is_on:
|
||||
def test_defender_arm_pricing_tier_not_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -78,6 +80,7 @@ class Test_defender_ensure_defender_for_arm_is_on:
|
||||
def test_defender_arm_pricing_tier_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
|
||||
+3
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
||||
class Test_defender_ensure_defender_for_azure_sql_databases_is_on:
|
||||
def test_defender_no_sql_databases(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {}
|
||||
|
||||
@@ -37,6 +38,7 @@ class Test_defender_ensure_defender_for_azure_sql_databases_is_on:
|
||||
def test_defender_sql_databases_pricing_tier_not_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -78,6 +80,7 @@ class Test_defender_ensure_defender_for_azure_sql_databases_is_on:
|
||||
def test_defender_sql_databases_pricing_tier_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
|
||||
+3
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
||||
class Test_defender_ensure_defender_for_containers_is_on:
|
||||
def test_defender_no_container_registries(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {}
|
||||
|
||||
@@ -37,6 +38,7 @@ class Test_defender_ensure_defender_for_containers_is_on:
|
||||
def test_defender_container_registries_pricing_tier_not_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -78,6 +80,7 @@ class Test_defender_ensure_defender_for_containers_is_on:
|
||||
def test_defender_container_registries_pricing_tier_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
|
||||
+3
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
||||
class Test_defender_ensure_defender_for_cosmosdb_is_on:
|
||||
def test_defender_no_cosmosdb(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {}
|
||||
|
||||
@@ -37,6 +38,7 @@ class Test_defender_ensure_defender_for_cosmosdb_is_on:
|
||||
def test_defender_cosmosdb_pricing_tier_not_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -78,6 +80,7 @@ class Test_defender_ensure_defender_for_cosmosdb_is_on:
|
||||
def test_defender_cosmosdb_pricing_tier_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
|
||||
+7
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
||||
class Test_defender_ensure_defender_for_databases_is_on:
|
||||
def test_defender_no_databases(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {}
|
||||
|
||||
@@ -37,6 +38,7 @@ class Test_defender_ensure_defender_for_databases_is_on:
|
||||
def test_defender_databases_sql_servers(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -70,6 +72,7 @@ class Test_defender_ensure_defender_for_databases_is_on:
|
||||
def test_defender_databases_sql_server_virtual_machines(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -103,6 +106,7 @@ class Test_defender_ensure_defender_for_databases_is_on:
|
||||
def test_defender_databases_open_source_relation_databases(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -136,6 +140,7 @@ class Test_defender_ensure_defender_for_databases_is_on:
|
||||
def test_defender_databases_cosmosdbs(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -169,6 +174,7 @@ class Test_defender_ensure_defender_for_databases_is_on:
|
||||
def test_defender_databases_all_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -228,6 +234,7 @@ class Test_defender_ensure_defender_for_databases_is_on:
|
||||
def test_defender_databases_cosmosdb_not_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
|
||||
+3
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
||||
class Test_defender_ensure_defender_for_dns_is_on:
|
||||
def test_defender_no_dns(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {}
|
||||
|
||||
@@ -37,6 +38,7 @@ class Test_defender_ensure_defender_for_dns_is_on:
|
||||
def test_defender_dns_pricing_tier_not_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -78,6 +80,7 @@ class Test_defender_ensure_defender_for_dns_is_on:
|
||||
def test_defender_dns_pricing_tier_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
|
||||
+3
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
||||
class Test_defender_ensure_defender_for_keyvault_is_on:
|
||||
def test_defender_no_keyvaults(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {}
|
||||
|
||||
@@ -37,6 +38,7 @@ class Test_defender_ensure_defender_for_keyvault_is_on:
|
||||
def test_defender_keyvaults_pricing_tier_not_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -78,6 +80,7 @@ class Test_defender_ensure_defender_for_keyvault_is_on:
|
||||
def test_defender_keyvaults_pricing_tier_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
|
||||
+3
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
||||
class Test_defender_ensure_defender_for_os_relational_databases_is_on:
|
||||
def test_defender_no_os_relational_databases(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {}
|
||||
|
||||
@@ -37,6 +38,7 @@ class Test_defender_ensure_defender_for_os_relational_databases_is_on:
|
||||
def test_defender_os_relational_databases_pricing_tier_not_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -81,6 +83,7 @@ class Test_defender_ensure_defender_for_os_relational_databases_is_on:
|
||||
def test_defender_os_relational_databases_pricing_tier_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
|
||||
+3
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
||||
class Test_defender_ensure_defender_for_server_is_on:
|
||||
def test_defender_no_server(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {}
|
||||
|
||||
@@ -37,6 +38,7 @@ class Test_defender_ensure_defender_for_server_is_on:
|
||||
def test_defender_server_pricing_tier_not_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -78,6 +80,7 @@ class Test_defender_ensure_defender_for_server_is_on:
|
||||
def test_defender_server_pricing_tier_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
|
||||
+3
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
||||
class Test_defender_ensure_defender_for_sql_servers_is_on:
|
||||
def test_defender_no_server(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {}
|
||||
|
||||
@@ -37,6 +38,7 @@ class Test_defender_ensure_defender_for_sql_servers_is_on:
|
||||
def test_defender_server_pricing_tier_not_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -78,6 +80,7 @@ class Test_defender_ensure_defender_for_sql_servers_is_on:
|
||||
def test_defender_server_pricing_tier_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
|
||||
+3
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
||||
class Test_defender_ensure_defender_for_storage_is_on:
|
||||
def test_defender_no_server(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {}
|
||||
|
||||
@@ -37,6 +38,7 @@ class Test_defender_ensure_defender_for_storage_is_on:
|
||||
def test_defender_server_pricing_tier_not_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -78,6 +80,7 @@ class Test_defender_ensure_defender_for_storage_is_on:
|
||||
def test_defender_server_pricing_tier_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.pricings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
|
||||
+5
@@ -15,6 +15,7 @@ from tests.providers.azure.azure_fixtures import (
|
||||
class Test_defender_ensure_iot_hub_defender_is_on:
|
||||
def test_defender_no_subscriptions(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.iot_security_solutions = {}
|
||||
|
||||
@@ -38,6 +39,7 @@ class Test_defender_ensure_iot_hub_defender_is_on:
|
||||
|
||||
def test_defender_no_iot_hub_solutions(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.iot_security_solutions = {AZURE_SUBSCRIPTION_ID: {}}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
|
||||
@@ -69,6 +71,7 @@ class Test_defender_ensure_iot_hub_defender_is_on:
|
||||
def test_defender_iot_hub_solution_disabled(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.iot_security_solutions = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -106,6 +109,7 @@ class Test_defender_ensure_iot_hub_defender_is_on:
|
||||
def test_defender_iot_hub_solution_enabled(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.iot_security_solutions = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -145,6 +149,7 @@ class Test_defender_ensure_iot_hub_defender_is_on:
|
||||
resource_id_enabled = str(uuid4())
|
||||
resource_id_disabled = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.iot_security_solutions = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
|
||||
+4
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
||||
class Test_defender_ensure_mcas_is_enabled:
|
||||
def test_defender_no_settings(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.settings = {}
|
||||
|
||||
@@ -37,6 +38,7 @@ class Test_defender_ensure_mcas_is_enabled:
|
||||
def test_defender_mcas_disabled(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.settings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -79,6 +81,7 @@ class Test_defender_ensure_mcas_is_enabled:
|
||||
def test_defender_mcas_enabled(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.settings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -120,6 +123,7 @@ class Test_defender_ensure_mcas_is_enabled:
|
||||
|
||||
def test_defender_mcas_no_settings(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.settings = {AZURE_SUBSCRIPTION_ID: {}}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
|
||||
|
||||
+5
@@ -16,6 +16,7 @@ from tests.providers.azure.azure_fixtures import (
|
||||
class Test_defender_ensure_notify_alerts_severity_is_high:
|
||||
def test_defender_no_subscriptions(self):
|
||||
defender_client = mock.MagicMock()
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.security_contact_configurations = {}
|
||||
|
||||
@@ -40,6 +41,7 @@ class Test_defender_ensure_notify_alerts_severity_is_high:
|
||||
def test_defender_severity_alerts_critical(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock()
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.security_contact_configurations = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -87,6 +89,7 @@ class Test_defender_ensure_notify_alerts_severity_is_high:
|
||||
def test_defender_severity_alerts_high(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock()
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.security_contact_configurations = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -135,6 +138,7 @@ class Test_defender_ensure_notify_alerts_severity_is_high:
|
||||
def test_defender_severity_alerts_low(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock()
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.security_contact_configurations = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -182,6 +186,7 @@ class Test_defender_ensure_notify_alerts_severity_is_high:
|
||||
|
||||
def test_defender_default_security_contact_not_found(self):
|
||||
defender_client = mock.MagicMock()
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.security_contact_configurations = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
|
||||
+4
@@ -16,6 +16,7 @@ from tests.providers.azure.azure_fixtures import (
|
||||
class Test_defender_ensure_notify_emails_to_owners:
|
||||
def test_defender_no_subscriptions(self):
|
||||
defender_client = mock.MagicMock()
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.security_contact_configurations = {}
|
||||
|
||||
@@ -40,6 +41,7 @@ class Test_defender_ensure_notify_emails_to_owners:
|
||||
def test_defender_no_notify_emails_to_owners(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock()
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.security_contact_configurations = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -80,6 +82,7 @@ class Test_defender_ensure_notify_emails_to_owners:
|
||||
def test_defender_notify_emails_to_owners_off(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock()
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.security_contact_configurations = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -127,6 +130,7 @@ class Test_defender_ensure_notify_emails_to_owners:
|
||||
def test_defender_notify_emails_to_owners(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock()
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.security_contact_configurations = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
|
||||
+5
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
||||
class Test_defender_ensure_system_updates_are_applied:
|
||||
def test_defender_no_app_services(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.assessments = {}
|
||||
|
||||
@@ -37,6 +38,7 @@ class Test_defender_ensure_system_updates_are_applied:
|
||||
def test_defender_machines_no_log_analytics_installed(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.assessments = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -89,6 +91,7 @@ class Test_defender_ensure_system_updates_are_applied:
|
||||
):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.assessments = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -139,6 +142,7 @@ class Test_defender_ensure_system_updates_are_applied:
|
||||
def test_defender_machines_no_system_updates_installed(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.assessments = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -191,6 +195,7 @@ class Test_defender_ensure_system_updates_are_applied:
|
||||
):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.assessments = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
|
||||
+4
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
||||
class Test_defender_ensure_wdatp_is_enabled:
|
||||
def test_defender_no_settings(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.settings = {}
|
||||
|
||||
@@ -37,6 +38,7 @@ class Test_defender_ensure_wdatp_is_enabled:
|
||||
def test_defender_wdatp_disabled(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.settings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -79,6 +81,7 @@ class Test_defender_ensure_wdatp_is_enabled:
|
||||
def test_defender_wdatp_enabled(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.settings = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
@@ -120,6 +123,7 @@ class Test_defender_ensure_wdatp_is_enabled:
|
||||
|
||||
def test_defender_wdatp_no_settings(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.settings = {AZURE_SUBSCRIPTION_ID: {}}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
from datetime import timedelta
|
||||
from unittest.mock import patch
|
||||
from unittest.mock import MagicMock, patch
|
||||
|
||||
from prowler.providers.azure.services.defender.defender_service import (
|
||||
Assesment,
|
||||
@@ -13,6 +13,8 @@ from prowler.providers.azure.services.defender.defender_service import (
|
||||
)
|
||||
from tests.providers.azure.azure_fixtures import (
|
||||
AZURE_SUBSCRIPTION_ID,
|
||||
RESOURCE_GROUP,
|
||||
RESOURCE_GROUP_LIST,
|
||||
set_mocked_azure_provider,
|
||||
)
|
||||
|
||||
@@ -358,3 +360,263 @@ class Test_Defender_Service_Assessments_None_Handling:
|
||||
"Assessment Unhealthy"
|
||||
]
|
||||
assert assessment_unhealthy.status == "Unhealthy"
|
||||
|
||||
|
||||
DEFENDER_INIT_PATCHES = [
|
||||
"prowler.providers.azure.services.defender.defender_service.Defender._get_pricings",
|
||||
"prowler.providers.azure.services.defender.defender_service.Defender._get_auto_provisioning_settings",
|
||||
"prowler.providers.azure.services.defender.defender_service.Defender._get_assessments",
|
||||
"prowler.providers.azure.services.defender.defender_service.Defender._get_settings",
|
||||
"prowler.providers.azure.services.defender.defender_service.Defender._get_security_contacts",
|
||||
"prowler.providers.azure.services.defender.defender_service.Defender._get_iot_security_solutions",
|
||||
"prowler.providers.azure.services.defender.defender_service.Defender._get_jit_policies",
|
||||
]
|
||||
|
||||
|
||||
class Test_Defender_get_iot_security_solutions:
|
||||
def test_get_iot_security_solutions_no_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.iot_security_solution.list_by_subscription.return_value = []
|
||||
|
||||
with (
|
||||
patch(DEFENDER_INIT_PATCHES[0], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[1], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[2], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[3], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[4], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[5], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[6], return_value={}),
|
||||
):
|
||||
defender = Defender(set_mocked_azure_provider())
|
||||
|
||||
defender.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
defender.resource_groups = None
|
||||
|
||||
result = defender._get_iot_security_solutions()
|
||||
|
||||
mock_client.iot_security_solution.list_by_subscription.assert_called_once()
|
||||
mock_client.iot_security_solution.list_by_resource_group.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_iot_security_solutions_with_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.iot_security_solution.list_by_resource_group.return_value = []
|
||||
|
||||
with (
|
||||
patch(DEFENDER_INIT_PATCHES[0], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[1], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[2], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[3], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[4], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[5], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[6], return_value={}),
|
||||
):
|
||||
defender = Defender(set_mocked_azure_provider())
|
||||
|
||||
defender.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
defender.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||
|
||||
result = defender._get_iot_security_solutions()
|
||||
|
||||
mock_client.iot_security_solution.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name=RESOURCE_GROUP
|
||||
)
|
||||
mock_client.iot_security_solution.list_by_subscription.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_iot_security_solutions_empty_resource_group_for_subscription(self):
|
||||
mock_client = MagicMock()
|
||||
|
||||
with (
|
||||
patch(DEFENDER_INIT_PATCHES[0], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[1], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[2], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[3], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[4], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[5], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[6], return_value={}),
|
||||
):
|
||||
defender = Defender(set_mocked_azure_provider())
|
||||
|
||||
defender.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
defender.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||
|
||||
result = defender._get_iot_security_solutions()
|
||||
|
||||
mock_client.iot_security_solution.list_by_resource_group.assert_not_called()
|
||||
mock_client.iot_security_solution.list_by_subscription.assert_not_called()
|
||||
assert result[AZURE_SUBSCRIPTION_ID] == {}
|
||||
|
||||
|
||||
class Test_Defender_get_jit_policies:
|
||||
def test_get_jit_policies_no_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.jit_network_access_policies.list.return_value = []
|
||||
|
||||
with (
|
||||
patch(DEFENDER_INIT_PATCHES[0], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[1], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[2], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[3], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[4], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[5], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[6], return_value={}),
|
||||
):
|
||||
defender = Defender(set_mocked_azure_provider())
|
||||
|
||||
defender.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
defender.resource_groups = None
|
||||
|
||||
result = defender._get_jit_policies()
|
||||
|
||||
mock_client.jit_network_access_policies.list.assert_called_once()
|
||||
mock_client.jit_network_access_policies.list_by_resource_group.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_jit_policies_with_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.jit_network_access_policies.list_by_resource_group.return_value = []
|
||||
|
||||
with (
|
||||
patch(DEFENDER_INIT_PATCHES[0], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[1], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[2], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[3], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[4], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[5], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[6], return_value={}),
|
||||
):
|
||||
defender = Defender(set_mocked_azure_provider())
|
||||
|
||||
defender.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
defender.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||
|
||||
result = defender._get_jit_policies()
|
||||
|
||||
mock_client.jit_network_access_policies.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name=RESOURCE_GROUP
|
||||
)
|
||||
mock_client.jit_network_access_policies.list.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_jit_policies_empty_resource_group_for_subscription(self):
|
||||
mock_client = MagicMock()
|
||||
|
||||
with (
|
||||
patch(DEFENDER_INIT_PATCHES[0], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[1], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[2], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[3], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[4], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[5], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[6], return_value={}),
|
||||
):
|
||||
defender = Defender(set_mocked_azure_provider())
|
||||
|
||||
defender.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
defender.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||
|
||||
result = defender._get_jit_policies()
|
||||
|
||||
mock_client.jit_network_access_policies.list_by_resource_group.assert_not_called()
|
||||
mock_client.jit_network_access_policies.list.assert_not_called()
|
||||
assert result[AZURE_SUBSCRIPTION_ID] == {}
|
||||
|
||||
def test_get_iot_security_solutions_with_multiple_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.iot_security_solution.list_by_resource_group.return_value = []
|
||||
|
||||
with (
|
||||
patch(DEFENDER_INIT_PATCHES[0], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[1], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[2], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[3], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[4], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[5], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[6], return_value={}),
|
||||
):
|
||||
defender = Defender(set_mocked_azure_provider())
|
||||
|
||||
defender.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
defender.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||
|
||||
result = defender._get_iot_security_solutions()
|
||||
|
||||
assert mock_client.iot_security_solution.list_by_resource_group.call_count == 2
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_iot_security_solutions_with_mixed_case_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.iot_security_solution.list_by_resource_group.return_value = []
|
||||
|
||||
with (
|
||||
patch(DEFENDER_INIT_PATCHES[0], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[1], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[2], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[3], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[4], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[5], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[6], return_value={}),
|
||||
):
|
||||
defender = Defender(set_mocked_azure_provider())
|
||||
|
||||
defender.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
defender.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||
|
||||
defender._get_iot_security_solutions()
|
||||
|
||||
mock_client.iot_security_solution.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name="RG"
|
||||
)
|
||||
|
||||
|
||||
class Test_Defender_get_jit_policies_extra:
|
||||
def test_get_jit_policies_with_multiple_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.jit_network_access_policies.list_by_resource_group.return_value = []
|
||||
|
||||
with (
|
||||
patch(DEFENDER_INIT_PATCHES[0], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[1], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[2], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[3], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[4], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[5], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[6], return_value={}),
|
||||
):
|
||||
defender = Defender(set_mocked_azure_provider())
|
||||
|
||||
defender.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
defender.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||
|
||||
result = defender._get_jit_policies()
|
||||
|
||||
assert (
|
||||
mock_client.jit_network_access_policies.list_by_resource_group.call_count
|
||||
== 2
|
||||
)
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_jit_policies_with_mixed_case_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.jit_network_access_policies.list_by_resource_group.return_value = []
|
||||
|
||||
with (
|
||||
patch(DEFENDER_INIT_PATCHES[0], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[1], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[2], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[3], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[4], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[5], return_value={}),
|
||||
patch(DEFENDER_INIT_PATCHES[6], return_value={}),
|
||||
):
|
||||
defender = Defender(set_mocked_azure_provider())
|
||||
|
||||
defender.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
defender.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||
|
||||
defender._get_jit_policies()
|
||||
|
||||
mock_client.jit_network_access_policies.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name="RG"
|
||||
)
|
||||
|
||||
+7
-2
@@ -7,7 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
|
||||
class Test_entra_conditional_access_policy_require_mfa_for_admin_portals:
|
||||
def test_entra_no_subscriptions(self):
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
@@ -30,7 +30,7 @@ class Test_entra_conditional_access_policy_require_mfa_for_admin_portals:
|
||||
|
||||
def test_entra_tenant_no_policies(self):
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
@@ -61,6 +61,7 @@ class Test_entra_conditional_access_policy_require_mfa_for_admin_portals:
|
||||
|
||||
def test_entra_tenant_policy_no_mfa(self):
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
policy_id = str(uuid4())
|
||||
|
||||
with (
|
||||
@@ -105,6 +106,7 @@ class Test_entra_conditional_access_policy_require_mfa_for_admin_portals:
|
||||
|
||||
def test_entra_tenant_policy_mfa(self):
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
policy_id = str(uuid4())
|
||||
|
||||
with (
|
||||
@@ -149,6 +151,7 @@ class Test_entra_conditional_access_policy_require_mfa_for_admin_portals:
|
||||
|
||||
def test_entra_tenant_policy_mfa_disabled(self):
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
policy_id = str(uuid4())
|
||||
|
||||
with (
|
||||
@@ -193,6 +196,7 @@ class Test_entra_conditional_access_policy_require_mfa_for_admin_portals:
|
||||
|
||||
def test_entra_tenant_policy_mfa_no_target(self):
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
policy_id = str(uuid4())
|
||||
|
||||
with (
|
||||
@@ -237,6 +241,7 @@ class Test_entra_conditional_access_policy_require_mfa_for_admin_portals:
|
||||
|
||||
def test_entra_tenant_policy_mfa_no_users(self):
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
policy_id = str(uuid4())
|
||||
|
||||
with (
|
||||
|
||||
+7
-2
@@ -7,7 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
|
||||
class Test_entra_conditional_access_policy_require_mfa_for_management_api:
|
||||
def test_entra_no_subscriptions(self):
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
@@ -30,7 +30,7 @@ class Test_entra_conditional_access_policy_require_mfa_for_management_api:
|
||||
|
||||
def test_entra_tenant_no_policies(self):
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
@@ -61,6 +61,7 @@ class Test_entra_conditional_access_policy_require_mfa_for_management_api:
|
||||
|
||||
def test_entra_tenant_policy_no_mfa(self):
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
policy_id = str(uuid4())
|
||||
|
||||
with (
|
||||
@@ -105,6 +106,7 @@ class Test_entra_conditional_access_policy_require_mfa_for_management_api:
|
||||
|
||||
def test_entra_tenant_policy_mfa(self):
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
policy_id = str(uuid4())
|
||||
|
||||
with (
|
||||
@@ -149,6 +151,7 @@ class Test_entra_conditional_access_policy_require_mfa_for_management_api:
|
||||
|
||||
def test_entra_tenant_policy_mfa_disabled(self):
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
policy_id = str(uuid4())
|
||||
|
||||
with (
|
||||
@@ -193,6 +196,7 @@ class Test_entra_conditional_access_policy_require_mfa_for_management_api:
|
||||
|
||||
def test_entra_tenant_policy_mfa_no_target(self):
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
policy_id = str(uuid4())
|
||||
|
||||
with (
|
||||
@@ -237,6 +241,7 @@ class Test_entra_conditional_access_policy_require_mfa_for_management_api:
|
||||
|
||||
def test_entra_tenant_policy_mfa_no_users(self):
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
policy_id = str(uuid4())
|
||||
|
||||
with (
|
||||
|
||||
+5
-5
@@ -7,7 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
|
||||
class Test_entra_global_admin_in_less_than_five_users:
|
||||
def test_entra_no_tenants(self):
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
@@ -32,7 +32,7 @@ class Test_entra_global_admin_in_less_than_five_users:
|
||||
|
||||
def test_entra_tenant_empty(self):
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
@@ -57,7 +57,7 @@ class Test_entra_global_admin_in_less_than_five_users:
|
||||
|
||||
def test_entra_less_than_five_global_admins(self):
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
@@ -110,7 +110,7 @@ class Test_entra_global_admin_in_less_than_five_users:
|
||||
|
||||
def test_entra_more_than_five_global_admins(self):
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
@@ -178,7 +178,7 @@ class Test_entra_global_admin_in_less_than_five_users:
|
||||
|
||||
def test_entra_exactly_five_global_admins(self):
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
|
||||
+8
-2
@@ -7,7 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
|
||||
class Test_entra_non_privileged_user_has_mfa:
|
||||
def test_entra_no_tenants(self):
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
@@ -30,7 +30,7 @@ class Test_entra_non_privileged_user_has_mfa:
|
||||
|
||||
def test_entra_tenant_no_users(self):
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
@@ -53,6 +53,7 @@ class Test_entra_non_privileged_user_has_mfa:
|
||||
|
||||
def test_entra_user_no_privileged_no_mfa(self):
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
user_id = str(uuid4())
|
||||
|
||||
with (
|
||||
@@ -100,6 +101,7 @@ class Test_entra_non_privileged_user_has_mfa:
|
||||
|
||||
def test_entra_user_no_privileged_mfa(self):
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
user_id = str(uuid4())
|
||||
|
||||
with (
|
||||
@@ -144,6 +146,7 @@ class Test_entra_non_privileged_user_has_mfa:
|
||||
|
||||
def test_entra_disabled_user_no_privileged_no_mfa(self):
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
user_id = str(uuid4())
|
||||
|
||||
with (
|
||||
@@ -184,6 +187,7 @@ class Test_entra_non_privileged_user_has_mfa:
|
||||
|
||||
def test_entra_disabled_user_no_privileged_mfa(self):
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
user_id = str(uuid4())
|
||||
|
||||
with (
|
||||
@@ -224,6 +228,7 @@ class Test_entra_non_privileged_user_has_mfa:
|
||||
|
||||
def test_entra_user_privileged_no_mfa(self):
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
user_id = str(uuid4())
|
||||
|
||||
with (
|
||||
@@ -265,6 +270,7 @@ class Test_entra_non_privileged_user_has_mfa:
|
||||
|
||||
def test_entra_user_privileged_mfa(self):
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
user_id = str(uuid4())
|
||||
|
||||
with (
|
||||
|
||||
+4
@@ -7,6 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
|
||||
class Test_entra_policy_default_users_cannot_create_security_groups:
|
||||
def test_entra_no_tenants(self):
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
entra_client.authorization_policy = {}
|
||||
|
||||
with (
|
||||
@@ -29,6 +30,7 @@ class Test_entra_policy_default_users_cannot_create_security_groups:
|
||||
|
||||
def test_entra_tenant_empty(self):
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
id = str(uuid4())
|
||||
|
||||
with (
|
||||
@@ -75,6 +77,7 @@ class Test_entra_policy_default_users_cannot_create_security_groups:
|
||||
self,
|
||||
):
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
id = str(uuid4())
|
||||
|
||||
with (
|
||||
@@ -124,6 +127,7 @@ class Test_entra_policy_default_users_cannot_create_security_groups:
|
||||
self,
|
||||
):
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
id = str(uuid4())
|
||||
|
||||
with (
|
||||
|
||||
+4
-3
@@ -7,7 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
|
||||
class Test_entra_policy_ensure_default_user_cannot_create_apps:
|
||||
def test_entra_no_tenants(self):
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
@@ -30,6 +30,7 @@ class Test_entra_policy_ensure_default_user_cannot_create_apps:
|
||||
|
||||
def test_entra_tenant_empty(self):
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
id = str(uuid4())
|
||||
|
||||
with (
|
||||
@@ -75,7 +76,7 @@ class Test_entra_policy_ensure_default_user_cannot_create_apps:
|
||||
def test_entra_default_user_role_permissions_not_allowed_to_create_apps(self):
|
||||
id = str(uuid4())
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
@@ -122,7 +123,7 @@ class Test_entra_policy_ensure_default_user_cannot_create_apps:
|
||||
def test_entra_default_user_role_permissions_allowed_to_create_apps(self):
|
||||
id = str(uuid4())
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
|
||||
+4
-2
@@ -7,6 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
|
||||
class Test_entra_policy_ensure_default_user_cannot_create_tenants:
|
||||
def test_entra_no_tenants(self):
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
entra_client.authorization_policy = {}
|
||||
|
||||
with (
|
||||
@@ -29,6 +30,7 @@ class Test_entra_policy_ensure_default_user_cannot_create_tenants:
|
||||
|
||||
def test_entra_empty_tenant(self):
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
id = str(uuid4())
|
||||
|
||||
with (
|
||||
@@ -74,7 +76,7 @@ class Test_entra_policy_ensure_default_user_cannot_create_tenants:
|
||||
def test_entra_default_user_role_permissions_not_allowed_to_create_tenants(self):
|
||||
id = str(uuid4())
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
@@ -121,7 +123,7 @@ class Test_entra_policy_ensure_default_user_cannot_create_tenants:
|
||||
def test_entra_default_user_role_permissions_allowed_to_create_tenants(self):
|
||||
id = str(uuid4())
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
|
||||
+5
-1
@@ -7,7 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
|
||||
class Test_entra_policy_guest_invite_only_for_admin_roles:
|
||||
def test_entra_no_tenants(self):
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
@@ -30,6 +30,7 @@ class Test_entra_policy_guest_invite_only_for_admin_roles:
|
||||
|
||||
def test_entra_empty_tenant(self):
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
id = str(uuid4())
|
||||
|
||||
with (
|
||||
@@ -76,6 +77,7 @@ class Test_entra_policy_guest_invite_only_for_admin_roles:
|
||||
|
||||
def test_entra_tenant_policy_allow_invites_from_everyone(self):
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
id = str(uuid4())
|
||||
|
||||
with (
|
||||
@@ -120,6 +122,7 @@ class Test_entra_policy_guest_invite_only_for_admin_roles:
|
||||
|
||||
def test_entra_tenant_policy_allow_invites_from_admins(self):
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
id = str(uuid4())
|
||||
|
||||
with (
|
||||
@@ -164,6 +167,7 @@ class Test_entra_policy_guest_invite_only_for_admin_roles:
|
||||
|
||||
def test_entra_tenant_policy_allow_invites_from_none(self):
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
id = str(uuid4())
|
||||
|
||||
with (
|
||||
|
||||
+5
-1
@@ -7,7 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
|
||||
class Test_entra_policy_guest_users_access_restrictions:
|
||||
def test_entra_no_tenants(self):
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
@@ -30,6 +30,7 @@ class Test_entra_policy_guest_users_access_restrictions:
|
||||
|
||||
def test_entra_tenant_empty(self):
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
id = str(uuid4())
|
||||
|
||||
with (
|
||||
@@ -74,6 +75,7 @@ class Test_entra_policy_guest_users_access_restrictions:
|
||||
|
||||
def test_entra_tenant_policy_access_same_as_member(self):
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
id = str(uuid4())
|
||||
|
||||
with (
|
||||
@@ -117,6 +119,7 @@ class Test_entra_policy_guest_users_access_restrictions:
|
||||
|
||||
def test_entra_tenant_policy_limited_access(self):
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
id = str(uuid4())
|
||||
|
||||
with (
|
||||
@@ -160,6 +163,7 @@ class Test_entra_policy_guest_users_access_restrictions:
|
||||
|
||||
def test_entra_tenant_policy_access_restricted(self):
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
id = str(uuid4())
|
||||
|
||||
with (
|
||||
|
||||
+5
-4
@@ -7,7 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
|
||||
class Test_entra_policy_restricts_user_consent_for_apps:
|
||||
def test_entra_no_tenants(self):
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
@@ -30,6 +30,7 @@ class Test_entra_policy_restricts_user_consent_for_apps:
|
||||
|
||||
def test_entra_tenant_empty(self):
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
id = str(uuid4())
|
||||
|
||||
with (
|
||||
@@ -74,7 +75,7 @@ class Test_entra_policy_restricts_user_consent_for_apps:
|
||||
|
||||
def test_entra_tenant_no_default_user_role_permissions(self):
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
@@ -116,7 +117,7 @@ class Test_entra_policy_restricts_user_consent_for_apps:
|
||||
|
||||
def test_entra_tenant_no_consent(self):
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
@@ -162,7 +163,7 @@ class Test_entra_policy_restricts_user_consent_for_apps:
|
||||
|
||||
def test_entra_tenant_legacy_consent(self):
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
|
||||
+3
-3
@@ -7,7 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
|
||||
class Test_entra_policy_user_consent_for_verified_apps:
|
||||
def test_entra_no_subscriptions(self):
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
@@ -30,7 +30,7 @@ class Test_entra_policy_user_consent_for_verified_apps:
|
||||
|
||||
def test_entra_tenant_no_consent(self):
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
@@ -76,7 +76,7 @@ class Test_entra_policy_user_consent_for_verified_apps:
|
||||
|
||||
def test_entra_tenant_legacy_consent(self):
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
|
||||
+6
-2
@@ -7,7 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
|
||||
class Test_entra_privileged_user_has_mfa:
|
||||
def test_entra_no_tenants(self):
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
@@ -30,7 +30,7 @@ class Test_entra_privileged_user_has_mfa:
|
||||
|
||||
def test_entra_tenant_no_users(self):
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
@@ -53,6 +53,7 @@ class Test_entra_privileged_user_has_mfa:
|
||||
|
||||
def test_entra_user_no_privileged_no_mfa(self):
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
user_id = str(uuid4())
|
||||
|
||||
with (
|
||||
@@ -92,6 +93,7 @@ class Test_entra_privileged_user_has_mfa:
|
||||
|
||||
def test_entra_user_no_privileged_mfa(self):
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
user_id = str(uuid4())
|
||||
|
||||
with (
|
||||
@@ -131,6 +133,7 @@ class Test_entra_privileged_user_has_mfa:
|
||||
|
||||
def test_entra_user_privileged_no_mfa(self):
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
user_id = str(uuid4())
|
||||
|
||||
with (
|
||||
@@ -177,6 +180,7 @@ class Test_entra_privileged_user_has_mfa:
|
||||
|
||||
def test_entra_user_privileged_mfa(self):
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
user_id = str(uuid4())
|
||||
|
||||
with (
|
||||
|
||||
+4
-4
@@ -7,7 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
|
||||
class Test_entra_security_defaults_enabled:
|
||||
def test_entra_no_tenants(self):
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
@@ -30,7 +30,7 @@ class Test_entra_security_defaults_enabled:
|
||||
|
||||
def test_entra_tenant_empty(self):
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
@@ -58,7 +58,7 @@ class Test_entra_security_defaults_enabled:
|
||||
|
||||
def test_entra_security_default_enabled(self):
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
@@ -93,7 +93,7 @@ class Test_entra_security_defaults_enabled:
|
||||
|
||||
def test_entra_security_default_disabled(self):
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
|
||||
+5
-5
@@ -10,7 +10,7 @@ from tests.providers.azure.azure_fixtures import (
|
||||
class Test_entra_trusted_named_locations_exists:
|
||||
def test_entra_no_tenants(self):
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
@@ -34,7 +34,7 @@ class Test_entra_trusted_named_locations_exists:
|
||||
|
||||
def test_entra_tenant_empty(self):
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
@@ -67,7 +67,7 @@ class Test_entra_trusted_named_locations_exists:
|
||||
|
||||
def test_entra_named_location_with_ip_ranges(self):
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
@@ -111,7 +111,7 @@ class Test_entra_trusted_named_locations_exists:
|
||||
|
||||
def test_entra_named_location_without_ip_ranges(self):
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
@@ -156,7 +156,7 @@ class Test_entra_trusted_named_locations_exists:
|
||||
|
||||
def test_entra_new_named_location_with_ip_ranges_not_trusted(self):
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
|
||||
+10
-1
@@ -14,10 +14,11 @@ from tests.providers.azure.azure_fixtures import (
|
||||
class Test_iam_assignment_priviledge_access_vm_has_mfa:
|
||||
def test_iam_no_roles(self):
|
||||
iam_client = mock.MagicMock
|
||||
iam_client.resource_groups = {}
|
||||
iam_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
entra_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
@@ -41,9 +42,11 @@ class Test_iam_assignment_priviledge_access_vm_has_mfa:
|
||||
|
||||
def test_entra_user_with_vm_access_has_mfa(self):
|
||||
iam_client = mock.MagicMock
|
||||
iam_client.resource_groups = {}
|
||||
iam_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
role_assigment_id = str(uuid4())
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
entra_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
user_id = str(uuid4())
|
||||
|
||||
@@ -112,9 +115,11 @@ class Test_iam_assignment_priviledge_access_vm_has_mfa:
|
||||
|
||||
def test_entra_user_with_vm_access_has_mfa_no_mfa(self):
|
||||
iam_client = mock.MagicMock
|
||||
iam_client.resource_groups = {}
|
||||
iam_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
role_assigment_id = str(uuid4())
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
entra_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
user_id = str(uuid4())
|
||||
|
||||
@@ -183,9 +188,11 @@ class Test_iam_assignment_priviledge_access_vm_has_mfa:
|
||||
|
||||
def test_entra_user_with_vm_access_has_mfa_no_user(self):
|
||||
iam_client = mock.MagicMock
|
||||
iam_client.resource_groups = {}
|
||||
iam_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
role_assigment_id = str(uuid4())
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
entra_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
user_id = str(uuid4())
|
||||
|
||||
@@ -237,9 +244,11 @@ class Test_iam_assignment_priviledge_access_vm_has_mfa:
|
||||
|
||||
def test_entra_user_with_vm_access_has_mfa_no_role(self):
|
||||
iam_client = mock.MagicMock
|
||||
iam_client.resource_groups = {}
|
||||
iam_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
role_assigment_id = str(uuid4())
|
||||
entra_client = mock.MagicMock
|
||||
entra_client.resource_groups = {}
|
||||
entra_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
user_id = str(uuid4())
|
||||
|
||||
|
||||
+5
-5
@@ -11,7 +11,7 @@ from tests.providers.azure.azure_fixtures import (
|
||||
class Test_entra_users_cannot_create_microsoft_365_groups:
|
||||
def test_entra_no_tenant(self):
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
@@ -35,7 +35,7 @@ class Test_entra_users_cannot_create_microsoft_365_groups:
|
||||
|
||||
def test_entra_tenant_empty(self):
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
@@ -65,7 +65,7 @@ class Test_entra_users_cannot_create_microsoft_365_groups:
|
||||
|
||||
def test_entra_users_cannot_create_microsoft_365_groups(self):
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
@@ -114,7 +114,7 @@ class Test_entra_users_cannot_create_microsoft_365_groups:
|
||||
|
||||
def test_entra_users_can_create_microsoft_365_groups(self):
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
@@ -161,7 +161,7 @@ class Test_entra_users_cannot_create_microsoft_365_groups:
|
||||
|
||||
def test_entra_users_can_create_microsoft_365_groups_no_setting(self):
|
||||
entra_client = mock.MagicMock
|
||||
|
||||
entra_client.resource_groups = {}
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
|
||||
@@ -0,0 +1,162 @@
|
||||
from unittest.mock import MagicMock, patch
|
||||
|
||||
from prowler.providers.azure.services.iam.iam_service import IAM
|
||||
from tests.providers.azure.azure_fixtures import (
|
||||
AZURE_SUBSCRIPTION_ID,
|
||||
RESOURCE_GROUP,
|
||||
set_mocked_azure_provider,
|
||||
)
|
||||
|
||||
|
||||
class Test_IAM_get_roles:
|
||||
def test_get_roles_no_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.role_definitions.list.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.iam.iam_service.IAM._get_roles",
|
||||
return_value=({}, {}),
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.iam.iam_service.IAM._get_role_assignments",
|
||||
return_value={},
|
||||
),
|
||||
):
|
||||
iam = IAM(set_mocked_azure_provider())
|
||||
|
||||
iam.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
iam.resource_groups = None
|
||||
|
||||
builtin, custom = iam._get_roles()
|
||||
|
||||
mock_client.role_definitions.list.assert_called_once()
|
||||
assert AZURE_SUBSCRIPTION_ID in builtin
|
||||
assert AZURE_SUBSCRIPTION_ID in custom
|
||||
|
||||
def test_get_roles_with_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.role_definitions.list.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.iam.iam_service.IAM._get_roles",
|
||||
return_value=({}, {}),
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.iam.iam_service.IAM._get_role_assignments",
|
||||
return_value={},
|
||||
),
|
||||
):
|
||||
iam = IAM(set_mocked_azure_provider())
|
||||
|
||||
iam.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
iam.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||
|
||||
builtin, custom = iam._get_roles()
|
||||
|
||||
mock_client.role_definitions.list.assert_called_once()
|
||||
assert AZURE_SUBSCRIPTION_ID in builtin
|
||||
assert AZURE_SUBSCRIPTION_ID in custom
|
||||
|
||||
def test_get_roles_empty_resource_group_for_subscription(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.role_definitions.list.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.iam.iam_service.IAM._get_roles",
|
||||
return_value=({}, {}),
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.iam.iam_service.IAM._get_role_assignments",
|
||||
return_value={},
|
||||
),
|
||||
):
|
||||
iam = IAM(set_mocked_azure_provider())
|
||||
|
||||
iam.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
iam.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||
|
||||
builtin, custom = iam._get_roles()
|
||||
|
||||
mock_client.role_definitions.list.assert_called_once()
|
||||
assert AZURE_SUBSCRIPTION_ID in builtin
|
||||
assert AZURE_SUBSCRIPTION_ID in custom
|
||||
|
||||
|
||||
class Test_IAM_get_role_assignments:
|
||||
def test_get_role_assignments_no_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.role_assignments = MagicMock()
|
||||
mock_client.role_assignments.list_for_subscription.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.iam.iam_service.IAM._get_roles",
|
||||
return_value=({}, {}),
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.iam.iam_service.IAM._get_role_assignments",
|
||||
return_value={},
|
||||
),
|
||||
):
|
||||
iam = IAM(set_mocked_azure_provider())
|
||||
|
||||
iam.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
iam.resource_groups = None
|
||||
|
||||
result = iam._get_role_assignments()
|
||||
|
||||
mock_client.role_assignments.list_for_subscription.assert_called_once()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_role_assignments_with_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.role_assignments = MagicMock()
|
||||
mock_client.role_assignments.list_for_subscription.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.iam.iam_service.IAM._get_roles",
|
||||
return_value=({}, {}),
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.iam.iam_service.IAM._get_role_assignments",
|
||||
return_value={},
|
||||
),
|
||||
):
|
||||
iam = IAM(set_mocked_azure_provider())
|
||||
|
||||
iam.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
iam.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||
|
||||
result = iam._get_role_assignments()
|
||||
|
||||
mock_client.role_assignments.list_for_subscription.assert_called_once()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_role_assignments_empty_resource_group_for_subscription(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.role_assignments = MagicMock()
|
||||
mock_client.role_assignments.list_for_subscription.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.iam.iam_service.IAM._get_roles",
|
||||
return_value=({}, {}),
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.iam.iam_service.IAM._get_role_assignments",
|
||||
return_value={},
|
||||
),
|
||||
):
|
||||
iam = IAM(set_mocked_azure_provider())
|
||||
|
||||
iam.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
iam.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||
|
||||
result = iam._get_role_assignments()
|
||||
|
||||
mock_client.role_assignments.list_for_subscription.assert_called_once()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
+5
@@ -14,6 +14,7 @@ from tests.providers.azure.azure_fixtures import (
|
||||
class Test_iam_custom_role_has_permissions_to_administer_resource_locks:
|
||||
def test_iam_no_roles(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.custom_roles = {}
|
||||
|
||||
@@ -39,6 +40,7 @@ class Test_iam_custom_role_has_permissions_to_administer_resource_locks:
|
||||
self,
|
||||
):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
role_name = "test-role"
|
||||
defender_client.custom_roles = {
|
||||
@@ -95,6 +97,7 @@ class Test_iam_custom_role_has_permissions_to_administer_resource_locks:
|
||||
self,
|
||||
):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
role_name = "test-role"
|
||||
defender_client.custom_roles = {
|
||||
@@ -144,6 +147,7 @@ class Test_iam_custom_role_has_permissions_to_administer_resource_locks:
|
||||
self,
|
||||
):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
role_name = "test-role"
|
||||
role_name2 = "test-role2"
|
||||
@@ -212,6 +216,7 @@ class Test_iam_custom_role_has_permissions_to_administer_resource_locks:
|
||||
|
||||
def test_iam_custom_roles_empty_list_but_with_key(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.custom_roles = {AZURE_SUBSCRIPTION_ID: {}}
|
||||
|
||||
|
||||
+3
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
||||
class Test_iam_role_user_access_admin_restricted:
|
||||
def test_iam_no_role_assignments(self):
|
||||
iam_client = mock.MagicMock
|
||||
iam_client.resource_groups = {}
|
||||
iam_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
iam_client.role_assignments = {}
|
||||
iam_client.roles = {}
|
||||
@@ -37,6 +38,7 @@ class Test_iam_role_user_access_admin_restricted:
|
||||
|
||||
def test_iam_user_access_administrator_role_assigned(self):
|
||||
iam_client = mock.MagicMock
|
||||
iam_client.resource_groups = {}
|
||||
role_id = str(uuid4())
|
||||
role_assignment_id = str(uuid4())
|
||||
agent_id = str(uuid4())
|
||||
@@ -97,6 +99,7 @@ class Test_iam_role_user_access_admin_restricted:
|
||||
|
||||
def test_iam_non_user_access_administrator_role_assigned(self):
|
||||
iam_client = mock.MagicMock
|
||||
iam_client.resource_groups = {}
|
||||
role_id = str(uuid4())
|
||||
role_assignment_id = str(uuid4())
|
||||
agent_id = str(uuid4())
|
||||
|
||||
+3
@@ -14,6 +14,7 @@ from tests.providers.azure.azure_fixtures import (
|
||||
class Test_iam_subscription_roles_owner_custom_not_created:
|
||||
def test_iam_no_roles(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
defender_client.custom_roles = {}
|
||||
|
||||
@@ -37,6 +38,7 @@ class Test_iam_subscription_roles_owner_custom_not_created:
|
||||
|
||||
def test_iam_custom_owner_role_created_with_all(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
role_name = "test-role"
|
||||
defender_client.custom_roles = {
|
||||
@@ -84,6 +86,7 @@ class Test_iam_subscription_roles_owner_custom_not_created:
|
||||
|
||||
def test_iam_custom_owner_role_created_with_no_permissions(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.resource_groups = {}
|
||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||
role_name = "test-role"
|
||||
defender_client.custom_roles = {
|
||||
|
||||
@@ -3,6 +3,8 @@ from unittest.mock import MagicMock, patch
|
||||
|
||||
from tests.providers.azure.azure_fixtures import (
|
||||
AZURE_SUBSCRIPTION_ID,
|
||||
RESOURCE_GROUP,
|
||||
RESOURCE_GROUP_LIST,
|
||||
set_mocked_azure_provider,
|
||||
)
|
||||
|
||||
@@ -263,3 +265,208 @@ class Test_keyvault_service:
|
||||
.storage_account_name
|
||||
== "storage_account_name"
|
||||
)
|
||||
|
||||
|
||||
class Test_KeyVault_get_key_vaults:
|
||||
def test_get_key_vaults_no_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.vaults = MagicMock()
|
||||
mock_client.vaults.list_by_subscription.return_value = []
|
||||
|
||||
mock_provider = MagicMock()
|
||||
mock_provider.identity = MagicMock()
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=mock_provider,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||
new=MagicMock(),
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.keyvault.keyvault_service.KeyVault._get_key_vaults",
|
||||
return_value={},
|
||||
),
|
||||
):
|
||||
from prowler.providers.azure.services.keyvault.keyvault_service import (
|
||||
KeyVault,
|
||||
)
|
||||
|
||||
keyvault = KeyVault(set_mocked_azure_provider())
|
||||
|
||||
keyvault.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
keyvault.resource_groups = None
|
||||
|
||||
provider = set_mocked_azure_provider()
|
||||
with patch(
|
||||
"prowler.providers.azure.services.keyvault.keyvault_service.monitor_client"
|
||||
):
|
||||
result = keyvault._get_key_vaults(provider)
|
||||
|
||||
mock_client.vaults.list_by_subscription.assert_called_once()
|
||||
mock_client.vaults.list_by_resource_group.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_key_vaults_with_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.vaults = MagicMock()
|
||||
mock_client.vaults.list_by_resource_group.return_value = []
|
||||
|
||||
mock_provider = MagicMock()
|
||||
mock_provider.identity = MagicMock()
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=mock_provider,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||
new=MagicMock(),
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.keyvault.keyvault_service.KeyVault._get_key_vaults",
|
||||
return_value={},
|
||||
),
|
||||
):
|
||||
from prowler.providers.azure.services.keyvault.keyvault_service import (
|
||||
KeyVault,
|
||||
)
|
||||
|
||||
keyvault = KeyVault(set_mocked_azure_provider())
|
||||
|
||||
keyvault.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
keyvault.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||
|
||||
provider = set_mocked_azure_provider()
|
||||
with patch(
|
||||
"prowler.providers.azure.services.keyvault.keyvault_service.monitor_client"
|
||||
):
|
||||
result = keyvault._get_key_vaults(provider)
|
||||
|
||||
mock_client.vaults.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name=RESOURCE_GROUP
|
||||
)
|
||||
mock_client.vaults.list_by_subscription.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_key_vaults_empty_resource_group_for_subscription(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.vaults = MagicMock()
|
||||
|
||||
mock_provider = MagicMock()
|
||||
mock_provider.identity = MagicMock()
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=mock_provider,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||
new=MagicMock(),
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.keyvault.keyvault_service.KeyVault._get_key_vaults",
|
||||
return_value={},
|
||||
),
|
||||
):
|
||||
from prowler.providers.azure.services.keyvault.keyvault_service import (
|
||||
KeyVault,
|
||||
)
|
||||
|
||||
keyvault = KeyVault(set_mocked_azure_provider())
|
||||
|
||||
keyvault.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
keyvault.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||
|
||||
provider = set_mocked_azure_provider()
|
||||
with patch(
|
||||
"prowler.providers.azure.services.keyvault.keyvault_service.monitor_client"
|
||||
):
|
||||
result = keyvault._get_key_vaults(provider)
|
||||
|
||||
mock_client.vaults.list_by_resource_group.assert_not_called()
|
||||
mock_client.vaults.list_by_subscription.assert_not_called()
|
||||
assert result[AZURE_SUBSCRIPTION_ID] == []
|
||||
|
||||
def test_get_key_vaults_with_multiple_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.vaults = MagicMock()
|
||||
mock_client.vaults.list_by_resource_group.return_value = []
|
||||
|
||||
mock_provider = MagicMock()
|
||||
mock_provider.identity = MagicMock()
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=mock_provider,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||
new=MagicMock(),
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.keyvault.keyvault_service.KeyVault._get_key_vaults",
|
||||
return_value={},
|
||||
),
|
||||
):
|
||||
from prowler.providers.azure.services.keyvault.keyvault_service import (
|
||||
KeyVault,
|
||||
)
|
||||
|
||||
keyvault = KeyVault(set_mocked_azure_provider())
|
||||
|
||||
keyvault.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
keyvault.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||
|
||||
provider = set_mocked_azure_provider()
|
||||
with patch(
|
||||
"prowler.providers.azure.services.keyvault.keyvault_service.monitor_client"
|
||||
):
|
||||
result = keyvault._get_key_vaults(provider)
|
||||
|
||||
assert mock_client.vaults.list_by_resource_group.call_count == len(
|
||||
RESOURCE_GROUP_LIST
|
||||
)
|
||||
mock_client.vaults.list_by_subscription.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_key_vaults_with_mixed_case_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.vaults = MagicMock()
|
||||
mock_client.vaults.list_by_resource_group.return_value = []
|
||||
|
||||
mock_provider = MagicMock()
|
||||
mock_provider.identity = MagicMock()
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=mock_provider,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||
new=MagicMock(),
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.keyvault.keyvault_service.KeyVault._get_key_vaults",
|
||||
return_value={},
|
||||
),
|
||||
):
|
||||
from prowler.providers.azure.services.keyvault.keyvault_service import (
|
||||
KeyVault,
|
||||
)
|
||||
|
||||
keyvault = KeyVault(set_mocked_azure_provider())
|
||||
|
||||
keyvault.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
keyvault.resource_groups = {AZURE_SUBSCRIPTION_ID: ["MyRG"]}
|
||||
|
||||
provider = set_mocked_azure_provider()
|
||||
with patch(
|
||||
"prowler.providers.azure.services.keyvault.keyvault_service.monitor_client"
|
||||
):
|
||||
keyvault._get_key_vaults(provider)
|
||||
|
||||
mock_client.vaults.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name="MyRG"
|
||||
)
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
from unittest.mock import patch
|
||||
from unittest.mock import MagicMock, patch
|
||||
|
||||
from prowler.providers.azure.services.mysql.mysql_service import (
|
||||
Configuration,
|
||||
@@ -7,6 +7,8 @@ from prowler.providers.azure.services.mysql.mysql_service import (
|
||||
)
|
||||
from tests.providers.azure.azure_fixtures import (
|
||||
AZURE_SUBSCRIPTION_ID,
|
||||
RESOURCE_GROUP,
|
||||
RESOURCE_GROUP_LIST,
|
||||
set_mocked_azure_provider,
|
||||
)
|
||||
|
||||
@@ -117,3 +119,131 @@ class Test_MySQL_Service:
|
||||
assert configurations["test"].resource_id == "/subscriptions/resource_id"
|
||||
assert configurations["test"].description == "description"
|
||||
assert configurations["test"].value == "value"
|
||||
|
||||
|
||||
class Test_MySQL_get_flexible_servers:
|
||||
def test_get_flexible_servers_no_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.servers.list.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.mysql.mysql_service.MySQL._get_flexible_servers",
|
||||
return_value={},
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.mysql.mysql_service.MySQL._get_configurations",
|
||||
return_value={},
|
||||
),
|
||||
):
|
||||
mysql = MySQL(set_mocked_azure_provider())
|
||||
|
||||
mysql.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
mysql.resource_groups = None
|
||||
|
||||
result = mysql._get_flexible_servers()
|
||||
|
||||
mock_client.servers.list.assert_called_once()
|
||||
mock_client.servers.list_by_resource_group.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_flexible_servers_with_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.servers.list_by_resource_group.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.mysql.mysql_service.MySQL._get_flexible_servers",
|
||||
return_value={},
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.mysql.mysql_service.MySQL._get_configurations",
|
||||
return_value={},
|
||||
),
|
||||
):
|
||||
mysql = MySQL(set_mocked_azure_provider())
|
||||
|
||||
mysql.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
mysql.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||
|
||||
result = mysql._get_flexible_servers()
|
||||
|
||||
mock_client.servers.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name=RESOURCE_GROUP
|
||||
)
|
||||
mock_client.servers.list.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_flexible_servers_empty_resource_group_for_subscription(self):
|
||||
mock_client = MagicMock()
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.mysql.mysql_service.MySQL._get_flexible_servers",
|
||||
return_value={},
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.mysql.mysql_service.MySQL._get_configurations",
|
||||
return_value={},
|
||||
),
|
||||
):
|
||||
mysql = MySQL(set_mocked_azure_provider())
|
||||
|
||||
mysql.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
mysql.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||
|
||||
result = mysql._get_flexible_servers()
|
||||
|
||||
mock_client.servers.list_by_resource_group.assert_not_called()
|
||||
mock_client.servers.list.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
assert result[AZURE_SUBSCRIPTION_ID] == {}
|
||||
|
||||
def test_get_flexible_servers_with_multiple_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.servers.list_by_resource_group.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.mysql.mysql_service.MySQL._get_flexible_servers",
|
||||
return_value={},
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.mysql.mysql_service.MySQL._get_configurations",
|
||||
return_value={},
|
||||
),
|
||||
):
|
||||
mysql = MySQL(set_mocked_azure_provider())
|
||||
|
||||
mysql.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
mysql.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||
|
||||
result = mysql._get_flexible_servers()
|
||||
|
||||
assert mock_client.servers.list_by_resource_group.call_count == 2
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_flexible_servers_with_mixed_case_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.servers.list_by_resource_group.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.mysql.mysql_service.MySQL._get_flexible_servers",
|
||||
return_value={},
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.mysql.mysql_service.MySQL._get_configurations",
|
||||
return_value={},
|
||||
),
|
||||
):
|
||||
mysql = MySQL(set_mocked_azure_provider())
|
||||
|
||||
mysql.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
mysql.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||
|
||||
mysql._get_flexible_servers()
|
||||
|
||||
mock_client.servers.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name="RG"
|
||||
)
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
from unittest.mock import patch
|
||||
from unittest.mock import MagicMock, patch
|
||||
|
||||
from azure.mgmt.network.models import FlowLog
|
||||
|
||||
@@ -8,9 +8,12 @@ from prowler.providers.azure.services.network.network_service import (
|
||||
NetworkWatcher,
|
||||
PublicIp,
|
||||
SecurityGroup,
|
||||
VirtualNetwork,
|
||||
)
|
||||
from tests.providers.azure.azure_fixtures import (
|
||||
AZURE_SUBSCRIPTION_ID,
|
||||
RESOURCE_GROUP,
|
||||
RESOURCE_GROUP_LIST,
|
||||
set_mocked_azure_provider,
|
||||
)
|
||||
|
||||
@@ -66,6 +69,20 @@ def mock_network_get_public_ip_addresses(_):
|
||||
}
|
||||
|
||||
|
||||
def mock_network_get_virtual_networks(_):
|
||||
return {
|
||||
AZURE_SUBSCRIPTION_ID: [
|
||||
VirtualNetwork(
|
||||
id="id",
|
||||
name="name",
|
||||
location="location",
|
||||
enable_ddos_protection=False,
|
||||
subnets=[],
|
||||
)
|
||||
]
|
||||
}
|
||||
|
||||
|
||||
@patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||
new=mock_network_get_security_groups,
|
||||
@@ -82,6 +99,10 @@ def mock_network_get_public_ip_addresses(_):
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||
new=mock_network_get_public_ip_addresses,
|
||||
)
|
||||
@patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_virtual_networks",
|
||||
new=mock_network_get_virtual_networks,
|
||||
)
|
||||
class Test_Network_Service:
|
||||
def test_get_client(self):
|
||||
network = Network(set_mocked_azure_provider())
|
||||
@@ -162,3 +183,905 @@ class Test_Network_Service:
|
||||
network.public_ip_addresses[AZURE_SUBSCRIPTION_ID][0].ip_address
|
||||
== "ip_address"
|
||||
)
|
||||
|
||||
|
||||
class Test_Network_get_security_groups:
|
||||
def test_get_security_groups_no_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.network_security_groups.list_all.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||
new=mock_network_get_security_groups,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||
new=mock_network_get_bastion_hosts,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||
new=mock_network_get_network_watchers,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||
new=mock_network_get_public_ip_addresses,
|
||||
),
|
||||
):
|
||||
network = Network(set_mocked_azure_provider())
|
||||
|
||||
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
network.resource_groups = None
|
||||
|
||||
result = network._get_security_groups()
|
||||
|
||||
mock_client.network_security_groups.list_all.assert_called_once()
|
||||
mock_client.network_security_groups.list.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_security_groups_with_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.network_security_groups.list.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||
new=mock_network_get_security_groups,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||
new=mock_network_get_bastion_hosts,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||
new=mock_network_get_network_watchers,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||
new=mock_network_get_public_ip_addresses,
|
||||
),
|
||||
):
|
||||
network = Network(set_mocked_azure_provider())
|
||||
|
||||
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
network.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||
|
||||
result = network._get_security_groups()
|
||||
|
||||
mock_client.network_security_groups.list.assert_called_once_with(
|
||||
resource_group_name=RESOURCE_GROUP
|
||||
)
|
||||
mock_client.network_security_groups.list_all.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_security_groups_empty_resource_group_for_subscription(self):
|
||||
mock_client = MagicMock()
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||
new=mock_network_get_security_groups,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||
new=mock_network_get_bastion_hosts,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||
new=mock_network_get_network_watchers,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||
new=mock_network_get_public_ip_addresses,
|
||||
),
|
||||
):
|
||||
network = Network(set_mocked_azure_provider())
|
||||
|
||||
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
network.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||
|
||||
result = network._get_security_groups()
|
||||
|
||||
mock_client.network_security_groups.list.assert_not_called()
|
||||
mock_client.network_security_groups.list_all.assert_not_called()
|
||||
assert result[AZURE_SUBSCRIPTION_ID] == []
|
||||
|
||||
|
||||
class Test_Network_get_network_watchers:
|
||||
def test_get_network_watchers_no_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.network_watchers = MagicMock()
|
||||
mock_client.network_watchers.list_all.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||
new=mock_network_get_security_groups,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||
new=mock_network_get_bastion_hosts,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||
new=mock_network_get_network_watchers,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||
new=mock_network_get_public_ip_addresses,
|
||||
),
|
||||
):
|
||||
network = Network(set_mocked_azure_provider())
|
||||
|
||||
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
network.resource_groups = None
|
||||
|
||||
result = network._get_network_watchers()
|
||||
|
||||
mock_client.network_watchers.list_all.assert_called_once()
|
||||
mock_client.network_watchers.list.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_network_watchers_with_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.network_watchers = MagicMock()
|
||||
mock_client.network_watchers.list_all.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||
new=mock_network_get_security_groups,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||
new=mock_network_get_bastion_hosts,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||
new=mock_network_get_network_watchers,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||
new=mock_network_get_public_ip_addresses,
|
||||
),
|
||||
):
|
||||
network = Network(set_mocked_azure_provider())
|
||||
|
||||
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
network.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||
|
||||
result = network._get_network_watchers()
|
||||
|
||||
mock_client.network_watchers.list_all.assert_called_once()
|
||||
mock_client.network_watchers.list.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_network_watchers_empty_resource_group_for_subscription(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.network_watchers = MagicMock()
|
||||
mock_client.network_watchers.list_all.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||
new=mock_network_get_security_groups,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||
new=mock_network_get_bastion_hosts,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||
new=mock_network_get_network_watchers,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||
new=mock_network_get_public_ip_addresses,
|
||||
),
|
||||
):
|
||||
network = Network(set_mocked_azure_provider())
|
||||
|
||||
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
network.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||
|
||||
result = network._get_network_watchers()
|
||||
|
||||
mock_client.network_watchers.list_all.assert_called_once()
|
||||
mock_client.network_watchers.list.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
|
||||
class Test_Network_get_bastion_hosts:
|
||||
def test_get_bastion_hosts_no_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.bastion_hosts = MagicMock()
|
||||
mock_client.bastion_hosts.list.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||
new=mock_network_get_security_groups,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||
new=mock_network_get_bastion_hosts,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||
new=mock_network_get_network_watchers,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||
new=mock_network_get_public_ip_addresses,
|
||||
),
|
||||
):
|
||||
network = Network(set_mocked_azure_provider())
|
||||
|
||||
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
network.resource_groups = None
|
||||
|
||||
result = network._get_bastion_hosts()
|
||||
|
||||
mock_client.bastion_hosts.list.assert_called_once()
|
||||
mock_client.bastion_hosts.list_by_resource_group.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_bastion_hosts_with_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.bastion_hosts = MagicMock()
|
||||
mock_client.bastion_hosts.list_by_resource_group.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||
new=mock_network_get_security_groups,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||
new=mock_network_get_bastion_hosts,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||
new=mock_network_get_network_watchers,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||
new=mock_network_get_public_ip_addresses,
|
||||
),
|
||||
):
|
||||
network = Network(set_mocked_azure_provider())
|
||||
|
||||
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
network.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||
|
||||
result = network._get_bastion_hosts()
|
||||
|
||||
mock_client.bastion_hosts.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name=RESOURCE_GROUP
|
||||
)
|
||||
mock_client.bastion_hosts.list.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_bastion_hosts_empty_resource_group_for_subscription(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.bastion_hosts = MagicMock()
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||
new=mock_network_get_security_groups,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||
new=mock_network_get_bastion_hosts,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||
new=mock_network_get_network_watchers,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||
new=mock_network_get_public_ip_addresses,
|
||||
),
|
||||
):
|
||||
network = Network(set_mocked_azure_provider())
|
||||
|
||||
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
network.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||
|
||||
result = network._get_bastion_hosts()
|
||||
|
||||
mock_client.bastion_hosts.list_by_resource_group.assert_not_called()
|
||||
mock_client.bastion_hosts.list.assert_not_called()
|
||||
assert result[AZURE_SUBSCRIPTION_ID] == []
|
||||
|
||||
|
||||
class Test_Network_get_public_ip_addresses:
|
||||
def test_get_public_ip_addresses_no_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.public_ip_addresses = MagicMock()
|
||||
mock_client.public_ip_addresses.list_all.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||
new=mock_network_get_security_groups,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||
new=mock_network_get_bastion_hosts,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||
new=mock_network_get_network_watchers,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||
new=mock_network_get_public_ip_addresses,
|
||||
),
|
||||
):
|
||||
network = Network(set_mocked_azure_provider())
|
||||
|
||||
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
network.resource_groups = None
|
||||
|
||||
result = network._get_public_ip_addresses()
|
||||
|
||||
mock_client.public_ip_addresses.list_all.assert_called_once()
|
||||
mock_client.public_ip_addresses.list.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_public_ip_addresses_with_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.public_ip_addresses = MagicMock()
|
||||
mock_client.public_ip_addresses.list.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||
new=mock_network_get_security_groups,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||
new=mock_network_get_bastion_hosts,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||
new=mock_network_get_network_watchers,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||
new=mock_network_get_public_ip_addresses,
|
||||
),
|
||||
):
|
||||
network = Network(set_mocked_azure_provider())
|
||||
|
||||
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
network.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||
|
||||
result = network._get_public_ip_addresses()
|
||||
|
||||
mock_client.public_ip_addresses.list.assert_called_once_with(
|
||||
resource_group_name=RESOURCE_GROUP
|
||||
)
|
||||
mock_client.public_ip_addresses.list_all.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_public_ip_addresses_empty_resource_group_for_subscription(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.public_ip_addresses = MagicMock()
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||
new=mock_network_get_security_groups,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||
new=mock_network_get_bastion_hosts,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||
new=mock_network_get_network_watchers,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||
new=mock_network_get_public_ip_addresses,
|
||||
),
|
||||
):
|
||||
network = Network(set_mocked_azure_provider())
|
||||
|
||||
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
network.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||
|
||||
result = network._get_public_ip_addresses()
|
||||
|
||||
mock_client.public_ip_addresses.list.assert_not_called()
|
||||
mock_client.public_ip_addresses.list_all.assert_not_called()
|
||||
assert result[AZURE_SUBSCRIPTION_ID] == []
|
||||
|
||||
def test_get_security_groups_with_multiple_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.network_security_groups = MagicMock()
|
||||
mock_client.network_security_groups.list.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||
new=mock_network_get_security_groups,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||
new=mock_network_get_bastion_hosts,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||
new=mock_network_get_network_watchers,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||
new=mock_network_get_public_ip_addresses,
|
||||
),
|
||||
):
|
||||
network = Network(set_mocked_azure_provider())
|
||||
|
||||
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
network.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||
|
||||
result = network._get_security_groups()
|
||||
|
||||
assert mock_client.network_security_groups.list.call_count == 2
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_security_groups_with_mixed_case_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.network_security_groups = MagicMock()
|
||||
mock_client.network_security_groups.list.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||
new=mock_network_get_security_groups,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||
new=mock_network_get_bastion_hosts,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||
new=mock_network_get_network_watchers,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||
new=mock_network_get_public_ip_addresses,
|
||||
),
|
||||
):
|
||||
network = Network(set_mocked_azure_provider())
|
||||
|
||||
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
network.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||
|
||||
network._get_security_groups()
|
||||
|
||||
mock_client.network_security_groups.list.assert_called_once_with(
|
||||
resource_group_name="RG"
|
||||
)
|
||||
|
||||
|
||||
class Test_Network_get_network_watchers_extra:
|
||||
def test_get_network_watchers_with_multiple_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.network_watchers = MagicMock()
|
||||
mock_client.network_watchers.list_all.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||
new=mock_network_get_security_groups,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||
new=mock_network_get_bastion_hosts,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||
new=mock_network_get_network_watchers,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||
new=mock_network_get_public_ip_addresses,
|
||||
),
|
||||
):
|
||||
network = Network(set_mocked_azure_provider())
|
||||
|
||||
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
network.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||
|
||||
result = network._get_network_watchers()
|
||||
|
||||
mock_client.network_watchers.list_all.assert_called_once()
|
||||
mock_client.network_watchers.list.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_network_watchers_with_mixed_case_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.network_watchers = MagicMock()
|
||||
mock_client.network_watchers.list_all.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||
new=mock_network_get_security_groups,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||
new=mock_network_get_bastion_hosts,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||
new=mock_network_get_network_watchers,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||
new=mock_network_get_public_ip_addresses,
|
||||
),
|
||||
):
|
||||
network = Network(set_mocked_azure_provider())
|
||||
|
||||
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
network.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||
|
||||
network._get_network_watchers()
|
||||
|
||||
mock_client.network_watchers.list_all.assert_called_once()
|
||||
mock_client.network_watchers.list.assert_not_called()
|
||||
|
||||
|
||||
class Test_Network_get_bastion_hosts_extra:
|
||||
def test_get_bastion_hosts_with_multiple_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.bastion_hosts = MagicMock()
|
||||
mock_client.bastion_hosts.list_by_resource_group.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||
new=mock_network_get_security_groups,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||
new=mock_network_get_bastion_hosts,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||
new=mock_network_get_network_watchers,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||
new=mock_network_get_public_ip_addresses,
|
||||
),
|
||||
):
|
||||
network = Network(set_mocked_azure_provider())
|
||||
|
||||
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
network.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||
|
||||
result = network._get_bastion_hosts()
|
||||
|
||||
assert mock_client.bastion_hosts.list_by_resource_group.call_count == 2
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_bastion_hosts_with_mixed_case_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.bastion_hosts = MagicMock()
|
||||
mock_client.bastion_hosts.list_by_resource_group.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||
new=mock_network_get_security_groups,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||
new=mock_network_get_bastion_hosts,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||
new=mock_network_get_network_watchers,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||
new=mock_network_get_public_ip_addresses,
|
||||
),
|
||||
):
|
||||
network = Network(set_mocked_azure_provider())
|
||||
|
||||
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
network.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||
|
||||
network._get_bastion_hosts()
|
||||
|
||||
mock_client.bastion_hosts.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name="RG"
|
||||
)
|
||||
|
||||
|
||||
class Test_Network_get_public_ip_addresses_extra:
|
||||
def test_get_public_ip_addresses_with_multiple_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.public_ip_addresses = MagicMock()
|
||||
mock_client.public_ip_addresses.list.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||
new=mock_network_get_security_groups,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||
new=mock_network_get_bastion_hosts,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||
new=mock_network_get_network_watchers,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||
new=mock_network_get_public_ip_addresses,
|
||||
),
|
||||
):
|
||||
network = Network(set_mocked_azure_provider())
|
||||
|
||||
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
network.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||
|
||||
result = network._get_public_ip_addresses()
|
||||
|
||||
assert mock_client.public_ip_addresses.list.call_count == 2
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_public_ip_addresses_with_mixed_case_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.public_ip_addresses = MagicMock()
|
||||
mock_client.public_ip_addresses.list.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||
new=mock_network_get_security_groups,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||
new=mock_network_get_bastion_hosts,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||
new=mock_network_get_network_watchers,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||
new=mock_network_get_public_ip_addresses,
|
||||
),
|
||||
):
|
||||
network = Network(set_mocked_azure_provider())
|
||||
|
||||
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
network.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||
|
||||
network._get_public_ip_addresses()
|
||||
|
||||
mock_client.public_ip_addresses.list.assert_called_once_with(
|
||||
resource_group_name="RG"
|
||||
)
|
||||
|
||||
|
||||
class Test_Network_get_virtual_networks_extra:
|
||||
def _ctx(self):
|
||||
return (
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||
new=mock_network_get_security_groups,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||
new=mock_network_get_bastion_hosts,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||
new=mock_network_get_network_watchers,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||
new=mock_network_get_public_ip_addresses,
|
||||
),
|
||||
)
|
||||
|
||||
def test_get_virtual_networks_no_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.virtual_networks = MagicMock()
|
||||
mock_client.virtual_networks.list_all.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||
new=mock_network_get_security_groups,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||
new=mock_network_get_bastion_hosts,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||
new=mock_network_get_network_watchers,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||
new=mock_network_get_public_ip_addresses,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_virtual_networks",
|
||||
new=mock_network_get_virtual_networks,
|
||||
),
|
||||
):
|
||||
network = Network(set_mocked_azure_provider())
|
||||
|
||||
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
network.resource_groups = None
|
||||
|
||||
result = network._get_virtual_networks()
|
||||
|
||||
mock_client.virtual_networks.list_all.assert_called_once()
|
||||
mock_client.virtual_networks.list.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_virtual_networks_with_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.virtual_networks = MagicMock()
|
||||
mock_client.virtual_networks.list.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||
new=mock_network_get_security_groups,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||
new=mock_network_get_bastion_hosts,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||
new=mock_network_get_network_watchers,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||
new=mock_network_get_public_ip_addresses,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_virtual_networks",
|
||||
new=mock_network_get_virtual_networks,
|
||||
),
|
||||
):
|
||||
network = Network(set_mocked_azure_provider())
|
||||
|
||||
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
network.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||
|
||||
result = network._get_virtual_networks()
|
||||
|
||||
mock_client.virtual_networks.list.assert_called_once_with(
|
||||
resource_group_name=RESOURCE_GROUP
|
||||
)
|
||||
mock_client.virtual_networks.list_all.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_virtual_networks_empty_resource_group_for_subscription(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.virtual_networks = MagicMock()
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||
new=mock_network_get_security_groups,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||
new=mock_network_get_bastion_hosts,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||
new=mock_network_get_network_watchers,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||
new=mock_network_get_public_ip_addresses,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_virtual_networks",
|
||||
new=mock_network_get_virtual_networks,
|
||||
),
|
||||
):
|
||||
network = Network(set_mocked_azure_provider())
|
||||
|
||||
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
network.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||
|
||||
result = network._get_virtual_networks()
|
||||
|
||||
mock_client.virtual_networks.list.assert_not_called()
|
||||
mock_client.virtual_networks.list_all.assert_not_called()
|
||||
assert result[AZURE_SUBSCRIPTION_ID] == []
|
||||
|
||||
def test_get_virtual_networks_with_multiple_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.virtual_networks = MagicMock()
|
||||
mock_client.virtual_networks.list.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||
new=mock_network_get_security_groups,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||
new=mock_network_get_bastion_hosts,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||
new=mock_network_get_network_watchers,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||
new=mock_network_get_public_ip_addresses,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_virtual_networks",
|
||||
new=mock_network_get_virtual_networks,
|
||||
),
|
||||
):
|
||||
network = Network(set_mocked_azure_provider())
|
||||
|
||||
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
network.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||
|
||||
result = network._get_virtual_networks()
|
||||
|
||||
assert mock_client.virtual_networks.list.call_count == 2
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_virtual_networks_with_mixed_case_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.virtual_networks = MagicMock()
|
||||
mock_client.virtual_networks.list.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||
new=mock_network_get_security_groups,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||
new=mock_network_get_bastion_hosts,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||
new=mock_network_get_network_watchers,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||
new=mock_network_get_public_ip_addresses,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.network.network_service.Network._get_virtual_networks",
|
||||
new=mock_network_get_virtual_networks,
|
||||
),
|
||||
):
|
||||
network = Network(set_mocked_azure_provider())
|
||||
|
||||
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
network.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||
|
||||
network._get_virtual_networks()
|
||||
|
||||
mock_client.virtual_networks.list.assert_called_once_with(
|
||||
resource_group_name="RG"
|
||||
)
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
from unittest.mock import patch
|
||||
from unittest.mock import MagicMock, patch
|
||||
|
||||
from prowler.providers.azure.services.policy.policy_service import (
|
||||
Policy,
|
||||
@@ -6,6 +6,8 @@ from prowler.providers.azure.services.policy.policy_service import (
|
||||
)
|
||||
from tests.providers.azure.azure_fixtures import (
|
||||
AZURE_SUBSCRIPTION_ID,
|
||||
RESOURCE_GROUP,
|
||||
RESOURCE_GROUP_LIST,
|
||||
set_mocked_azure_provider,
|
||||
)
|
||||
|
||||
@@ -52,3 +54,99 @@ class Test_Policy_Service:
|
||||
policy.policy_assigments[AZURE_SUBSCRIPTION_ID]["policy-1"].enforcement_mode
|
||||
== "Default"
|
||||
)
|
||||
|
||||
|
||||
class Test_Policy_get_policy_assigments:
|
||||
def test_get_policy_assigments_no_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.policy_assignments.list.return_value = []
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.policy.policy_service.Policy._get_policy_assigments",
|
||||
return_value={},
|
||||
):
|
||||
policy = Policy(set_mocked_azure_provider())
|
||||
|
||||
policy.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
policy.resource_groups = None
|
||||
|
||||
result = policy._get_policy_assigments()
|
||||
|
||||
mock_client.policy_assignments.list.assert_called_once()
|
||||
mock_client.policy_assignments.list_for_resource_group.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_policy_assigments_with_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.policy_assignments.list.return_value = []
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.policy.policy_service.Policy._get_policy_assigments",
|
||||
return_value={},
|
||||
):
|
||||
policy = Policy(set_mocked_azure_provider())
|
||||
|
||||
policy.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
policy.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||
|
||||
result = policy._get_policy_assigments()
|
||||
|
||||
mock_client.policy_assignments.list.assert_called_once()
|
||||
mock_client.policy_assignments.list_for_resource_group.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_policy_assigments_empty_resource_group_for_subscription(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.policy_assignments.list.return_value = []
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.policy.policy_service.Policy._get_policy_assigments",
|
||||
return_value={},
|
||||
):
|
||||
policy = Policy(set_mocked_azure_provider())
|
||||
|
||||
policy.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
policy.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||
|
||||
result = policy._get_policy_assigments()
|
||||
|
||||
mock_client.policy_assignments.list.assert_called_once()
|
||||
mock_client.policy_assignments.list_for_resource_group.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_policy_assigments_with_multiple_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.policy_assignments.list.return_value = []
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.policy.policy_service.Policy._get_policy_assigments",
|
||||
return_value={},
|
||||
):
|
||||
policy = Policy(set_mocked_azure_provider())
|
||||
|
||||
policy.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
policy.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||
|
||||
result = policy._get_policy_assigments()
|
||||
|
||||
mock_client.policy_assignments.list.assert_called_once()
|
||||
mock_client.policy_assignments.list_for_resource_group.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_policy_assigments_with_mixed_case_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.policy_assignments.list.return_value = []
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.policy.policy_service.Policy._get_policy_assigments",
|
||||
return_value={},
|
||||
):
|
||||
policy = Policy(set_mocked_azure_provider())
|
||||
|
||||
policy.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
policy.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||
|
||||
policy._get_policy_assigments()
|
||||
|
||||
mock_client.policy_assignments.list.assert_called_once()
|
||||
mock_client.policy_assignments.list_for_resource_group.assert_not_called()
|
||||
|
||||
@@ -11,6 +11,8 @@ from prowler.providers.azure.services.postgresql.postgresql_service import (
|
||||
)
|
||||
from tests.providers.azure.azure_fixtures import (
|
||||
AZURE_SUBSCRIPTION_ID,
|
||||
RESOURCE_GROUP,
|
||||
RESOURCE_GROUP_LIST,
|
||||
set_mocked_azure_provider,
|
||||
)
|
||||
|
||||
@@ -243,6 +245,103 @@ class Test_SqlServer_Service:
|
||||
)
|
||||
|
||||
|
||||
class Test_PostgreSQL_get_flexible_servers:
|
||||
def test_get_flexible_servers_no_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.servers.list.return_value = []
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.postgresql.postgresql_service.PostgreSQL._get_flexible_servers",
|
||||
return_value={},
|
||||
):
|
||||
postgresql = PostgreSQL(set_mocked_azure_provider())
|
||||
|
||||
postgresql.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
postgresql.resource_groups = None
|
||||
|
||||
result = postgresql._get_flexible_servers()
|
||||
|
||||
mock_client.servers.list.assert_called_once()
|
||||
mock_client.servers.list_by_resource_group.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_flexible_servers_with_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.servers.list_by_resource_group.return_value = []
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.postgresql.postgresql_service.PostgreSQL._get_flexible_servers",
|
||||
return_value={},
|
||||
):
|
||||
postgresql = PostgreSQL(set_mocked_azure_provider())
|
||||
|
||||
postgresql.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
postgresql.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||
|
||||
result = postgresql._get_flexible_servers()
|
||||
|
||||
mock_client.servers.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name=RESOURCE_GROUP
|
||||
)
|
||||
mock_client.servers.list.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_flexible_servers_empty_resource_group_for_subscription(self):
|
||||
mock_client = MagicMock()
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.postgresql.postgresql_service.PostgreSQL._get_flexible_servers",
|
||||
return_value={},
|
||||
):
|
||||
postgresql = PostgreSQL(set_mocked_azure_provider())
|
||||
|
||||
postgresql.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
postgresql.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||
|
||||
result = postgresql._get_flexible_servers()
|
||||
|
||||
mock_client.servers.list_by_resource_group.assert_not_called()
|
||||
mock_client.servers.list.assert_not_called()
|
||||
assert result[AZURE_SUBSCRIPTION_ID] == []
|
||||
|
||||
def test_get_flexible_servers_with_multiple_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.servers.list_by_resource_group.return_value = []
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.postgresql.postgresql_service.PostgreSQL._get_flexible_servers",
|
||||
return_value={},
|
||||
):
|
||||
postgresql = PostgreSQL(set_mocked_azure_provider())
|
||||
|
||||
postgresql.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
postgresql.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||
|
||||
result = postgresql._get_flexible_servers()
|
||||
|
||||
assert mock_client.servers.list_by_resource_group.call_count == 2
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_flexible_servers_with_mixed_case_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.servers.list_by_resource_group.return_value = []
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.postgresql.postgresql_service.PostgreSQL._get_flexible_servers",
|
||||
return_value={},
|
||||
):
|
||||
postgresql = PostgreSQL(set_mocked_azure_provider())
|
||||
|
||||
postgresql.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
postgresql.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||
|
||||
postgresql._get_flexible_servers()
|
||||
|
||||
mock_client.servers.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name="RG"
|
||||
)
|
||||
|
||||
|
||||
def _make_server(name):
|
||||
server = MagicMock()
|
||||
server.id = (
|
||||
|
||||
@@ -1,11 +1,18 @@
|
||||
from types import SimpleNamespace
|
||||
from unittest import mock
|
||||
from unittest.mock import MagicMock, patch
|
||||
|
||||
from prowler.providers.azure.services.recovery.recovery_service import (
|
||||
BackupVault,
|
||||
Recovery,
|
||||
RecoveryBackup,
|
||||
)
|
||||
from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION_ID
|
||||
from tests.providers.azure.azure_fixtures import (
|
||||
AZURE_SUBSCRIPTION_ID,
|
||||
RESOURCE_GROUP,
|
||||
RESOURCE_GROUP_LIST,
|
||||
set_mocked_azure_provider,
|
||||
)
|
||||
|
||||
VAULT_ID = (
|
||||
f"/subscriptions/{AZURE_SUBSCRIPTION_ID}/resourceGroups/rg1/"
|
||||
@@ -20,6 +27,139 @@ class BackupClientFake:
|
||||
self.backup_policies.list.return_value = policies
|
||||
|
||||
|
||||
class Test_Recovery_get_vaults:
|
||||
def test_get_vaults_no_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.vaults = MagicMock()
|
||||
mock_client.vaults.list_by_subscription_id.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.recovery.recovery_service.Recovery._get_vaults",
|
||||
return_value={},
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.recovery.recovery_service.RecoveryBackup",
|
||||
),
|
||||
):
|
||||
recovery = Recovery(set_mocked_azure_provider())
|
||||
|
||||
recovery.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
recovery.resource_groups = None
|
||||
|
||||
result = recovery._get_vaults()
|
||||
|
||||
mock_client.vaults.list_by_subscription_id.assert_called_once()
|
||||
mock_client.vaults.list_by_resource_group.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_vaults_with_resource_group(self):
|
||||
mock_vault = MagicMock()
|
||||
mock_vault.id = "vault-id-1"
|
||||
mock_vault.name = "my-vault"
|
||||
mock_vault.location = "eastus"
|
||||
|
||||
mock_client = MagicMock()
|
||||
mock_client.vaults = MagicMock()
|
||||
mock_client.vaults.list_by_resource_group.return_value = [mock_vault]
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.recovery.recovery_service.Recovery._get_vaults",
|
||||
return_value={},
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.recovery.recovery_service.RecoveryBackup",
|
||||
),
|
||||
):
|
||||
recovery = Recovery(set_mocked_azure_provider())
|
||||
|
||||
recovery.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
recovery.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||
|
||||
result = recovery._get_vaults()
|
||||
|
||||
mock_client.vaults.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name=RESOURCE_GROUP
|
||||
)
|
||||
mock_client.vaults.list_by_subscription_id.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
assert "vault-id-1" in result[AZURE_SUBSCRIPTION_ID]
|
||||
|
||||
def test_get_vaults_empty_resource_group_for_subscription(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.vaults = MagicMock()
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.recovery.recovery_service.Recovery._get_vaults",
|
||||
return_value={},
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.recovery.recovery_service.RecoveryBackup",
|
||||
),
|
||||
):
|
||||
recovery = Recovery(set_mocked_azure_provider())
|
||||
|
||||
recovery.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
recovery.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||
|
||||
result = recovery._get_vaults()
|
||||
|
||||
mock_client.vaults.list_by_resource_group.assert_not_called()
|
||||
mock_client.vaults.list_by_subscription_id.assert_not_called()
|
||||
assert result[AZURE_SUBSCRIPTION_ID] == {}
|
||||
|
||||
def test_get_vaults_with_multiple_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.vaults = MagicMock()
|
||||
mock_client.vaults.list_by_resource_group.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.recovery.recovery_service.Recovery._get_vaults",
|
||||
return_value={},
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.recovery.recovery_service.RecoveryBackup",
|
||||
),
|
||||
):
|
||||
recovery = Recovery(set_mocked_azure_provider())
|
||||
|
||||
recovery.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
recovery.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||
|
||||
result = recovery._get_vaults()
|
||||
|
||||
assert mock_client.vaults.list_by_resource_group.call_count == 2
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_vaults_with_mixed_case_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.vaults = MagicMock()
|
||||
mock_client.vaults.list_by_resource_group.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.recovery.recovery_service.Recovery._get_vaults",
|
||||
return_value={},
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.recovery.recovery_service.RecoveryBackup",
|
||||
),
|
||||
):
|
||||
recovery = Recovery(set_mocked_azure_provider())
|
||||
|
||||
recovery.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
recovery.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||
|
||||
recovery._get_vaults()
|
||||
|
||||
mock_client.vaults.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name="RG"
|
||||
)
|
||||
|
||||
|
||||
class Test_RecoveryBackup_Service:
|
||||
def test_get_backup_policies_lists_unprotected_vault_policies(self):
|
||||
policy = SimpleNamespace(
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
from unittest.mock import patch
|
||||
from unittest.mock import MagicMock, patch
|
||||
|
||||
from azure.mgmt.sql.models import (
|
||||
EncryptionProtector,
|
||||
@@ -16,6 +16,8 @@ from prowler.providers.azure.services.sqlserver.sqlserver_service import (
|
||||
)
|
||||
from tests.providers.azure.azure_fixtures import (
|
||||
AZURE_SUBSCRIPTION_ID,
|
||||
RESOURCE_GROUP,
|
||||
RESOURCE_GROUP_LIST,
|
||||
set_mocked_azure_provider,
|
||||
)
|
||||
|
||||
@@ -245,3 +247,100 @@ class Test_SqlServer_Service:
|
||||
].security_alert_policies.state
|
||||
== "Disabled"
|
||||
)
|
||||
|
||||
|
||||
class Test_SQLServer_get_sql_servers:
|
||||
def test_get_sql_servers_no_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.servers.list.return_value = []
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.sqlserver.sqlserver_service.SQLServer._get_sql_servers",
|
||||
return_value={},
|
||||
):
|
||||
sql_server = SQLServer(set_mocked_azure_provider())
|
||||
|
||||
sql_server.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
sql_server.resource_groups = None
|
||||
|
||||
result = sql_server._get_sql_servers()
|
||||
|
||||
mock_client.servers.list.assert_called_once()
|
||||
mock_client.servers.list_by_resource_group.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_sql_servers_with_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.servers.list_by_resource_group.return_value = []
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.sqlserver.sqlserver_service.SQLServer._get_sql_servers",
|
||||
return_value={},
|
||||
):
|
||||
sql_server = SQLServer(set_mocked_azure_provider())
|
||||
|
||||
sql_server.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
sql_server.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||
|
||||
result = sql_server._get_sql_servers()
|
||||
|
||||
mock_client.servers.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name=RESOURCE_GROUP
|
||||
)
|
||||
mock_client.servers.list.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_sql_servers_empty_resource_group_for_subscription(self):
|
||||
mock_client = MagicMock()
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.sqlserver.sqlserver_service.SQLServer._get_sql_servers",
|
||||
return_value={},
|
||||
):
|
||||
sql_server = SQLServer(set_mocked_azure_provider())
|
||||
|
||||
sql_server.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
sql_server.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||
|
||||
result = sql_server._get_sql_servers()
|
||||
|
||||
mock_client.servers.list_by_resource_group.assert_not_called()
|
||||
mock_client.servers.list.assert_not_called()
|
||||
assert result[AZURE_SUBSCRIPTION_ID] == []
|
||||
|
||||
def test_get_sql_servers_with_multiple_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.servers.list_by_resource_group.return_value = []
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.sqlserver.sqlserver_service.SQLServer._get_sql_servers",
|
||||
return_value={},
|
||||
):
|
||||
sql_server = SQLServer(set_mocked_azure_provider())
|
||||
|
||||
sql_server.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
sql_server.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||
|
||||
result = sql_server._get_sql_servers()
|
||||
|
||||
assert mock_client.servers.list_by_resource_group.call_count == 2
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_sql_servers_with_mixed_case_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.servers.list_by_resource_group.return_value = []
|
||||
|
||||
with patch(
|
||||
"prowler.providers.azure.services.sqlserver.sqlserver_service.SQLServer._get_sql_servers",
|
||||
return_value={},
|
||||
):
|
||||
sql_server = SQLServer(set_mocked_azure_provider())
|
||||
|
||||
sql_server.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
sql_server.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||
|
||||
sql_server._get_sql_servers()
|
||||
|
||||
mock_client.servers.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name="RG"
|
||||
)
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
from unittest.mock import patch
|
||||
from unittest.mock import MagicMock, patch
|
||||
|
||||
from prowler.providers.azure.services.storage.storage_service import (
|
||||
Account,
|
||||
@@ -11,6 +11,8 @@ from prowler.providers.azure.services.storage.storage_service import (
|
||||
)
|
||||
from tests.providers.azure.azure_fixtures import (
|
||||
AZURE_SUBSCRIPTION_ID,
|
||||
RESOURCE_GROUP,
|
||||
RESOURCE_GROUP_LIST,
|
||||
set_mocked_azure_provider,
|
||||
)
|
||||
|
||||
@@ -387,3 +389,155 @@ class Test_Storage_Service_Retention_Policy_None_Handling:
|
||||
is False
|
||||
)
|
||||
assert account.file_service_properties.share_delete_retention_policy.days == 0
|
||||
|
||||
|
||||
class Test_Storage_get_storage_accounts:
|
||||
def test_get_storage_accounts_no_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.storage_accounts = MagicMock()
|
||||
mock_client.storage_accounts.list.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.storage.storage_service.Storage._get_storage_accounts",
|
||||
return_value={},
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.storage.storage_service.Storage._get_blob_properties",
|
||||
return_value=None,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.storage.storage_service.Storage._get_file_share_properties",
|
||||
return_value=None,
|
||||
),
|
||||
):
|
||||
storage = Storage(set_mocked_azure_provider())
|
||||
|
||||
storage.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
storage.resource_groups = None
|
||||
|
||||
result = storage._get_storage_accounts()
|
||||
|
||||
mock_client.storage_accounts.list.assert_called_once()
|
||||
mock_client.storage_accounts.list_by_resource_group.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_storage_accounts_with_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.storage_accounts = MagicMock()
|
||||
mock_client.storage_accounts.list_by_resource_group.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.storage.storage_service.Storage._get_storage_accounts",
|
||||
return_value={},
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.storage.storage_service.Storage._get_blob_properties",
|
||||
return_value=None,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.storage.storage_service.Storage._get_file_share_properties",
|
||||
return_value=None,
|
||||
),
|
||||
):
|
||||
storage = Storage(set_mocked_azure_provider())
|
||||
|
||||
storage.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
storage.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||
|
||||
result = storage._get_storage_accounts()
|
||||
|
||||
mock_client.storage_accounts.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name=RESOURCE_GROUP
|
||||
)
|
||||
mock_client.storage_accounts.list.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_storage_accounts_empty_resource_group_for_subscription(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.storage_accounts = MagicMock()
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.storage.storage_service.Storage._get_storage_accounts",
|
||||
return_value={},
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.storage.storage_service.Storage._get_blob_properties",
|
||||
return_value=None,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.storage.storage_service.Storage._get_file_share_properties",
|
||||
return_value=None,
|
||||
),
|
||||
):
|
||||
storage = Storage(set_mocked_azure_provider())
|
||||
|
||||
storage.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
storage.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||
|
||||
result = storage._get_storage_accounts()
|
||||
|
||||
mock_client.storage_accounts.list_by_resource_group.assert_not_called()
|
||||
mock_client.storage_accounts.list.assert_not_called()
|
||||
assert result[AZURE_SUBSCRIPTION_ID] == []
|
||||
|
||||
def test_get_storage_accounts_with_multiple_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.storage_accounts = MagicMock()
|
||||
mock_client.storage_accounts.list_by_resource_group.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.storage.storage_service.Storage._get_storage_accounts",
|
||||
return_value={},
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.storage.storage_service.Storage._get_blob_properties",
|
||||
return_value=None,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.storage.storage_service.Storage._get_file_share_properties",
|
||||
return_value=None,
|
||||
),
|
||||
):
|
||||
storage = Storage(set_mocked_azure_provider())
|
||||
|
||||
storage.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
storage.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||
|
||||
result = storage._get_storage_accounts()
|
||||
|
||||
assert mock_client.storage_accounts.list_by_resource_group.call_count == 2
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_storage_accounts_with_mixed_case_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.storage_accounts = MagicMock()
|
||||
mock_client.storage_accounts.list_by_resource_group.return_value = []
|
||||
|
||||
with (
|
||||
patch(
|
||||
"prowler.providers.azure.services.storage.storage_service.Storage._get_storage_accounts",
|
||||
return_value={},
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.storage.storage_service.Storage._get_blob_properties",
|
||||
return_value=None,
|
||||
),
|
||||
patch(
|
||||
"prowler.providers.azure.services.storage.storage_service.Storage._get_file_share_properties",
|
||||
return_value=None,
|
||||
),
|
||||
):
|
||||
storage = Storage(set_mocked_azure_provider())
|
||||
|
||||
storage.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
storage.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||
|
||||
storage._get_storage_accounts()
|
||||
|
||||
mock_client.storage_accounts.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name="RG"
|
||||
)
|
||||
|
||||
@@ -14,6 +14,8 @@ from prowler.providers.azure.services.vm.vm_service import (
|
||||
)
|
||||
from tests.providers.azure.azure_fixtures import (
|
||||
AZURE_SUBSCRIPTION_ID,
|
||||
RESOURCE_GROUP,
|
||||
RESOURCE_GROUP_LIST,
|
||||
set_mocked_azure_provider,
|
||||
)
|
||||
|
||||
@@ -465,3 +467,328 @@ class Test_VirtualMachine_SecurityProfile_Validation:
|
||||
assert isinstance(vm.security_profile.uefi_settings, UefiSettings)
|
||||
assert vm.security_profile.uefi_settings.secure_boot_enabled is True
|
||||
assert vm.security_profile.uefi_settings.v_tpm_enabled is True
|
||||
|
||||
|
||||
class Test_VM_get_virtual_machines:
|
||||
def test_get_virtual_machines_no_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.virtual_machines = MagicMock()
|
||||
mock_client.virtual_machines.list_all.return_value = []
|
||||
|
||||
with (
|
||||
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
|
||||
patch.object(VirtualMachines, "_get_disks", return_value={}),
|
||||
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
|
||||
):
|
||||
vm_service = VirtualMachines(set_mocked_azure_provider())
|
||||
|
||||
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
vm_service.resource_groups = None
|
||||
|
||||
result = vm_service._get_virtual_machines()
|
||||
|
||||
mock_client.virtual_machines.list_all.assert_called_once()
|
||||
mock_client.virtual_machines.list.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_virtual_machines_with_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.virtual_machines = MagicMock()
|
||||
mock_client.virtual_machines.list.return_value = []
|
||||
|
||||
with (
|
||||
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
|
||||
patch.object(VirtualMachines, "_get_disks", return_value={}),
|
||||
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
|
||||
):
|
||||
vm_service = VirtualMachines(set_mocked_azure_provider())
|
||||
|
||||
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
vm_service.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||
|
||||
result = vm_service._get_virtual_machines()
|
||||
|
||||
mock_client.virtual_machines.list.assert_called_once_with(
|
||||
resource_group_name=RESOURCE_GROUP
|
||||
)
|
||||
mock_client.virtual_machines.list_all.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_virtual_machines_empty_resource_group_for_subscription(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.virtual_machines = MagicMock()
|
||||
|
||||
with (
|
||||
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
|
||||
patch.object(VirtualMachines, "_get_disks", return_value={}),
|
||||
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
|
||||
):
|
||||
vm_service = VirtualMachines(set_mocked_azure_provider())
|
||||
|
||||
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
vm_service.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||
|
||||
result = vm_service._get_virtual_machines()
|
||||
|
||||
mock_client.virtual_machines.list.assert_not_called()
|
||||
mock_client.virtual_machines.list_all.assert_not_called()
|
||||
assert result[AZURE_SUBSCRIPTION_ID] == {}
|
||||
|
||||
|
||||
class Test_VM_get_disks:
|
||||
def test_get_disks_no_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.disks = MagicMock()
|
||||
mock_client.disks.list.return_value = []
|
||||
|
||||
with (
|
||||
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
|
||||
patch.object(VirtualMachines, "_get_disks", return_value={}),
|
||||
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
|
||||
):
|
||||
vm_service = VirtualMachines(set_mocked_azure_provider())
|
||||
|
||||
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
vm_service.resource_groups = None
|
||||
|
||||
result = vm_service._get_disks()
|
||||
|
||||
mock_client.disks.list.assert_called_once()
|
||||
mock_client.disks.list_by_resource_group.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_disks_with_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.disks = MagicMock()
|
||||
mock_client.disks.list_by_resource_group.return_value = []
|
||||
|
||||
with (
|
||||
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
|
||||
patch.object(VirtualMachines, "_get_disks", return_value={}),
|
||||
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
|
||||
):
|
||||
vm_service = VirtualMachines(set_mocked_azure_provider())
|
||||
|
||||
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
vm_service.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||
|
||||
result = vm_service._get_disks()
|
||||
|
||||
mock_client.disks.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name=RESOURCE_GROUP
|
||||
)
|
||||
mock_client.disks.list.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_disks_empty_resource_group_for_subscription(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.disks = MagicMock()
|
||||
|
||||
with (
|
||||
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
|
||||
patch.object(VirtualMachines, "_get_disks", return_value={}),
|
||||
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
|
||||
):
|
||||
vm_service = VirtualMachines(set_mocked_azure_provider())
|
||||
|
||||
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
vm_service.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||
|
||||
result = vm_service._get_disks()
|
||||
|
||||
mock_client.disks.list_by_resource_group.assert_not_called()
|
||||
mock_client.disks.list.assert_not_called()
|
||||
assert result[AZURE_SUBSCRIPTION_ID] == {}
|
||||
|
||||
|
||||
class Test_VM_get_vm_scale_sets:
|
||||
def test_get_vm_scale_sets_no_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.virtual_machine_scale_sets = MagicMock()
|
||||
mock_client.virtual_machine_scale_sets.list_all.return_value = []
|
||||
|
||||
with (
|
||||
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
|
||||
patch.object(VirtualMachines, "_get_disks", return_value={}),
|
||||
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
|
||||
):
|
||||
vm_service = VirtualMachines(set_mocked_azure_provider())
|
||||
|
||||
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
vm_service.resource_groups = None
|
||||
|
||||
result = vm_service._get_vm_scale_sets()
|
||||
|
||||
mock_client.virtual_machine_scale_sets.list_all.assert_called_once()
|
||||
mock_client.virtual_machine_scale_sets.list.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_vm_scale_sets_with_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.virtual_machine_scale_sets = MagicMock()
|
||||
mock_client.virtual_machine_scale_sets.list.return_value = []
|
||||
|
||||
with (
|
||||
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
|
||||
patch.object(VirtualMachines, "_get_disks", return_value={}),
|
||||
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
|
||||
):
|
||||
vm_service = VirtualMachines(set_mocked_azure_provider())
|
||||
|
||||
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
vm_service.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||
|
||||
result = vm_service._get_vm_scale_sets()
|
||||
|
||||
mock_client.virtual_machine_scale_sets.list.assert_called_once_with(
|
||||
resource_group_name=RESOURCE_GROUP
|
||||
)
|
||||
mock_client.virtual_machine_scale_sets.list_all.assert_not_called()
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_vm_scale_sets_empty_resource_group_for_subscription(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.virtual_machine_scale_sets = MagicMock()
|
||||
|
||||
with (
|
||||
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
|
||||
patch.object(VirtualMachines, "_get_disks", return_value={}),
|
||||
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
|
||||
):
|
||||
vm_service = VirtualMachines(set_mocked_azure_provider())
|
||||
|
||||
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
vm_service.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||
|
||||
result = vm_service._get_vm_scale_sets()
|
||||
|
||||
mock_client.virtual_machine_scale_sets.list.assert_not_called()
|
||||
mock_client.virtual_machine_scale_sets.list_all.assert_not_called()
|
||||
assert result[AZURE_SUBSCRIPTION_ID] == {}
|
||||
|
||||
def test_get_virtual_machines_with_multiple_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.virtual_machines = MagicMock()
|
||||
mock_client.virtual_machines.list.return_value = []
|
||||
|
||||
with (
|
||||
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
|
||||
patch.object(VirtualMachines, "_get_disks", return_value={}),
|
||||
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
|
||||
):
|
||||
vm_service = VirtualMachines(set_mocked_azure_provider())
|
||||
|
||||
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
vm_service.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||
|
||||
result = vm_service._get_virtual_machines()
|
||||
|
||||
assert mock_client.virtual_machines.list.call_count == 2
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_virtual_machines_with_mixed_case_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.virtual_machines = MagicMock()
|
||||
mock_client.virtual_machines.list.return_value = []
|
||||
|
||||
with (
|
||||
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
|
||||
patch.object(VirtualMachines, "_get_disks", return_value={}),
|
||||
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
|
||||
):
|
||||
vm_service = VirtualMachines(set_mocked_azure_provider())
|
||||
|
||||
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
vm_service.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||
|
||||
vm_service._get_virtual_machines()
|
||||
|
||||
mock_client.virtual_machines.list.assert_called_once_with(
|
||||
resource_group_name="RG"
|
||||
)
|
||||
|
||||
|
||||
class Test_VM_get_disks_extra:
|
||||
def test_get_disks_with_multiple_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.disks = MagicMock()
|
||||
mock_client.disks.list_by_resource_group.return_value = []
|
||||
|
||||
with (
|
||||
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
|
||||
patch.object(VirtualMachines, "_get_disks", return_value={}),
|
||||
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
|
||||
):
|
||||
vm_service = VirtualMachines(set_mocked_azure_provider())
|
||||
|
||||
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
vm_service.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||
|
||||
result = vm_service._get_disks()
|
||||
|
||||
assert mock_client.disks.list_by_resource_group.call_count == 2
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_disks_with_mixed_case_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.disks = MagicMock()
|
||||
mock_client.disks.list_by_resource_group.return_value = []
|
||||
|
||||
with (
|
||||
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
|
||||
patch.object(VirtualMachines, "_get_disks", return_value={}),
|
||||
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
|
||||
):
|
||||
vm_service = VirtualMachines(set_mocked_azure_provider())
|
||||
|
||||
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
vm_service.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||
|
||||
vm_service._get_disks()
|
||||
|
||||
mock_client.disks.list_by_resource_group.assert_called_once_with(
|
||||
resource_group_name="RG"
|
||||
)
|
||||
|
||||
|
||||
class Test_VM_get_vm_scale_sets_extra:
|
||||
def test_get_vm_scale_sets_with_multiple_resource_groups(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.virtual_machine_scale_sets = MagicMock()
|
||||
mock_client.virtual_machine_scale_sets.list.return_value = []
|
||||
|
||||
with (
|
||||
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
|
||||
patch.object(VirtualMachines, "_get_disks", return_value={}),
|
||||
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
|
||||
):
|
||||
vm_service = VirtualMachines(set_mocked_azure_provider())
|
||||
|
||||
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
vm_service.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||
|
||||
result = vm_service._get_vm_scale_sets()
|
||||
|
||||
assert mock_client.virtual_machine_scale_sets.list.call_count == 2
|
||||
assert AZURE_SUBSCRIPTION_ID in result
|
||||
|
||||
def test_get_vm_scale_sets_with_mixed_case_resource_group(self):
|
||||
mock_client = MagicMock()
|
||||
mock_client.virtual_machine_scale_sets = MagicMock()
|
||||
mock_client.virtual_machine_scale_sets.list.return_value = []
|
||||
|
||||
with (
|
||||
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
|
||||
patch.object(VirtualMachines, "_get_disks", return_value={}),
|
||||
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
|
||||
):
|
||||
vm_service = VirtualMachines(set_mocked_azure_provider())
|
||||
|
||||
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||
vm_service.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||
|
||||
vm_service._get_vm_scale_sets()
|
||||
|
||||
mock_client.virtual_machine_scale_sets.list.assert_called_once_with(
|
||||
resource_group_name="RG"
|
||||
)
|
||||
|
||||
Reference in New Issue
Block a user