mirror of
https://github.com/prowler-cloud/prowler.git
synced 2026-07-04 19:21:51 +00:00
feat(azure): filtering scans at resource group level (#10657)
Signed-off-by: Legin-ML <leginml2004@gmail.com>
This commit is contained in:
@@ -237,6 +237,7 @@
|
|||||||
"user-guide/providers/azure/authentication",
|
"user-guide/providers/azure/authentication",
|
||||||
"user-guide/providers/azure/use-non-default-cloud",
|
"user-guide/providers/azure/use-non-default-cloud",
|
||||||
"user-guide/providers/azure/subscriptions",
|
"user-guide/providers/azure/subscriptions",
|
||||||
|
"user-guide/providers/azure/resource-groups",
|
||||||
"user-guide/providers/azure/create-prowler-service-principal"
|
"user-guide/providers/azure/create-prowler-service-principal"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
|||||||
@@ -0,0 +1,47 @@
|
|||||||
|
---
|
||||||
|
title: 'Azure Resource Group Scope'
|
||||||
|
---
|
||||||
|
|
||||||
|
Prowler supports narrowing security scans to specific resource groups within Azure subscriptions. This is useful when you want to audit only a subset of resources rather than scanning an entire subscription.
|
||||||
|
|
||||||
|
By default, Prowler scans all resource groups it has permission to access. Passing `--azure-resource-group` limits the scan to only the specified resource groups across all accessible subscriptions.
|
||||||
|
|
||||||
|
## Configuring Resource Group Scoped Scans
|
||||||
|
|
||||||
|
To restrict a scan to one or more resource groups, pass them as arguments using the `--azure-resource-group` flag:
|
||||||
|
|
||||||
|
```console
|
||||||
|
prowler azure --az-cli-auth --azure-resource-group <resource-group-1> <resource-group-2> ... <resource-group-N>
|
||||||
|
```
|
||||||
|
|
||||||
|
For example, to scan only `rg-production` and `rg-staging`:
|
||||||
|
|
||||||
|
```console
|
||||||
|
prowler azure --az-cli-auth --azure-resource-group rg-prod1 rg-prod2
|
||||||
|
```
|
||||||
|
|
||||||
|
This works with all supported authentication methods:
|
||||||
|
|
||||||
|
```console
|
||||||
|
# Service Principal
|
||||||
|
prowler azure --sp-env-auth --azure-resource-group rg-production
|
||||||
|
|
||||||
|
# Browser
|
||||||
|
prowler azure --browser-auth --tenant-id <tenant-id> --azure-resource-group rg-production
|
||||||
|
|
||||||
|
# Managed Identity
|
||||||
|
prowler azure --managed-identity-auth --azure-resource-group rg-production
|
||||||
|
```
|
||||||
|
|
||||||
|
## How It Works
|
||||||
|
|
||||||
|
When `--azure-resource-group` is provided, Prowler validates each specified resource group against all accessible subscriptions. A resource group is included in the scan if it exists in **at least one** subscription.
|
||||||
|
|
||||||
|
- If a resource group is found in one or more subscriptions, it will be scanned in those subscriptions only.
|
||||||
|
- If a resource group is **not found in any** subscription, Prowler logs a warning and skips it.
|
||||||
|
- If **none** of the provided resource groups are found across any subscription, Prowler logs a warning and no resource group scoped checks will run.
|
||||||
|
- Resource group names are matched case-insensitively, so `MyGroup` and `mygroup` are treated as the same group, mirroring Azure's own behavior.
|
||||||
|
|
||||||
|
<Warning>
|
||||||
|
If `--azure-resource-group` is used, checks that apply to specific resources are limited to the relevant resource groups. But if checks that apply to tenant or subscription scope (identity, policy, or subscription-level configuration checks) are involved, then these checks will run in their natural scope.
|
||||||
|
</Warning>
|
||||||
@@ -26,6 +26,7 @@ All notable changes to the **Prowler SDK** are documented in this file.
|
|||||||
- AWS Bedrock AgentCore privilege escalation paths in the IAM privilege escalation checks, covering Runtime, Harness, Code Interpreter and Custom Browser [(#11726)](https://github.com/prowler-cloud/prowler/pull/11726)
|
- AWS Bedrock AgentCore privilege escalation paths in the IAM privilege escalation checks, covering Runtime, Harness, Code Interpreter and Custom Browser [(#11726)](https://github.com/prowler-cloud/prowler/pull/11726)
|
||||||
- `--scan-secrets-validate` flag and `aws.secrets_validate` configuration option to optionally validate the secrets discovered by the secret-scanning checks against the provider APIs; secrets confirmed to be live are reported as critical [(#11694)](https://github.com/prowler-cloud/prowler/pull/11694)
|
- `--scan-secrets-validate` flag and `aws.secrets_validate` configuration option to optionally validate the secrets discovered by the secret-scanning checks against the provider APIs; secrets confirmed to be live are reported as critical [(#11694)](https://github.com/prowler-cloud/prowler/pull/11694)
|
||||||
- `apigateway_restapi_no_secrets_in_stage_variables` check for AWS provider, scanning API Gateway REST API stage variables for hardcoded secrets such as passwords, API keys, and tokens [(#11188)](https://github.com/prowler-cloud/prowler/pull/11188)
|
- `apigateway_restapi_no_secrets_in_stage_variables` check for AWS provider, scanning API Gateway REST API stage variables for hardcoded secrets such as passwords, API keys, and tokens [(#11188)](https://github.com/prowler-cloud/prowler/pull/11188)
|
||||||
|
- Azure provider now supports `--azure-resource-group` to scope resource-level checks to specific resource groups across all accessible subscriptions [(#10657)](https://github.com/prowler-cloud/prowler/pull/10657)
|
||||||
|
|
||||||
### 🔄 Changed
|
### 🔄 Changed
|
||||||
|
|
||||||
@@ -324,7 +325,6 @@ All notable changes to the **Prowler SDK** are documented in this file.
|
|||||||
- `bedrock_prompt_management_exists` check for AWS provider [(#10878)](https://github.com/prowler-cloud/prowler/pull/10878)
|
- `bedrock_prompt_management_exists` check for AWS provider [(#10878)](https://github.com/prowler-cloud/prowler/pull/10878)
|
||||||
- 8 Gmail attachment safety and spoofing protection checks for Google Workspace provider using the Cloud Identity Policy API [(#10980)](https://github.com/prowler-cloud/prowler/pull/10980)
|
- 8 Gmail attachment safety and spoofing protection checks for Google Workspace provider using the Cloud Identity Policy API [(#10980)](https://github.com/prowler-cloud/prowler/pull/10980)
|
||||||
- `bedrock_prompt_encrypted_with_cmk` check for AWS provider [(#10905)](https://github.com/prowler-cloud/prowler/pull/10905)
|
- `bedrock_prompt_encrypted_with_cmk` check for AWS provider [(#10905)](https://github.com/prowler-cloud/prowler/pull/10905)
|
||||||
|
|
||||||
### 🔄 Changed
|
### 🔄 Changed
|
||||||
|
|
||||||
- Azure Network Watcher flow log checks now require workspace-backed Traffic Analytics for `network_flow_log_captured_sent` and align metadata with VNet-compatible flow log guidance [(#10645)](https://github.com/prowler-cloud/prowler/pull/10645)
|
- Azure Network Watcher flow log checks now require workspace-backed Traffic Analytics for `network_flow_log_captured_sent` and align metadata with VNet-compatible flow log guidance [(#10645)](https://github.com/prowler-cloud/prowler/pull/10645)
|
||||||
|
|||||||
@@ -16,6 +16,7 @@ from azure.identity import (
|
|||||||
DefaultAzureCredential,
|
DefaultAzureCredential,
|
||||||
InteractiveBrowserCredential,
|
InteractiveBrowserCredential,
|
||||||
)
|
)
|
||||||
|
from azure.mgmt.resource import ResourceManagementClient
|
||||||
from azure.mgmt.subscription import SubscriptionClient
|
from azure.mgmt.subscription import SubscriptionClient
|
||||||
from colorama import Fore, Style
|
from colorama import Fore, Style
|
||||||
from msgraph import GraphServiceClient
|
from msgraph import GraphServiceClient
|
||||||
@@ -104,6 +105,7 @@ class AzureProvider(Provider):
|
|||||||
_region_config: AzureRegionConfig
|
_region_config: AzureRegionConfig
|
||||||
_locations: dict
|
_locations: dict
|
||||||
_mutelist: AzureMutelist
|
_mutelist: AzureMutelist
|
||||||
|
_resource_groups: dict[str, list[str]]
|
||||||
# TODO: this is not optional, enforce for all providers
|
# TODO: this is not optional, enforce for all providers
|
||||||
audit_metadata: Audit_Metadata
|
audit_metadata: Audit_Metadata
|
||||||
|
|
||||||
@@ -123,6 +125,7 @@ class AzureProvider(Provider):
|
|||||||
mutelist_content: dict = None,
|
mutelist_content: dict = None,
|
||||||
client_id: str = None,
|
client_id: str = None,
|
||||||
client_secret: str = None,
|
client_secret: str = None,
|
||||||
|
resource_groups: list = [],
|
||||||
):
|
):
|
||||||
"""
|
"""
|
||||||
Initializes the Azure provider.
|
Initializes the Azure provider.
|
||||||
@@ -142,6 +145,7 @@ class AzureProvider(Provider):
|
|||||||
mutelist_content (dict): The mutelist content.
|
mutelist_content (dict): The mutelist content.
|
||||||
client_id (str): The Azure client ID.
|
client_id (str): The Azure client ID.
|
||||||
client_secret (str): The Azure client secret.
|
client_secret (str): The Azure client secret.
|
||||||
|
resource_groups (list): List of resource group names.
|
||||||
|
|
||||||
Returns:
|
Returns:
|
||||||
None
|
None
|
||||||
@@ -206,7 +210,7 @@ class AzureProvider(Provider):
|
|||||||
... managed_identity_auth=False,
|
... managed_identity_auth=False,
|
||||||
... region="AzureUSGovernment",
|
... region="AzureUSGovernment",
|
||||||
... )
|
... )
|
||||||
- Subscriptions: rowler is multisubscription, which means that is going to scan all the subscriptions is able to list. If you only assign permissions to one subscription, it is going to scan a single one.
|
- Subscriptions: Prowler is multisubscription, which means that is going to scan all the subscriptions is able to list. If you only assign permissions to one subscription, it is going to scan a single one.
|
||||||
Prowler also allows you to specify the subscriptions you want to scan by passing a list of subscription IDs.
|
Prowler also allows you to specify the subscriptions you want to scan by passing a list of subscription IDs.
|
||||||
>>> AzureProvider(
|
>>> AzureProvider(
|
||||||
... az_cli_auth=False,
|
... az_cli_auth=False,
|
||||||
@@ -215,6 +219,11 @@ class AzureProvider(Provider):
|
|||||||
... managed_identity_auth=False,
|
... managed_identity_auth=False,
|
||||||
... subscription_ids=["XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX", "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"],
|
... subscription_ids=["XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX", "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"],
|
||||||
... )
|
... )
|
||||||
|
- Resource Groups: Prowler allows you to narrow the scan to specific resource groups.
|
||||||
|
>>> AzureProvider(
|
||||||
|
... az_cli_auth=True,
|
||||||
|
... resource_groups=["rg-production", "rg-staging"],
|
||||||
|
... )
|
||||||
|
|
||||||
"""
|
"""
|
||||||
logger.info("Setting Azure provider ...")
|
logger.info("Setting Azure provider ...")
|
||||||
@@ -272,6 +281,8 @@ class AzureProvider(Provider):
|
|||||||
# TODO: should we keep this here or within the identity?
|
# TODO: should we keep this here or within the identity?
|
||||||
self._locations = self.get_locations()
|
self._locations = self.get_locations()
|
||||||
|
|
||||||
|
self._resource_groups = self.validate_resource_groups(resource_groups)
|
||||||
|
|
||||||
# Audit Config
|
# Audit Config
|
||||||
if config_content:
|
if config_content:
|
||||||
self._audit_config = config_content
|
self._audit_config = config_content
|
||||||
@@ -337,6 +348,11 @@ class AzureProvider(Provider):
|
|||||||
"""Mutelist object associated with this Azure provider."""
|
"""Mutelist object associated with this Azure provider."""
|
||||||
return self._mutelist
|
return self._mutelist
|
||||||
|
|
||||||
|
@property
|
||||||
|
def resource_groups(self) -> dict[str, list[str]]:
|
||||||
|
"""Mapping of subscription name to the list of resource groups to scan within it."""
|
||||||
|
return self._resource_groups
|
||||||
|
|
||||||
# TODO: this should be moved to the argparse, if not we need to enforce it from the Provider
|
# TODO: this should be moved to the argparse, if not we need to enforce it from the Provider
|
||||||
# previously was using the AzureException
|
# previously was using the AzureException
|
||||||
@staticmethod
|
@staticmethod
|
||||||
@@ -439,7 +455,7 @@ class AzureProvider(Provider):
|
|||||||
"""Azure credentials information.
|
"""Azure credentials information.
|
||||||
|
|
||||||
This method prints the Azure Tenant Domain, Azure Tenant ID, Azure Region,
|
This method prints the Azure Tenant Domain, Azure Tenant ID, Azure Region,
|
||||||
Azure Subscriptions, Azure Identity Type, and Azure Identity ID.
|
Azure Subscriptions, Azure Resource Groups, Azure Identity Type, and Azure Identity ID.
|
||||||
|
|
||||||
Args:
|
Args:
|
||||||
None
|
None
|
||||||
@@ -455,6 +471,7 @@ class AzureProvider(Provider):
|
|||||||
f"Azure Tenant Domain: {Fore.YELLOW}{self._identity.tenant_domain}{Style.RESET_ALL} Azure Tenant ID: {Fore.YELLOW}{self._identity.tenant_ids[0]}{Style.RESET_ALL}",
|
f"Azure Tenant Domain: {Fore.YELLOW}{self._identity.tenant_domain}{Style.RESET_ALL} Azure Tenant ID: {Fore.YELLOW}{self._identity.tenant_ids[0]}{Style.RESET_ALL}",
|
||||||
f"Azure Region: {Fore.YELLOW}{self.region_config.name}{Style.RESET_ALL}",
|
f"Azure Region: {Fore.YELLOW}{self.region_config.name}{Style.RESET_ALL}",
|
||||||
f"Azure Subscriptions: {Fore.YELLOW}{printed_subscriptions}{Style.RESET_ALL}",
|
f"Azure Subscriptions: {Fore.YELLOW}{printed_subscriptions}{Style.RESET_ALL}",
|
||||||
|
f"Azure Resource Groups: {Fore.YELLOW}{sorted({rg for rgs in self._resource_groups.values() for rg in rgs}) if any(self._resource_groups.values()) else ('NONE (no matching resource groups found)' if self._resource_groups else 'ALL')}{Style.RESET_ALL}",
|
||||||
f"Azure Identity Type: {Fore.YELLOW}{self._identity.identity_type}{Style.RESET_ALL} Azure Identity ID: {Fore.YELLOW}{self._identity.identity_id}{Style.RESET_ALL}",
|
f"Azure Identity Type: {Fore.YELLOW}{self._identity.identity_type}{Style.RESET_ALL} Azure Identity ID: {Fore.YELLOW}{self._identity.identity_id}{Style.RESET_ALL}",
|
||||||
]
|
]
|
||||||
report_title = (
|
report_title = (
|
||||||
@@ -1102,6 +1119,54 @@ class AzureProvider(Provider):
|
|||||||
|
|
||||||
return set(chain.from_iterable(locations.values()))
|
return set(chain.from_iterable(locations.values()))
|
||||||
|
|
||||||
|
def validate_resource_groups(self, resource_groups: list) -> dict[str, list[str]]:
|
||||||
|
resource_groups = [r.strip() for r in resource_groups if r and r.strip()]
|
||||||
|
if not resource_groups:
|
||||||
|
return {}
|
||||||
|
|
||||||
|
rg_map = {
|
||||||
|
subscription_id: [] for subscription_id in self._identity.subscriptions
|
||||||
|
}
|
||||||
|
credentials = self.session
|
||||||
|
|
||||||
|
for subscription_id, display_name in self._identity.subscriptions.items():
|
||||||
|
try:
|
||||||
|
rg_client = ResourceManagementClient(
|
||||||
|
credentials,
|
||||||
|
subscription_id,
|
||||||
|
base_url=self._region_config.base_url,
|
||||||
|
credential_scopes=self._region_config.credential_scopes,
|
||||||
|
)
|
||||||
|
existing_rgs = {
|
||||||
|
rg.name.lower(): rg.name for rg in rg_client.resource_groups.list()
|
||||||
|
}
|
||||||
|
except Exception as e:
|
||||||
|
logger.warning(
|
||||||
|
f"Could not list resource groups for subscription '{display_name}' "
|
||||||
|
f"({subscription_id}): {e}. Skipping resource group filtering for this subscription."
|
||||||
|
)
|
||||||
|
continue
|
||||||
|
|
||||||
|
for rg in resource_groups:
|
||||||
|
real_name = existing_rgs.get(rg.lower())
|
||||||
|
if real_name:
|
||||||
|
rg_map[subscription_id].append(real_name)
|
||||||
|
|
||||||
|
for rg in resource_groups:
|
||||||
|
if not any(rg.lower() == r.lower() for rgs in rg_map.values() for r in rgs):
|
||||||
|
logger.warning(
|
||||||
|
f"Resource group '{rg}' was not found in any subscription. "
|
||||||
|
"Please check the resource group name and try again."
|
||||||
|
)
|
||||||
|
|
||||||
|
if not any(rgs for rgs in rg_map.values()):
|
||||||
|
logger.warning(
|
||||||
|
f"None of the provided resource groups {resource_groups} were found "
|
||||||
|
"in any subscription. Please check the resource group names and try again."
|
||||||
|
)
|
||||||
|
|
||||||
|
return rg_map
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def validate_static_credentials(
|
def validate_static_credentials(
|
||||||
tenant_id: str = None,
|
tenant_id: str = None,
|
||||||
|
|||||||
@@ -53,6 +53,16 @@ def init_parser(self):
|
|||||||
type=validate_azure_region,
|
type=validate_azure_region,
|
||||||
help="Azure region from `az cloud list --output table`, by default AzureCloud",
|
help="Azure region from `az cloud list --output table`, by default AzureCloud",
|
||||||
)
|
)
|
||||||
|
# Resource Groups
|
||||||
|
azure_rg_subparser = azure_parser.add_argument_group("Resource Groups")
|
||||||
|
azure_rg_subparser.add_argument(
|
||||||
|
"--azure-resource-group",
|
||||||
|
"--azure-resource-groups",
|
||||||
|
nargs="+",
|
||||||
|
default=[],
|
||||||
|
dest="resource_groups",
|
||||||
|
help="Azure Resource Group names to scope the scan to specific groups.",
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
def validate_azure_region(region):
|
def validate_azure_region(region):
|
||||||
|
|||||||
@@ -26,6 +26,7 @@ class AzureService:
|
|||||||
)
|
)
|
||||||
|
|
||||||
self.subscriptions = provider.identity.subscriptions
|
self.subscriptions = provider.identity.subscriptions
|
||||||
|
self.resource_groups = provider.resource_groups
|
||||||
self.locations = provider.locations
|
self.locations = provider.locations
|
||||||
self.audit_config = provider.audit_config
|
self.audit_config = provider.audit_config
|
||||||
self.fixer_config = provider.fixer_config
|
self.fixer_config = provider.fixer_config
|
||||||
@@ -49,6 +50,26 @@ class AzureService:
|
|||||||
|
|
||||||
return results
|
return results
|
||||||
|
|
||||||
|
def list_with_rg_scope(self, subscription_id, list_all_fn, list_by_rg_fn):
|
||||||
|
if not self.resource_groups:
|
||||||
|
return list(list_all_fn())
|
||||||
|
resource_groups = self.resource_groups.get(subscription_id, [])
|
||||||
|
if not resource_groups:
|
||||||
|
logger.info(
|
||||||
|
f"No valid resource groups for subscription {subscription_id}, skipping."
|
||||||
|
)
|
||||||
|
return []
|
||||||
|
output = []
|
||||||
|
for resource_group in resource_groups:
|
||||||
|
try:
|
||||||
|
output += list(list_by_rg_fn(resource_group_name=resource_group))
|
||||||
|
except Exception as error:
|
||||||
|
logger.warning(
|
||||||
|
f"Subscription ID: {subscription_id} -- Resource Group: {resource_group} -- "
|
||||||
|
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
|
||||||
|
)
|
||||||
|
return output
|
||||||
|
|
||||||
def __set_clients__(self, identity, session, service, region_config):
|
def __set_clients__(self, identity, session, service, region_config):
|
||||||
clients = {}
|
clients = {}
|
||||||
try:
|
try:
|
||||||
|
|||||||
@@ -17,7 +17,11 @@ class AISearch(AzureService):
|
|||||||
for subscription, client in self.clients.items():
|
for subscription, client in self.clients.items():
|
||||||
try:
|
try:
|
||||||
aisearch_services.update({subscription: {}})
|
aisearch_services.update({subscription: {}})
|
||||||
aisearch_services_list = client.services.list_by_subscription()
|
aisearch_services_list = self.list_with_rg_scope(
|
||||||
|
subscription,
|
||||||
|
client.services.list_by_subscription,
|
||||||
|
client.services.list_by_resource_group,
|
||||||
|
)
|
||||||
for aisearch_service in aisearch_services_list:
|
for aisearch_service in aisearch_services_list:
|
||||||
aisearch_services[subscription].update(
|
aisearch_services[subscription].update(
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -19,8 +19,12 @@ class AKS(AzureService):
|
|||||||
|
|
||||||
for subscription_id, client in self.clients.items():
|
for subscription_id, client in self.clients.items():
|
||||||
try:
|
try:
|
||||||
clusters_list = client.managed_clusters.list()
|
|
||||||
clusters.update({subscription_id: {}})
|
clusters.update({subscription_id: {}})
|
||||||
|
clusters_list = self.list_with_rg_scope(
|
||||||
|
subscription_id,
|
||||||
|
client.managed_clusters.list,
|
||||||
|
client.managed_clusters.list_by_resource_group,
|
||||||
|
)
|
||||||
|
|
||||||
for cluster in clusters_list:
|
for cluster in clusters_list:
|
||||||
if getattr(cluster, "kubernetes_version", None):
|
if getattr(cluster, "kubernetes_version", None):
|
||||||
|
|||||||
@@ -131,7 +131,11 @@ class APIM(AzureService):
|
|||||||
for subscription, client in self.clients.items():
|
for subscription, client in self.clients.items():
|
||||||
try:
|
try:
|
||||||
instances.update({subscription: []})
|
instances.update({subscription: []})
|
||||||
apim_instances = client.api_management_service.list()
|
apim_instances = self.list_with_rg_scope(
|
||||||
|
subscription,
|
||||||
|
client.api_management_service.list,
|
||||||
|
client.api_management_service.list_by_resource_group,
|
||||||
|
)
|
||||||
|
|
||||||
for instance in apim_instances:
|
for instance in apim_instances:
|
||||||
workspace_id = self._get_log_analytics_workspace_id(
|
workspace_id = self._get_log_analytics_workspace_id(
|
||||||
|
|||||||
@@ -22,8 +22,12 @@ class App(AzureService):
|
|||||||
|
|
||||||
for subscription_id, client in self.clients.items():
|
for subscription_id, client in self.clients.items():
|
||||||
try:
|
try:
|
||||||
apps_list = client.web_apps.list()
|
|
||||||
apps.update({subscription_id: {}})
|
apps.update({subscription_id: {}})
|
||||||
|
apps_list = self.list_with_rg_scope(
|
||||||
|
subscription_id,
|
||||||
|
client.web_apps.list,
|
||||||
|
client.web_apps.list_by_resource_group,
|
||||||
|
)
|
||||||
|
|
||||||
for app in apps_list:
|
for app in apps_list:
|
||||||
# Filter function apps
|
# Filter function apps
|
||||||
@@ -117,8 +121,12 @@ class App(AzureService):
|
|||||||
|
|
||||||
for subscription_id, client in self.clients.items():
|
for subscription_id, client in self.clients.items():
|
||||||
try:
|
try:
|
||||||
functions_list = client.web_apps.list()
|
|
||||||
functions.update({subscription_id: {}})
|
functions.update({subscription_id: {}})
|
||||||
|
functions_list = self.list_with_rg_scope(
|
||||||
|
subscription_id,
|
||||||
|
client.web_apps.list,
|
||||||
|
client.web_apps.list_by_resource_group,
|
||||||
|
)
|
||||||
|
|
||||||
for function in functions_list:
|
for function in functions_list:
|
||||||
# Filter function apps
|
# Filter function apps
|
||||||
|
|||||||
@@ -17,8 +17,12 @@ class AppInsights(AzureService):
|
|||||||
|
|
||||||
for subscription_id, client in self.clients.items():
|
for subscription_id, client in self.clients.items():
|
||||||
try:
|
try:
|
||||||
components_list = client.components.list()
|
|
||||||
components.update({subscription_id: {}})
|
components.update({subscription_id: {}})
|
||||||
|
components_list = self.list_with_rg_scope(
|
||||||
|
subscription_id,
|
||||||
|
client.components.list,
|
||||||
|
client.components.list_by_resource_group,
|
||||||
|
)
|
||||||
|
|
||||||
for component in components_list:
|
for component in components_list:
|
||||||
components[subscription_id].update(
|
components[subscription_id].update(
|
||||||
|
|||||||
@@ -19,8 +19,12 @@ class ContainerRegistry(AzureService):
|
|||||||
registries = {}
|
registries = {}
|
||||||
for subscription, client in self.clients.items():
|
for subscription, client in self.clients.items():
|
||||||
try:
|
try:
|
||||||
registries_list = client.registries.list()
|
|
||||||
registries.update({subscription: {}})
|
registries.update({subscription: {}})
|
||||||
|
registries_list = self.list_with_rg_scope(
|
||||||
|
subscription,
|
||||||
|
client.registries.list,
|
||||||
|
client.registries.list_by_resource_group,
|
||||||
|
)
|
||||||
|
|
||||||
for registry in registries_list:
|
for registry in registries_list:
|
||||||
resource_group = self._get_resource_group(registry.id)
|
resource_group = self._get_resource_group(registry.id)
|
||||||
|
|||||||
@@ -18,8 +18,13 @@ class CosmosDB(AzureService):
|
|||||||
accounts = {}
|
accounts = {}
|
||||||
for subscription, client in self.clients.items():
|
for subscription, client in self.clients.items():
|
||||||
try:
|
try:
|
||||||
accounts_list = client.database_accounts.list()
|
|
||||||
accounts.update({subscription: []})
|
accounts.update({subscription: []})
|
||||||
|
accounts_list = self.list_with_rg_scope(
|
||||||
|
subscription,
|
||||||
|
client.database_accounts.list,
|
||||||
|
client.database_accounts.list_by_resource_group,
|
||||||
|
)
|
||||||
|
|
||||||
for account in accounts_list:
|
for account in accounts_list:
|
||||||
accounts[subscription].append(
|
accounts[subscription].append(
|
||||||
Account(
|
Account(
|
||||||
|
|||||||
@@ -38,8 +38,13 @@ class Databricks(AzureService):
|
|||||||
for subscription, client in self.clients.items():
|
for subscription, client in self.clients.items():
|
||||||
try:
|
try:
|
||||||
workspaces[subscription] = {}
|
workspaces[subscription] = {}
|
||||||
|
workspaces_list = self.list_with_rg_scope(
|
||||||
|
subscription,
|
||||||
|
client.workspaces.list_by_subscription,
|
||||||
|
client.workspaces.list_by_resource_group,
|
||||||
|
)
|
||||||
|
|
||||||
for workspace in client.workspaces.list_by_subscription():
|
for workspace in workspaces_list:
|
||||||
workspace_parameters = getattr(workspace, "parameters", None)
|
workspace_parameters = getattr(workspace, "parameters", None)
|
||||||
workspace_managed_disk_encryption = getattr(
|
workspace_managed_disk_encryption = getattr(
|
||||||
getattr(
|
getattr(
|
||||||
|
|||||||
@@ -230,8 +230,10 @@ class Defender(AzureService):
|
|||||||
iot_security_solutions = {}
|
iot_security_solutions = {}
|
||||||
for subscription_id, client in self.clients.items():
|
for subscription_id, client in self.clients.items():
|
||||||
try:
|
try:
|
||||||
iot_security_solutions_list = (
|
iot_security_solutions_list = self.list_with_rg_scope(
|
||||||
client.iot_security_solution.list_by_subscription()
|
subscription_id,
|
||||||
|
client.iot_security_solution.list_by_subscription,
|
||||||
|
client.iot_security_solution.list_by_resource_group,
|
||||||
)
|
)
|
||||||
iot_security_solutions.update({subscription_id: {}})
|
iot_security_solutions.update({subscription_id: {}})
|
||||||
for iot_security_solution in iot_security_solutions_list:
|
for iot_security_solution in iot_security_solutions_list:
|
||||||
@@ -267,8 +269,13 @@ class Defender(AzureService):
|
|||||||
for subscription_id, client in self.clients.items():
|
for subscription_id, client in self.clients.items():
|
||||||
try:
|
try:
|
||||||
jit_policies[subscription_id] = {}
|
jit_policies[subscription_id] = {}
|
||||||
policies = client.jit_network_access_policies.list()
|
policies_list = self.list_with_rg_scope(
|
||||||
for policy in policies:
|
subscription_id,
|
||||||
|
client.jit_network_access_policies.list,
|
||||||
|
client.jit_network_access_policies.list_by_resource_group,
|
||||||
|
)
|
||||||
|
|
||||||
|
for policy in policies_list:
|
||||||
vm_ids = set()
|
vm_ids = set()
|
||||||
for vm in getattr(policy, "virtual_machines", []):
|
for vm in getattr(policy, "virtual_machines", []):
|
||||||
vm_ids.add(vm.id)
|
vm_ids.add(vm.id)
|
||||||
|
|||||||
@@ -35,7 +35,11 @@ class KeyVault(AzureService):
|
|||||||
for subscription, client in self.clients.items():
|
for subscription, client in self.clients.items():
|
||||||
try:
|
try:
|
||||||
key_vaults[subscription] = []
|
key_vaults[subscription] = []
|
||||||
vaults_list = list(client.vaults.list_by_subscription())
|
vaults_list = self.list_with_rg_scope(
|
||||||
|
subscription,
|
||||||
|
client.vaults.list_by_subscription,
|
||||||
|
client.vaults.list_by_resource_group,
|
||||||
|
)
|
||||||
|
|
||||||
if not vaults_list:
|
if not vaults_list:
|
||||||
continue
|
continue
|
||||||
|
|||||||
@@ -19,8 +19,12 @@ class MySQL(AzureService):
|
|||||||
servers = {}
|
servers = {}
|
||||||
for subscription_id, client in self.clients.items():
|
for subscription_id, client in self.clients.items():
|
||||||
try:
|
try:
|
||||||
servers_list = client.servers.list()
|
|
||||||
servers.update({subscription_id: {}})
|
servers.update({subscription_id: {}})
|
||||||
|
servers_list = self.list_with_rg_scope(
|
||||||
|
subscription_id,
|
||||||
|
client.servers.list,
|
||||||
|
client.servers.list_by_resource_group,
|
||||||
|
)
|
||||||
for server in servers_list:
|
for server in servers_list:
|
||||||
backup = getattr(server, "backup", None)
|
backup = getattr(server, "backup", None)
|
||||||
ha = getattr(server, "high_availability", None)
|
ha = getattr(server, "high_availability", None)
|
||||||
|
|||||||
@@ -24,8 +24,13 @@ class Network(AzureService):
|
|||||||
security_groups = {}
|
security_groups = {}
|
||||||
for subscription, client in self.clients.items():
|
for subscription, client in self.clients.items():
|
||||||
try:
|
try:
|
||||||
|
security_groups_list = self.list_with_rg_scope(
|
||||||
|
subscription,
|
||||||
|
client.network_security_groups.list_all,
|
||||||
|
client.network_security_groups.list,
|
||||||
|
)
|
||||||
|
|
||||||
security_groups.update({subscription: []})
|
security_groups.update({subscription: []})
|
||||||
security_groups_list = client.network_security_groups.list_all()
|
|
||||||
for security_group in security_groups_list:
|
for security_group in security_groups_list:
|
||||||
security_groups[subscription].append(
|
security_groups[subscription].append(
|
||||||
SecurityGroup(
|
SecurityGroup(
|
||||||
@@ -64,8 +69,8 @@ class Network(AzureService):
|
|||||||
network_watchers = {}
|
network_watchers = {}
|
||||||
for subscription, client in self.clients.items():
|
for subscription, client in self.clients.items():
|
||||||
try:
|
try:
|
||||||
network_watchers.update({subscription: []})
|
|
||||||
network_watchers_list = client.network_watchers.list_all()
|
network_watchers_list = client.network_watchers.list_all()
|
||||||
|
network_watchers.update({subscription: []})
|
||||||
for network_watcher in network_watchers_list:
|
for network_watcher in network_watchers_list:
|
||||||
flow_logs = self._get_flow_logs(
|
flow_logs = self._get_flow_logs(
|
||||||
subscription, network_watcher.name, network_watcher.id
|
subscription, network_watcher.name, network_watcher.id
|
||||||
@@ -164,8 +169,13 @@ class Network(AzureService):
|
|||||||
bastion_hosts = {}
|
bastion_hosts = {}
|
||||||
for subscription, client in self.clients.items():
|
for subscription, client in self.clients.items():
|
||||||
try:
|
try:
|
||||||
|
bastion_hosts_list = self.list_with_rg_scope(
|
||||||
|
subscription,
|
||||||
|
client.bastion_hosts.list,
|
||||||
|
client.bastion_hosts.list_by_resource_group,
|
||||||
|
)
|
||||||
|
|
||||||
bastion_hosts.update({subscription: []})
|
bastion_hosts.update({subscription: []})
|
||||||
bastion_hosts_list = client.bastion_hosts.list()
|
|
||||||
for bastion_host in bastion_hosts_list:
|
for bastion_host in bastion_hosts_list:
|
||||||
bastion_hosts[subscription].append(
|
bastion_hosts[subscription].append(
|
||||||
BastionHost(
|
BastionHost(
|
||||||
@@ -186,8 +196,13 @@ class Network(AzureService):
|
|||||||
public_ip_addresses = {}
|
public_ip_addresses = {}
|
||||||
for subscription, client in self.clients.items():
|
for subscription, client in self.clients.items():
|
||||||
try:
|
try:
|
||||||
|
public_ip_addresses_list = self.list_with_rg_scope(
|
||||||
|
subscription,
|
||||||
|
client.public_ip_addresses.list_all,
|
||||||
|
client.public_ip_addresses.list,
|
||||||
|
)
|
||||||
|
|
||||||
public_ip_addresses.update({subscription: []})
|
public_ip_addresses.update({subscription: []})
|
||||||
public_ip_addresses_list = client.public_ip_addresses.list_all()
|
|
||||||
for public_ip_address in public_ip_addresses_list:
|
for public_ip_address in public_ip_addresses_list:
|
||||||
public_ip_addresses[subscription].append(
|
public_ip_addresses[subscription].append(
|
||||||
PublicIp(
|
PublicIp(
|
||||||
@@ -207,13 +222,17 @@ class Network(AzureService):
|
|||||||
def _get_virtual_networks(self):
|
def _get_virtual_networks(self):
|
||||||
logger.info("Network - Getting Virtual Networks...")
|
logger.info("Network - Getting Virtual Networks...")
|
||||||
virtual_networks = {}
|
virtual_networks = {}
|
||||||
for subscription, client in self.clients.items():
|
for subscription_id, client in self.clients.items():
|
||||||
try:
|
try:
|
||||||
virtual_networks[subscription] = []
|
virtual_networks[subscription_id] = []
|
||||||
vnet_list = client.virtual_networks.list_all()
|
virtual_networks_list = self.list_with_rg_scope(
|
||||||
for vnet in vnet_list:
|
subscription_id,
|
||||||
|
client.virtual_networks.list_all,
|
||||||
|
client.virtual_networks.list,
|
||||||
|
)
|
||||||
|
for virtual_network in virtual_networks_list:
|
||||||
subnets = []
|
subnets = []
|
||||||
for subnet in getattr(vnet, "subnets", []) or []:
|
for subnet in getattr(virtual_network, "subnets", []) or []:
|
||||||
nsg = getattr(subnet, "network_security_group", None)
|
nsg = getattr(subnet, "network_security_group", None)
|
||||||
subnets.append(
|
subnets.append(
|
||||||
VNetSubnet(
|
VNetSubnet(
|
||||||
@@ -222,20 +241,20 @@ class Network(AzureService):
|
|||||||
nsg_id=getattr(nsg, "id", None) if nsg else None,
|
nsg_id=getattr(nsg, "id", None) if nsg else None,
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
virtual_networks[subscription].append(
|
virtual_networks[subscription_id].append(
|
||||||
VirtualNetwork(
|
VirtualNetwork(
|
||||||
id=vnet.id,
|
id=virtual_network.id,
|
||||||
name=vnet.name,
|
name=virtual_network.name,
|
||||||
location=vnet.location,
|
location=virtual_network.location,
|
||||||
enable_ddos_protection=getattr(
|
enable_ddos_protection=getattr(
|
||||||
vnet, "enable_ddos_protection", False
|
virtual_network, "enable_ddos_protection", False
|
||||||
),
|
),
|
||||||
subnets=subnets,
|
subnets=subnets,
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
except Exception as error:
|
except Exception as error:
|
||||||
logger.error(
|
logger.error(
|
||||||
f"Subscription name: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
|
f"Subscription ID: {subscription_id} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
|
||||||
)
|
)
|
||||||
return virtual_networks
|
return virtual_networks
|
||||||
|
|
||||||
|
|||||||
@@ -18,8 +18,8 @@ class Policy(AzureService):
|
|||||||
|
|
||||||
for subscription_id, client in self.clients.items():
|
for subscription_id, client in self.clients.items():
|
||||||
try:
|
try:
|
||||||
policy_assigments_list = client.policy_assignments.list()
|
|
||||||
policy_assigments.update({subscription_id: {}})
|
policy_assigments.update({subscription_id: {}})
|
||||||
|
policy_assigments_list = client.policy_assignments.list()
|
||||||
|
|
||||||
for policy_assigment in policy_assigments_list:
|
for policy_assigment in policy_assigments_list:
|
||||||
policy_assigments[subscription_id].update(
|
policy_assigments[subscription_id].update(
|
||||||
|
|||||||
@@ -19,8 +19,13 @@ class PostgreSQL(AzureService):
|
|||||||
flexible_servers = {}
|
flexible_servers = {}
|
||||||
for subscription, client in self.clients.items():
|
for subscription, client in self.clients.items():
|
||||||
try:
|
try:
|
||||||
|
flexible_servers_list = self.list_with_rg_scope(
|
||||||
|
subscription,
|
||||||
|
client.servers.list,
|
||||||
|
client.servers.list_by_resource_group,
|
||||||
|
)
|
||||||
|
|
||||||
flexible_servers.update({subscription: []})
|
flexible_servers.update({subscription: []})
|
||||||
flexible_servers_list = client.servers.list()
|
|
||||||
for postgresql_server in flexible_servers_list:
|
for postgresql_server in flexible_servers_list:
|
||||||
# Isolate each server: a failure collecting one server must
|
# Isolate each server: a failure collecting one server must
|
||||||
# not abort collection of the remaining servers in the
|
# not abort collection of the remaining servers in the
|
||||||
|
|||||||
@@ -56,9 +56,14 @@ class Recovery(AzureService):
|
|||||||
try:
|
try:
|
||||||
vaults_dict: dict[str, dict[str, BackupVault]] = {}
|
vaults_dict: dict[str, dict[str, BackupVault]] = {}
|
||||||
for subscription_id, client in self.clients.items():
|
for subscription_id, client in self.clients.items():
|
||||||
vaults = client.vaults.list_by_subscription_id()
|
vaults_list = self.list_with_rg_scope(
|
||||||
|
subscription_id,
|
||||||
|
client.vaults.list_by_subscription_id,
|
||||||
|
client.vaults.list_by_resource_group,
|
||||||
|
)
|
||||||
|
|
||||||
vaults_dict[subscription_id] = {}
|
vaults_dict[subscription_id] = {}
|
||||||
for vault in vaults:
|
for vault in vaults_list:
|
||||||
vault_obj = BackupVault(
|
vault_obj = BackupVault(
|
||||||
id=vault.id,
|
id=vault.id,
|
||||||
name=vault.name,
|
name=vault.name,
|
||||||
|
|||||||
@@ -18,8 +18,13 @@ class SQLServer(AzureService):
|
|||||||
sql_servers = {}
|
sql_servers = {}
|
||||||
for subscription, client in self.clients.items():
|
for subscription, client in self.clients.items():
|
||||||
try:
|
try:
|
||||||
|
sql_servers_list = self.list_with_rg_scope(
|
||||||
|
subscription,
|
||||||
|
client.servers.list,
|
||||||
|
client.servers.list_by_resource_group,
|
||||||
|
)
|
||||||
|
|
||||||
sql_servers.update({subscription: []})
|
sql_servers.update({subscription: []})
|
||||||
sql_servers_list = client.servers.list()
|
|
||||||
for sql_server in sql_servers_list:
|
for sql_server in sql_servers_list:
|
||||||
resource_group = self._get_resource_group(sql_server.id)
|
resource_group = self._get_resource_group(sql_server.id)
|
||||||
auditing_policies = self._get_server_blob_auditing_policies(
|
auditing_policies = self._get_server_blob_auditing_policies(
|
||||||
|
|||||||
@@ -20,8 +20,13 @@ class Storage(AzureService):
|
|||||||
storage_accounts = {}
|
storage_accounts = {}
|
||||||
for subscription, client in self.clients.items():
|
for subscription, client in self.clients.items():
|
||||||
try:
|
try:
|
||||||
|
storage_accounts_list = self.list_with_rg_scope(
|
||||||
|
subscription,
|
||||||
|
client.storage_accounts.list,
|
||||||
|
client.storage_accounts.list_by_resource_group,
|
||||||
|
)
|
||||||
|
|
||||||
storage_accounts.update({subscription: []})
|
storage_accounts.update({subscription: []})
|
||||||
storage_accounts_list = client.storage_accounts.list()
|
|
||||||
for storage_account in storage_accounts_list:
|
for storage_account in storage_accounts_list:
|
||||||
parts = storage_account.id.split("/")
|
parts = storage_account.id.split("/")
|
||||||
if "resourceGroups" in parts:
|
if "resourceGroups" in parts:
|
||||||
|
|||||||
@@ -22,8 +22,12 @@ class VirtualMachines(AzureService):
|
|||||||
|
|
||||||
for subscription_id, client in self.clients.items():
|
for subscription_id, client in self.clients.items():
|
||||||
try:
|
try:
|
||||||
virtual_machines_list = client.virtual_machines.list_all()
|
|
||||||
virtual_machines.update({subscription_id: {}})
|
virtual_machines.update({subscription_id: {}})
|
||||||
|
virtual_machines_list = self.list_with_rg_scope(
|
||||||
|
subscription_id,
|
||||||
|
client.virtual_machines.list_all,
|
||||||
|
client.virtual_machines.list,
|
||||||
|
)
|
||||||
|
|
||||||
for vm in virtual_machines_list:
|
for vm in virtual_machines_list:
|
||||||
storage_profile = getattr(vm, "storage_profile", None)
|
storage_profile = getattr(vm, "storage_profile", None)
|
||||||
@@ -155,8 +159,12 @@ class VirtualMachines(AzureService):
|
|||||||
|
|
||||||
for subscription_id, client in self.clients.items():
|
for subscription_id, client in self.clients.items():
|
||||||
try:
|
try:
|
||||||
disks_list = client.disks.list()
|
|
||||||
disks.update({subscription_id: {}})
|
disks.update({subscription_id: {}})
|
||||||
|
disks_list = self.list_with_rg_scope(
|
||||||
|
subscription_id,
|
||||||
|
client.disks.list,
|
||||||
|
client.disks.list_by_resource_group,
|
||||||
|
)
|
||||||
|
|
||||||
for disk in disks_list:
|
for disk in disks_list:
|
||||||
vms_attached = []
|
vms_attached = []
|
||||||
@@ -202,9 +210,13 @@ class VirtualMachines(AzureService):
|
|||||||
vm_scale_sets = {}
|
vm_scale_sets = {}
|
||||||
for subscription_id, client in self.clients.items():
|
for subscription_id, client in self.clients.items():
|
||||||
try:
|
try:
|
||||||
scale_sets = client.virtual_machine_scale_sets.list_all()
|
|
||||||
vm_scale_sets[subscription_id] = {}
|
vm_scale_sets[subscription_id] = {}
|
||||||
for scale_set in scale_sets:
|
scale_sets_list = self.list_with_rg_scope(
|
||||||
|
subscription_id,
|
||||||
|
client.virtual_machine_scale_sets.list_all,
|
||||||
|
client.virtual_machine_scale_sets.list,
|
||||||
|
)
|
||||||
|
for scale_set in scale_sets_list:
|
||||||
backend_pools = []
|
backend_pools = []
|
||||||
nic_configs = []
|
nic_configs = []
|
||||||
virtual_machine_profile = getattr(
|
virtual_machine_profile = getattr(
|
||||||
|
|||||||
@@ -407,6 +407,7 @@ class Provider(ABC):
|
|||||||
tenant_id=arguments.tenant_id,
|
tenant_id=arguments.tenant_id,
|
||||||
region=arguments.azure_region,
|
region=arguments.azure_region,
|
||||||
subscription_ids=arguments.subscription_id,
|
subscription_ids=arguments.subscription_id,
|
||||||
|
resource_groups=arguments.resource_groups,
|
||||||
config_path=arguments.config_file,
|
config_path=arguments.config_file,
|
||||||
mutelist_path=arguments.mutelist_file,
|
mutelist_path=arguments.mutelist_file,
|
||||||
fixer_config=fixer_config,
|
fixer_config=fixer_config,
|
||||||
|
|||||||
@@ -9,6 +9,8 @@ from prowler.providers.azure.models import AzureIdentityInfo, AzureRegionConfig
|
|||||||
AZURE_SUBSCRIPTION_ID = str(uuid4())
|
AZURE_SUBSCRIPTION_ID = str(uuid4())
|
||||||
AZURE_SUBSCRIPTION_NAME = "Subscription Name"
|
AZURE_SUBSCRIPTION_NAME = "Subscription Name"
|
||||||
AZURE_SUBSCRIPTION_DISPLAY = f"{AZURE_SUBSCRIPTION_NAME} ({AZURE_SUBSCRIPTION_ID})"
|
AZURE_SUBSCRIPTION_DISPLAY = f"{AZURE_SUBSCRIPTION_NAME} ({AZURE_SUBSCRIPTION_ID})"
|
||||||
|
RESOURCE_GROUP = "rg"
|
||||||
|
RESOURCE_GROUP_LIST = [RESOURCE_GROUP, "rg2"]
|
||||||
|
|
||||||
# Azure Identity
|
# Azure Identity
|
||||||
IDENTITY_ID = "00000000-0000-0000-0000-000000000000"
|
IDENTITY_ID = "00000000-0000-0000-0000-000000000000"
|
||||||
@@ -30,6 +32,7 @@ def set_mocked_azure_provider(
|
|||||||
audit_config: dict = None,
|
audit_config: dict = None,
|
||||||
azure_region_config: AzureRegionConfig = AzureRegionConfig(),
|
azure_region_config: AzureRegionConfig = AzureRegionConfig(),
|
||||||
locations: list = None,
|
locations: list = None,
|
||||||
|
resource_groups: dict = None,
|
||||||
) -> AzureProvider:
|
) -> AzureProvider:
|
||||||
|
|
||||||
provider = MagicMock()
|
provider = MagicMock()
|
||||||
@@ -39,5 +42,6 @@ def set_mocked_azure_provider(
|
|||||||
provider.identity = identity
|
provider.identity = identity
|
||||||
provider.audit_config = audit_config
|
provider.audit_config = audit_config
|
||||||
provider.region_config = azure_region_config
|
provider.region_config = azure_region_config
|
||||||
|
provider.resource_groups = resource_groups
|
||||||
|
|
||||||
return provider
|
return provider
|
||||||
|
|||||||
@@ -552,6 +552,102 @@ class TestAzureProvider:
|
|||||||
assert regions == expected_regions
|
assert regions == expected_regions
|
||||||
|
|
||||||
|
|
||||||
|
class TestAzureProviderValidateResourceGroups:
|
||||||
|
@patch(
|
||||||
|
"prowler.providers.azure.azure_provider.AzureProvider.__init__",
|
||||||
|
return_value=None,
|
||||||
|
)
|
||||||
|
def _make_provider(self, _mock_init, subscriptions=None):
|
||||||
|
provider = AzureProvider()
|
||||||
|
provider._identity = MagicMock()
|
||||||
|
provider._identity.subscriptions = subscriptions or {str(uuid4()): "Sub"}
|
||||||
|
provider._session = MagicMock()
|
||||||
|
provider._region_config = MagicMock()
|
||||||
|
return provider
|
||||||
|
|
||||||
|
@patch("prowler.providers.azure.azure_provider.ResourceManagementClient")
|
||||||
|
def test_validate_resource_groups_exact_match(self, mock_rm_client):
|
||||||
|
provider = self._make_provider()
|
||||||
|
sub_name = list(provider._identity.subscriptions.keys())[0]
|
||||||
|
|
||||||
|
mock_rg = MagicMock()
|
||||||
|
mock_rg.name = "mygroup"
|
||||||
|
mock_resource_groups = MagicMock()
|
||||||
|
mock_resource_groups.list.return_value = [mock_rg]
|
||||||
|
mock_rm_client.return_value.resource_groups = mock_resource_groups
|
||||||
|
|
||||||
|
result = provider.validate_resource_groups(["mygroup"])
|
||||||
|
|
||||||
|
assert result[sub_name] == ["mygroup"]
|
||||||
|
|
||||||
|
@patch("prowler.providers.azure.azure_provider.ResourceManagementClient")
|
||||||
|
def test_validate_resource_groups_mixed_case(self, mock_rm_client):
|
||||||
|
provider = self._make_provider()
|
||||||
|
sub_name = list(provider._identity.subscriptions.keys())[0]
|
||||||
|
|
||||||
|
mock_rg = MagicMock()
|
||||||
|
mock_rg.name = "MyGroup"
|
||||||
|
mock_resource_groups = MagicMock()
|
||||||
|
mock_resource_groups.list.return_value = [mock_rg]
|
||||||
|
mock_rm_client.return_value.resource_groups = mock_resource_groups
|
||||||
|
|
||||||
|
result = provider.validate_resource_groups(["mygroup"])
|
||||||
|
|
||||||
|
assert result[sub_name] == ["MyGroup"]
|
||||||
|
mock_resource_groups.list.assert_called_once()
|
||||||
|
|
||||||
|
@patch("prowler.providers.azure.azure_provider.ResourceManagementClient")
|
||||||
|
def test_validate_resource_groups_multiple_rgs(self, mock_rm_client):
|
||||||
|
provider = self._make_provider()
|
||||||
|
sub_name = list(provider._identity.subscriptions.keys())[0]
|
||||||
|
|
||||||
|
rg1, rg2 = MagicMock(), MagicMock()
|
||||||
|
rg1.name = "rg1"
|
||||||
|
rg2.name = "rg2"
|
||||||
|
mock_resource_groups = MagicMock()
|
||||||
|
mock_resource_groups.list.return_value = [rg1, rg2]
|
||||||
|
mock_rm_client.return_value.resource_groups = mock_resource_groups
|
||||||
|
|
||||||
|
result = provider.validate_resource_groups(["rg1", "rg2"])
|
||||||
|
|
||||||
|
assert set(result[sub_name]) == {"rg1", "rg2"}
|
||||||
|
|
||||||
|
@patch("prowler.providers.azure.azure_provider.ResourceManagementClient")
|
||||||
|
def test_validate_resource_groups_not_found(self, mock_rm_client):
|
||||||
|
provider = self._make_provider()
|
||||||
|
sub_name = list(provider._identity.subscriptions.keys())[0]
|
||||||
|
|
||||||
|
mock_rg = MagicMock()
|
||||||
|
mock_rg.name = "existing"
|
||||||
|
mock_resource_groups = MagicMock()
|
||||||
|
mock_resource_groups.list.return_value = [mock_rg]
|
||||||
|
mock_rm_client.return_value.resource_groups = mock_resource_groups
|
||||||
|
|
||||||
|
result = provider.validate_resource_groups(["nonexistent"])
|
||||||
|
|
||||||
|
assert result[sub_name] == []
|
||||||
|
|
||||||
|
def test_validate_resource_groups_empty_input(self):
|
||||||
|
provider = self._make_provider()
|
||||||
|
result = provider.validate_resource_groups([])
|
||||||
|
assert result == {}
|
||||||
|
|
||||||
|
@patch("prowler.providers.azure.azure_provider.ResourceManagementClient")
|
||||||
|
def test_validate_resource_groups_strips_whitespace(self, mock_rm_client):
|
||||||
|
provider = self._make_provider()
|
||||||
|
sub_name = list(provider._identity.subscriptions.keys())[0]
|
||||||
|
|
||||||
|
mock_rg = MagicMock()
|
||||||
|
mock_rg.name = "rg-prod"
|
||||||
|
mock_resource_groups = MagicMock()
|
||||||
|
mock_resource_groups.list.return_value = [mock_rg]
|
||||||
|
mock_rm_client.return_value.resource_groups = mock_resource_groups
|
||||||
|
|
||||||
|
result = provider.validate_resource_groups([" rg-prod "])
|
||||||
|
|
||||||
|
assert result[sub_name] == ["rg-prod"]
|
||||||
|
|
||||||
|
|
||||||
class TestAzureProviderSetupIdentitySubscriptions:
|
class TestAzureProviderSetupIdentitySubscriptions:
|
||||||
"""Regression tests ensuring identity.subscriptions preserves every
|
"""Regression tests ensuring identity.subscriptions preserves every
|
||||||
subscription even when multiple Azure subscriptions share the same
|
subscription even when multiple Azure subscriptions share the same
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
from unittest.mock import patch
|
from unittest.mock import MagicMock, patch
|
||||||
|
|
||||||
from prowler.providers.azure.services.aisearch.aisearch_service import (
|
from prowler.providers.azure.services.aisearch.aisearch_service import (
|
||||||
AISearch,
|
AISearch,
|
||||||
@@ -6,9 +6,13 @@ from prowler.providers.azure.services.aisearch.aisearch_service import (
|
|||||||
)
|
)
|
||||||
from tests.providers.azure.azure_fixtures import (
|
from tests.providers.azure.azure_fixtures import (
|
||||||
AZURE_SUBSCRIPTION_ID,
|
AZURE_SUBSCRIPTION_ID,
|
||||||
|
RESOURCE_GROUP,
|
||||||
|
RESOURCE_GROUP_LIST,
|
||||||
set_mocked_azure_provider,
|
set_mocked_azure_provider,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
AISEARCH_SERVICE_ID = f"/subscriptions/{AZURE_SUBSCRIPTION_ID}/resourceGroups/{RESOURCE_GROUP}/providers/Microsoft.Search/searchServices/search1"
|
||||||
|
|
||||||
|
|
||||||
def mock_storage_get_aisearch_services(_):
|
def mock_storage_get_aisearch_services(_):
|
||||||
return {
|
return {
|
||||||
@@ -58,3 +62,121 @@ class Test_AISearch_Service:
|
|||||||
assert aisearch.aisearch_services[AZURE_SUBSCRIPTION_ID][
|
assert aisearch.aisearch_services[AZURE_SUBSCRIPTION_ID][
|
||||||
"aisearch_service_id-1"
|
"aisearch_service_id-1"
|
||||||
].public_network_access
|
].public_network_access
|
||||||
|
|
||||||
|
|
||||||
|
class Test_AISearch_Service_get_aisearch_services:
|
||||||
|
def test_get_aisearch_services_no_resource_groups(self):
|
||||||
|
mock_service = MagicMock()
|
||||||
|
mock_service.id = AISEARCH_SERVICE_ID
|
||||||
|
mock_service.name = "search1"
|
||||||
|
mock_service.location = "westeurope"
|
||||||
|
mock_service.public_network_access = "Enabled"
|
||||||
|
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.services.list_by_subscription.return_value = [mock_service]
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.aisearch.aisearch_service.AISearch._get_aisearch_services",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
aisearch = AISearch(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
aisearch.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
aisearch.resource_groups = None
|
||||||
|
|
||||||
|
result = aisearch._get_aisearch_services()
|
||||||
|
|
||||||
|
mock_client.services.list_by_subscription.assert_called_once()
|
||||||
|
mock_client.services.list_by_resource_group.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
assert (
|
||||||
|
result[AZURE_SUBSCRIPTION_ID][AISEARCH_SERVICE_ID].public_network_access
|
||||||
|
is True
|
||||||
|
)
|
||||||
|
|
||||||
|
def test_get_aisearch_services_with_resource_group(self):
|
||||||
|
mock_service = MagicMock()
|
||||||
|
mock_service.id = AISEARCH_SERVICE_ID
|
||||||
|
mock_service.name = "search1"
|
||||||
|
mock_service.location = "westeurope"
|
||||||
|
mock_service.public_network_access = "Disabled"
|
||||||
|
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.services.list_by_resource_group.return_value = [mock_service]
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.aisearch.aisearch_service.AISearch._get_aisearch_services",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
aisearch = AISearch(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
aisearch.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
aisearch.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||||
|
|
||||||
|
result = aisearch._get_aisearch_services()
|
||||||
|
|
||||||
|
mock_client.services.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name=RESOURCE_GROUP
|
||||||
|
)
|
||||||
|
mock_client.services.list_by_subscription.assert_not_called()
|
||||||
|
assert (
|
||||||
|
result[AZURE_SUBSCRIPTION_ID][AISEARCH_SERVICE_ID].public_network_access
|
||||||
|
is False
|
||||||
|
)
|
||||||
|
|
||||||
|
def test_get_aisearch_services_empty_resource_group_for_subscription(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.aisearch.aisearch_service.AISearch._get_aisearch_services",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
aisearch = AISearch(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
aisearch.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
aisearch.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||||
|
|
||||||
|
result = aisearch._get_aisearch_services()
|
||||||
|
|
||||||
|
mock_client.services.list_by_resource_group.assert_not_called()
|
||||||
|
mock_client.services.list_by_subscription.assert_not_called()
|
||||||
|
assert result[AZURE_SUBSCRIPTION_ID] == {}
|
||||||
|
|
||||||
|
def test_get_aisearch_services_with_multiple_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.services = MagicMock()
|
||||||
|
mock_client.services.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.aisearch.aisearch_service.AISearch._get_aisearch_services",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
aisearch = AISearch(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
aisearch.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
aisearch.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||||
|
|
||||||
|
result = aisearch._get_aisearch_services()
|
||||||
|
|
||||||
|
assert mock_client.services.list_by_resource_group.call_count == 2
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_aisearch_services_with_mixed_case_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.services = MagicMock()
|
||||||
|
mock_client.services.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.aisearch.aisearch_service.AISearch._get_aisearch_services",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
aisearch = AISearch(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
aisearch.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
aisearch.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||||
|
|
||||||
|
aisearch._get_aisearch_services()
|
||||||
|
|
||||||
|
mock_client.services.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name="RG"
|
||||||
|
)
|
||||||
|
|||||||
@@ -1,8 +1,10 @@
|
|||||||
from unittest.mock import patch
|
from unittest.mock import MagicMock, patch
|
||||||
|
|
||||||
from prowler.providers.azure.services.aks.aks_service import AKS, Cluster
|
from prowler.providers.azure.services.aks.aks_service import AKS, Cluster
|
||||||
from tests.providers.azure.azure_fixtures import (
|
from tests.providers.azure.azure_fixtures import (
|
||||||
AZURE_SUBSCRIPTION_ID,
|
AZURE_SUBSCRIPTION_ID,
|
||||||
|
RESOURCE_GROUP,
|
||||||
|
RESOURCE_GROUP_LIST,
|
||||||
set_mocked_azure_provider,
|
set_mocked_azure_provider,
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -66,3 +68,128 @@ class Test_AKS_Service:
|
|||||||
aks.clusters[AZURE_SUBSCRIPTION_ID]["cluster_id-1"].location == "westeurope"
|
aks.clusters[AZURE_SUBSCRIPTION_ID]["cluster_id-1"].location == "westeurope"
|
||||||
)
|
)
|
||||||
assert aks.clusters[AZURE_SUBSCRIPTION_ID]["cluster_id-1"].rbac_enabled
|
assert aks.clusters[AZURE_SUBSCRIPTION_ID]["cluster_id-1"].rbac_enabled
|
||||||
|
|
||||||
|
|
||||||
|
class Test_AKS_get_clusters:
|
||||||
|
def test_get_clusters_no_resource_groups(self):
|
||||||
|
mock_cluster = MagicMock()
|
||||||
|
mock_cluster.id = "cluster_id-1"
|
||||||
|
mock_cluster.name = "cluster_name"
|
||||||
|
mock_cluster.fqdn = "public_fqdn"
|
||||||
|
mock_cluster.private_fqdn = "private_fqdn"
|
||||||
|
mock_cluster.location = "westeurope"
|
||||||
|
mock_cluster.kubernetes_version = "1.28.0"
|
||||||
|
mock_cluster.network_profile = None
|
||||||
|
mock_cluster.agent_pool_profiles = []
|
||||||
|
mock_cluster.enable_rbac = False
|
||||||
|
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.managed_clusters.list.return_value = [mock_cluster]
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.aks.aks_service.AKS._get_clusters",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
aks = AKS(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
aks.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
aks.resource_groups = None
|
||||||
|
|
||||||
|
result = aks._get_clusters()
|
||||||
|
|
||||||
|
mock_client.managed_clusters.list.assert_called_once()
|
||||||
|
mock_client.managed_clusters.list_by_resource_group.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
assert "cluster_id-1" in result[AZURE_SUBSCRIPTION_ID]
|
||||||
|
|
||||||
|
def test_get_clusters_with_resource_group(self):
|
||||||
|
mock_cluster = MagicMock()
|
||||||
|
mock_cluster.id = "cluster_id-1"
|
||||||
|
mock_cluster.name = "cluster_name"
|
||||||
|
mock_cluster.fqdn = "public_fqdn"
|
||||||
|
mock_cluster.private_fqdn = "private_fqdn"
|
||||||
|
mock_cluster.location = "westeurope"
|
||||||
|
mock_cluster.kubernetes_version = "1.28.0"
|
||||||
|
mock_cluster.network_profile = None
|
||||||
|
mock_cluster.agent_pool_profiles = []
|
||||||
|
mock_cluster.enable_rbac = False
|
||||||
|
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.managed_clusters.list_by_resource_group.return_value = [
|
||||||
|
mock_cluster
|
||||||
|
]
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.aks.aks_service.AKS._get_clusters",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
aks = AKS(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
aks.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
aks.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||||
|
|
||||||
|
result = aks._get_clusters()
|
||||||
|
|
||||||
|
mock_client.managed_clusters.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name=RESOURCE_GROUP
|
||||||
|
)
|
||||||
|
mock_client.managed_clusters.list.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
assert "cluster_id-1" in result[AZURE_SUBSCRIPTION_ID]
|
||||||
|
|
||||||
|
def test_get_clusters_empty_resource_group_for_subscription(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.aks.aks_service.AKS._get_clusters",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
aks = AKS(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
aks.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
aks.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||||
|
|
||||||
|
result = aks._get_clusters()
|
||||||
|
|
||||||
|
mock_client.managed_clusters.list_by_resource_group.assert_not_called()
|
||||||
|
mock_client.managed_clusters.list.assert_not_called()
|
||||||
|
assert result[AZURE_SUBSCRIPTION_ID] == {}
|
||||||
|
|
||||||
|
def test_get_clusters_with_multiple_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.managed_clusters = MagicMock()
|
||||||
|
mock_client.managed_clusters.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.aks.aks_service.AKS._get_clusters",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
aks = AKS(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
aks.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
aks.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||||
|
|
||||||
|
result = aks._get_clusters()
|
||||||
|
|
||||||
|
assert mock_client.managed_clusters.list_by_resource_group.call_count == 2
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_clusters_with_mixed_case_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.managed_clusters = MagicMock()
|
||||||
|
mock_client.managed_clusters.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.aks.aks_service.AKS._get_clusters",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
aks = AKS(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
aks.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
aks.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||||
|
|
||||||
|
aks._get_clusters()
|
||||||
|
|
||||||
|
mock_client.managed_clusters.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name="RG"
|
||||||
|
)
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
from datetime import timedelta
|
from datetime import timedelta
|
||||||
from unittest import TestCase, mock
|
from unittest import TestCase, mock
|
||||||
from unittest.mock import patch
|
from unittest.mock import MagicMock, patch
|
||||||
|
|
||||||
from azure.mgmt.loganalytics.models import Workspace
|
from azure.mgmt.loganalytics.models import Workspace
|
||||||
from azure.mgmt.monitor.models import DiagnosticSettingsResource
|
from azure.mgmt.monitor.models import DiagnosticSettingsResource
|
||||||
@@ -9,6 +9,8 @@ from azure.monitor.query import LogsQueryResult
|
|||||||
from tests.providers.azure.azure_fixtures import (
|
from tests.providers.azure.azure_fixtures import (
|
||||||
AZURE_SUBSCRIPTION_ID,
|
AZURE_SUBSCRIPTION_ID,
|
||||||
AZURE_SUBSCRIPTION_NAME,
|
AZURE_SUBSCRIPTION_NAME,
|
||||||
|
RESOURCE_GROUP,
|
||||||
|
RESOURCE_GROUP_LIST,
|
||||||
set_mocked_azure_provider,
|
set_mocked_azure_provider,
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -16,7 +18,6 @@ from tests.providers.azure.azure_fixtures import (
|
|||||||
APIM_INSTANCE_ID = f"/subscriptions/{AZURE_SUBSCRIPTION_ID}/resourceGroups/rg/providers/Microsoft.ApiManagement/service/apim1"
|
APIM_INSTANCE_ID = f"/subscriptions/{AZURE_SUBSCRIPTION_ID}/resourceGroups/rg/providers/Microsoft.ApiManagement/service/apim1"
|
||||||
APIM_INSTANCE_NAME = "apim1"
|
APIM_INSTANCE_NAME = "apim1"
|
||||||
LOCATION = "West US"
|
LOCATION = "West US"
|
||||||
RESOURCE_GROUP = "rg"
|
|
||||||
WORKSPACE_ID = f"/subscriptions/{AZURE_SUBSCRIPTION_ID}/resourcegroups/rg/providers/microsoft.operationalinsights/workspaces/loganalytics"
|
WORKSPACE_ID = f"/subscriptions/{AZURE_SUBSCRIPTION_ID}/resourcegroups/rg/providers/microsoft.operationalinsights/workspaces/loganalytics"
|
||||||
WORKSPACE_CUSTOMER_ID = "12345678-1234-1234-1234-1234567890ab"
|
WORKSPACE_CUSTOMER_ID = "12345678-1234-1234-1234-1234567890ab"
|
||||||
|
|
||||||
@@ -323,3 +324,168 @@ class Test_APIM_Service(TestCase):
|
|||||||
instance = apim.instances[AZURE_SUBSCRIPTION_ID][0]
|
instance = apim.instances[AZURE_SUBSCRIPTION_ID][0]
|
||||||
result = apim.get_llm_operations_logs(AZURE_SUBSCRIPTION_ID, instance)
|
result = apim.get_llm_operations_logs(AZURE_SUBSCRIPTION_ID, instance)
|
||||||
self.assertEqual(result, [{"log": "data"}])
|
self.assertEqual(result, [{"log": "data"}])
|
||||||
|
|
||||||
|
|
||||||
|
class Test_APIM_get_instances:
|
||||||
|
def test_get_instances_no_resource_groups(self):
|
||||||
|
mock_instance = MagicMock()
|
||||||
|
mock_instance.id = APIM_INSTANCE_ID
|
||||||
|
mock_instance.name = APIM_INSTANCE_NAME
|
||||||
|
mock_instance.location = LOCATION
|
||||||
|
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.api_management_service.list.return_value = [mock_instance]
|
||||||
|
|
||||||
|
mock_provider = mock.MagicMock()
|
||||||
|
mock_provider.identity = mock.MagicMock()
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.azure_provider.Provider.get_global_provider",
|
||||||
|
return_value=mock_provider,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.apim.apim_service.APIM._get_instances",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
):
|
||||||
|
from prowler.providers.azure.services.apim.apim_service import APIM
|
||||||
|
|
||||||
|
apim = APIM(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
apim.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
apim.resource_groups = None
|
||||||
|
|
||||||
|
with patch.object(apim, "_get_log_analytics_workspace_id", return_value=None):
|
||||||
|
result = apim._get_instances()
|
||||||
|
|
||||||
|
mock_client.api_management_service.list.assert_called_once()
|
||||||
|
mock_client.api_management_service.list_by_resource_group.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
assert len(result[AZURE_SUBSCRIPTION_ID]) == 1
|
||||||
|
assert result[AZURE_SUBSCRIPTION_ID][0].id == APIM_INSTANCE_ID
|
||||||
|
|
||||||
|
def test_get_instances_with_resource_group(self):
|
||||||
|
mock_instance = MagicMock()
|
||||||
|
mock_instance.id = APIM_INSTANCE_ID
|
||||||
|
mock_instance.name = APIM_INSTANCE_NAME
|
||||||
|
mock_instance.location = LOCATION
|
||||||
|
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.api_management_service.list_by_resource_group.return_value = [
|
||||||
|
mock_instance
|
||||||
|
]
|
||||||
|
|
||||||
|
mock_provider = mock.MagicMock()
|
||||||
|
mock_provider.identity = mock.MagicMock()
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.azure_provider.Provider.get_global_provider",
|
||||||
|
return_value=mock_provider,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.apim.apim_service.APIM._get_instances",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
):
|
||||||
|
from prowler.providers.azure.services.apim.apim_service import APIM
|
||||||
|
|
||||||
|
apim = APIM(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
apim.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
apim.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||||
|
|
||||||
|
with patch.object(apim, "_get_log_analytics_workspace_id", return_value=None):
|
||||||
|
result = apim._get_instances()
|
||||||
|
|
||||||
|
mock_client.api_management_service.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name=RESOURCE_GROUP
|
||||||
|
)
|
||||||
|
mock_client.api_management_service.list.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
assert len(result[AZURE_SUBSCRIPTION_ID]) == 1
|
||||||
|
assert result[AZURE_SUBSCRIPTION_ID][0].name == APIM_INSTANCE_NAME
|
||||||
|
|
||||||
|
def test_get_instances_empty_resource_group_for_subscription(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
|
||||||
|
mock_provider = mock.MagicMock()
|
||||||
|
mock_provider.identity = mock.MagicMock()
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.azure_provider.Provider.get_global_provider",
|
||||||
|
return_value=mock_provider,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.apim.apim_service.APIM._get_instances",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
):
|
||||||
|
from prowler.providers.azure.services.apim.apim_service import APIM
|
||||||
|
|
||||||
|
apim = APIM(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
apim.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
apim.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||||
|
|
||||||
|
result = apim._get_instances()
|
||||||
|
|
||||||
|
mock_client.api_management_service.list_by_resource_group.assert_not_called()
|
||||||
|
mock_client.api_management_service.list.assert_not_called()
|
||||||
|
assert result[AZURE_SUBSCRIPTION_ID] == []
|
||||||
|
|
||||||
|
def test_get_instances_with_multiple_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
|
||||||
|
mock_provider = mock.MagicMock()
|
||||||
|
mock_provider.identity = mock.MagicMock()
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.azure_provider.Provider.get_global_provider",
|
||||||
|
return_value=mock_provider,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.apim.apim_service.APIM._get_instances",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
):
|
||||||
|
from prowler.providers.azure.services.apim.apim_service import APIM
|
||||||
|
|
||||||
|
apim = APIM(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
apim.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
apim.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||||
|
|
||||||
|
with patch.object(apim, "_get_log_analytics_workspace_id", return_value=None):
|
||||||
|
result = apim._get_instances()
|
||||||
|
|
||||||
|
assert mock_client.api_management_service.list_by_resource_group.call_count == 2
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_instances_with_mixed_case_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
|
||||||
|
mock_provider = mock.MagicMock()
|
||||||
|
mock_provider.identity = mock.MagicMock()
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.azure_provider.Provider.get_global_provider",
|
||||||
|
return_value=mock_provider,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.apim.apim_service.APIM._get_instances",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
):
|
||||||
|
from prowler.providers.azure.services.apim.apim_service import APIM
|
||||||
|
|
||||||
|
apim = APIM(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
apim.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
apim.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||||
|
|
||||||
|
with patch.object(apim, "_get_log_analytics_workspace_id", return_value=None):
|
||||||
|
apim._get_instances()
|
||||||
|
|
||||||
|
mock_client.api_management_service.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name="RG"
|
||||||
|
)
|
||||||
|
|||||||
@@ -5,6 +5,8 @@ from azure.mgmt.web.models import ManagedServiceIdentity, SiteConfigResource
|
|||||||
|
|
||||||
from tests.providers.azure.azure_fixtures import (
|
from tests.providers.azure.azure_fixtures import (
|
||||||
AZURE_SUBSCRIPTION_ID,
|
AZURE_SUBSCRIPTION_ID,
|
||||||
|
RESOURCE_GROUP,
|
||||||
|
RESOURCE_GROUP_LIST,
|
||||||
set_mocked_azure_provider,
|
set_mocked_azure_provider,
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -244,3 +246,279 @@ class Test_App_Service:
|
|||||||
].name
|
].name
|
||||||
== "functionapp-1"
|
== "functionapp-1"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
class Test_App_get_apps:
|
||||||
|
def test_get_apps_no_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.web_apps.list.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
|
return_value=set_mocked_azure_provider(),
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||||
|
new=MagicMock(),
|
||||||
|
),
|
||||||
|
):
|
||||||
|
from prowler.providers.azure.services.app.app_service import App
|
||||||
|
|
||||||
|
app = App(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
app.resource_groups = None
|
||||||
|
|
||||||
|
result = app._get_apps()
|
||||||
|
|
||||||
|
mock_client.web_apps.list.assert_called_once()
|
||||||
|
mock_client.web_apps.list_by_resource_group.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_apps_with_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.web_apps.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
|
return_value=set_mocked_azure_provider(),
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||||
|
new=MagicMock(),
|
||||||
|
),
|
||||||
|
):
|
||||||
|
from prowler.providers.azure.services.app.app_service import App
|
||||||
|
|
||||||
|
app = App(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
app.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||||
|
|
||||||
|
result = app._get_apps()
|
||||||
|
|
||||||
|
mock_client.web_apps.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name=RESOURCE_GROUP
|
||||||
|
)
|
||||||
|
mock_client.web_apps.list.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_apps_empty_resource_group_for_subscription(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
|
return_value=set_mocked_azure_provider(),
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||||
|
new=MagicMock(),
|
||||||
|
),
|
||||||
|
):
|
||||||
|
from prowler.providers.azure.services.app.app_service import App
|
||||||
|
|
||||||
|
app = App(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
app.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||||
|
|
||||||
|
result = app._get_apps()
|
||||||
|
|
||||||
|
mock_client.web_apps.list_by_resource_group.assert_not_called()
|
||||||
|
mock_client.web_apps.list.assert_not_called()
|
||||||
|
assert result[AZURE_SUBSCRIPTION_ID] == {}
|
||||||
|
|
||||||
|
|
||||||
|
class Test_App_get_functions:
|
||||||
|
def test_get_functions_no_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.web_apps.list.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
|
return_value=set_mocked_azure_provider(),
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||||
|
new=MagicMock(),
|
||||||
|
),
|
||||||
|
):
|
||||||
|
from prowler.providers.azure.services.app.app_service import App
|
||||||
|
|
||||||
|
app = App(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
app.resource_groups = None
|
||||||
|
|
||||||
|
result = app._get_functions()
|
||||||
|
|
||||||
|
mock_client.web_apps.list.assert_called_once()
|
||||||
|
mock_client.web_apps.list_by_resource_group.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_functions_with_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.web_apps.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
|
return_value=set_mocked_azure_provider(),
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||||
|
new=MagicMock(),
|
||||||
|
),
|
||||||
|
):
|
||||||
|
from prowler.providers.azure.services.app.app_service import App
|
||||||
|
|
||||||
|
app = App(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
app.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||||
|
|
||||||
|
result = app._get_functions()
|
||||||
|
|
||||||
|
mock_client.web_apps.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name=RESOURCE_GROUP
|
||||||
|
)
|
||||||
|
mock_client.web_apps.list.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_functions_empty_resource_group_for_subscription(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
|
return_value=set_mocked_azure_provider(),
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||||
|
new=MagicMock(),
|
||||||
|
),
|
||||||
|
):
|
||||||
|
from prowler.providers.azure.services.app.app_service import App
|
||||||
|
|
||||||
|
app = App(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
app.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||||
|
|
||||||
|
result = app._get_functions()
|
||||||
|
|
||||||
|
mock_client.web_apps.list_by_resource_group.assert_not_called()
|
||||||
|
mock_client.web_apps.list.assert_not_called()
|
||||||
|
assert result[AZURE_SUBSCRIPTION_ID] == {}
|
||||||
|
|
||||||
|
def test_get_apps_with_multiple_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.web_apps.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
|
return_value=set_mocked_azure_provider(),
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||||
|
new=MagicMock(),
|
||||||
|
),
|
||||||
|
):
|
||||||
|
from prowler.providers.azure.services.app.app_service import App
|
||||||
|
|
||||||
|
app = App(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
app.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||||
|
|
||||||
|
result = app._get_apps()
|
||||||
|
|
||||||
|
assert mock_client.web_apps.list_by_resource_group.call_count == 2
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_apps_with_mixed_case_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.web_apps.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
|
return_value=set_mocked_azure_provider(),
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||||
|
new=MagicMock(),
|
||||||
|
),
|
||||||
|
):
|
||||||
|
from prowler.providers.azure.services.app.app_service import App
|
||||||
|
|
||||||
|
app = App(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
app.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||||
|
|
||||||
|
app._get_apps()
|
||||||
|
|
||||||
|
mock_client.web_apps.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name="RG"
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
class Test_App_get_functions_extra:
|
||||||
|
def test_get_functions_with_multiple_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.web_apps.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
|
return_value=set_mocked_azure_provider(),
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||||
|
new=MagicMock(),
|
||||||
|
),
|
||||||
|
):
|
||||||
|
from prowler.providers.azure.services.app.app_service import App
|
||||||
|
|
||||||
|
app = App(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
app.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||||
|
|
||||||
|
result = app._get_functions()
|
||||||
|
|
||||||
|
assert mock_client.web_apps.list_by_resource_group.call_count == 2
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_functions_with_mixed_case_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.web_apps.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
|
return_value=set_mocked_azure_provider(),
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||||
|
new=MagicMock(),
|
||||||
|
),
|
||||||
|
):
|
||||||
|
from prowler.providers.azure.services.app.app_service import App
|
||||||
|
|
||||||
|
app = App(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
app.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||||
|
|
||||||
|
app._get_functions()
|
||||||
|
|
||||||
|
mock_client.web_apps.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name="RG"
|
||||||
|
)
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
from unittest.mock import patch
|
from unittest.mock import MagicMock, patch
|
||||||
|
|
||||||
from prowler.providers.azure.services.appinsights.appinsights_service import (
|
from prowler.providers.azure.services.appinsights.appinsights_service import (
|
||||||
AppInsights,
|
AppInsights,
|
||||||
@@ -6,6 +6,8 @@ from prowler.providers.azure.services.appinsights.appinsights_service import (
|
|||||||
)
|
)
|
||||||
from tests.providers.azure.azure_fixtures import (
|
from tests.providers.azure.azure_fixtures import (
|
||||||
AZURE_SUBSCRIPTION_ID,
|
AZURE_SUBSCRIPTION_ID,
|
||||||
|
RESOURCE_GROUP,
|
||||||
|
RESOURCE_GROUP_LIST,
|
||||||
set_mocked_azure_provider,
|
set_mocked_azure_provider,
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -54,3 +56,121 @@ class Test_AppInsights_Service:
|
|||||||
appinsights.components[AZURE_SUBSCRIPTION_ID]["app_id-1"].location
|
appinsights.components[AZURE_SUBSCRIPTION_ID]["app_id-1"].location
|
||||||
== "westeurope"
|
== "westeurope"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
class Test_AppInsights_get_components:
|
||||||
|
def test_get_components_no_resource_groups(self):
|
||||||
|
mock_component = MagicMock()
|
||||||
|
mock_component.app_id = "comp-app-id"
|
||||||
|
mock_component.id = "/subscriptions/sub/rg/appinsights"
|
||||||
|
mock_component.name = "ai-component"
|
||||||
|
mock_component.location = "westeurope"
|
||||||
|
mock_component.instrumentation_key = "ikey-123"
|
||||||
|
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.components = MagicMock()
|
||||||
|
mock_client.components.list.return_value = [mock_component]
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.appinsights.appinsights_service.AppInsights._get_components",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
app_insights = AppInsights(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
app_insights.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
app_insights.resource_groups = None
|
||||||
|
|
||||||
|
result = app_insights._get_components()
|
||||||
|
|
||||||
|
mock_client.components.list.assert_called_once()
|
||||||
|
mock_client.components.list_by_resource_group.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
assert "comp-app-id" in result[AZURE_SUBSCRIPTION_ID]
|
||||||
|
|
||||||
|
def test_get_components_with_resource_group(self):
|
||||||
|
mock_component = MagicMock()
|
||||||
|
mock_component.app_id = "comp-app-id"
|
||||||
|
mock_component.id = "/subscriptions/sub/rg/appinsights"
|
||||||
|
mock_component.name = "ai-component"
|
||||||
|
mock_component.location = "westeurope"
|
||||||
|
mock_component.instrumentation_key = "ikey-123"
|
||||||
|
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.components = MagicMock()
|
||||||
|
mock_client.components.list_by_resource_group.return_value = [mock_component]
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.appinsights.appinsights_service.AppInsights._get_components",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
app_insights = AppInsights(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
app_insights.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
app_insights.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||||
|
|
||||||
|
result = app_insights._get_components()
|
||||||
|
|
||||||
|
mock_client.components.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name=RESOURCE_GROUP
|
||||||
|
)
|
||||||
|
mock_client.components.list.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
assert "comp-app-id" in result[AZURE_SUBSCRIPTION_ID]
|
||||||
|
|
||||||
|
def test_get_components_empty_resource_group_for_subscription(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.components = MagicMock()
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.appinsights.appinsights_service.AppInsights._get_components",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
app_insights = AppInsights(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
app_insights.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
app_insights.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||||
|
|
||||||
|
result = app_insights._get_components()
|
||||||
|
|
||||||
|
mock_client.components.list_by_resource_group.assert_not_called()
|
||||||
|
mock_client.components.list.assert_not_called()
|
||||||
|
assert result[AZURE_SUBSCRIPTION_ID] == {}
|
||||||
|
|
||||||
|
def test_get_components_with_multiple_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.components = MagicMock()
|
||||||
|
mock_client.components.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.appinsights.appinsights_service.AppInsights._get_components",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
app_insights = AppInsights(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
app_insights.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
app_insights.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||||
|
|
||||||
|
result = app_insights._get_components()
|
||||||
|
|
||||||
|
assert mock_client.components.list_by_resource_group.call_count == 2
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_components_with_mixed_case_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.components = MagicMock()
|
||||||
|
mock_client.components.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.appinsights.appinsights_service.AppInsights._get_components",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
app_insights = AppInsights(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
app_insights.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
app_insights.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||||
|
|
||||||
|
app_insights._get_components()
|
||||||
|
|
||||||
|
mock_client.components.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name="RG"
|
||||||
|
)
|
||||||
|
|||||||
@@ -3,6 +3,8 @@ from uuid import uuid4
|
|||||||
|
|
||||||
from tests.providers.azure.azure_fixtures import (
|
from tests.providers.azure.azure_fixtures import (
|
||||||
AZURE_SUBSCRIPTION_ID,
|
AZURE_SUBSCRIPTION_ID,
|
||||||
|
RESOURCE_GROUP,
|
||||||
|
RESOURCE_GROUP_LIST,
|
||||||
set_mocked_azure_provider,
|
set_mocked_azure_provider,
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -89,3 +91,208 @@ class TestContainerRegistryService:
|
|||||||
assert monitor_setting["logs"][0]["enabled"] is True
|
assert monitor_setting["logs"][0]["enabled"] is True
|
||||||
assert monitor_setting["logs"][1]["category"] == "AdminLogs"
|
assert monitor_setting["logs"][1]["category"] == "AdminLogs"
|
||||||
assert monitor_setting["logs"][1]["enabled"] is False
|
assert monitor_setting["logs"][1]["enabled"] is False
|
||||||
|
|
||||||
|
|
||||||
|
class Test_ContainerRegistry_get_registries:
|
||||||
|
def test_get_container_registries_no_resource_groups(self):
|
||||||
|
from unittest.mock import MagicMock, patch
|
||||||
|
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.registries.list.return_value = []
|
||||||
|
|
||||||
|
mock_provider = MagicMock()
|
||||||
|
mock_provider.identity = MagicMock()
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
|
return_value=mock_provider,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||||
|
new=MagicMock(),
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.containerregistry.containerregistry_service.ContainerRegistry._get_container_registries",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
):
|
||||||
|
from prowler.providers.azure.services.containerregistry.containerregistry_service import (
|
||||||
|
ContainerRegistry,
|
||||||
|
)
|
||||||
|
|
||||||
|
cr = ContainerRegistry(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
cr.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
cr.resource_groups = None
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.containerregistry.containerregistry_service.monitor_client"
|
||||||
|
):
|
||||||
|
result = cr._get_container_registries()
|
||||||
|
|
||||||
|
mock_client.registries.list.assert_called_once()
|
||||||
|
mock_client.registries.list_by_resource_group.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_container_registries_with_resource_group(self):
|
||||||
|
from unittest.mock import MagicMock, patch
|
||||||
|
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.registries.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
mock_provider = MagicMock()
|
||||||
|
mock_provider.identity = MagicMock()
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
|
return_value=mock_provider,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||||
|
new=MagicMock(),
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.containerregistry.containerregistry_service.ContainerRegistry._get_container_registries",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
):
|
||||||
|
from prowler.providers.azure.services.containerregistry.containerregistry_service import (
|
||||||
|
ContainerRegistry,
|
||||||
|
)
|
||||||
|
|
||||||
|
cr = ContainerRegistry(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
cr.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
cr.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.containerregistry.containerregistry_service.monitor_client"
|
||||||
|
):
|
||||||
|
result = cr._get_container_registries()
|
||||||
|
|
||||||
|
mock_client.registries.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name=RESOURCE_GROUP
|
||||||
|
)
|
||||||
|
mock_client.registries.list.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_container_registries_empty_resource_group_for_subscription(self):
|
||||||
|
from unittest.mock import MagicMock, patch
|
||||||
|
|
||||||
|
mock_client = MagicMock()
|
||||||
|
|
||||||
|
mock_provider = MagicMock()
|
||||||
|
mock_provider.identity = MagicMock()
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
|
return_value=mock_provider,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||||
|
new=MagicMock(),
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.containerregistry.containerregistry_service.ContainerRegistry._get_container_registries",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
):
|
||||||
|
from prowler.providers.azure.services.containerregistry.containerregistry_service import (
|
||||||
|
ContainerRegistry,
|
||||||
|
)
|
||||||
|
|
||||||
|
cr = ContainerRegistry(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
cr.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
cr.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.containerregistry.containerregistry_service.monitor_client"
|
||||||
|
):
|
||||||
|
result = cr._get_container_registries()
|
||||||
|
|
||||||
|
mock_client.registries.list_by_resource_group.assert_not_called()
|
||||||
|
mock_client.registries.list.assert_not_called()
|
||||||
|
assert result[AZURE_SUBSCRIPTION_ID] == {}
|
||||||
|
|
||||||
|
def test_get_container_registries_with_multiple_resource_groups(self):
|
||||||
|
from unittest.mock import MagicMock, patch
|
||||||
|
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.registries.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
mock_provider = MagicMock()
|
||||||
|
mock_provider.identity = MagicMock()
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
|
return_value=mock_provider,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||||
|
new=MagicMock(),
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.containerregistry.containerregistry_service.ContainerRegistry._get_container_registries",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
):
|
||||||
|
from prowler.providers.azure.services.containerregistry.containerregistry_service import (
|
||||||
|
ContainerRegistry,
|
||||||
|
)
|
||||||
|
|
||||||
|
cr = ContainerRegistry(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
cr.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
cr.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.containerregistry.containerregistry_service.monitor_client"
|
||||||
|
):
|
||||||
|
result = cr._get_container_registries()
|
||||||
|
|
||||||
|
assert mock_client.registries.list_by_resource_group.call_count == len(
|
||||||
|
RESOURCE_GROUP_LIST
|
||||||
|
)
|
||||||
|
mock_client.registries.list.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_container_registries_with_mixed_case_resource_group(self):
|
||||||
|
from unittest.mock import MagicMock, patch
|
||||||
|
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.registries.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
mock_provider = MagicMock()
|
||||||
|
mock_provider.identity = MagicMock()
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
|
return_value=mock_provider,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||||
|
new=MagicMock(),
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.containerregistry.containerregistry_service.ContainerRegistry._get_container_registries",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
):
|
||||||
|
from prowler.providers.azure.services.containerregistry.containerregistry_service import (
|
||||||
|
ContainerRegistry,
|
||||||
|
)
|
||||||
|
|
||||||
|
cr = ContainerRegistry(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
cr.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
cr.resource_groups = {AZURE_SUBSCRIPTION_ID: ["MyRegistry-RG"]}
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.containerregistry.containerregistry_service.monitor_client"
|
||||||
|
):
|
||||||
|
cr._get_container_registries()
|
||||||
|
|
||||||
|
mock_client.registries.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name="MyRegistry-RG"
|
||||||
|
)
|
||||||
|
|||||||
@@ -1,8 +1,10 @@
|
|||||||
from unittest.mock import patch
|
from unittest.mock import MagicMock, patch
|
||||||
|
|
||||||
from prowler.providers.azure.services.cosmosdb.cosmosdb_service import Account, CosmosDB
|
from prowler.providers.azure.services.cosmosdb.cosmosdb_service import Account, CosmosDB
|
||||||
from tests.providers.azure.azure_fixtures import (
|
from tests.providers.azure.azure_fixtures import (
|
||||||
AZURE_SUBSCRIPTION_ID,
|
AZURE_SUBSCRIPTION_ID,
|
||||||
|
RESOURCE_GROUP,
|
||||||
|
RESOURCE_GROUP_LIST,
|
||||||
set_mocked_azure_provider,
|
set_mocked_azure_provider,
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -133,3 +135,114 @@ class Test_CosmosDB_Service_None_Handling:
|
|||||||
== "Microsoft.Network/privateEndpoints"
|
== "Microsoft.Network/privateEndpoints"
|
||||||
)
|
)
|
||||||
assert account.disable_local_auth is True
|
assert account.disable_local_auth is True
|
||||||
|
|
||||||
|
|
||||||
|
class Test_CosmosDB_get_accounts:
|
||||||
|
def test_get_accounts_no_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.database_accounts.list.return_value = []
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.cosmosdb.cosmosdb_service.CosmosDB._get_accounts",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
cosmosdb = CosmosDB(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
cosmosdb.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
cosmosdb.resource_groups = None
|
||||||
|
|
||||||
|
result = cosmosdb._get_accounts()
|
||||||
|
|
||||||
|
mock_client.database_accounts.list.assert_called_once()
|
||||||
|
mock_client.database_accounts.list_by_resource_group.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_accounts_with_resource_group(self):
|
||||||
|
mock_account = MagicMock()
|
||||||
|
mock_account.id = "account-id"
|
||||||
|
mock_account.name = "my-cosmos"
|
||||||
|
mock_account.kind = "GlobalDocumentDB"
|
||||||
|
mock_account.location = "eastus"
|
||||||
|
mock_account.type = "Microsoft.DocumentDB/databaseAccounts"
|
||||||
|
mock_account.tags = {}
|
||||||
|
mock_account.is_virtual_network_filter_enabled = False
|
||||||
|
mock_account.private_endpoint_connections = []
|
||||||
|
mock_account.disable_local_auth = False
|
||||||
|
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.database_accounts.list_by_resource_group.return_value = [
|
||||||
|
mock_account
|
||||||
|
]
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.cosmosdb.cosmosdb_service.CosmosDB._get_accounts",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
cosmosdb = CosmosDB(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
cosmosdb.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
cosmosdb.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||||
|
|
||||||
|
result = cosmosdb._get_accounts()
|
||||||
|
|
||||||
|
mock_client.database_accounts.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name=RESOURCE_GROUP
|
||||||
|
)
|
||||||
|
mock_client.database_accounts.list.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
assert len(result[AZURE_SUBSCRIPTION_ID]) == 1
|
||||||
|
|
||||||
|
def test_get_accounts_empty_resource_group_for_subscription(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.cosmosdb.cosmosdb_service.CosmosDB._get_accounts",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
cosmosdb = CosmosDB(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
cosmosdb.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
cosmosdb.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||||
|
|
||||||
|
result = cosmosdb._get_accounts()
|
||||||
|
|
||||||
|
mock_client.database_accounts.list_by_resource_group.assert_not_called()
|
||||||
|
mock_client.database_accounts.list.assert_not_called()
|
||||||
|
assert result[AZURE_SUBSCRIPTION_ID] == []
|
||||||
|
|
||||||
|
def test_get_accounts_with_multiple_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.database_accounts.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.cosmosdb.cosmosdb_service.CosmosDB._get_accounts",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
cosmosdb = CosmosDB(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
cosmosdb.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
cosmosdb.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||||
|
|
||||||
|
result = cosmosdb._get_accounts()
|
||||||
|
|
||||||
|
assert mock_client.database_accounts.list_by_resource_group.call_count == 2
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_accounts_with_mixed_case_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.database_accounts.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.cosmosdb.cosmosdb_service.CosmosDB._get_accounts",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
cosmosdb = CosmosDB(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
cosmosdb.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
cosmosdb.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||||
|
|
||||||
|
cosmosdb._get_accounts()
|
||||||
|
|
||||||
|
mock_client.database_accounts.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name="RG"
|
||||||
|
)
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
from unittest.mock import patch
|
from unittest.mock import MagicMock, patch
|
||||||
|
|
||||||
from prowler.providers.azure.services.databricks.databricks_service import (
|
from prowler.providers.azure.services.databricks.databricks_service import (
|
||||||
Databricks,
|
Databricks,
|
||||||
@@ -7,6 +7,8 @@ from prowler.providers.azure.services.databricks.databricks_service import (
|
|||||||
)
|
)
|
||||||
from tests.providers.azure.azure_fixtures import (
|
from tests.providers.azure.azure_fixtures import (
|
||||||
AZURE_SUBSCRIPTION_ID,
|
AZURE_SUBSCRIPTION_ID,
|
||||||
|
RESOURCE_GROUP,
|
||||||
|
RESOURCE_GROUP_LIST,
|
||||||
set_mocked_azure_provider,
|
set_mocked_azure_provider,
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -94,3 +96,123 @@ class Test_Databricks_Service_No_Encryption:
|
|||||||
assert workspace.location == "eastus"
|
assert workspace.location == "eastus"
|
||||||
assert workspace.custom_managed_vnet_id == "test-vnet-id"
|
assert workspace.custom_managed_vnet_id == "test-vnet-id"
|
||||||
assert workspace.managed_disk_encryption is None
|
assert workspace.managed_disk_encryption is None
|
||||||
|
|
||||||
|
|
||||||
|
class Test_Databricks_get_workspaces:
|
||||||
|
def test_get_workspaces_no_resource_groups(self):
|
||||||
|
mock_workspace = MagicMock()
|
||||||
|
mock_workspace.id = "ws-id-1"
|
||||||
|
mock_workspace.name = "my-workspace"
|
||||||
|
mock_workspace.location = "eastus"
|
||||||
|
mock_workspace.parameters = None
|
||||||
|
mock_workspace.encryption = None
|
||||||
|
mock_workspace.public_network_access = None
|
||||||
|
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.workspaces = MagicMock()
|
||||||
|
mock_client.workspaces.list_by_subscription.return_value = [mock_workspace]
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.databricks.databricks_service.Databricks._get_workspaces",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
databricks = Databricks(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
databricks.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
databricks.resource_groups = None
|
||||||
|
|
||||||
|
result = databricks._get_workspaces()
|
||||||
|
|
||||||
|
mock_client.workspaces.list_by_subscription.assert_called_once()
|
||||||
|
mock_client.workspaces.list_by_resource_group.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
assert "ws-id-1" in result[AZURE_SUBSCRIPTION_ID]
|
||||||
|
|
||||||
|
def test_get_workspaces_with_resource_group(self):
|
||||||
|
mock_workspace = MagicMock()
|
||||||
|
mock_workspace.id = "ws-id-1"
|
||||||
|
mock_workspace.name = "my-workspace"
|
||||||
|
mock_workspace.location = "eastus"
|
||||||
|
mock_workspace.parameters = None
|
||||||
|
mock_workspace.encryption = None
|
||||||
|
mock_workspace.public_network_access = None
|
||||||
|
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.workspaces = MagicMock()
|
||||||
|
mock_client.workspaces.list_by_resource_group.return_value = [mock_workspace]
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.databricks.databricks_service.Databricks._get_workspaces",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
databricks = Databricks(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
databricks.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
databricks.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||||
|
|
||||||
|
result = databricks._get_workspaces()
|
||||||
|
|
||||||
|
mock_client.workspaces.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name=RESOURCE_GROUP
|
||||||
|
)
|
||||||
|
mock_client.workspaces.list_by_subscription.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
assert "ws-id-1" in result[AZURE_SUBSCRIPTION_ID]
|
||||||
|
|
||||||
|
def test_get_workspaces_empty_resource_group_for_subscription(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.workspaces = MagicMock()
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.databricks.databricks_service.Databricks._get_workspaces",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
databricks = Databricks(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
databricks.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
databricks.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||||
|
|
||||||
|
result = databricks._get_workspaces()
|
||||||
|
|
||||||
|
mock_client.workspaces.list_by_resource_group.assert_not_called()
|
||||||
|
mock_client.workspaces.list_by_subscription.assert_not_called()
|
||||||
|
assert result[AZURE_SUBSCRIPTION_ID] == {}
|
||||||
|
|
||||||
|
def test_get_workspaces_with_multiple_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.workspaces = MagicMock()
|
||||||
|
mock_client.workspaces.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.databricks.databricks_service.Databricks._get_workspaces",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
databricks = Databricks(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
databricks.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
databricks.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||||
|
|
||||||
|
result = databricks._get_workspaces()
|
||||||
|
|
||||||
|
assert mock_client.workspaces.list_by_resource_group.call_count == 2
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_workspaces_with_mixed_case_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.workspaces = MagicMock()
|
||||||
|
mock_client.workspaces.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.databricks.databricks_service.Databricks._get_workspaces",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
databricks = Databricks(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
databricks.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
databricks.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||||
|
|
||||||
|
databricks._get_workspaces()
|
||||||
|
|
||||||
|
mock_client.workspaces.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name="RG"
|
||||||
|
)
|
||||||
|
|||||||
+3
@@ -16,6 +16,7 @@ from tests.providers.azure.azure_fixtures import (
|
|||||||
class Test_defender_additional_email_configured_with_a_security_contact:
|
class Test_defender_additional_email_configured_with_a_security_contact:
|
||||||
def test_defender_no_subscriptions(self):
|
def test_defender_no_subscriptions(self):
|
||||||
defender_client = mock.MagicMock()
|
defender_client = mock.MagicMock()
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.security_contact_configurations = {}
|
defender_client.security_contact_configurations = {}
|
||||||
|
|
||||||
@@ -40,6 +41,7 @@ class Test_defender_additional_email_configured_with_a_security_contact:
|
|||||||
def test_defender_no_additional_emails(self):
|
def test_defender_no_additional_emails(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock()
|
defender_client = mock.MagicMock()
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.security_contact_configurations = {
|
defender_client.security_contact_configurations = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -87,6 +89,7 @@ class Test_defender_additional_email_configured_with_a_security_contact:
|
|||||||
def test_defender_additional_email_configured(self):
|
def test_defender_additional_email_configured(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock()
|
defender_client = mock.MagicMock()
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.security_contact_configurations = {
|
defender_client.security_contact_configurations = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
|
|||||||
+4
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
|||||||
class Test_defender_assessments_vm_endpoint_protection_installed:
|
class Test_defender_assessments_vm_endpoint_protection_installed:
|
||||||
def test_defender_no_subscriptions(self):
|
def test_defender_no_subscriptions(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.assessments = {}
|
defender_client.assessments = {}
|
||||||
|
|
||||||
@@ -36,6 +37,7 @@ class Test_defender_assessments_vm_endpoint_protection_installed:
|
|||||||
|
|
||||||
def test_defender_subscriptions_with_no_assessments(self):
|
def test_defender_subscriptions_with_no_assessments(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.assessments = {AZURE_SUBSCRIPTION_ID: {}}
|
defender_client.assessments = {AZURE_SUBSCRIPTION_ID: {}}
|
||||||
|
|
||||||
@@ -59,6 +61,7 @@ class Test_defender_assessments_vm_endpoint_protection_installed:
|
|||||||
|
|
||||||
def test_defender_subscriptions_with_healthy_assessments(self):
|
def test_defender_subscriptions_with_healthy_assessments(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client.assessments = {
|
defender_client.assessments = {
|
||||||
@@ -98,6 +101,7 @@ class Test_defender_assessments_vm_endpoint_protection_installed:
|
|||||||
|
|
||||||
def test_defender_subscriptions_with_unhealthy_assessments(self):
|
def test_defender_subscriptions_with_unhealthy_assessments(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client.assessments = {
|
defender_client.assessments = {
|
||||||
|
|||||||
+8
@@ -16,6 +16,7 @@ from tests.providers.azure.azure_fixtures import (
|
|||||||
class Test_defender_attack_path_notifications_properly_configured:
|
class Test_defender_attack_path_notifications_properly_configured:
|
||||||
def test_no_subscriptions(self):
|
def test_no_subscriptions(self):
|
||||||
defender_client = mock.MagicMock()
|
defender_client = mock.MagicMock()
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.security_contact_configurations = {}
|
defender_client.security_contact_configurations = {}
|
||||||
defender_client.audit_config = {}
|
defender_client.audit_config = {}
|
||||||
@@ -41,6 +42,7 @@ class Test_defender_attack_path_notifications_properly_configured:
|
|||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
contact_name = "default"
|
contact_name = "default"
|
||||||
defender_client = mock.MagicMock()
|
defender_client = mock.MagicMock()
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.security_contact_configurations = {
|
defender_client.security_contact_configurations = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -89,6 +91,7 @@ class Test_defender_attack_path_notifications_properly_configured:
|
|||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
contact_name = "default"
|
contact_name = "default"
|
||||||
defender_client = mock.MagicMock()
|
defender_client = mock.MagicMock()
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.security_contact_configurations = {
|
defender_client.security_contact_configurations = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -139,6 +142,7 @@ class Test_defender_attack_path_notifications_properly_configured:
|
|||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
contact_name = "default"
|
contact_name = "default"
|
||||||
defender_client = mock.MagicMock()
|
defender_client = mock.MagicMock()
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.security_contact_configurations = {
|
defender_client.security_contact_configurations = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -189,6 +193,7 @@ class Test_defender_attack_path_notifications_properly_configured:
|
|||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
contact_name = "default"
|
contact_name = "default"
|
||||||
defender_client = mock.MagicMock()
|
defender_client = mock.MagicMock()
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.security_contact_configurations = {
|
defender_client.security_contact_configurations = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -237,6 +242,7 @@ class Test_defender_attack_path_notifications_properly_configured:
|
|||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
contact_name = "default"
|
contact_name = "default"
|
||||||
defender_client = mock.MagicMock()
|
defender_client = mock.MagicMock()
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.security_contact_configurations = {
|
defender_client.security_contact_configurations = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -285,6 +291,7 @@ class Test_defender_attack_path_notifications_properly_configured:
|
|||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
contact_name = "default"
|
contact_name = "default"
|
||||||
defender_client = mock.MagicMock()
|
defender_client = mock.MagicMock()
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.security_contact_configurations = {
|
defender_client.security_contact_configurations = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -333,6 +340,7 @@ class Test_defender_attack_path_notifications_properly_configured:
|
|||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
contact_name = "default"
|
contact_name = "default"
|
||||||
defender_client = mock.MagicMock()
|
defender_client = mock.MagicMock()
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.security_contact_configurations = {
|
defender_client.security_contact_configurations = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
|
|||||||
+4
@@ -15,6 +15,7 @@ from tests.providers.azure.azure_fixtures import (
|
|||||||
class Test_defender_auto_provisioning_log_analytics_agent_vms_on:
|
class Test_defender_auto_provisioning_log_analytics_agent_vms_on:
|
||||||
def test_defender_no_app_services(self):
|
def test_defender_no_app_services(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.auto_provisioning_settings = {}
|
defender_client.auto_provisioning_settings = {}
|
||||||
|
|
||||||
@@ -39,6 +40,7 @@ class Test_defender_auto_provisioning_log_analytics_agent_vms_on:
|
|||||||
def test_defender_auto_provisioning_log_analytics_off(self):
|
def test_defender_auto_provisioning_log_analytics_off(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.auto_provisioning_settings = {
|
defender_client.auto_provisioning_settings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -80,6 +82,7 @@ class Test_defender_auto_provisioning_log_analytics_agent_vms_on:
|
|||||||
def test_defender_auto_provisioning_log_analytics_on(self):
|
def test_defender_auto_provisioning_log_analytics_on(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.auto_provisioning_settings = {
|
defender_client.auto_provisioning_settings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -121,6 +124,7 @@ class Test_defender_auto_provisioning_log_analytics_agent_vms_on:
|
|||||||
def test_defender_auto_provisioning_log_analytics_on_and_off(self):
|
def test_defender_auto_provisioning_log_analytics_on_and_off(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.auto_provisioning_settings = {
|
defender_client.auto_provisioning_settings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
|
|||||||
+3
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
|||||||
class Test_defender_auto_provisioning_vulnerabilty_assessments_machines_on:
|
class Test_defender_auto_provisioning_vulnerabilty_assessments_machines_on:
|
||||||
def test_defender_no_app_services(self):
|
def test_defender_no_app_services(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.assessments = {}
|
defender_client.assessments = {}
|
||||||
|
|
||||||
@@ -37,6 +38,7 @@ class Test_defender_auto_provisioning_vulnerabilty_assessments_machines_on:
|
|||||||
def test_defender_machines_no_vulnerability_assessment_solution(self):
|
def test_defender_machines_no_vulnerability_assessment_solution(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.assessments = {
|
defender_client.assessments = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -77,6 +79,7 @@ class Test_defender_auto_provisioning_vulnerabilty_assessments_machines_on:
|
|||||||
def test_defender_machines_vulnerability_assessment_solution(self):
|
def test_defender_machines_vulnerability_assessment_solution(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.assessments = {
|
defender_client.assessments = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
|
|||||||
+6
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
|||||||
class Test_defender_container_images_resolved_vulnerabilities:
|
class Test_defender_container_images_resolved_vulnerabilities:
|
||||||
def test_defender_no_subscriptions(self):
|
def test_defender_no_subscriptions(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.assessments = {}
|
defender_client.assessments = {}
|
||||||
|
|
||||||
@@ -36,6 +37,7 @@ class Test_defender_container_images_resolved_vulnerabilities:
|
|||||||
|
|
||||||
def test_defender_subscription_empty(self):
|
def test_defender_subscription_empty(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.assessments = {AZURE_SUBSCRIPTION_ID: {}}
|
defender_client.assessments = {AZURE_SUBSCRIPTION_ID: {}}
|
||||||
|
|
||||||
@@ -59,6 +61,7 @@ class Test_defender_container_images_resolved_vulnerabilities:
|
|||||||
|
|
||||||
def test_defender_subscription_no_assesment(self):
|
def test_defender_subscription_no_assesment(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.assessments = {
|
defender_client.assessments = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -90,6 +93,7 @@ class Test_defender_container_images_resolved_vulnerabilities:
|
|||||||
|
|
||||||
def test_defender_subscription_assesment_unhealthy(self):
|
def test_defender_subscription_assesment_unhealthy(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.assessments = {
|
defender_client.assessments = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -139,6 +143,7 @@ class Test_defender_container_images_resolved_vulnerabilities:
|
|||||||
|
|
||||||
def test_defender_subscription_assesment_healthy(self):
|
def test_defender_subscription_assesment_healthy(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.assessments = {
|
defender_client.assessments = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -188,6 +193,7 @@ class Test_defender_container_images_resolved_vulnerabilities:
|
|||||||
|
|
||||||
def test_defender_subscription_assesment_not_applicable(self):
|
def test_defender_subscription_assesment_not_applicable(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.assessments = {
|
defender_client.assessments = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
|
|||||||
+6
@@ -14,6 +14,7 @@ from tests.providers.azure.azure_fixtures import (
|
|||||||
class Test_defender_container_images_scan_enabled:
|
class Test_defender_container_images_scan_enabled:
|
||||||
def test_defender_no_subscriptions(self):
|
def test_defender_no_subscriptions(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {}
|
defender_client.pricings = {}
|
||||||
|
|
||||||
@@ -37,6 +38,7 @@ class Test_defender_container_images_scan_enabled:
|
|||||||
|
|
||||||
def test_defender_subscription_empty(self):
|
def test_defender_subscription_empty(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {AZURE_SUBSCRIPTION_ID: {}}
|
defender_client.pricings = {AZURE_SUBSCRIPTION_ID: {}}
|
||||||
|
|
||||||
@@ -60,6 +62,7 @@ class Test_defender_container_images_scan_enabled:
|
|||||||
|
|
||||||
def test_defender_subscription_no_containers(self):
|
def test_defender_subscription_no_containers(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {
|
defender_client.pricings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -92,6 +95,7 @@ class Test_defender_container_images_scan_enabled:
|
|||||||
|
|
||||||
def test_defender_subscription_containers_no_extensions(self):
|
def test_defender_subscription_containers_no_extensions(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {
|
defender_client.pricings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -137,6 +141,7 @@ class Test_defender_container_images_scan_enabled:
|
|||||||
|
|
||||||
def test_defender_subscription_containers_container_images_scan_off(self):
|
def test_defender_subscription_containers_container_images_scan_off(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {
|
defender_client.pricings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -182,6 +187,7 @@ class Test_defender_container_images_scan_enabled:
|
|||||||
|
|
||||||
def test_defender_subscription_containers_container_images_scan_on(self):
|
def test_defender_subscription_containers_container_images_scan_on(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {
|
defender_client.pricings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
|
|||||||
+3
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
|||||||
class Test_defender_ensure_defender_for_app_services_is_on:
|
class Test_defender_ensure_defender_for_app_services_is_on:
|
||||||
def test_defender_no_app_services(self):
|
def test_defender_no_app_services(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {}
|
defender_client.pricings = {}
|
||||||
|
|
||||||
@@ -37,6 +38,7 @@ class Test_defender_ensure_defender_for_app_services_is_on:
|
|||||||
def test_defender_app_services_pricing_tier_not_standard(self):
|
def test_defender_app_services_pricing_tier_not_standard(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {
|
defender_client.pricings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -78,6 +80,7 @@ class Test_defender_ensure_defender_for_app_services_is_on:
|
|||||||
def test_defender_app_services_pricing_tier_standard(self):
|
def test_defender_app_services_pricing_tier_standard(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {
|
defender_client.pricings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
|
|||||||
+3
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
|||||||
class Test_defender_ensure_defender_for_arm_is_on:
|
class Test_defender_ensure_defender_for_arm_is_on:
|
||||||
def test_defender_no_arm(self):
|
def test_defender_no_arm(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {}
|
defender_client.pricings = {}
|
||||||
|
|
||||||
@@ -37,6 +38,7 @@ class Test_defender_ensure_defender_for_arm_is_on:
|
|||||||
def test_defender_arm_pricing_tier_not_standard(self):
|
def test_defender_arm_pricing_tier_not_standard(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {
|
defender_client.pricings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -78,6 +80,7 @@ class Test_defender_ensure_defender_for_arm_is_on:
|
|||||||
def test_defender_arm_pricing_tier_standard(self):
|
def test_defender_arm_pricing_tier_standard(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {
|
defender_client.pricings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
|
|||||||
+3
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
|||||||
class Test_defender_ensure_defender_for_azure_sql_databases_is_on:
|
class Test_defender_ensure_defender_for_azure_sql_databases_is_on:
|
||||||
def test_defender_no_sql_databases(self):
|
def test_defender_no_sql_databases(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {}
|
defender_client.pricings = {}
|
||||||
|
|
||||||
@@ -37,6 +38,7 @@ class Test_defender_ensure_defender_for_azure_sql_databases_is_on:
|
|||||||
def test_defender_sql_databases_pricing_tier_not_standard(self):
|
def test_defender_sql_databases_pricing_tier_not_standard(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {
|
defender_client.pricings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -78,6 +80,7 @@ class Test_defender_ensure_defender_for_azure_sql_databases_is_on:
|
|||||||
def test_defender_sql_databases_pricing_tier_standard(self):
|
def test_defender_sql_databases_pricing_tier_standard(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {
|
defender_client.pricings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
|
|||||||
+3
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
|||||||
class Test_defender_ensure_defender_for_containers_is_on:
|
class Test_defender_ensure_defender_for_containers_is_on:
|
||||||
def test_defender_no_container_registries(self):
|
def test_defender_no_container_registries(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {}
|
defender_client.pricings = {}
|
||||||
|
|
||||||
@@ -37,6 +38,7 @@ class Test_defender_ensure_defender_for_containers_is_on:
|
|||||||
def test_defender_container_registries_pricing_tier_not_standard(self):
|
def test_defender_container_registries_pricing_tier_not_standard(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {
|
defender_client.pricings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -78,6 +80,7 @@ class Test_defender_ensure_defender_for_containers_is_on:
|
|||||||
def test_defender_container_registries_pricing_tier_standard(self):
|
def test_defender_container_registries_pricing_tier_standard(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {
|
defender_client.pricings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
|
|||||||
+3
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
|||||||
class Test_defender_ensure_defender_for_cosmosdb_is_on:
|
class Test_defender_ensure_defender_for_cosmosdb_is_on:
|
||||||
def test_defender_no_cosmosdb(self):
|
def test_defender_no_cosmosdb(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {}
|
defender_client.pricings = {}
|
||||||
|
|
||||||
@@ -37,6 +38,7 @@ class Test_defender_ensure_defender_for_cosmosdb_is_on:
|
|||||||
def test_defender_cosmosdb_pricing_tier_not_standard(self):
|
def test_defender_cosmosdb_pricing_tier_not_standard(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {
|
defender_client.pricings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -78,6 +80,7 @@ class Test_defender_ensure_defender_for_cosmosdb_is_on:
|
|||||||
def test_defender_cosmosdb_pricing_tier_standard(self):
|
def test_defender_cosmosdb_pricing_tier_standard(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {
|
defender_client.pricings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
|
|||||||
+7
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
|||||||
class Test_defender_ensure_defender_for_databases_is_on:
|
class Test_defender_ensure_defender_for_databases_is_on:
|
||||||
def test_defender_no_databases(self):
|
def test_defender_no_databases(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {}
|
defender_client.pricings = {}
|
||||||
|
|
||||||
@@ -37,6 +38,7 @@ class Test_defender_ensure_defender_for_databases_is_on:
|
|||||||
def test_defender_databases_sql_servers(self):
|
def test_defender_databases_sql_servers(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {
|
defender_client.pricings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -70,6 +72,7 @@ class Test_defender_ensure_defender_for_databases_is_on:
|
|||||||
def test_defender_databases_sql_server_virtual_machines(self):
|
def test_defender_databases_sql_server_virtual_machines(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {
|
defender_client.pricings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -103,6 +106,7 @@ class Test_defender_ensure_defender_for_databases_is_on:
|
|||||||
def test_defender_databases_open_source_relation_databases(self):
|
def test_defender_databases_open_source_relation_databases(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {
|
defender_client.pricings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -136,6 +140,7 @@ class Test_defender_ensure_defender_for_databases_is_on:
|
|||||||
def test_defender_databases_cosmosdbs(self):
|
def test_defender_databases_cosmosdbs(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {
|
defender_client.pricings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -169,6 +174,7 @@ class Test_defender_ensure_defender_for_databases_is_on:
|
|||||||
def test_defender_databases_all_standard(self):
|
def test_defender_databases_all_standard(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {
|
defender_client.pricings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -228,6 +234,7 @@ class Test_defender_ensure_defender_for_databases_is_on:
|
|||||||
def test_defender_databases_cosmosdb_not_standard(self):
|
def test_defender_databases_cosmosdb_not_standard(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {
|
defender_client.pricings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
|
|||||||
+3
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
|||||||
class Test_defender_ensure_defender_for_dns_is_on:
|
class Test_defender_ensure_defender_for_dns_is_on:
|
||||||
def test_defender_no_dns(self):
|
def test_defender_no_dns(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {}
|
defender_client.pricings = {}
|
||||||
|
|
||||||
@@ -37,6 +38,7 @@ class Test_defender_ensure_defender_for_dns_is_on:
|
|||||||
def test_defender_dns_pricing_tier_not_standard(self):
|
def test_defender_dns_pricing_tier_not_standard(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {
|
defender_client.pricings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -78,6 +80,7 @@ class Test_defender_ensure_defender_for_dns_is_on:
|
|||||||
def test_defender_dns_pricing_tier_standard(self):
|
def test_defender_dns_pricing_tier_standard(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {
|
defender_client.pricings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
|
|||||||
+3
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
|||||||
class Test_defender_ensure_defender_for_keyvault_is_on:
|
class Test_defender_ensure_defender_for_keyvault_is_on:
|
||||||
def test_defender_no_keyvaults(self):
|
def test_defender_no_keyvaults(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {}
|
defender_client.pricings = {}
|
||||||
|
|
||||||
@@ -37,6 +38,7 @@ class Test_defender_ensure_defender_for_keyvault_is_on:
|
|||||||
def test_defender_keyvaults_pricing_tier_not_standard(self):
|
def test_defender_keyvaults_pricing_tier_not_standard(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {
|
defender_client.pricings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -78,6 +80,7 @@ class Test_defender_ensure_defender_for_keyvault_is_on:
|
|||||||
def test_defender_keyvaults_pricing_tier_standard(self):
|
def test_defender_keyvaults_pricing_tier_standard(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {
|
defender_client.pricings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
|
|||||||
+3
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
|||||||
class Test_defender_ensure_defender_for_os_relational_databases_is_on:
|
class Test_defender_ensure_defender_for_os_relational_databases_is_on:
|
||||||
def test_defender_no_os_relational_databases(self):
|
def test_defender_no_os_relational_databases(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {}
|
defender_client.pricings = {}
|
||||||
|
|
||||||
@@ -37,6 +38,7 @@ class Test_defender_ensure_defender_for_os_relational_databases_is_on:
|
|||||||
def test_defender_os_relational_databases_pricing_tier_not_standard(self):
|
def test_defender_os_relational_databases_pricing_tier_not_standard(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {
|
defender_client.pricings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -81,6 +83,7 @@ class Test_defender_ensure_defender_for_os_relational_databases_is_on:
|
|||||||
def test_defender_os_relational_databases_pricing_tier_standard(self):
|
def test_defender_os_relational_databases_pricing_tier_standard(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {
|
defender_client.pricings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
|
|||||||
+3
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
|||||||
class Test_defender_ensure_defender_for_server_is_on:
|
class Test_defender_ensure_defender_for_server_is_on:
|
||||||
def test_defender_no_server(self):
|
def test_defender_no_server(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {}
|
defender_client.pricings = {}
|
||||||
|
|
||||||
@@ -37,6 +38,7 @@ class Test_defender_ensure_defender_for_server_is_on:
|
|||||||
def test_defender_server_pricing_tier_not_standard(self):
|
def test_defender_server_pricing_tier_not_standard(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {
|
defender_client.pricings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -78,6 +80,7 @@ class Test_defender_ensure_defender_for_server_is_on:
|
|||||||
def test_defender_server_pricing_tier_standard(self):
|
def test_defender_server_pricing_tier_standard(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {
|
defender_client.pricings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
|
|||||||
+3
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
|||||||
class Test_defender_ensure_defender_for_sql_servers_is_on:
|
class Test_defender_ensure_defender_for_sql_servers_is_on:
|
||||||
def test_defender_no_server(self):
|
def test_defender_no_server(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {}
|
defender_client.pricings = {}
|
||||||
|
|
||||||
@@ -37,6 +38,7 @@ class Test_defender_ensure_defender_for_sql_servers_is_on:
|
|||||||
def test_defender_server_pricing_tier_not_standard(self):
|
def test_defender_server_pricing_tier_not_standard(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {
|
defender_client.pricings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -78,6 +80,7 @@ class Test_defender_ensure_defender_for_sql_servers_is_on:
|
|||||||
def test_defender_server_pricing_tier_standard(self):
|
def test_defender_server_pricing_tier_standard(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {
|
defender_client.pricings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
|
|||||||
+3
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
|||||||
class Test_defender_ensure_defender_for_storage_is_on:
|
class Test_defender_ensure_defender_for_storage_is_on:
|
||||||
def test_defender_no_server(self):
|
def test_defender_no_server(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {}
|
defender_client.pricings = {}
|
||||||
|
|
||||||
@@ -37,6 +38,7 @@ class Test_defender_ensure_defender_for_storage_is_on:
|
|||||||
def test_defender_server_pricing_tier_not_standard(self):
|
def test_defender_server_pricing_tier_not_standard(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {
|
defender_client.pricings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -78,6 +80,7 @@ class Test_defender_ensure_defender_for_storage_is_on:
|
|||||||
def test_defender_server_pricing_tier_standard(self):
|
def test_defender_server_pricing_tier_standard(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.pricings = {
|
defender_client.pricings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
|
|||||||
+5
@@ -15,6 +15,7 @@ from tests.providers.azure.azure_fixtures import (
|
|||||||
class Test_defender_ensure_iot_hub_defender_is_on:
|
class Test_defender_ensure_iot_hub_defender_is_on:
|
||||||
def test_defender_no_subscriptions(self):
|
def test_defender_no_subscriptions(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.iot_security_solutions = {}
|
defender_client.iot_security_solutions = {}
|
||||||
|
|
||||||
@@ -38,6 +39,7 @@ class Test_defender_ensure_iot_hub_defender_is_on:
|
|||||||
|
|
||||||
def test_defender_no_iot_hub_solutions(self):
|
def test_defender_no_iot_hub_solutions(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.iot_security_solutions = {AZURE_SUBSCRIPTION_ID: {}}
|
defender_client.iot_security_solutions = {AZURE_SUBSCRIPTION_ID: {}}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
|
|
||||||
@@ -69,6 +71,7 @@ class Test_defender_ensure_iot_hub_defender_is_on:
|
|||||||
def test_defender_iot_hub_solution_disabled(self):
|
def test_defender_iot_hub_solution_disabled(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.iot_security_solutions = {
|
defender_client.iot_security_solutions = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -106,6 +109,7 @@ class Test_defender_ensure_iot_hub_defender_is_on:
|
|||||||
def test_defender_iot_hub_solution_enabled(self):
|
def test_defender_iot_hub_solution_enabled(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.iot_security_solutions = {
|
defender_client.iot_security_solutions = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -145,6 +149,7 @@ class Test_defender_ensure_iot_hub_defender_is_on:
|
|||||||
resource_id_enabled = str(uuid4())
|
resource_id_enabled = str(uuid4())
|
||||||
resource_id_disabled = str(uuid4())
|
resource_id_disabled = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.iot_security_solutions = {
|
defender_client.iot_security_solutions = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
|
|||||||
+4
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
|||||||
class Test_defender_ensure_mcas_is_enabled:
|
class Test_defender_ensure_mcas_is_enabled:
|
||||||
def test_defender_no_settings(self):
|
def test_defender_no_settings(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.settings = {}
|
defender_client.settings = {}
|
||||||
|
|
||||||
@@ -37,6 +38,7 @@ class Test_defender_ensure_mcas_is_enabled:
|
|||||||
def test_defender_mcas_disabled(self):
|
def test_defender_mcas_disabled(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.settings = {
|
defender_client.settings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -79,6 +81,7 @@ class Test_defender_ensure_mcas_is_enabled:
|
|||||||
def test_defender_mcas_enabled(self):
|
def test_defender_mcas_enabled(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.settings = {
|
defender_client.settings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -120,6 +123,7 @@ class Test_defender_ensure_mcas_is_enabled:
|
|||||||
|
|
||||||
def test_defender_mcas_no_settings(self):
|
def test_defender_mcas_no_settings(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.settings = {AZURE_SUBSCRIPTION_ID: {}}
|
defender_client.settings = {AZURE_SUBSCRIPTION_ID: {}}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
|
|
||||||
|
|||||||
+5
@@ -16,6 +16,7 @@ from tests.providers.azure.azure_fixtures import (
|
|||||||
class Test_defender_ensure_notify_alerts_severity_is_high:
|
class Test_defender_ensure_notify_alerts_severity_is_high:
|
||||||
def test_defender_no_subscriptions(self):
|
def test_defender_no_subscriptions(self):
|
||||||
defender_client = mock.MagicMock()
|
defender_client = mock.MagicMock()
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.security_contact_configurations = {}
|
defender_client.security_contact_configurations = {}
|
||||||
|
|
||||||
@@ -40,6 +41,7 @@ class Test_defender_ensure_notify_alerts_severity_is_high:
|
|||||||
def test_defender_severity_alerts_critical(self):
|
def test_defender_severity_alerts_critical(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock()
|
defender_client = mock.MagicMock()
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.security_contact_configurations = {
|
defender_client.security_contact_configurations = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -87,6 +89,7 @@ class Test_defender_ensure_notify_alerts_severity_is_high:
|
|||||||
def test_defender_severity_alerts_high(self):
|
def test_defender_severity_alerts_high(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock()
|
defender_client = mock.MagicMock()
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.security_contact_configurations = {
|
defender_client.security_contact_configurations = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -135,6 +138,7 @@ class Test_defender_ensure_notify_alerts_severity_is_high:
|
|||||||
def test_defender_severity_alerts_low(self):
|
def test_defender_severity_alerts_low(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock()
|
defender_client = mock.MagicMock()
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.security_contact_configurations = {
|
defender_client.security_contact_configurations = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -182,6 +186,7 @@ class Test_defender_ensure_notify_alerts_severity_is_high:
|
|||||||
|
|
||||||
def test_defender_default_security_contact_not_found(self):
|
def test_defender_default_security_contact_not_found(self):
|
||||||
defender_client = mock.MagicMock()
|
defender_client = mock.MagicMock()
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.security_contact_configurations = {
|
defender_client.security_contact_configurations = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
|
|||||||
+4
@@ -16,6 +16,7 @@ from tests.providers.azure.azure_fixtures import (
|
|||||||
class Test_defender_ensure_notify_emails_to_owners:
|
class Test_defender_ensure_notify_emails_to_owners:
|
||||||
def test_defender_no_subscriptions(self):
|
def test_defender_no_subscriptions(self):
|
||||||
defender_client = mock.MagicMock()
|
defender_client = mock.MagicMock()
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.security_contact_configurations = {}
|
defender_client.security_contact_configurations = {}
|
||||||
|
|
||||||
@@ -40,6 +41,7 @@ class Test_defender_ensure_notify_emails_to_owners:
|
|||||||
def test_defender_no_notify_emails_to_owners(self):
|
def test_defender_no_notify_emails_to_owners(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock()
|
defender_client = mock.MagicMock()
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.security_contact_configurations = {
|
defender_client.security_contact_configurations = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -80,6 +82,7 @@ class Test_defender_ensure_notify_emails_to_owners:
|
|||||||
def test_defender_notify_emails_to_owners_off(self):
|
def test_defender_notify_emails_to_owners_off(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock()
|
defender_client = mock.MagicMock()
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.security_contact_configurations = {
|
defender_client.security_contact_configurations = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -127,6 +130,7 @@ class Test_defender_ensure_notify_emails_to_owners:
|
|||||||
def test_defender_notify_emails_to_owners(self):
|
def test_defender_notify_emails_to_owners(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock()
|
defender_client = mock.MagicMock()
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.security_contact_configurations = {
|
defender_client.security_contact_configurations = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
|
|||||||
+5
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
|||||||
class Test_defender_ensure_system_updates_are_applied:
|
class Test_defender_ensure_system_updates_are_applied:
|
||||||
def test_defender_no_app_services(self):
|
def test_defender_no_app_services(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.assessments = {}
|
defender_client.assessments = {}
|
||||||
|
|
||||||
@@ -37,6 +38,7 @@ class Test_defender_ensure_system_updates_are_applied:
|
|||||||
def test_defender_machines_no_log_analytics_installed(self):
|
def test_defender_machines_no_log_analytics_installed(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.assessments = {
|
defender_client.assessments = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -89,6 +91,7 @@ class Test_defender_ensure_system_updates_are_applied:
|
|||||||
):
|
):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.assessments = {
|
defender_client.assessments = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -139,6 +142,7 @@ class Test_defender_ensure_system_updates_are_applied:
|
|||||||
def test_defender_machines_no_system_updates_installed(self):
|
def test_defender_machines_no_system_updates_installed(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.assessments = {
|
defender_client.assessments = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -191,6 +195,7 @@ class Test_defender_ensure_system_updates_are_applied:
|
|||||||
):
|
):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.assessments = {
|
defender_client.assessments = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
|
|||||||
+4
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
|||||||
class Test_defender_ensure_wdatp_is_enabled:
|
class Test_defender_ensure_wdatp_is_enabled:
|
||||||
def test_defender_no_settings(self):
|
def test_defender_no_settings(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.settings = {}
|
defender_client.settings = {}
|
||||||
|
|
||||||
@@ -37,6 +38,7 @@ class Test_defender_ensure_wdatp_is_enabled:
|
|||||||
def test_defender_wdatp_disabled(self):
|
def test_defender_wdatp_disabled(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.settings = {
|
defender_client.settings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -79,6 +81,7 @@ class Test_defender_ensure_wdatp_is_enabled:
|
|||||||
def test_defender_wdatp_enabled(self):
|
def test_defender_wdatp_enabled(self):
|
||||||
resource_id = str(uuid4())
|
resource_id = str(uuid4())
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.settings = {
|
defender_client.settings = {
|
||||||
AZURE_SUBSCRIPTION_ID: {
|
AZURE_SUBSCRIPTION_ID: {
|
||||||
@@ -120,6 +123,7 @@ class Test_defender_ensure_wdatp_is_enabled:
|
|||||||
|
|
||||||
def test_defender_wdatp_no_settings(self):
|
def test_defender_wdatp_no_settings(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.settings = {AZURE_SUBSCRIPTION_ID: {}}
|
defender_client.settings = {AZURE_SUBSCRIPTION_ID: {}}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
|
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
from datetime import timedelta
|
from datetime import timedelta
|
||||||
from unittest.mock import patch
|
from unittest.mock import MagicMock, patch
|
||||||
|
|
||||||
from prowler.providers.azure.services.defender.defender_service import (
|
from prowler.providers.azure.services.defender.defender_service import (
|
||||||
Assesment,
|
Assesment,
|
||||||
@@ -13,6 +13,8 @@ from prowler.providers.azure.services.defender.defender_service import (
|
|||||||
)
|
)
|
||||||
from tests.providers.azure.azure_fixtures import (
|
from tests.providers.azure.azure_fixtures import (
|
||||||
AZURE_SUBSCRIPTION_ID,
|
AZURE_SUBSCRIPTION_ID,
|
||||||
|
RESOURCE_GROUP,
|
||||||
|
RESOURCE_GROUP_LIST,
|
||||||
set_mocked_azure_provider,
|
set_mocked_azure_provider,
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -358,3 +360,263 @@ class Test_Defender_Service_Assessments_None_Handling:
|
|||||||
"Assessment Unhealthy"
|
"Assessment Unhealthy"
|
||||||
]
|
]
|
||||||
assert assessment_unhealthy.status == "Unhealthy"
|
assert assessment_unhealthy.status == "Unhealthy"
|
||||||
|
|
||||||
|
|
||||||
|
DEFENDER_INIT_PATCHES = [
|
||||||
|
"prowler.providers.azure.services.defender.defender_service.Defender._get_pricings",
|
||||||
|
"prowler.providers.azure.services.defender.defender_service.Defender._get_auto_provisioning_settings",
|
||||||
|
"prowler.providers.azure.services.defender.defender_service.Defender._get_assessments",
|
||||||
|
"prowler.providers.azure.services.defender.defender_service.Defender._get_settings",
|
||||||
|
"prowler.providers.azure.services.defender.defender_service.Defender._get_security_contacts",
|
||||||
|
"prowler.providers.azure.services.defender.defender_service.Defender._get_iot_security_solutions",
|
||||||
|
"prowler.providers.azure.services.defender.defender_service.Defender._get_jit_policies",
|
||||||
|
]
|
||||||
|
|
||||||
|
|
||||||
|
class Test_Defender_get_iot_security_solutions:
|
||||||
|
def test_get_iot_security_solutions_no_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.iot_security_solution.list_by_subscription.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(DEFENDER_INIT_PATCHES[0], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[1], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[2], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[3], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[4], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[5], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[6], return_value={}),
|
||||||
|
):
|
||||||
|
defender = Defender(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
defender.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
defender.resource_groups = None
|
||||||
|
|
||||||
|
result = defender._get_iot_security_solutions()
|
||||||
|
|
||||||
|
mock_client.iot_security_solution.list_by_subscription.assert_called_once()
|
||||||
|
mock_client.iot_security_solution.list_by_resource_group.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_iot_security_solutions_with_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.iot_security_solution.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(DEFENDER_INIT_PATCHES[0], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[1], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[2], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[3], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[4], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[5], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[6], return_value={}),
|
||||||
|
):
|
||||||
|
defender = Defender(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
defender.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
defender.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||||
|
|
||||||
|
result = defender._get_iot_security_solutions()
|
||||||
|
|
||||||
|
mock_client.iot_security_solution.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name=RESOURCE_GROUP
|
||||||
|
)
|
||||||
|
mock_client.iot_security_solution.list_by_subscription.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_iot_security_solutions_empty_resource_group_for_subscription(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(DEFENDER_INIT_PATCHES[0], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[1], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[2], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[3], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[4], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[5], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[6], return_value={}),
|
||||||
|
):
|
||||||
|
defender = Defender(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
defender.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
defender.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||||
|
|
||||||
|
result = defender._get_iot_security_solutions()
|
||||||
|
|
||||||
|
mock_client.iot_security_solution.list_by_resource_group.assert_not_called()
|
||||||
|
mock_client.iot_security_solution.list_by_subscription.assert_not_called()
|
||||||
|
assert result[AZURE_SUBSCRIPTION_ID] == {}
|
||||||
|
|
||||||
|
|
||||||
|
class Test_Defender_get_jit_policies:
|
||||||
|
def test_get_jit_policies_no_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.jit_network_access_policies.list.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(DEFENDER_INIT_PATCHES[0], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[1], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[2], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[3], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[4], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[5], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[6], return_value={}),
|
||||||
|
):
|
||||||
|
defender = Defender(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
defender.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
defender.resource_groups = None
|
||||||
|
|
||||||
|
result = defender._get_jit_policies()
|
||||||
|
|
||||||
|
mock_client.jit_network_access_policies.list.assert_called_once()
|
||||||
|
mock_client.jit_network_access_policies.list_by_resource_group.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_jit_policies_with_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.jit_network_access_policies.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(DEFENDER_INIT_PATCHES[0], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[1], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[2], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[3], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[4], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[5], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[6], return_value={}),
|
||||||
|
):
|
||||||
|
defender = Defender(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
defender.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
defender.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||||
|
|
||||||
|
result = defender._get_jit_policies()
|
||||||
|
|
||||||
|
mock_client.jit_network_access_policies.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name=RESOURCE_GROUP
|
||||||
|
)
|
||||||
|
mock_client.jit_network_access_policies.list.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_jit_policies_empty_resource_group_for_subscription(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(DEFENDER_INIT_PATCHES[0], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[1], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[2], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[3], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[4], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[5], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[6], return_value={}),
|
||||||
|
):
|
||||||
|
defender = Defender(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
defender.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
defender.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||||
|
|
||||||
|
result = defender._get_jit_policies()
|
||||||
|
|
||||||
|
mock_client.jit_network_access_policies.list_by_resource_group.assert_not_called()
|
||||||
|
mock_client.jit_network_access_policies.list.assert_not_called()
|
||||||
|
assert result[AZURE_SUBSCRIPTION_ID] == {}
|
||||||
|
|
||||||
|
def test_get_iot_security_solutions_with_multiple_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.iot_security_solution.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(DEFENDER_INIT_PATCHES[0], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[1], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[2], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[3], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[4], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[5], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[6], return_value={}),
|
||||||
|
):
|
||||||
|
defender = Defender(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
defender.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
defender.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||||
|
|
||||||
|
result = defender._get_iot_security_solutions()
|
||||||
|
|
||||||
|
assert mock_client.iot_security_solution.list_by_resource_group.call_count == 2
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_iot_security_solutions_with_mixed_case_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.iot_security_solution.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(DEFENDER_INIT_PATCHES[0], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[1], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[2], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[3], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[4], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[5], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[6], return_value={}),
|
||||||
|
):
|
||||||
|
defender = Defender(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
defender.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
defender.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||||
|
|
||||||
|
defender._get_iot_security_solutions()
|
||||||
|
|
||||||
|
mock_client.iot_security_solution.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name="RG"
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
class Test_Defender_get_jit_policies_extra:
|
||||||
|
def test_get_jit_policies_with_multiple_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.jit_network_access_policies.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(DEFENDER_INIT_PATCHES[0], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[1], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[2], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[3], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[4], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[5], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[6], return_value={}),
|
||||||
|
):
|
||||||
|
defender = Defender(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
defender.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
defender.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||||
|
|
||||||
|
result = defender._get_jit_policies()
|
||||||
|
|
||||||
|
assert (
|
||||||
|
mock_client.jit_network_access_policies.list_by_resource_group.call_count
|
||||||
|
== 2
|
||||||
|
)
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_jit_policies_with_mixed_case_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.jit_network_access_policies.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(DEFENDER_INIT_PATCHES[0], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[1], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[2], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[3], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[4], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[5], return_value={}),
|
||||||
|
patch(DEFENDER_INIT_PATCHES[6], return_value={}),
|
||||||
|
):
|
||||||
|
defender = Defender(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
defender.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
defender.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||||
|
|
||||||
|
defender._get_jit_policies()
|
||||||
|
|
||||||
|
mock_client.jit_network_access_policies.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name="RG"
|
||||||
|
)
|
||||||
|
|||||||
+7
-2
@@ -7,7 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
|
|||||||
class Test_entra_conditional_access_policy_require_mfa_for_admin_portals:
|
class Test_entra_conditional_access_policy_require_mfa_for_admin_portals:
|
||||||
def test_entra_no_subscriptions(self):
|
def test_entra_no_subscriptions(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
@@ -30,7 +30,7 @@ class Test_entra_conditional_access_policy_require_mfa_for_admin_portals:
|
|||||||
|
|
||||||
def test_entra_tenant_no_policies(self):
|
def test_entra_tenant_no_policies(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
@@ -61,6 +61,7 @@ class Test_entra_conditional_access_policy_require_mfa_for_admin_portals:
|
|||||||
|
|
||||||
def test_entra_tenant_policy_no_mfa(self):
|
def test_entra_tenant_policy_no_mfa(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
policy_id = str(uuid4())
|
policy_id = str(uuid4())
|
||||||
|
|
||||||
with (
|
with (
|
||||||
@@ -105,6 +106,7 @@ class Test_entra_conditional_access_policy_require_mfa_for_admin_portals:
|
|||||||
|
|
||||||
def test_entra_tenant_policy_mfa(self):
|
def test_entra_tenant_policy_mfa(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
policy_id = str(uuid4())
|
policy_id = str(uuid4())
|
||||||
|
|
||||||
with (
|
with (
|
||||||
@@ -149,6 +151,7 @@ class Test_entra_conditional_access_policy_require_mfa_for_admin_portals:
|
|||||||
|
|
||||||
def test_entra_tenant_policy_mfa_disabled(self):
|
def test_entra_tenant_policy_mfa_disabled(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
policy_id = str(uuid4())
|
policy_id = str(uuid4())
|
||||||
|
|
||||||
with (
|
with (
|
||||||
@@ -193,6 +196,7 @@ class Test_entra_conditional_access_policy_require_mfa_for_admin_portals:
|
|||||||
|
|
||||||
def test_entra_tenant_policy_mfa_no_target(self):
|
def test_entra_tenant_policy_mfa_no_target(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
policy_id = str(uuid4())
|
policy_id = str(uuid4())
|
||||||
|
|
||||||
with (
|
with (
|
||||||
@@ -237,6 +241,7 @@ class Test_entra_conditional_access_policy_require_mfa_for_admin_portals:
|
|||||||
|
|
||||||
def test_entra_tenant_policy_mfa_no_users(self):
|
def test_entra_tenant_policy_mfa_no_users(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
policy_id = str(uuid4())
|
policy_id = str(uuid4())
|
||||||
|
|
||||||
with (
|
with (
|
||||||
|
|||||||
+7
-2
@@ -7,7 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
|
|||||||
class Test_entra_conditional_access_policy_require_mfa_for_management_api:
|
class Test_entra_conditional_access_policy_require_mfa_for_management_api:
|
||||||
def test_entra_no_subscriptions(self):
|
def test_entra_no_subscriptions(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
@@ -30,7 +30,7 @@ class Test_entra_conditional_access_policy_require_mfa_for_management_api:
|
|||||||
|
|
||||||
def test_entra_tenant_no_policies(self):
|
def test_entra_tenant_no_policies(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
@@ -61,6 +61,7 @@ class Test_entra_conditional_access_policy_require_mfa_for_management_api:
|
|||||||
|
|
||||||
def test_entra_tenant_policy_no_mfa(self):
|
def test_entra_tenant_policy_no_mfa(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
policy_id = str(uuid4())
|
policy_id = str(uuid4())
|
||||||
|
|
||||||
with (
|
with (
|
||||||
@@ -105,6 +106,7 @@ class Test_entra_conditional_access_policy_require_mfa_for_management_api:
|
|||||||
|
|
||||||
def test_entra_tenant_policy_mfa(self):
|
def test_entra_tenant_policy_mfa(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
policy_id = str(uuid4())
|
policy_id = str(uuid4())
|
||||||
|
|
||||||
with (
|
with (
|
||||||
@@ -149,6 +151,7 @@ class Test_entra_conditional_access_policy_require_mfa_for_management_api:
|
|||||||
|
|
||||||
def test_entra_tenant_policy_mfa_disabled(self):
|
def test_entra_tenant_policy_mfa_disabled(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
policy_id = str(uuid4())
|
policy_id = str(uuid4())
|
||||||
|
|
||||||
with (
|
with (
|
||||||
@@ -193,6 +196,7 @@ class Test_entra_conditional_access_policy_require_mfa_for_management_api:
|
|||||||
|
|
||||||
def test_entra_tenant_policy_mfa_no_target(self):
|
def test_entra_tenant_policy_mfa_no_target(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
policy_id = str(uuid4())
|
policy_id = str(uuid4())
|
||||||
|
|
||||||
with (
|
with (
|
||||||
@@ -237,6 +241,7 @@ class Test_entra_conditional_access_policy_require_mfa_for_management_api:
|
|||||||
|
|
||||||
def test_entra_tenant_policy_mfa_no_users(self):
|
def test_entra_tenant_policy_mfa_no_users(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
policy_id = str(uuid4())
|
policy_id = str(uuid4())
|
||||||
|
|
||||||
with (
|
with (
|
||||||
|
|||||||
+5
-5
@@ -7,7 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
|
|||||||
class Test_entra_global_admin_in_less_than_five_users:
|
class Test_entra_global_admin_in_less_than_five_users:
|
||||||
def test_entra_no_tenants(self):
|
def test_entra_no_tenants(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
@@ -32,7 +32,7 @@ class Test_entra_global_admin_in_less_than_five_users:
|
|||||||
|
|
||||||
def test_entra_tenant_empty(self):
|
def test_entra_tenant_empty(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
@@ -57,7 +57,7 @@ class Test_entra_global_admin_in_less_than_five_users:
|
|||||||
|
|
||||||
def test_entra_less_than_five_global_admins(self):
|
def test_entra_less_than_five_global_admins(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
@@ -110,7 +110,7 @@ class Test_entra_global_admin_in_less_than_five_users:
|
|||||||
|
|
||||||
def test_entra_more_than_five_global_admins(self):
|
def test_entra_more_than_five_global_admins(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
@@ -178,7 +178,7 @@ class Test_entra_global_admin_in_less_than_five_users:
|
|||||||
|
|
||||||
def test_entra_exactly_five_global_admins(self):
|
def test_entra_exactly_five_global_admins(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
|
|||||||
+8
-2
@@ -7,7 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
|
|||||||
class Test_entra_non_privileged_user_has_mfa:
|
class Test_entra_non_privileged_user_has_mfa:
|
||||||
def test_entra_no_tenants(self):
|
def test_entra_no_tenants(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
@@ -30,7 +30,7 @@ class Test_entra_non_privileged_user_has_mfa:
|
|||||||
|
|
||||||
def test_entra_tenant_no_users(self):
|
def test_entra_tenant_no_users(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
@@ -53,6 +53,7 @@ class Test_entra_non_privileged_user_has_mfa:
|
|||||||
|
|
||||||
def test_entra_user_no_privileged_no_mfa(self):
|
def test_entra_user_no_privileged_no_mfa(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
user_id = str(uuid4())
|
user_id = str(uuid4())
|
||||||
|
|
||||||
with (
|
with (
|
||||||
@@ -100,6 +101,7 @@ class Test_entra_non_privileged_user_has_mfa:
|
|||||||
|
|
||||||
def test_entra_user_no_privileged_mfa(self):
|
def test_entra_user_no_privileged_mfa(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
user_id = str(uuid4())
|
user_id = str(uuid4())
|
||||||
|
|
||||||
with (
|
with (
|
||||||
@@ -144,6 +146,7 @@ class Test_entra_non_privileged_user_has_mfa:
|
|||||||
|
|
||||||
def test_entra_disabled_user_no_privileged_no_mfa(self):
|
def test_entra_disabled_user_no_privileged_no_mfa(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
user_id = str(uuid4())
|
user_id = str(uuid4())
|
||||||
|
|
||||||
with (
|
with (
|
||||||
@@ -184,6 +187,7 @@ class Test_entra_non_privileged_user_has_mfa:
|
|||||||
|
|
||||||
def test_entra_disabled_user_no_privileged_mfa(self):
|
def test_entra_disabled_user_no_privileged_mfa(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
user_id = str(uuid4())
|
user_id = str(uuid4())
|
||||||
|
|
||||||
with (
|
with (
|
||||||
@@ -224,6 +228,7 @@ class Test_entra_non_privileged_user_has_mfa:
|
|||||||
|
|
||||||
def test_entra_user_privileged_no_mfa(self):
|
def test_entra_user_privileged_no_mfa(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
user_id = str(uuid4())
|
user_id = str(uuid4())
|
||||||
|
|
||||||
with (
|
with (
|
||||||
@@ -265,6 +270,7 @@ class Test_entra_non_privileged_user_has_mfa:
|
|||||||
|
|
||||||
def test_entra_user_privileged_mfa(self):
|
def test_entra_user_privileged_mfa(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
user_id = str(uuid4())
|
user_id = str(uuid4())
|
||||||
|
|
||||||
with (
|
with (
|
||||||
|
|||||||
+4
@@ -7,6 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
|
|||||||
class Test_entra_policy_default_users_cannot_create_security_groups:
|
class Test_entra_policy_default_users_cannot_create_security_groups:
|
||||||
def test_entra_no_tenants(self):
|
def test_entra_no_tenants(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
entra_client.authorization_policy = {}
|
entra_client.authorization_policy = {}
|
||||||
|
|
||||||
with (
|
with (
|
||||||
@@ -29,6 +30,7 @@ class Test_entra_policy_default_users_cannot_create_security_groups:
|
|||||||
|
|
||||||
def test_entra_tenant_empty(self):
|
def test_entra_tenant_empty(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
id = str(uuid4())
|
id = str(uuid4())
|
||||||
|
|
||||||
with (
|
with (
|
||||||
@@ -75,6 +77,7 @@ class Test_entra_policy_default_users_cannot_create_security_groups:
|
|||||||
self,
|
self,
|
||||||
):
|
):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
id = str(uuid4())
|
id = str(uuid4())
|
||||||
|
|
||||||
with (
|
with (
|
||||||
@@ -124,6 +127,7 @@ class Test_entra_policy_default_users_cannot_create_security_groups:
|
|||||||
self,
|
self,
|
||||||
):
|
):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
id = str(uuid4())
|
id = str(uuid4())
|
||||||
|
|
||||||
with (
|
with (
|
||||||
|
|||||||
+4
-3
@@ -7,7 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
|
|||||||
class Test_entra_policy_ensure_default_user_cannot_create_apps:
|
class Test_entra_policy_ensure_default_user_cannot_create_apps:
|
||||||
def test_entra_no_tenants(self):
|
def test_entra_no_tenants(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
@@ -30,6 +30,7 @@ class Test_entra_policy_ensure_default_user_cannot_create_apps:
|
|||||||
|
|
||||||
def test_entra_tenant_empty(self):
|
def test_entra_tenant_empty(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
id = str(uuid4())
|
id = str(uuid4())
|
||||||
|
|
||||||
with (
|
with (
|
||||||
@@ -75,7 +76,7 @@ class Test_entra_policy_ensure_default_user_cannot_create_apps:
|
|||||||
def test_entra_default_user_role_permissions_not_allowed_to_create_apps(self):
|
def test_entra_default_user_role_permissions_not_allowed_to_create_apps(self):
|
||||||
id = str(uuid4())
|
id = str(uuid4())
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
@@ -122,7 +123,7 @@ class Test_entra_policy_ensure_default_user_cannot_create_apps:
|
|||||||
def test_entra_default_user_role_permissions_allowed_to_create_apps(self):
|
def test_entra_default_user_role_permissions_allowed_to_create_apps(self):
|
||||||
id = str(uuid4())
|
id = str(uuid4())
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
|
|||||||
+4
-2
@@ -7,6 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
|
|||||||
class Test_entra_policy_ensure_default_user_cannot_create_tenants:
|
class Test_entra_policy_ensure_default_user_cannot_create_tenants:
|
||||||
def test_entra_no_tenants(self):
|
def test_entra_no_tenants(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
entra_client.authorization_policy = {}
|
entra_client.authorization_policy = {}
|
||||||
|
|
||||||
with (
|
with (
|
||||||
@@ -29,6 +30,7 @@ class Test_entra_policy_ensure_default_user_cannot_create_tenants:
|
|||||||
|
|
||||||
def test_entra_empty_tenant(self):
|
def test_entra_empty_tenant(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
id = str(uuid4())
|
id = str(uuid4())
|
||||||
|
|
||||||
with (
|
with (
|
||||||
@@ -74,7 +76,7 @@ class Test_entra_policy_ensure_default_user_cannot_create_tenants:
|
|||||||
def test_entra_default_user_role_permissions_not_allowed_to_create_tenants(self):
|
def test_entra_default_user_role_permissions_not_allowed_to_create_tenants(self):
|
||||||
id = str(uuid4())
|
id = str(uuid4())
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
@@ -121,7 +123,7 @@ class Test_entra_policy_ensure_default_user_cannot_create_tenants:
|
|||||||
def test_entra_default_user_role_permissions_allowed_to_create_tenants(self):
|
def test_entra_default_user_role_permissions_allowed_to_create_tenants(self):
|
||||||
id = str(uuid4())
|
id = str(uuid4())
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
|
|||||||
+5
-1
@@ -7,7 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
|
|||||||
class Test_entra_policy_guest_invite_only_for_admin_roles:
|
class Test_entra_policy_guest_invite_only_for_admin_roles:
|
||||||
def test_entra_no_tenants(self):
|
def test_entra_no_tenants(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
@@ -30,6 +30,7 @@ class Test_entra_policy_guest_invite_only_for_admin_roles:
|
|||||||
|
|
||||||
def test_entra_empty_tenant(self):
|
def test_entra_empty_tenant(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
id = str(uuid4())
|
id = str(uuid4())
|
||||||
|
|
||||||
with (
|
with (
|
||||||
@@ -76,6 +77,7 @@ class Test_entra_policy_guest_invite_only_for_admin_roles:
|
|||||||
|
|
||||||
def test_entra_tenant_policy_allow_invites_from_everyone(self):
|
def test_entra_tenant_policy_allow_invites_from_everyone(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
id = str(uuid4())
|
id = str(uuid4())
|
||||||
|
|
||||||
with (
|
with (
|
||||||
@@ -120,6 +122,7 @@ class Test_entra_policy_guest_invite_only_for_admin_roles:
|
|||||||
|
|
||||||
def test_entra_tenant_policy_allow_invites_from_admins(self):
|
def test_entra_tenant_policy_allow_invites_from_admins(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
id = str(uuid4())
|
id = str(uuid4())
|
||||||
|
|
||||||
with (
|
with (
|
||||||
@@ -164,6 +167,7 @@ class Test_entra_policy_guest_invite_only_for_admin_roles:
|
|||||||
|
|
||||||
def test_entra_tenant_policy_allow_invites_from_none(self):
|
def test_entra_tenant_policy_allow_invites_from_none(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
id = str(uuid4())
|
id = str(uuid4())
|
||||||
|
|
||||||
with (
|
with (
|
||||||
|
|||||||
+5
-1
@@ -7,7 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
|
|||||||
class Test_entra_policy_guest_users_access_restrictions:
|
class Test_entra_policy_guest_users_access_restrictions:
|
||||||
def test_entra_no_tenants(self):
|
def test_entra_no_tenants(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
@@ -30,6 +30,7 @@ class Test_entra_policy_guest_users_access_restrictions:
|
|||||||
|
|
||||||
def test_entra_tenant_empty(self):
|
def test_entra_tenant_empty(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
id = str(uuid4())
|
id = str(uuid4())
|
||||||
|
|
||||||
with (
|
with (
|
||||||
@@ -74,6 +75,7 @@ class Test_entra_policy_guest_users_access_restrictions:
|
|||||||
|
|
||||||
def test_entra_tenant_policy_access_same_as_member(self):
|
def test_entra_tenant_policy_access_same_as_member(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
id = str(uuid4())
|
id = str(uuid4())
|
||||||
|
|
||||||
with (
|
with (
|
||||||
@@ -117,6 +119,7 @@ class Test_entra_policy_guest_users_access_restrictions:
|
|||||||
|
|
||||||
def test_entra_tenant_policy_limited_access(self):
|
def test_entra_tenant_policy_limited_access(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
id = str(uuid4())
|
id = str(uuid4())
|
||||||
|
|
||||||
with (
|
with (
|
||||||
@@ -160,6 +163,7 @@ class Test_entra_policy_guest_users_access_restrictions:
|
|||||||
|
|
||||||
def test_entra_tenant_policy_access_restricted(self):
|
def test_entra_tenant_policy_access_restricted(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
id = str(uuid4())
|
id = str(uuid4())
|
||||||
|
|
||||||
with (
|
with (
|
||||||
|
|||||||
+5
-4
@@ -7,7 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
|
|||||||
class Test_entra_policy_restricts_user_consent_for_apps:
|
class Test_entra_policy_restricts_user_consent_for_apps:
|
||||||
def test_entra_no_tenants(self):
|
def test_entra_no_tenants(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
@@ -30,6 +30,7 @@ class Test_entra_policy_restricts_user_consent_for_apps:
|
|||||||
|
|
||||||
def test_entra_tenant_empty(self):
|
def test_entra_tenant_empty(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
id = str(uuid4())
|
id = str(uuid4())
|
||||||
|
|
||||||
with (
|
with (
|
||||||
@@ -74,7 +75,7 @@ class Test_entra_policy_restricts_user_consent_for_apps:
|
|||||||
|
|
||||||
def test_entra_tenant_no_default_user_role_permissions(self):
|
def test_entra_tenant_no_default_user_role_permissions(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
@@ -116,7 +117,7 @@ class Test_entra_policy_restricts_user_consent_for_apps:
|
|||||||
|
|
||||||
def test_entra_tenant_no_consent(self):
|
def test_entra_tenant_no_consent(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
@@ -162,7 +163,7 @@ class Test_entra_policy_restricts_user_consent_for_apps:
|
|||||||
|
|
||||||
def test_entra_tenant_legacy_consent(self):
|
def test_entra_tenant_legacy_consent(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
|
|||||||
+3
-3
@@ -7,7 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
|
|||||||
class Test_entra_policy_user_consent_for_verified_apps:
|
class Test_entra_policy_user_consent_for_verified_apps:
|
||||||
def test_entra_no_subscriptions(self):
|
def test_entra_no_subscriptions(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
@@ -30,7 +30,7 @@ class Test_entra_policy_user_consent_for_verified_apps:
|
|||||||
|
|
||||||
def test_entra_tenant_no_consent(self):
|
def test_entra_tenant_no_consent(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
@@ -76,7 +76,7 @@ class Test_entra_policy_user_consent_for_verified_apps:
|
|||||||
|
|
||||||
def test_entra_tenant_legacy_consent(self):
|
def test_entra_tenant_legacy_consent(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
|
|||||||
+6
-2
@@ -7,7 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
|
|||||||
class Test_entra_privileged_user_has_mfa:
|
class Test_entra_privileged_user_has_mfa:
|
||||||
def test_entra_no_tenants(self):
|
def test_entra_no_tenants(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
@@ -30,7 +30,7 @@ class Test_entra_privileged_user_has_mfa:
|
|||||||
|
|
||||||
def test_entra_tenant_no_users(self):
|
def test_entra_tenant_no_users(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
@@ -53,6 +53,7 @@ class Test_entra_privileged_user_has_mfa:
|
|||||||
|
|
||||||
def test_entra_user_no_privileged_no_mfa(self):
|
def test_entra_user_no_privileged_no_mfa(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
user_id = str(uuid4())
|
user_id = str(uuid4())
|
||||||
|
|
||||||
with (
|
with (
|
||||||
@@ -92,6 +93,7 @@ class Test_entra_privileged_user_has_mfa:
|
|||||||
|
|
||||||
def test_entra_user_no_privileged_mfa(self):
|
def test_entra_user_no_privileged_mfa(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
user_id = str(uuid4())
|
user_id = str(uuid4())
|
||||||
|
|
||||||
with (
|
with (
|
||||||
@@ -131,6 +133,7 @@ class Test_entra_privileged_user_has_mfa:
|
|||||||
|
|
||||||
def test_entra_user_privileged_no_mfa(self):
|
def test_entra_user_privileged_no_mfa(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
user_id = str(uuid4())
|
user_id = str(uuid4())
|
||||||
|
|
||||||
with (
|
with (
|
||||||
@@ -177,6 +180,7 @@ class Test_entra_privileged_user_has_mfa:
|
|||||||
|
|
||||||
def test_entra_user_privileged_mfa(self):
|
def test_entra_user_privileged_mfa(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
user_id = str(uuid4())
|
user_id = str(uuid4())
|
||||||
|
|
||||||
with (
|
with (
|
||||||
|
|||||||
+4
-4
@@ -7,7 +7,7 @@ from tests.providers.azure.azure_fixtures import DOMAIN, set_mocked_azure_provid
|
|||||||
class Test_entra_security_defaults_enabled:
|
class Test_entra_security_defaults_enabled:
|
||||||
def test_entra_no_tenants(self):
|
def test_entra_no_tenants(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
@@ -30,7 +30,7 @@ class Test_entra_security_defaults_enabled:
|
|||||||
|
|
||||||
def test_entra_tenant_empty(self):
|
def test_entra_tenant_empty(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
@@ -58,7 +58,7 @@ class Test_entra_security_defaults_enabled:
|
|||||||
|
|
||||||
def test_entra_security_default_enabled(self):
|
def test_entra_security_default_enabled(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
@@ -93,7 +93,7 @@ class Test_entra_security_defaults_enabled:
|
|||||||
|
|
||||||
def test_entra_security_default_disabled(self):
|
def test_entra_security_default_disabled(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
|
|||||||
+5
-5
@@ -10,7 +10,7 @@ from tests.providers.azure.azure_fixtures import (
|
|||||||
class Test_entra_trusted_named_locations_exists:
|
class Test_entra_trusted_named_locations_exists:
|
||||||
def test_entra_no_tenants(self):
|
def test_entra_no_tenants(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
@@ -34,7 +34,7 @@ class Test_entra_trusted_named_locations_exists:
|
|||||||
|
|
||||||
def test_entra_tenant_empty(self):
|
def test_entra_tenant_empty(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
@@ -67,7 +67,7 @@ class Test_entra_trusted_named_locations_exists:
|
|||||||
|
|
||||||
def test_entra_named_location_with_ip_ranges(self):
|
def test_entra_named_location_with_ip_ranges(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
@@ -111,7 +111,7 @@ class Test_entra_trusted_named_locations_exists:
|
|||||||
|
|
||||||
def test_entra_named_location_without_ip_ranges(self):
|
def test_entra_named_location_without_ip_ranges(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
@@ -156,7 +156,7 @@ class Test_entra_trusted_named_locations_exists:
|
|||||||
|
|
||||||
def test_entra_new_named_location_with_ip_ranges_not_trusted(self):
|
def test_entra_new_named_location_with_ip_ranges_not_trusted(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
|
|||||||
+10
-1
@@ -14,10 +14,11 @@ from tests.providers.azure.azure_fixtures import (
|
|||||||
class Test_iam_assignment_priviledge_access_vm_has_mfa:
|
class Test_iam_assignment_priviledge_access_vm_has_mfa:
|
||||||
def test_iam_no_roles(self):
|
def test_iam_no_roles(self):
|
||||||
iam_client = mock.MagicMock
|
iam_client = mock.MagicMock
|
||||||
|
iam_client.resource_groups = {}
|
||||||
iam_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
iam_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
entra_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
entra_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
|
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
@@ -41,9 +42,11 @@ class Test_iam_assignment_priviledge_access_vm_has_mfa:
|
|||||||
|
|
||||||
def test_entra_user_with_vm_access_has_mfa(self):
|
def test_entra_user_with_vm_access_has_mfa(self):
|
||||||
iam_client = mock.MagicMock
|
iam_client = mock.MagicMock
|
||||||
|
iam_client.resource_groups = {}
|
||||||
iam_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
iam_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
role_assigment_id = str(uuid4())
|
role_assigment_id = str(uuid4())
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
entra_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
entra_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
user_id = str(uuid4())
|
user_id = str(uuid4())
|
||||||
|
|
||||||
@@ -112,9 +115,11 @@ class Test_iam_assignment_priviledge_access_vm_has_mfa:
|
|||||||
|
|
||||||
def test_entra_user_with_vm_access_has_mfa_no_mfa(self):
|
def test_entra_user_with_vm_access_has_mfa_no_mfa(self):
|
||||||
iam_client = mock.MagicMock
|
iam_client = mock.MagicMock
|
||||||
|
iam_client.resource_groups = {}
|
||||||
iam_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
iam_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
role_assigment_id = str(uuid4())
|
role_assigment_id = str(uuid4())
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
entra_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
entra_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
user_id = str(uuid4())
|
user_id = str(uuid4())
|
||||||
|
|
||||||
@@ -183,9 +188,11 @@ class Test_iam_assignment_priviledge_access_vm_has_mfa:
|
|||||||
|
|
||||||
def test_entra_user_with_vm_access_has_mfa_no_user(self):
|
def test_entra_user_with_vm_access_has_mfa_no_user(self):
|
||||||
iam_client = mock.MagicMock
|
iam_client = mock.MagicMock
|
||||||
|
iam_client.resource_groups = {}
|
||||||
iam_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
iam_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
role_assigment_id = str(uuid4())
|
role_assigment_id = str(uuid4())
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
entra_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
entra_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
user_id = str(uuid4())
|
user_id = str(uuid4())
|
||||||
|
|
||||||
@@ -237,9 +244,11 @@ class Test_iam_assignment_priviledge_access_vm_has_mfa:
|
|||||||
|
|
||||||
def test_entra_user_with_vm_access_has_mfa_no_role(self):
|
def test_entra_user_with_vm_access_has_mfa_no_role(self):
|
||||||
iam_client = mock.MagicMock
|
iam_client = mock.MagicMock
|
||||||
|
iam_client.resource_groups = {}
|
||||||
iam_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
iam_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
role_assigment_id = str(uuid4())
|
role_assigment_id = str(uuid4())
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
entra_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
entra_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
user_id = str(uuid4())
|
user_id = str(uuid4())
|
||||||
|
|
||||||
|
|||||||
+5
-5
@@ -11,7 +11,7 @@ from tests.providers.azure.azure_fixtures import (
|
|||||||
class Test_entra_users_cannot_create_microsoft_365_groups:
|
class Test_entra_users_cannot_create_microsoft_365_groups:
|
||||||
def test_entra_no_tenant(self):
|
def test_entra_no_tenant(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
@@ -35,7 +35,7 @@ class Test_entra_users_cannot_create_microsoft_365_groups:
|
|||||||
|
|
||||||
def test_entra_tenant_empty(self):
|
def test_entra_tenant_empty(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
@@ -65,7 +65,7 @@ class Test_entra_users_cannot_create_microsoft_365_groups:
|
|||||||
|
|
||||||
def test_entra_users_cannot_create_microsoft_365_groups(self):
|
def test_entra_users_cannot_create_microsoft_365_groups(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
@@ -114,7 +114,7 @@ class Test_entra_users_cannot_create_microsoft_365_groups:
|
|||||||
|
|
||||||
def test_entra_users_can_create_microsoft_365_groups(self):
|
def test_entra_users_can_create_microsoft_365_groups(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
@@ -161,7 +161,7 @@ class Test_entra_users_cannot_create_microsoft_365_groups:
|
|||||||
|
|
||||||
def test_entra_users_can_create_microsoft_365_groups_no_setting(self):
|
def test_entra_users_can_create_microsoft_365_groups_no_setting(self):
|
||||||
entra_client = mock.MagicMock
|
entra_client = mock.MagicMock
|
||||||
|
entra_client.resource_groups = {}
|
||||||
with (
|
with (
|
||||||
mock.patch(
|
mock.patch(
|
||||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
|
|||||||
@@ -0,0 +1,162 @@
|
|||||||
|
from unittest.mock import MagicMock, patch
|
||||||
|
|
||||||
|
from prowler.providers.azure.services.iam.iam_service import IAM
|
||||||
|
from tests.providers.azure.azure_fixtures import (
|
||||||
|
AZURE_SUBSCRIPTION_ID,
|
||||||
|
RESOURCE_GROUP,
|
||||||
|
set_mocked_azure_provider,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
class Test_IAM_get_roles:
|
||||||
|
def test_get_roles_no_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.role_definitions.list.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.iam.iam_service.IAM._get_roles",
|
||||||
|
return_value=({}, {}),
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.iam.iam_service.IAM._get_role_assignments",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
):
|
||||||
|
iam = IAM(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
iam.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
iam.resource_groups = None
|
||||||
|
|
||||||
|
builtin, custom = iam._get_roles()
|
||||||
|
|
||||||
|
mock_client.role_definitions.list.assert_called_once()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in builtin
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in custom
|
||||||
|
|
||||||
|
def test_get_roles_with_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.role_definitions.list.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.iam.iam_service.IAM._get_roles",
|
||||||
|
return_value=({}, {}),
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.iam.iam_service.IAM._get_role_assignments",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
):
|
||||||
|
iam = IAM(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
iam.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
iam.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||||
|
|
||||||
|
builtin, custom = iam._get_roles()
|
||||||
|
|
||||||
|
mock_client.role_definitions.list.assert_called_once()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in builtin
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in custom
|
||||||
|
|
||||||
|
def test_get_roles_empty_resource_group_for_subscription(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.role_definitions.list.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.iam.iam_service.IAM._get_roles",
|
||||||
|
return_value=({}, {}),
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.iam.iam_service.IAM._get_role_assignments",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
):
|
||||||
|
iam = IAM(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
iam.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
iam.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||||
|
|
||||||
|
builtin, custom = iam._get_roles()
|
||||||
|
|
||||||
|
mock_client.role_definitions.list.assert_called_once()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in builtin
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in custom
|
||||||
|
|
||||||
|
|
||||||
|
class Test_IAM_get_role_assignments:
|
||||||
|
def test_get_role_assignments_no_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.role_assignments = MagicMock()
|
||||||
|
mock_client.role_assignments.list_for_subscription.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.iam.iam_service.IAM._get_roles",
|
||||||
|
return_value=({}, {}),
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.iam.iam_service.IAM._get_role_assignments",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
):
|
||||||
|
iam = IAM(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
iam.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
iam.resource_groups = None
|
||||||
|
|
||||||
|
result = iam._get_role_assignments()
|
||||||
|
|
||||||
|
mock_client.role_assignments.list_for_subscription.assert_called_once()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_role_assignments_with_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.role_assignments = MagicMock()
|
||||||
|
mock_client.role_assignments.list_for_subscription.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.iam.iam_service.IAM._get_roles",
|
||||||
|
return_value=({}, {}),
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.iam.iam_service.IAM._get_role_assignments",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
):
|
||||||
|
iam = IAM(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
iam.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
iam.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||||
|
|
||||||
|
result = iam._get_role_assignments()
|
||||||
|
|
||||||
|
mock_client.role_assignments.list_for_subscription.assert_called_once()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_role_assignments_empty_resource_group_for_subscription(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.role_assignments = MagicMock()
|
||||||
|
mock_client.role_assignments.list_for_subscription.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.iam.iam_service.IAM._get_roles",
|
||||||
|
return_value=({}, {}),
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.iam.iam_service.IAM._get_role_assignments",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
):
|
||||||
|
iam = IAM(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
iam.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
iam.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||||
|
|
||||||
|
result = iam._get_role_assignments()
|
||||||
|
|
||||||
|
mock_client.role_assignments.list_for_subscription.assert_called_once()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
+5
@@ -14,6 +14,7 @@ from tests.providers.azure.azure_fixtures import (
|
|||||||
class Test_iam_custom_role_has_permissions_to_administer_resource_locks:
|
class Test_iam_custom_role_has_permissions_to_administer_resource_locks:
|
||||||
def test_iam_no_roles(self):
|
def test_iam_no_roles(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.custom_roles = {}
|
defender_client.custom_roles = {}
|
||||||
|
|
||||||
@@ -39,6 +40,7 @@ class Test_iam_custom_role_has_permissions_to_administer_resource_locks:
|
|||||||
self,
|
self,
|
||||||
):
|
):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
role_name = "test-role"
|
role_name = "test-role"
|
||||||
defender_client.custom_roles = {
|
defender_client.custom_roles = {
|
||||||
@@ -95,6 +97,7 @@ class Test_iam_custom_role_has_permissions_to_administer_resource_locks:
|
|||||||
self,
|
self,
|
||||||
):
|
):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
role_name = "test-role"
|
role_name = "test-role"
|
||||||
defender_client.custom_roles = {
|
defender_client.custom_roles = {
|
||||||
@@ -144,6 +147,7 @@ class Test_iam_custom_role_has_permissions_to_administer_resource_locks:
|
|||||||
self,
|
self,
|
||||||
):
|
):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
role_name = "test-role"
|
role_name = "test-role"
|
||||||
role_name2 = "test-role2"
|
role_name2 = "test-role2"
|
||||||
@@ -212,6 +216,7 @@ class Test_iam_custom_role_has_permissions_to_administer_resource_locks:
|
|||||||
|
|
||||||
def test_iam_custom_roles_empty_list_but_with_key(self):
|
def test_iam_custom_roles_empty_list_but_with_key(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.custom_roles = {AZURE_SUBSCRIPTION_ID: {}}
|
defender_client.custom_roles = {AZURE_SUBSCRIPTION_ID: {}}
|
||||||
|
|
||||||
|
|||||||
+3
@@ -13,6 +13,7 @@ from tests.providers.azure.azure_fixtures import (
|
|||||||
class Test_iam_role_user_access_admin_restricted:
|
class Test_iam_role_user_access_admin_restricted:
|
||||||
def test_iam_no_role_assignments(self):
|
def test_iam_no_role_assignments(self):
|
||||||
iam_client = mock.MagicMock
|
iam_client = mock.MagicMock
|
||||||
|
iam_client.resource_groups = {}
|
||||||
iam_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
iam_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
iam_client.role_assignments = {}
|
iam_client.role_assignments = {}
|
||||||
iam_client.roles = {}
|
iam_client.roles = {}
|
||||||
@@ -37,6 +38,7 @@ class Test_iam_role_user_access_admin_restricted:
|
|||||||
|
|
||||||
def test_iam_user_access_administrator_role_assigned(self):
|
def test_iam_user_access_administrator_role_assigned(self):
|
||||||
iam_client = mock.MagicMock
|
iam_client = mock.MagicMock
|
||||||
|
iam_client.resource_groups = {}
|
||||||
role_id = str(uuid4())
|
role_id = str(uuid4())
|
||||||
role_assignment_id = str(uuid4())
|
role_assignment_id = str(uuid4())
|
||||||
agent_id = str(uuid4())
|
agent_id = str(uuid4())
|
||||||
@@ -97,6 +99,7 @@ class Test_iam_role_user_access_admin_restricted:
|
|||||||
|
|
||||||
def test_iam_non_user_access_administrator_role_assigned(self):
|
def test_iam_non_user_access_administrator_role_assigned(self):
|
||||||
iam_client = mock.MagicMock
|
iam_client = mock.MagicMock
|
||||||
|
iam_client.resource_groups = {}
|
||||||
role_id = str(uuid4())
|
role_id = str(uuid4())
|
||||||
role_assignment_id = str(uuid4())
|
role_assignment_id = str(uuid4())
|
||||||
agent_id = str(uuid4())
|
agent_id = str(uuid4())
|
||||||
|
|||||||
+3
@@ -14,6 +14,7 @@ from tests.providers.azure.azure_fixtures import (
|
|||||||
class Test_iam_subscription_roles_owner_custom_not_created:
|
class Test_iam_subscription_roles_owner_custom_not_created:
|
||||||
def test_iam_no_roles(self):
|
def test_iam_no_roles(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
defender_client.custom_roles = {}
|
defender_client.custom_roles = {}
|
||||||
|
|
||||||
@@ -37,6 +38,7 @@ class Test_iam_subscription_roles_owner_custom_not_created:
|
|||||||
|
|
||||||
def test_iam_custom_owner_role_created_with_all(self):
|
def test_iam_custom_owner_role_created_with_all(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
role_name = "test-role"
|
role_name = "test-role"
|
||||||
defender_client.custom_roles = {
|
defender_client.custom_roles = {
|
||||||
@@ -84,6 +86,7 @@ class Test_iam_subscription_roles_owner_custom_not_created:
|
|||||||
|
|
||||||
def test_iam_custom_owner_role_created_with_no_permissions(self):
|
def test_iam_custom_owner_role_created_with_no_permissions(self):
|
||||||
defender_client = mock.MagicMock
|
defender_client = mock.MagicMock
|
||||||
|
defender_client.resource_groups = {}
|
||||||
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}
|
||||||
role_name = "test-role"
|
role_name = "test-role"
|
||||||
defender_client.custom_roles = {
|
defender_client.custom_roles = {
|
||||||
|
|||||||
@@ -3,6 +3,8 @@ from unittest.mock import MagicMock, patch
|
|||||||
|
|
||||||
from tests.providers.azure.azure_fixtures import (
|
from tests.providers.azure.azure_fixtures import (
|
||||||
AZURE_SUBSCRIPTION_ID,
|
AZURE_SUBSCRIPTION_ID,
|
||||||
|
RESOURCE_GROUP,
|
||||||
|
RESOURCE_GROUP_LIST,
|
||||||
set_mocked_azure_provider,
|
set_mocked_azure_provider,
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -263,3 +265,208 @@ class Test_keyvault_service:
|
|||||||
.storage_account_name
|
.storage_account_name
|
||||||
== "storage_account_name"
|
== "storage_account_name"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
class Test_KeyVault_get_key_vaults:
|
||||||
|
def test_get_key_vaults_no_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.vaults = MagicMock()
|
||||||
|
mock_client.vaults.list_by_subscription.return_value = []
|
||||||
|
|
||||||
|
mock_provider = MagicMock()
|
||||||
|
mock_provider.identity = MagicMock()
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
|
return_value=mock_provider,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||||
|
new=MagicMock(),
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.keyvault.keyvault_service.KeyVault._get_key_vaults",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
):
|
||||||
|
from prowler.providers.azure.services.keyvault.keyvault_service import (
|
||||||
|
KeyVault,
|
||||||
|
)
|
||||||
|
|
||||||
|
keyvault = KeyVault(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
keyvault.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
keyvault.resource_groups = None
|
||||||
|
|
||||||
|
provider = set_mocked_azure_provider()
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.keyvault.keyvault_service.monitor_client"
|
||||||
|
):
|
||||||
|
result = keyvault._get_key_vaults(provider)
|
||||||
|
|
||||||
|
mock_client.vaults.list_by_subscription.assert_called_once()
|
||||||
|
mock_client.vaults.list_by_resource_group.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_key_vaults_with_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.vaults = MagicMock()
|
||||||
|
mock_client.vaults.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
mock_provider = MagicMock()
|
||||||
|
mock_provider.identity = MagicMock()
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
|
return_value=mock_provider,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||||
|
new=MagicMock(),
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.keyvault.keyvault_service.KeyVault._get_key_vaults",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
):
|
||||||
|
from prowler.providers.azure.services.keyvault.keyvault_service import (
|
||||||
|
KeyVault,
|
||||||
|
)
|
||||||
|
|
||||||
|
keyvault = KeyVault(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
keyvault.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
keyvault.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||||
|
|
||||||
|
provider = set_mocked_azure_provider()
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.keyvault.keyvault_service.monitor_client"
|
||||||
|
):
|
||||||
|
result = keyvault._get_key_vaults(provider)
|
||||||
|
|
||||||
|
mock_client.vaults.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name=RESOURCE_GROUP
|
||||||
|
)
|
||||||
|
mock_client.vaults.list_by_subscription.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_key_vaults_empty_resource_group_for_subscription(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.vaults = MagicMock()
|
||||||
|
|
||||||
|
mock_provider = MagicMock()
|
||||||
|
mock_provider.identity = MagicMock()
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
|
return_value=mock_provider,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||||
|
new=MagicMock(),
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.keyvault.keyvault_service.KeyVault._get_key_vaults",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
):
|
||||||
|
from prowler.providers.azure.services.keyvault.keyvault_service import (
|
||||||
|
KeyVault,
|
||||||
|
)
|
||||||
|
|
||||||
|
keyvault = KeyVault(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
keyvault.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
keyvault.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||||
|
|
||||||
|
provider = set_mocked_azure_provider()
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.keyvault.keyvault_service.monitor_client"
|
||||||
|
):
|
||||||
|
result = keyvault._get_key_vaults(provider)
|
||||||
|
|
||||||
|
mock_client.vaults.list_by_resource_group.assert_not_called()
|
||||||
|
mock_client.vaults.list_by_subscription.assert_not_called()
|
||||||
|
assert result[AZURE_SUBSCRIPTION_ID] == []
|
||||||
|
|
||||||
|
def test_get_key_vaults_with_multiple_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.vaults = MagicMock()
|
||||||
|
mock_client.vaults.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
mock_provider = MagicMock()
|
||||||
|
mock_provider.identity = MagicMock()
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
|
return_value=mock_provider,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||||
|
new=MagicMock(),
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.keyvault.keyvault_service.KeyVault._get_key_vaults",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
):
|
||||||
|
from prowler.providers.azure.services.keyvault.keyvault_service import (
|
||||||
|
KeyVault,
|
||||||
|
)
|
||||||
|
|
||||||
|
keyvault = KeyVault(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
keyvault.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
keyvault.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||||
|
|
||||||
|
provider = set_mocked_azure_provider()
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.keyvault.keyvault_service.monitor_client"
|
||||||
|
):
|
||||||
|
result = keyvault._get_key_vaults(provider)
|
||||||
|
|
||||||
|
assert mock_client.vaults.list_by_resource_group.call_count == len(
|
||||||
|
RESOURCE_GROUP_LIST
|
||||||
|
)
|
||||||
|
mock_client.vaults.list_by_subscription.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_key_vaults_with_mixed_case_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.vaults = MagicMock()
|
||||||
|
mock_client.vaults.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
mock_provider = MagicMock()
|
||||||
|
mock_provider.identity = MagicMock()
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||||
|
return_value=mock_provider,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
||||||
|
new=MagicMock(),
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.keyvault.keyvault_service.KeyVault._get_key_vaults",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
):
|
||||||
|
from prowler.providers.azure.services.keyvault.keyvault_service import (
|
||||||
|
KeyVault,
|
||||||
|
)
|
||||||
|
|
||||||
|
keyvault = KeyVault(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
keyvault.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
keyvault.resource_groups = {AZURE_SUBSCRIPTION_ID: ["MyRG"]}
|
||||||
|
|
||||||
|
provider = set_mocked_azure_provider()
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.keyvault.keyvault_service.monitor_client"
|
||||||
|
):
|
||||||
|
keyvault._get_key_vaults(provider)
|
||||||
|
|
||||||
|
mock_client.vaults.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name="MyRG"
|
||||||
|
)
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
from unittest.mock import patch
|
from unittest.mock import MagicMock, patch
|
||||||
|
|
||||||
from prowler.providers.azure.services.mysql.mysql_service import (
|
from prowler.providers.azure.services.mysql.mysql_service import (
|
||||||
Configuration,
|
Configuration,
|
||||||
@@ -7,6 +7,8 @@ from prowler.providers.azure.services.mysql.mysql_service import (
|
|||||||
)
|
)
|
||||||
from tests.providers.azure.azure_fixtures import (
|
from tests.providers.azure.azure_fixtures import (
|
||||||
AZURE_SUBSCRIPTION_ID,
|
AZURE_SUBSCRIPTION_ID,
|
||||||
|
RESOURCE_GROUP,
|
||||||
|
RESOURCE_GROUP_LIST,
|
||||||
set_mocked_azure_provider,
|
set_mocked_azure_provider,
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -117,3 +119,131 @@ class Test_MySQL_Service:
|
|||||||
assert configurations["test"].resource_id == "/subscriptions/resource_id"
|
assert configurations["test"].resource_id == "/subscriptions/resource_id"
|
||||||
assert configurations["test"].description == "description"
|
assert configurations["test"].description == "description"
|
||||||
assert configurations["test"].value == "value"
|
assert configurations["test"].value == "value"
|
||||||
|
|
||||||
|
|
||||||
|
class Test_MySQL_get_flexible_servers:
|
||||||
|
def test_get_flexible_servers_no_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.servers.list.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.mysql.mysql_service.MySQL._get_flexible_servers",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.mysql.mysql_service.MySQL._get_configurations",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
):
|
||||||
|
mysql = MySQL(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
mysql.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
mysql.resource_groups = None
|
||||||
|
|
||||||
|
result = mysql._get_flexible_servers()
|
||||||
|
|
||||||
|
mock_client.servers.list.assert_called_once()
|
||||||
|
mock_client.servers.list_by_resource_group.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_flexible_servers_with_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.servers.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.mysql.mysql_service.MySQL._get_flexible_servers",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.mysql.mysql_service.MySQL._get_configurations",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
):
|
||||||
|
mysql = MySQL(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
mysql.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
mysql.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||||
|
|
||||||
|
result = mysql._get_flexible_servers()
|
||||||
|
|
||||||
|
mock_client.servers.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name=RESOURCE_GROUP
|
||||||
|
)
|
||||||
|
mock_client.servers.list.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_flexible_servers_empty_resource_group_for_subscription(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.mysql.mysql_service.MySQL._get_flexible_servers",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.mysql.mysql_service.MySQL._get_configurations",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
):
|
||||||
|
mysql = MySQL(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
mysql.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
mysql.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||||
|
|
||||||
|
result = mysql._get_flexible_servers()
|
||||||
|
|
||||||
|
mock_client.servers.list_by_resource_group.assert_not_called()
|
||||||
|
mock_client.servers.list.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
assert result[AZURE_SUBSCRIPTION_ID] == {}
|
||||||
|
|
||||||
|
def test_get_flexible_servers_with_multiple_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.servers.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.mysql.mysql_service.MySQL._get_flexible_servers",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.mysql.mysql_service.MySQL._get_configurations",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
):
|
||||||
|
mysql = MySQL(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
mysql.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
mysql.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||||
|
|
||||||
|
result = mysql._get_flexible_servers()
|
||||||
|
|
||||||
|
assert mock_client.servers.list_by_resource_group.call_count == 2
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_flexible_servers_with_mixed_case_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.servers.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.mysql.mysql_service.MySQL._get_flexible_servers",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.mysql.mysql_service.MySQL._get_configurations",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
):
|
||||||
|
mysql = MySQL(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
mysql.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
mysql.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||||
|
|
||||||
|
mysql._get_flexible_servers()
|
||||||
|
|
||||||
|
mock_client.servers.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name="RG"
|
||||||
|
)
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
from unittest.mock import patch
|
from unittest.mock import MagicMock, patch
|
||||||
|
|
||||||
from azure.mgmt.network.models import FlowLog
|
from azure.mgmt.network.models import FlowLog
|
||||||
|
|
||||||
@@ -8,9 +8,12 @@ from prowler.providers.azure.services.network.network_service import (
|
|||||||
NetworkWatcher,
|
NetworkWatcher,
|
||||||
PublicIp,
|
PublicIp,
|
||||||
SecurityGroup,
|
SecurityGroup,
|
||||||
|
VirtualNetwork,
|
||||||
)
|
)
|
||||||
from tests.providers.azure.azure_fixtures import (
|
from tests.providers.azure.azure_fixtures import (
|
||||||
AZURE_SUBSCRIPTION_ID,
|
AZURE_SUBSCRIPTION_ID,
|
||||||
|
RESOURCE_GROUP,
|
||||||
|
RESOURCE_GROUP_LIST,
|
||||||
set_mocked_azure_provider,
|
set_mocked_azure_provider,
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -66,6 +69,20 @@ def mock_network_get_public_ip_addresses(_):
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
def mock_network_get_virtual_networks(_):
|
||||||
|
return {
|
||||||
|
AZURE_SUBSCRIPTION_ID: [
|
||||||
|
VirtualNetwork(
|
||||||
|
id="id",
|
||||||
|
name="name",
|
||||||
|
location="location",
|
||||||
|
enable_ddos_protection=False,
|
||||||
|
subnets=[],
|
||||||
|
)
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
@patch(
|
@patch(
|
||||||
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||||
new=mock_network_get_security_groups,
|
new=mock_network_get_security_groups,
|
||||||
@@ -82,6 +99,10 @@ def mock_network_get_public_ip_addresses(_):
|
|||||||
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||||
new=mock_network_get_public_ip_addresses,
|
new=mock_network_get_public_ip_addresses,
|
||||||
)
|
)
|
||||||
|
@patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_virtual_networks",
|
||||||
|
new=mock_network_get_virtual_networks,
|
||||||
|
)
|
||||||
class Test_Network_Service:
|
class Test_Network_Service:
|
||||||
def test_get_client(self):
|
def test_get_client(self):
|
||||||
network = Network(set_mocked_azure_provider())
|
network = Network(set_mocked_azure_provider())
|
||||||
@@ -162,3 +183,905 @@ class Test_Network_Service:
|
|||||||
network.public_ip_addresses[AZURE_SUBSCRIPTION_ID][0].ip_address
|
network.public_ip_addresses[AZURE_SUBSCRIPTION_ID][0].ip_address
|
||||||
== "ip_address"
|
== "ip_address"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
class Test_Network_get_security_groups:
|
||||||
|
def test_get_security_groups_no_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.network_security_groups.list_all.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||||
|
new=mock_network_get_security_groups,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||||
|
new=mock_network_get_bastion_hosts,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||||
|
new=mock_network_get_network_watchers,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||||
|
new=mock_network_get_public_ip_addresses,
|
||||||
|
),
|
||||||
|
):
|
||||||
|
network = Network(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
network.resource_groups = None
|
||||||
|
|
||||||
|
result = network._get_security_groups()
|
||||||
|
|
||||||
|
mock_client.network_security_groups.list_all.assert_called_once()
|
||||||
|
mock_client.network_security_groups.list.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_security_groups_with_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.network_security_groups.list.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||||
|
new=mock_network_get_security_groups,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||||
|
new=mock_network_get_bastion_hosts,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||||
|
new=mock_network_get_network_watchers,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||||
|
new=mock_network_get_public_ip_addresses,
|
||||||
|
),
|
||||||
|
):
|
||||||
|
network = Network(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
network.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||||
|
|
||||||
|
result = network._get_security_groups()
|
||||||
|
|
||||||
|
mock_client.network_security_groups.list.assert_called_once_with(
|
||||||
|
resource_group_name=RESOURCE_GROUP
|
||||||
|
)
|
||||||
|
mock_client.network_security_groups.list_all.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_security_groups_empty_resource_group_for_subscription(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||||
|
new=mock_network_get_security_groups,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||||
|
new=mock_network_get_bastion_hosts,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||||
|
new=mock_network_get_network_watchers,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||||
|
new=mock_network_get_public_ip_addresses,
|
||||||
|
),
|
||||||
|
):
|
||||||
|
network = Network(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
network.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||||
|
|
||||||
|
result = network._get_security_groups()
|
||||||
|
|
||||||
|
mock_client.network_security_groups.list.assert_not_called()
|
||||||
|
mock_client.network_security_groups.list_all.assert_not_called()
|
||||||
|
assert result[AZURE_SUBSCRIPTION_ID] == []
|
||||||
|
|
||||||
|
|
||||||
|
class Test_Network_get_network_watchers:
|
||||||
|
def test_get_network_watchers_no_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.network_watchers = MagicMock()
|
||||||
|
mock_client.network_watchers.list_all.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||||
|
new=mock_network_get_security_groups,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||||
|
new=mock_network_get_bastion_hosts,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||||
|
new=mock_network_get_network_watchers,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||||
|
new=mock_network_get_public_ip_addresses,
|
||||||
|
),
|
||||||
|
):
|
||||||
|
network = Network(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
network.resource_groups = None
|
||||||
|
|
||||||
|
result = network._get_network_watchers()
|
||||||
|
|
||||||
|
mock_client.network_watchers.list_all.assert_called_once()
|
||||||
|
mock_client.network_watchers.list.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_network_watchers_with_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.network_watchers = MagicMock()
|
||||||
|
mock_client.network_watchers.list_all.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||||
|
new=mock_network_get_security_groups,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||||
|
new=mock_network_get_bastion_hosts,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||||
|
new=mock_network_get_network_watchers,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||||
|
new=mock_network_get_public_ip_addresses,
|
||||||
|
),
|
||||||
|
):
|
||||||
|
network = Network(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
network.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||||
|
|
||||||
|
result = network._get_network_watchers()
|
||||||
|
|
||||||
|
mock_client.network_watchers.list_all.assert_called_once()
|
||||||
|
mock_client.network_watchers.list.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_network_watchers_empty_resource_group_for_subscription(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.network_watchers = MagicMock()
|
||||||
|
mock_client.network_watchers.list_all.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||||
|
new=mock_network_get_security_groups,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||||
|
new=mock_network_get_bastion_hosts,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||||
|
new=mock_network_get_network_watchers,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||||
|
new=mock_network_get_public_ip_addresses,
|
||||||
|
),
|
||||||
|
):
|
||||||
|
network = Network(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
network.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||||
|
|
||||||
|
result = network._get_network_watchers()
|
||||||
|
|
||||||
|
mock_client.network_watchers.list_all.assert_called_once()
|
||||||
|
mock_client.network_watchers.list.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
|
||||||
|
class Test_Network_get_bastion_hosts:
|
||||||
|
def test_get_bastion_hosts_no_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.bastion_hosts = MagicMock()
|
||||||
|
mock_client.bastion_hosts.list.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||||
|
new=mock_network_get_security_groups,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||||
|
new=mock_network_get_bastion_hosts,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||||
|
new=mock_network_get_network_watchers,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||||
|
new=mock_network_get_public_ip_addresses,
|
||||||
|
),
|
||||||
|
):
|
||||||
|
network = Network(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
network.resource_groups = None
|
||||||
|
|
||||||
|
result = network._get_bastion_hosts()
|
||||||
|
|
||||||
|
mock_client.bastion_hosts.list.assert_called_once()
|
||||||
|
mock_client.bastion_hosts.list_by_resource_group.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_bastion_hosts_with_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.bastion_hosts = MagicMock()
|
||||||
|
mock_client.bastion_hosts.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||||
|
new=mock_network_get_security_groups,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||||
|
new=mock_network_get_bastion_hosts,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||||
|
new=mock_network_get_network_watchers,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||||
|
new=mock_network_get_public_ip_addresses,
|
||||||
|
),
|
||||||
|
):
|
||||||
|
network = Network(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
network.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||||
|
|
||||||
|
result = network._get_bastion_hosts()
|
||||||
|
|
||||||
|
mock_client.bastion_hosts.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name=RESOURCE_GROUP
|
||||||
|
)
|
||||||
|
mock_client.bastion_hosts.list.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_bastion_hosts_empty_resource_group_for_subscription(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.bastion_hosts = MagicMock()
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||||
|
new=mock_network_get_security_groups,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||||
|
new=mock_network_get_bastion_hosts,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||||
|
new=mock_network_get_network_watchers,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||||
|
new=mock_network_get_public_ip_addresses,
|
||||||
|
),
|
||||||
|
):
|
||||||
|
network = Network(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
network.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||||
|
|
||||||
|
result = network._get_bastion_hosts()
|
||||||
|
|
||||||
|
mock_client.bastion_hosts.list_by_resource_group.assert_not_called()
|
||||||
|
mock_client.bastion_hosts.list.assert_not_called()
|
||||||
|
assert result[AZURE_SUBSCRIPTION_ID] == []
|
||||||
|
|
||||||
|
|
||||||
|
class Test_Network_get_public_ip_addresses:
|
||||||
|
def test_get_public_ip_addresses_no_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.public_ip_addresses = MagicMock()
|
||||||
|
mock_client.public_ip_addresses.list_all.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||||
|
new=mock_network_get_security_groups,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||||
|
new=mock_network_get_bastion_hosts,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||||
|
new=mock_network_get_network_watchers,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||||
|
new=mock_network_get_public_ip_addresses,
|
||||||
|
),
|
||||||
|
):
|
||||||
|
network = Network(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
network.resource_groups = None
|
||||||
|
|
||||||
|
result = network._get_public_ip_addresses()
|
||||||
|
|
||||||
|
mock_client.public_ip_addresses.list_all.assert_called_once()
|
||||||
|
mock_client.public_ip_addresses.list.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_public_ip_addresses_with_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.public_ip_addresses = MagicMock()
|
||||||
|
mock_client.public_ip_addresses.list.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||||
|
new=mock_network_get_security_groups,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||||
|
new=mock_network_get_bastion_hosts,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||||
|
new=mock_network_get_network_watchers,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||||
|
new=mock_network_get_public_ip_addresses,
|
||||||
|
),
|
||||||
|
):
|
||||||
|
network = Network(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
network.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||||
|
|
||||||
|
result = network._get_public_ip_addresses()
|
||||||
|
|
||||||
|
mock_client.public_ip_addresses.list.assert_called_once_with(
|
||||||
|
resource_group_name=RESOURCE_GROUP
|
||||||
|
)
|
||||||
|
mock_client.public_ip_addresses.list_all.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_public_ip_addresses_empty_resource_group_for_subscription(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.public_ip_addresses = MagicMock()
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||||
|
new=mock_network_get_security_groups,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||||
|
new=mock_network_get_bastion_hosts,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||||
|
new=mock_network_get_network_watchers,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||||
|
new=mock_network_get_public_ip_addresses,
|
||||||
|
),
|
||||||
|
):
|
||||||
|
network = Network(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
network.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||||
|
|
||||||
|
result = network._get_public_ip_addresses()
|
||||||
|
|
||||||
|
mock_client.public_ip_addresses.list.assert_not_called()
|
||||||
|
mock_client.public_ip_addresses.list_all.assert_not_called()
|
||||||
|
assert result[AZURE_SUBSCRIPTION_ID] == []
|
||||||
|
|
||||||
|
def test_get_security_groups_with_multiple_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.network_security_groups = MagicMock()
|
||||||
|
mock_client.network_security_groups.list.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||||
|
new=mock_network_get_security_groups,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||||
|
new=mock_network_get_bastion_hosts,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||||
|
new=mock_network_get_network_watchers,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||||
|
new=mock_network_get_public_ip_addresses,
|
||||||
|
),
|
||||||
|
):
|
||||||
|
network = Network(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
network.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||||
|
|
||||||
|
result = network._get_security_groups()
|
||||||
|
|
||||||
|
assert mock_client.network_security_groups.list.call_count == 2
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_security_groups_with_mixed_case_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.network_security_groups = MagicMock()
|
||||||
|
mock_client.network_security_groups.list.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||||
|
new=mock_network_get_security_groups,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||||
|
new=mock_network_get_bastion_hosts,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||||
|
new=mock_network_get_network_watchers,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||||
|
new=mock_network_get_public_ip_addresses,
|
||||||
|
),
|
||||||
|
):
|
||||||
|
network = Network(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
network.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||||
|
|
||||||
|
network._get_security_groups()
|
||||||
|
|
||||||
|
mock_client.network_security_groups.list.assert_called_once_with(
|
||||||
|
resource_group_name="RG"
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
class Test_Network_get_network_watchers_extra:
|
||||||
|
def test_get_network_watchers_with_multiple_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.network_watchers = MagicMock()
|
||||||
|
mock_client.network_watchers.list_all.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||||
|
new=mock_network_get_security_groups,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||||
|
new=mock_network_get_bastion_hosts,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||||
|
new=mock_network_get_network_watchers,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||||
|
new=mock_network_get_public_ip_addresses,
|
||||||
|
),
|
||||||
|
):
|
||||||
|
network = Network(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
network.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||||
|
|
||||||
|
result = network._get_network_watchers()
|
||||||
|
|
||||||
|
mock_client.network_watchers.list_all.assert_called_once()
|
||||||
|
mock_client.network_watchers.list.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_network_watchers_with_mixed_case_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.network_watchers = MagicMock()
|
||||||
|
mock_client.network_watchers.list_all.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||||
|
new=mock_network_get_security_groups,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||||
|
new=mock_network_get_bastion_hosts,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||||
|
new=mock_network_get_network_watchers,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||||
|
new=mock_network_get_public_ip_addresses,
|
||||||
|
),
|
||||||
|
):
|
||||||
|
network = Network(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
network.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||||
|
|
||||||
|
network._get_network_watchers()
|
||||||
|
|
||||||
|
mock_client.network_watchers.list_all.assert_called_once()
|
||||||
|
mock_client.network_watchers.list.assert_not_called()
|
||||||
|
|
||||||
|
|
||||||
|
class Test_Network_get_bastion_hosts_extra:
|
||||||
|
def test_get_bastion_hosts_with_multiple_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.bastion_hosts = MagicMock()
|
||||||
|
mock_client.bastion_hosts.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||||
|
new=mock_network_get_security_groups,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||||
|
new=mock_network_get_bastion_hosts,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||||
|
new=mock_network_get_network_watchers,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||||
|
new=mock_network_get_public_ip_addresses,
|
||||||
|
),
|
||||||
|
):
|
||||||
|
network = Network(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
network.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||||
|
|
||||||
|
result = network._get_bastion_hosts()
|
||||||
|
|
||||||
|
assert mock_client.bastion_hosts.list_by_resource_group.call_count == 2
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_bastion_hosts_with_mixed_case_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.bastion_hosts = MagicMock()
|
||||||
|
mock_client.bastion_hosts.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||||
|
new=mock_network_get_security_groups,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||||
|
new=mock_network_get_bastion_hosts,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||||
|
new=mock_network_get_network_watchers,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||||
|
new=mock_network_get_public_ip_addresses,
|
||||||
|
),
|
||||||
|
):
|
||||||
|
network = Network(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
network.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||||
|
|
||||||
|
network._get_bastion_hosts()
|
||||||
|
|
||||||
|
mock_client.bastion_hosts.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name="RG"
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
class Test_Network_get_public_ip_addresses_extra:
|
||||||
|
def test_get_public_ip_addresses_with_multiple_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.public_ip_addresses = MagicMock()
|
||||||
|
mock_client.public_ip_addresses.list.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||||
|
new=mock_network_get_security_groups,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||||
|
new=mock_network_get_bastion_hosts,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||||
|
new=mock_network_get_network_watchers,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||||
|
new=mock_network_get_public_ip_addresses,
|
||||||
|
),
|
||||||
|
):
|
||||||
|
network = Network(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
network.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||||
|
|
||||||
|
result = network._get_public_ip_addresses()
|
||||||
|
|
||||||
|
assert mock_client.public_ip_addresses.list.call_count == 2
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_public_ip_addresses_with_mixed_case_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.public_ip_addresses = MagicMock()
|
||||||
|
mock_client.public_ip_addresses.list.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||||
|
new=mock_network_get_security_groups,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||||
|
new=mock_network_get_bastion_hosts,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||||
|
new=mock_network_get_network_watchers,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||||
|
new=mock_network_get_public_ip_addresses,
|
||||||
|
),
|
||||||
|
):
|
||||||
|
network = Network(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
network.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||||
|
|
||||||
|
network._get_public_ip_addresses()
|
||||||
|
|
||||||
|
mock_client.public_ip_addresses.list.assert_called_once_with(
|
||||||
|
resource_group_name="RG"
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
class Test_Network_get_virtual_networks_extra:
|
||||||
|
def _ctx(self):
|
||||||
|
return (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||||
|
new=mock_network_get_security_groups,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||||
|
new=mock_network_get_bastion_hosts,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||||
|
new=mock_network_get_network_watchers,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||||
|
new=mock_network_get_public_ip_addresses,
|
||||||
|
),
|
||||||
|
)
|
||||||
|
|
||||||
|
def test_get_virtual_networks_no_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.virtual_networks = MagicMock()
|
||||||
|
mock_client.virtual_networks.list_all.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||||
|
new=mock_network_get_security_groups,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||||
|
new=mock_network_get_bastion_hosts,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||||
|
new=mock_network_get_network_watchers,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||||
|
new=mock_network_get_public_ip_addresses,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_virtual_networks",
|
||||||
|
new=mock_network_get_virtual_networks,
|
||||||
|
),
|
||||||
|
):
|
||||||
|
network = Network(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
network.resource_groups = None
|
||||||
|
|
||||||
|
result = network._get_virtual_networks()
|
||||||
|
|
||||||
|
mock_client.virtual_networks.list_all.assert_called_once()
|
||||||
|
mock_client.virtual_networks.list.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_virtual_networks_with_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.virtual_networks = MagicMock()
|
||||||
|
mock_client.virtual_networks.list.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||||
|
new=mock_network_get_security_groups,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||||
|
new=mock_network_get_bastion_hosts,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||||
|
new=mock_network_get_network_watchers,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||||
|
new=mock_network_get_public_ip_addresses,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_virtual_networks",
|
||||||
|
new=mock_network_get_virtual_networks,
|
||||||
|
),
|
||||||
|
):
|
||||||
|
network = Network(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
network.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||||
|
|
||||||
|
result = network._get_virtual_networks()
|
||||||
|
|
||||||
|
mock_client.virtual_networks.list.assert_called_once_with(
|
||||||
|
resource_group_name=RESOURCE_GROUP
|
||||||
|
)
|
||||||
|
mock_client.virtual_networks.list_all.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_virtual_networks_empty_resource_group_for_subscription(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.virtual_networks = MagicMock()
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||||
|
new=mock_network_get_security_groups,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||||
|
new=mock_network_get_bastion_hosts,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||||
|
new=mock_network_get_network_watchers,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||||
|
new=mock_network_get_public_ip_addresses,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_virtual_networks",
|
||||||
|
new=mock_network_get_virtual_networks,
|
||||||
|
),
|
||||||
|
):
|
||||||
|
network = Network(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
network.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||||
|
|
||||||
|
result = network._get_virtual_networks()
|
||||||
|
|
||||||
|
mock_client.virtual_networks.list.assert_not_called()
|
||||||
|
mock_client.virtual_networks.list_all.assert_not_called()
|
||||||
|
assert result[AZURE_SUBSCRIPTION_ID] == []
|
||||||
|
|
||||||
|
def test_get_virtual_networks_with_multiple_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.virtual_networks = MagicMock()
|
||||||
|
mock_client.virtual_networks.list.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||||
|
new=mock_network_get_security_groups,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||||
|
new=mock_network_get_bastion_hosts,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||||
|
new=mock_network_get_network_watchers,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||||
|
new=mock_network_get_public_ip_addresses,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_virtual_networks",
|
||||||
|
new=mock_network_get_virtual_networks,
|
||||||
|
),
|
||||||
|
):
|
||||||
|
network = Network(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
network.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||||
|
|
||||||
|
result = network._get_virtual_networks()
|
||||||
|
|
||||||
|
assert mock_client.virtual_networks.list.call_count == 2
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_virtual_networks_with_mixed_case_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.virtual_networks = MagicMock()
|
||||||
|
mock_client.virtual_networks.list.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_security_groups",
|
||||||
|
new=mock_network_get_security_groups,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_bastion_hosts",
|
||||||
|
new=mock_network_get_bastion_hosts,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_network_watchers",
|
||||||
|
new=mock_network_get_network_watchers,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_public_ip_addresses",
|
||||||
|
new=mock_network_get_public_ip_addresses,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.network.network_service.Network._get_virtual_networks",
|
||||||
|
new=mock_network_get_virtual_networks,
|
||||||
|
),
|
||||||
|
):
|
||||||
|
network = Network(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
network.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
network.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||||
|
|
||||||
|
network._get_virtual_networks()
|
||||||
|
|
||||||
|
mock_client.virtual_networks.list.assert_called_once_with(
|
||||||
|
resource_group_name="RG"
|
||||||
|
)
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
from unittest.mock import patch
|
from unittest.mock import MagicMock, patch
|
||||||
|
|
||||||
from prowler.providers.azure.services.policy.policy_service import (
|
from prowler.providers.azure.services.policy.policy_service import (
|
||||||
Policy,
|
Policy,
|
||||||
@@ -6,6 +6,8 @@ from prowler.providers.azure.services.policy.policy_service import (
|
|||||||
)
|
)
|
||||||
from tests.providers.azure.azure_fixtures import (
|
from tests.providers.azure.azure_fixtures import (
|
||||||
AZURE_SUBSCRIPTION_ID,
|
AZURE_SUBSCRIPTION_ID,
|
||||||
|
RESOURCE_GROUP,
|
||||||
|
RESOURCE_GROUP_LIST,
|
||||||
set_mocked_azure_provider,
|
set_mocked_azure_provider,
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -52,3 +54,99 @@ class Test_Policy_Service:
|
|||||||
policy.policy_assigments[AZURE_SUBSCRIPTION_ID]["policy-1"].enforcement_mode
|
policy.policy_assigments[AZURE_SUBSCRIPTION_ID]["policy-1"].enforcement_mode
|
||||||
== "Default"
|
== "Default"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
class Test_Policy_get_policy_assigments:
|
||||||
|
def test_get_policy_assigments_no_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.policy_assignments.list.return_value = []
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.policy.policy_service.Policy._get_policy_assigments",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
policy = Policy(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
policy.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
policy.resource_groups = None
|
||||||
|
|
||||||
|
result = policy._get_policy_assigments()
|
||||||
|
|
||||||
|
mock_client.policy_assignments.list.assert_called_once()
|
||||||
|
mock_client.policy_assignments.list_for_resource_group.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_policy_assigments_with_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.policy_assignments.list.return_value = []
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.policy.policy_service.Policy._get_policy_assigments",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
policy = Policy(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
policy.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
policy.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||||
|
|
||||||
|
result = policy._get_policy_assigments()
|
||||||
|
|
||||||
|
mock_client.policy_assignments.list.assert_called_once()
|
||||||
|
mock_client.policy_assignments.list_for_resource_group.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_policy_assigments_empty_resource_group_for_subscription(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.policy_assignments.list.return_value = []
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.policy.policy_service.Policy._get_policy_assigments",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
policy = Policy(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
policy.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
policy.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||||
|
|
||||||
|
result = policy._get_policy_assigments()
|
||||||
|
|
||||||
|
mock_client.policy_assignments.list.assert_called_once()
|
||||||
|
mock_client.policy_assignments.list_for_resource_group.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_policy_assigments_with_multiple_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.policy_assignments.list.return_value = []
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.policy.policy_service.Policy._get_policy_assigments",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
policy = Policy(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
policy.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
policy.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||||
|
|
||||||
|
result = policy._get_policy_assigments()
|
||||||
|
|
||||||
|
mock_client.policy_assignments.list.assert_called_once()
|
||||||
|
mock_client.policy_assignments.list_for_resource_group.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_policy_assigments_with_mixed_case_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.policy_assignments.list.return_value = []
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.policy.policy_service.Policy._get_policy_assigments",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
policy = Policy(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
policy.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
policy.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||||
|
|
||||||
|
policy._get_policy_assigments()
|
||||||
|
|
||||||
|
mock_client.policy_assignments.list.assert_called_once()
|
||||||
|
mock_client.policy_assignments.list_for_resource_group.assert_not_called()
|
||||||
|
|||||||
@@ -11,6 +11,8 @@ from prowler.providers.azure.services.postgresql.postgresql_service import (
|
|||||||
)
|
)
|
||||||
from tests.providers.azure.azure_fixtures import (
|
from tests.providers.azure.azure_fixtures import (
|
||||||
AZURE_SUBSCRIPTION_ID,
|
AZURE_SUBSCRIPTION_ID,
|
||||||
|
RESOURCE_GROUP,
|
||||||
|
RESOURCE_GROUP_LIST,
|
||||||
set_mocked_azure_provider,
|
set_mocked_azure_provider,
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -243,6 +245,103 @@ class Test_SqlServer_Service:
|
|||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
class Test_PostgreSQL_get_flexible_servers:
|
||||||
|
def test_get_flexible_servers_no_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.servers.list.return_value = []
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.postgresql.postgresql_service.PostgreSQL._get_flexible_servers",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
postgresql = PostgreSQL(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
postgresql.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
postgresql.resource_groups = None
|
||||||
|
|
||||||
|
result = postgresql._get_flexible_servers()
|
||||||
|
|
||||||
|
mock_client.servers.list.assert_called_once()
|
||||||
|
mock_client.servers.list_by_resource_group.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_flexible_servers_with_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.servers.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.postgresql.postgresql_service.PostgreSQL._get_flexible_servers",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
postgresql = PostgreSQL(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
postgresql.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
postgresql.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||||
|
|
||||||
|
result = postgresql._get_flexible_servers()
|
||||||
|
|
||||||
|
mock_client.servers.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name=RESOURCE_GROUP
|
||||||
|
)
|
||||||
|
mock_client.servers.list.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_flexible_servers_empty_resource_group_for_subscription(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.postgresql.postgresql_service.PostgreSQL._get_flexible_servers",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
postgresql = PostgreSQL(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
postgresql.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
postgresql.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||||
|
|
||||||
|
result = postgresql._get_flexible_servers()
|
||||||
|
|
||||||
|
mock_client.servers.list_by_resource_group.assert_not_called()
|
||||||
|
mock_client.servers.list.assert_not_called()
|
||||||
|
assert result[AZURE_SUBSCRIPTION_ID] == []
|
||||||
|
|
||||||
|
def test_get_flexible_servers_with_multiple_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.servers.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.postgresql.postgresql_service.PostgreSQL._get_flexible_servers",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
postgresql = PostgreSQL(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
postgresql.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
postgresql.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||||
|
|
||||||
|
result = postgresql._get_flexible_servers()
|
||||||
|
|
||||||
|
assert mock_client.servers.list_by_resource_group.call_count == 2
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_flexible_servers_with_mixed_case_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.servers.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.postgresql.postgresql_service.PostgreSQL._get_flexible_servers",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
postgresql = PostgreSQL(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
postgresql.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
postgresql.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||||
|
|
||||||
|
postgresql._get_flexible_servers()
|
||||||
|
|
||||||
|
mock_client.servers.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name="RG"
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
def _make_server(name):
|
def _make_server(name):
|
||||||
server = MagicMock()
|
server = MagicMock()
|
||||||
server.id = (
|
server.id = (
|
||||||
|
|||||||
@@ -1,11 +1,18 @@
|
|||||||
from types import SimpleNamespace
|
from types import SimpleNamespace
|
||||||
from unittest import mock
|
from unittest import mock
|
||||||
|
from unittest.mock import MagicMock, patch
|
||||||
|
|
||||||
from prowler.providers.azure.services.recovery.recovery_service import (
|
from prowler.providers.azure.services.recovery.recovery_service import (
|
||||||
BackupVault,
|
BackupVault,
|
||||||
|
Recovery,
|
||||||
RecoveryBackup,
|
RecoveryBackup,
|
||||||
)
|
)
|
||||||
from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION_ID
|
from tests.providers.azure.azure_fixtures import (
|
||||||
|
AZURE_SUBSCRIPTION_ID,
|
||||||
|
RESOURCE_GROUP,
|
||||||
|
RESOURCE_GROUP_LIST,
|
||||||
|
set_mocked_azure_provider,
|
||||||
|
)
|
||||||
|
|
||||||
VAULT_ID = (
|
VAULT_ID = (
|
||||||
f"/subscriptions/{AZURE_SUBSCRIPTION_ID}/resourceGroups/rg1/"
|
f"/subscriptions/{AZURE_SUBSCRIPTION_ID}/resourceGroups/rg1/"
|
||||||
@@ -20,6 +27,139 @@ class BackupClientFake:
|
|||||||
self.backup_policies.list.return_value = policies
|
self.backup_policies.list.return_value = policies
|
||||||
|
|
||||||
|
|
||||||
|
class Test_Recovery_get_vaults:
|
||||||
|
def test_get_vaults_no_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.vaults = MagicMock()
|
||||||
|
mock_client.vaults.list_by_subscription_id.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.recovery.recovery_service.Recovery._get_vaults",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.recovery.recovery_service.RecoveryBackup",
|
||||||
|
),
|
||||||
|
):
|
||||||
|
recovery = Recovery(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
recovery.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
recovery.resource_groups = None
|
||||||
|
|
||||||
|
result = recovery._get_vaults()
|
||||||
|
|
||||||
|
mock_client.vaults.list_by_subscription_id.assert_called_once()
|
||||||
|
mock_client.vaults.list_by_resource_group.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_vaults_with_resource_group(self):
|
||||||
|
mock_vault = MagicMock()
|
||||||
|
mock_vault.id = "vault-id-1"
|
||||||
|
mock_vault.name = "my-vault"
|
||||||
|
mock_vault.location = "eastus"
|
||||||
|
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.vaults = MagicMock()
|
||||||
|
mock_client.vaults.list_by_resource_group.return_value = [mock_vault]
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.recovery.recovery_service.Recovery._get_vaults",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.recovery.recovery_service.RecoveryBackup",
|
||||||
|
),
|
||||||
|
):
|
||||||
|
recovery = Recovery(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
recovery.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
recovery.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||||
|
|
||||||
|
result = recovery._get_vaults()
|
||||||
|
|
||||||
|
mock_client.vaults.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name=RESOURCE_GROUP
|
||||||
|
)
|
||||||
|
mock_client.vaults.list_by_subscription_id.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
assert "vault-id-1" in result[AZURE_SUBSCRIPTION_ID]
|
||||||
|
|
||||||
|
def test_get_vaults_empty_resource_group_for_subscription(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.vaults = MagicMock()
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.recovery.recovery_service.Recovery._get_vaults",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.recovery.recovery_service.RecoveryBackup",
|
||||||
|
),
|
||||||
|
):
|
||||||
|
recovery = Recovery(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
recovery.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
recovery.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||||
|
|
||||||
|
result = recovery._get_vaults()
|
||||||
|
|
||||||
|
mock_client.vaults.list_by_resource_group.assert_not_called()
|
||||||
|
mock_client.vaults.list_by_subscription_id.assert_not_called()
|
||||||
|
assert result[AZURE_SUBSCRIPTION_ID] == {}
|
||||||
|
|
||||||
|
def test_get_vaults_with_multiple_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.vaults = MagicMock()
|
||||||
|
mock_client.vaults.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.recovery.recovery_service.Recovery._get_vaults",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.recovery.recovery_service.RecoveryBackup",
|
||||||
|
),
|
||||||
|
):
|
||||||
|
recovery = Recovery(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
recovery.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
recovery.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||||
|
|
||||||
|
result = recovery._get_vaults()
|
||||||
|
|
||||||
|
assert mock_client.vaults.list_by_resource_group.call_count == 2
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_vaults_with_mixed_case_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.vaults = MagicMock()
|
||||||
|
mock_client.vaults.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.recovery.recovery_service.Recovery._get_vaults",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.recovery.recovery_service.RecoveryBackup",
|
||||||
|
),
|
||||||
|
):
|
||||||
|
recovery = Recovery(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
recovery.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
recovery.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||||
|
|
||||||
|
recovery._get_vaults()
|
||||||
|
|
||||||
|
mock_client.vaults.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name="RG"
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
class Test_RecoveryBackup_Service:
|
class Test_RecoveryBackup_Service:
|
||||||
def test_get_backup_policies_lists_unprotected_vault_policies(self):
|
def test_get_backup_policies_lists_unprotected_vault_policies(self):
|
||||||
policy = SimpleNamespace(
|
policy = SimpleNamespace(
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
from unittest.mock import patch
|
from unittest.mock import MagicMock, patch
|
||||||
|
|
||||||
from azure.mgmt.sql.models import (
|
from azure.mgmt.sql.models import (
|
||||||
EncryptionProtector,
|
EncryptionProtector,
|
||||||
@@ -16,6 +16,8 @@ from prowler.providers.azure.services.sqlserver.sqlserver_service import (
|
|||||||
)
|
)
|
||||||
from tests.providers.azure.azure_fixtures import (
|
from tests.providers.azure.azure_fixtures import (
|
||||||
AZURE_SUBSCRIPTION_ID,
|
AZURE_SUBSCRIPTION_ID,
|
||||||
|
RESOURCE_GROUP,
|
||||||
|
RESOURCE_GROUP_LIST,
|
||||||
set_mocked_azure_provider,
|
set_mocked_azure_provider,
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -245,3 +247,100 @@ class Test_SqlServer_Service:
|
|||||||
].security_alert_policies.state
|
].security_alert_policies.state
|
||||||
== "Disabled"
|
== "Disabled"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
class Test_SQLServer_get_sql_servers:
|
||||||
|
def test_get_sql_servers_no_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.servers.list.return_value = []
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.sqlserver.sqlserver_service.SQLServer._get_sql_servers",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
sql_server = SQLServer(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
sql_server.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
sql_server.resource_groups = None
|
||||||
|
|
||||||
|
result = sql_server._get_sql_servers()
|
||||||
|
|
||||||
|
mock_client.servers.list.assert_called_once()
|
||||||
|
mock_client.servers.list_by_resource_group.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_sql_servers_with_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.servers.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.sqlserver.sqlserver_service.SQLServer._get_sql_servers",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
sql_server = SQLServer(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
sql_server.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
sql_server.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||||
|
|
||||||
|
result = sql_server._get_sql_servers()
|
||||||
|
|
||||||
|
mock_client.servers.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name=RESOURCE_GROUP
|
||||||
|
)
|
||||||
|
mock_client.servers.list.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_sql_servers_empty_resource_group_for_subscription(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.sqlserver.sqlserver_service.SQLServer._get_sql_servers",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
sql_server = SQLServer(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
sql_server.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
sql_server.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||||
|
|
||||||
|
result = sql_server._get_sql_servers()
|
||||||
|
|
||||||
|
mock_client.servers.list_by_resource_group.assert_not_called()
|
||||||
|
mock_client.servers.list.assert_not_called()
|
||||||
|
assert result[AZURE_SUBSCRIPTION_ID] == []
|
||||||
|
|
||||||
|
def test_get_sql_servers_with_multiple_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.servers.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.sqlserver.sqlserver_service.SQLServer._get_sql_servers",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
sql_server = SQLServer(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
sql_server.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
sql_server.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||||
|
|
||||||
|
result = sql_server._get_sql_servers()
|
||||||
|
|
||||||
|
assert mock_client.servers.list_by_resource_group.call_count == 2
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_sql_servers_with_mixed_case_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.servers.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with patch(
|
||||||
|
"prowler.providers.azure.services.sqlserver.sqlserver_service.SQLServer._get_sql_servers",
|
||||||
|
return_value={},
|
||||||
|
):
|
||||||
|
sql_server = SQLServer(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
sql_server.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
sql_server.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||||
|
|
||||||
|
sql_server._get_sql_servers()
|
||||||
|
|
||||||
|
mock_client.servers.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name="RG"
|
||||||
|
)
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
from unittest.mock import patch
|
from unittest.mock import MagicMock, patch
|
||||||
|
|
||||||
from prowler.providers.azure.services.storage.storage_service import (
|
from prowler.providers.azure.services.storage.storage_service import (
|
||||||
Account,
|
Account,
|
||||||
@@ -11,6 +11,8 @@ from prowler.providers.azure.services.storage.storage_service import (
|
|||||||
)
|
)
|
||||||
from tests.providers.azure.azure_fixtures import (
|
from tests.providers.azure.azure_fixtures import (
|
||||||
AZURE_SUBSCRIPTION_ID,
|
AZURE_SUBSCRIPTION_ID,
|
||||||
|
RESOURCE_GROUP,
|
||||||
|
RESOURCE_GROUP_LIST,
|
||||||
set_mocked_azure_provider,
|
set_mocked_azure_provider,
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -387,3 +389,155 @@ class Test_Storage_Service_Retention_Policy_None_Handling:
|
|||||||
is False
|
is False
|
||||||
)
|
)
|
||||||
assert account.file_service_properties.share_delete_retention_policy.days == 0
|
assert account.file_service_properties.share_delete_retention_policy.days == 0
|
||||||
|
|
||||||
|
|
||||||
|
class Test_Storage_get_storage_accounts:
|
||||||
|
def test_get_storage_accounts_no_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.storage_accounts = MagicMock()
|
||||||
|
mock_client.storage_accounts.list.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.storage.storage_service.Storage._get_storage_accounts",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.storage.storage_service.Storage._get_blob_properties",
|
||||||
|
return_value=None,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.storage.storage_service.Storage._get_file_share_properties",
|
||||||
|
return_value=None,
|
||||||
|
),
|
||||||
|
):
|
||||||
|
storage = Storage(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
storage.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
storage.resource_groups = None
|
||||||
|
|
||||||
|
result = storage._get_storage_accounts()
|
||||||
|
|
||||||
|
mock_client.storage_accounts.list.assert_called_once()
|
||||||
|
mock_client.storage_accounts.list_by_resource_group.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_storage_accounts_with_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.storage_accounts = MagicMock()
|
||||||
|
mock_client.storage_accounts.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.storage.storage_service.Storage._get_storage_accounts",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.storage.storage_service.Storage._get_blob_properties",
|
||||||
|
return_value=None,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.storage.storage_service.Storage._get_file_share_properties",
|
||||||
|
return_value=None,
|
||||||
|
),
|
||||||
|
):
|
||||||
|
storage = Storage(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
storage.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
storage.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||||
|
|
||||||
|
result = storage._get_storage_accounts()
|
||||||
|
|
||||||
|
mock_client.storage_accounts.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name=RESOURCE_GROUP
|
||||||
|
)
|
||||||
|
mock_client.storage_accounts.list.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_storage_accounts_empty_resource_group_for_subscription(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.storage_accounts = MagicMock()
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.storage.storage_service.Storage._get_storage_accounts",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.storage.storage_service.Storage._get_blob_properties",
|
||||||
|
return_value=None,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.storage.storage_service.Storage._get_file_share_properties",
|
||||||
|
return_value=None,
|
||||||
|
),
|
||||||
|
):
|
||||||
|
storage = Storage(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
storage.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
storage.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||||
|
|
||||||
|
result = storage._get_storage_accounts()
|
||||||
|
|
||||||
|
mock_client.storage_accounts.list_by_resource_group.assert_not_called()
|
||||||
|
mock_client.storage_accounts.list.assert_not_called()
|
||||||
|
assert result[AZURE_SUBSCRIPTION_ID] == []
|
||||||
|
|
||||||
|
def test_get_storage_accounts_with_multiple_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.storage_accounts = MagicMock()
|
||||||
|
mock_client.storage_accounts.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.storage.storage_service.Storage._get_storage_accounts",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.storage.storage_service.Storage._get_blob_properties",
|
||||||
|
return_value=None,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.storage.storage_service.Storage._get_file_share_properties",
|
||||||
|
return_value=None,
|
||||||
|
),
|
||||||
|
):
|
||||||
|
storage = Storage(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
storage.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
storage.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||||
|
|
||||||
|
result = storage._get_storage_accounts()
|
||||||
|
|
||||||
|
assert mock_client.storage_accounts.list_by_resource_group.call_count == 2
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_storage_accounts_with_mixed_case_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.storage_accounts = MagicMock()
|
||||||
|
mock_client.storage_accounts.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.storage.storage_service.Storage._get_storage_accounts",
|
||||||
|
return_value={},
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.storage.storage_service.Storage._get_blob_properties",
|
||||||
|
return_value=None,
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"prowler.providers.azure.services.storage.storage_service.Storage._get_file_share_properties",
|
||||||
|
return_value=None,
|
||||||
|
),
|
||||||
|
):
|
||||||
|
storage = Storage(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
storage.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
storage.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||||
|
|
||||||
|
storage._get_storage_accounts()
|
||||||
|
|
||||||
|
mock_client.storage_accounts.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name="RG"
|
||||||
|
)
|
||||||
|
|||||||
@@ -14,6 +14,8 @@ from prowler.providers.azure.services.vm.vm_service import (
|
|||||||
)
|
)
|
||||||
from tests.providers.azure.azure_fixtures import (
|
from tests.providers.azure.azure_fixtures import (
|
||||||
AZURE_SUBSCRIPTION_ID,
|
AZURE_SUBSCRIPTION_ID,
|
||||||
|
RESOURCE_GROUP,
|
||||||
|
RESOURCE_GROUP_LIST,
|
||||||
set_mocked_azure_provider,
|
set_mocked_azure_provider,
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -465,3 +467,328 @@ class Test_VirtualMachine_SecurityProfile_Validation:
|
|||||||
assert isinstance(vm.security_profile.uefi_settings, UefiSettings)
|
assert isinstance(vm.security_profile.uefi_settings, UefiSettings)
|
||||||
assert vm.security_profile.uefi_settings.secure_boot_enabled is True
|
assert vm.security_profile.uefi_settings.secure_boot_enabled is True
|
||||||
assert vm.security_profile.uefi_settings.v_tpm_enabled is True
|
assert vm.security_profile.uefi_settings.v_tpm_enabled is True
|
||||||
|
|
||||||
|
|
||||||
|
class Test_VM_get_virtual_machines:
|
||||||
|
def test_get_virtual_machines_no_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.virtual_machines = MagicMock()
|
||||||
|
mock_client.virtual_machines.list_all.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
|
||||||
|
patch.object(VirtualMachines, "_get_disks", return_value={}),
|
||||||
|
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
|
||||||
|
):
|
||||||
|
vm_service = VirtualMachines(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
vm_service.resource_groups = None
|
||||||
|
|
||||||
|
result = vm_service._get_virtual_machines()
|
||||||
|
|
||||||
|
mock_client.virtual_machines.list_all.assert_called_once()
|
||||||
|
mock_client.virtual_machines.list.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_virtual_machines_with_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.virtual_machines = MagicMock()
|
||||||
|
mock_client.virtual_machines.list.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
|
||||||
|
patch.object(VirtualMachines, "_get_disks", return_value={}),
|
||||||
|
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
|
||||||
|
):
|
||||||
|
vm_service = VirtualMachines(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
vm_service.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||||
|
|
||||||
|
result = vm_service._get_virtual_machines()
|
||||||
|
|
||||||
|
mock_client.virtual_machines.list.assert_called_once_with(
|
||||||
|
resource_group_name=RESOURCE_GROUP
|
||||||
|
)
|
||||||
|
mock_client.virtual_machines.list_all.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_virtual_machines_empty_resource_group_for_subscription(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.virtual_machines = MagicMock()
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
|
||||||
|
patch.object(VirtualMachines, "_get_disks", return_value={}),
|
||||||
|
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
|
||||||
|
):
|
||||||
|
vm_service = VirtualMachines(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
vm_service.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||||
|
|
||||||
|
result = vm_service._get_virtual_machines()
|
||||||
|
|
||||||
|
mock_client.virtual_machines.list.assert_not_called()
|
||||||
|
mock_client.virtual_machines.list_all.assert_not_called()
|
||||||
|
assert result[AZURE_SUBSCRIPTION_ID] == {}
|
||||||
|
|
||||||
|
|
||||||
|
class Test_VM_get_disks:
|
||||||
|
def test_get_disks_no_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.disks = MagicMock()
|
||||||
|
mock_client.disks.list.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
|
||||||
|
patch.object(VirtualMachines, "_get_disks", return_value={}),
|
||||||
|
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
|
||||||
|
):
|
||||||
|
vm_service = VirtualMachines(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
vm_service.resource_groups = None
|
||||||
|
|
||||||
|
result = vm_service._get_disks()
|
||||||
|
|
||||||
|
mock_client.disks.list.assert_called_once()
|
||||||
|
mock_client.disks.list_by_resource_group.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_disks_with_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.disks = MagicMock()
|
||||||
|
mock_client.disks.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
|
||||||
|
patch.object(VirtualMachines, "_get_disks", return_value={}),
|
||||||
|
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
|
||||||
|
):
|
||||||
|
vm_service = VirtualMachines(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
vm_service.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||||
|
|
||||||
|
result = vm_service._get_disks()
|
||||||
|
|
||||||
|
mock_client.disks.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name=RESOURCE_GROUP
|
||||||
|
)
|
||||||
|
mock_client.disks.list.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_disks_empty_resource_group_for_subscription(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.disks = MagicMock()
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
|
||||||
|
patch.object(VirtualMachines, "_get_disks", return_value={}),
|
||||||
|
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
|
||||||
|
):
|
||||||
|
vm_service = VirtualMachines(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
vm_service.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||||
|
|
||||||
|
result = vm_service._get_disks()
|
||||||
|
|
||||||
|
mock_client.disks.list_by_resource_group.assert_not_called()
|
||||||
|
mock_client.disks.list.assert_not_called()
|
||||||
|
assert result[AZURE_SUBSCRIPTION_ID] == {}
|
||||||
|
|
||||||
|
|
||||||
|
class Test_VM_get_vm_scale_sets:
|
||||||
|
def test_get_vm_scale_sets_no_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.virtual_machine_scale_sets = MagicMock()
|
||||||
|
mock_client.virtual_machine_scale_sets.list_all.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
|
||||||
|
patch.object(VirtualMachines, "_get_disks", return_value={}),
|
||||||
|
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
|
||||||
|
):
|
||||||
|
vm_service = VirtualMachines(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
vm_service.resource_groups = None
|
||||||
|
|
||||||
|
result = vm_service._get_vm_scale_sets()
|
||||||
|
|
||||||
|
mock_client.virtual_machine_scale_sets.list_all.assert_called_once()
|
||||||
|
mock_client.virtual_machine_scale_sets.list.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_vm_scale_sets_with_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.virtual_machine_scale_sets = MagicMock()
|
||||||
|
mock_client.virtual_machine_scale_sets.list.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
|
||||||
|
patch.object(VirtualMachines, "_get_disks", return_value={}),
|
||||||
|
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
|
||||||
|
):
|
||||||
|
vm_service = VirtualMachines(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
vm_service.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
||||||
|
|
||||||
|
result = vm_service._get_vm_scale_sets()
|
||||||
|
|
||||||
|
mock_client.virtual_machine_scale_sets.list.assert_called_once_with(
|
||||||
|
resource_group_name=RESOURCE_GROUP
|
||||||
|
)
|
||||||
|
mock_client.virtual_machine_scale_sets.list_all.assert_not_called()
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_vm_scale_sets_empty_resource_group_for_subscription(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.virtual_machine_scale_sets = MagicMock()
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
|
||||||
|
patch.object(VirtualMachines, "_get_disks", return_value={}),
|
||||||
|
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
|
||||||
|
):
|
||||||
|
vm_service = VirtualMachines(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
vm_service.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
||||||
|
|
||||||
|
result = vm_service._get_vm_scale_sets()
|
||||||
|
|
||||||
|
mock_client.virtual_machine_scale_sets.list.assert_not_called()
|
||||||
|
mock_client.virtual_machine_scale_sets.list_all.assert_not_called()
|
||||||
|
assert result[AZURE_SUBSCRIPTION_ID] == {}
|
||||||
|
|
||||||
|
def test_get_virtual_machines_with_multiple_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.virtual_machines = MagicMock()
|
||||||
|
mock_client.virtual_machines.list.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
|
||||||
|
patch.object(VirtualMachines, "_get_disks", return_value={}),
|
||||||
|
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
|
||||||
|
):
|
||||||
|
vm_service = VirtualMachines(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
vm_service.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||||
|
|
||||||
|
result = vm_service._get_virtual_machines()
|
||||||
|
|
||||||
|
assert mock_client.virtual_machines.list.call_count == 2
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_virtual_machines_with_mixed_case_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.virtual_machines = MagicMock()
|
||||||
|
mock_client.virtual_machines.list.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
|
||||||
|
patch.object(VirtualMachines, "_get_disks", return_value={}),
|
||||||
|
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
|
||||||
|
):
|
||||||
|
vm_service = VirtualMachines(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
vm_service.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||||
|
|
||||||
|
vm_service._get_virtual_machines()
|
||||||
|
|
||||||
|
mock_client.virtual_machines.list.assert_called_once_with(
|
||||||
|
resource_group_name="RG"
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
class Test_VM_get_disks_extra:
|
||||||
|
def test_get_disks_with_multiple_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.disks = MagicMock()
|
||||||
|
mock_client.disks.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
|
||||||
|
patch.object(VirtualMachines, "_get_disks", return_value={}),
|
||||||
|
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
|
||||||
|
):
|
||||||
|
vm_service = VirtualMachines(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
vm_service.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||||
|
|
||||||
|
result = vm_service._get_disks()
|
||||||
|
|
||||||
|
assert mock_client.disks.list_by_resource_group.call_count == 2
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_disks_with_mixed_case_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.disks = MagicMock()
|
||||||
|
mock_client.disks.list_by_resource_group.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
|
||||||
|
patch.object(VirtualMachines, "_get_disks", return_value={}),
|
||||||
|
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
|
||||||
|
):
|
||||||
|
vm_service = VirtualMachines(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
vm_service.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||||
|
|
||||||
|
vm_service._get_disks()
|
||||||
|
|
||||||
|
mock_client.disks.list_by_resource_group.assert_called_once_with(
|
||||||
|
resource_group_name="RG"
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
class Test_VM_get_vm_scale_sets_extra:
|
||||||
|
def test_get_vm_scale_sets_with_multiple_resource_groups(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.virtual_machine_scale_sets = MagicMock()
|
||||||
|
mock_client.virtual_machine_scale_sets.list.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
|
||||||
|
patch.object(VirtualMachines, "_get_disks", return_value={}),
|
||||||
|
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
|
||||||
|
):
|
||||||
|
vm_service = VirtualMachines(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
vm_service.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
||||||
|
|
||||||
|
result = vm_service._get_vm_scale_sets()
|
||||||
|
|
||||||
|
assert mock_client.virtual_machine_scale_sets.list.call_count == 2
|
||||||
|
assert AZURE_SUBSCRIPTION_ID in result
|
||||||
|
|
||||||
|
def test_get_vm_scale_sets_with_mixed_case_resource_group(self):
|
||||||
|
mock_client = MagicMock()
|
||||||
|
mock_client.virtual_machine_scale_sets = MagicMock()
|
||||||
|
mock_client.virtual_machine_scale_sets.list.return_value = []
|
||||||
|
|
||||||
|
with (
|
||||||
|
patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
|
||||||
|
patch.object(VirtualMachines, "_get_disks", return_value={}),
|
||||||
|
patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
|
||||||
|
):
|
||||||
|
vm_service = VirtualMachines(set_mocked_azure_provider())
|
||||||
|
|
||||||
|
vm_service.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
||||||
|
vm_service.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
||||||
|
|
||||||
|
vm_service._get_vm_scale_sets()
|
||||||
|
|
||||||
|
mock_client.virtual_machine_scale_sets.list.assert_called_once_with(
|
||||||
|
resource_group_name="RG"
|
||||||
|
)
|
||||||
|
|||||||
Reference in New Issue
Block a user