From 5f92989492a6e8a07bce526c1aeee90fa38eab46 Mon Sep 17 00:00:00 2001 From: lydiavilchez <114735608+lydiavilchez@users.noreply.github.com> Date: Thu, 14 May 2026 12:43:29 +0200 Subject: [PATCH] fix(googleworkspace): use per-service resources for Calendar and Drive (#11161) --- prowler/CHANGELOG.md | 1 + .../calendar_external_invitations_warning.py | 5 ++++- .../calendar_external_sharing_primary_calendar.py | 5 ++++- .../calendar_external_sharing_secondary_calendar.py | 5 ++++- .../drive_access_checker_recipients_only.py | 5 ++++- .../drive_desktop_access_disabled.py | 5 ++++- .../drive_external_sharing_warn_users.py | 5 ++++- .../drive_internal_users_distribute_content.py | 5 ++++- .../drive_publishing_files_disabled.py | 5 ++++- .../drive_shared_drive_creation_allowed.py | 5 ++++- ...drive_shared_drive_disable_download_print_copy.py | 5 ++++- .../drive_shared_drive_managers_cannot_override.py | 5 ++++- .../drive_shared_drive_members_only_access.py | 5 ++++- .../drive_sharing_allowlisted_domains.py | 5 ++++- .../drive_warn_sharing_with_allowlisted_domains.py | 5 ++++- .../calendar_external_invitations_warning_test.py | 3 +-- ...alendar_external_sharing_primary_calendar_test.py | 12 ++++++++---- ...endar_external_sharing_secondary_calendar_test.py | 3 +-- .../drive_access_checker_recipients_only_test.py | 3 +-- .../drive_desktop_access_disabled_test.py | 3 +-- .../drive_external_sharing_warn_users_test.py | 10 ++++++---- .../drive_internal_users_distribute_content_test.py | 3 +-- .../drive_publishing_files_disabled_test.py | 3 +-- .../drive_shared_drive_creation_allowed_test.py | 3 +-- ..._shared_drive_disable_download_print_copy_test.py | 3 +-- ...ive_shared_drive_managers_cannot_override_test.py | 3 +-- .../drive_shared_drive_members_only_access_test.py | 3 +-- .../drive_sharing_allowlisted_domains_test.py | 3 +-- ...ive_warn_sharing_with_allowlisted_domains_test.py | 3 +-- 29 files changed, 83 insertions(+), 46 deletions(-) diff --git a/prowler/CHANGELOG.md b/prowler/CHANGELOG.md index 32b5e24260..dbda288e1b 100644 --- a/prowler/CHANGELOG.md +++ b/prowler/CHANGELOG.md @@ -19,6 +19,7 @@ All notable changes to the **Prowler SDK** are documented in this file. ### 🐞 Fixed +- Google Workspace Calendar and Drive services sharing a single resource row, causing the service field to be overwritten by the last check executed [(#11161)](https://github.com/prowler-cloud/prowler/pull/11161) - `zone_waf_enabled` check for Cloudflare provider now appends a plan-aware hint to the FAIL `status_extended`: a possible-false-positive note on paid plans (Pro, Business, Enterprise) where the legacy `waf` zone setting can read `off` even though WAF managed rulesets are deployed via the dashboard, and a "not available on the Cloudflare Free plan" note on Free zones [(#9896)](https://github.com/prowler-cloud/prowler/pull/9896) - Google Workspace Gmail checks sharing a single resource row, causing the service field to be overwritten by the last check executed [(#11169)](https://github.com/prowler-cloud/prowler/pull/11169) diff --git a/prowler/providers/googleworkspace/services/calendar/calendar_external_invitations_warning/calendar_external_invitations_warning.py b/prowler/providers/googleworkspace/services/calendar/calendar_external_invitations_warning/calendar_external_invitations_warning.py index da65a162ab..f2c8f58b2f 100644 --- a/prowler/providers/googleworkspace/services/calendar/calendar_external_invitations_warning/calendar_external_invitations_warning.py +++ b/prowler/providers/googleworkspace/services/calendar/calendar_external_invitations_warning/calendar_external_invitations_warning.py @@ -20,7 +20,10 @@ class calendar_external_invitations_warning(Check): if calendar_client.policies_fetched: report = CheckReportGoogleWorkspace( metadata=self.metadata(), - resource=calendar_client.provider.domain_resource, + resource=calendar_client.policies, + resource_id="calendarPolicies", + resource_name="Calendar Policies", + customer_id=calendar_client.provider.identity.customer_id, ) warning_enabled = calendar_client.policies.external_invitations_warning diff --git a/prowler/providers/googleworkspace/services/calendar/calendar_external_sharing_primary_calendar/calendar_external_sharing_primary_calendar.py b/prowler/providers/googleworkspace/services/calendar/calendar_external_sharing_primary_calendar/calendar_external_sharing_primary_calendar.py index 935b28bd02..42be5e9f0d 100644 --- a/prowler/providers/googleworkspace/services/calendar/calendar_external_sharing_primary_calendar/calendar_external_sharing_primary_calendar.py +++ b/prowler/providers/googleworkspace/services/calendar/calendar_external_sharing_primary_calendar/calendar_external_sharing_primary_calendar.py @@ -20,7 +20,10 @@ class calendar_external_sharing_primary_calendar(Check): if calendar_client.policies_fetched: report = CheckReportGoogleWorkspace( metadata=self.metadata(), - resource=calendar_client.provider.domain_resource, + resource=calendar_client.policies, + resource_id="calendarPolicies", + resource_name="Calendar Policies", + customer_id=calendar_client.provider.identity.customer_id, ) sharing = calendar_client.policies.primary_calendar_external_sharing diff --git a/prowler/providers/googleworkspace/services/calendar/calendar_external_sharing_secondary_calendar/calendar_external_sharing_secondary_calendar.py b/prowler/providers/googleworkspace/services/calendar/calendar_external_sharing_secondary_calendar/calendar_external_sharing_secondary_calendar.py index 6834b60ae7..5f53fd2089 100644 --- a/prowler/providers/googleworkspace/services/calendar/calendar_external_sharing_secondary_calendar/calendar_external_sharing_secondary_calendar.py +++ b/prowler/providers/googleworkspace/services/calendar/calendar_external_sharing_secondary_calendar/calendar_external_sharing_secondary_calendar.py @@ -20,7 +20,10 @@ class calendar_external_sharing_secondary_calendar(Check): if calendar_client.policies_fetched: report = CheckReportGoogleWorkspace( metadata=self.metadata(), - resource=calendar_client.provider.domain_resource, + resource=calendar_client.policies, + resource_id="calendarPolicies", + resource_name="Calendar Policies", + customer_id=calendar_client.provider.identity.customer_id, ) sharing = calendar_client.policies.secondary_calendar_external_sharing diff --git a/prowler/providers/googleworkspace/services/drive/drive_access_checker_recipients_only/drive_access_checker_recipients_only.py b/prowler/providers/googleworkspace/services/drive/drive_access_checker_recipients_only/drive_access_checker_recipients_only.py index be4ee08654..435e9c0f7d 100644 --- a/prowler/providers/googleworkspace/services/drive/drive_access_checker_recipients_only/drive_access_checker_recipients_only.py +++ b/prowler/providers/googleworkspace/services/drive/drive_access_checker_recipients_only/drive_access_checker_recipients_only.py @@ -19,7 +19,10 @@ class drive_access_checker_recipients_only(Check): if drive_client.policies_fetched: report = CheckReportGoogleWorkspace( metadata=self.metadata(), - resource=drive_client.provider.domain_resource, + resource=drive_client.policies, + resource_id="drivePolicies", + resource_name="Drive Policies", + customer_id=drive_client.provider.identity.customer_id, ) access_checker = drive_client.policies.access_checker_suggestions diff --git a/prowler/providers/googleworkspace/services/drive/drive_desktop_access_disabled/drive_desktop_access_disabled.py b/prowler/providers/googleworkspace/services/drive/drive_desktop_access_disabled/drive_desktop_access_disabled.py index de69f180ea..189694adaf 100644 --- a/prowler/providers/googleworkspace/services/drive/drive_desktop_access_disabled/drive_desktop_access_disabled.py +++ b/prowler/providers/googleworkspace/services/drive/drive_desktop_access_disabled/drive_desktop_access_disabled.py @@ -20,7 +20,10 @@ class drive_desktop_access_disabled(Check): if drive_client.policies_fetched: report = CheckReportGoogleWorkspace( metadata=self.metadata(), - resource=drive_client.provider.domain_resource, + resource=drive_client.policies, + resource_id="drivePolicies", + resource_name="Drive Policies", + customer_id=drive_client.provider.identity.customer_id, ) allow_desktop = drive_client.policies.allow_drive_for_desktop diff --git a/prowler/providers/googleworkspace/services/drive/drive_external_sharing_warn_users/drive_external_sharing_warn_users.py b/prowler/providers/googleworkspace/services/drive/drive_external_sharing_warn_users/drive_external_sharing_warn_users.py index e82da80e44..98da6de892 100644 --- a/prowler/providers/googleworkspace/services/drive/drive_external_sharing_warn_users/drive_external_sharing_warn_users.py +++ b/prowler/providers/googleworkspace/services/drive/drive_external_sharing_warn_users/drive_external_sharing_warn_users.py @@ -18,7 +18,10 @@ class drive_external_sharing_warn_users(Check): if drive_client.policies_fetched: report = CheckReportGoogleWorkspace( metadata=self.metadata(), - resource=drive_client.provider.domain_resource, + resource=drive_client.policies, + resource_id="drivePolicies", + resource_name="Drive Policies", + customer_id=drive_client.provider.identity.customer_id, ) warning_enabled = drive_client.policies.warn_for_external_sharing diff --git a/prowler/providers/googleworkspace/services/drive/drive_internal_users_distribute_content/drive_internal_users_distribute_content.py b/prowler/providers/googleworkspace/services/drive/drive_internal_users_distribute_content/drive_internal_users_distribute_content.py index ef65d6ad49..cdf9f1c642 100644 --- a/prowler/providers/googleworkspace/services/drive/drive_internal_users_distribute_content/drive_internal_users_distribute_content.py +++ b/prowler/providers/googleworkspace/services/drive/drive_internal_users_distribute_content/drive_internal_users_distribute_content.py @@ -19,7 +19,10 @@ class drive_internal_users_distribute_content(Check): if drive_client.policies_fetched: report = CheckReportGoogleWorkspace( metadata=self.metadata(), - resource=drive_client.provider.domain_resource, + resource=drive_client.policies, + resource_id="drivePolicies", + resource_name="Drive Policies", + customer_id=drive_client.provider.identity.customer_id, ) allowed = drive_client.policies.allowed_parties_for_distributing_content diff --git a/prowler/providers/googleworkspace/services/drive/drive_publishing_files_disabled/drive_publishing_files_disabled.py b/prowler/providers/googleworkspace/services/drive/drive_publishing_files_disabled/drive_publishing_files_disabled.py index e377113a33..397f1eee68 100644 --- a/prowler/providers/googleworkspace/services/drive/drive_publishing_files_disabled/drive_publishing_files_disabled.py +++ b/prowler/providers/googleworkspace/services/drive/drive_publishing_files_disabled/drive_publishing_files_disabled.py @@ -19,7 +19,10 @@ class drive_publishing_files_disabled(Check): if drive_client.policies_fetched: report = CheckReportGoogleWorkspace( metadata=self.metadata(), - resource=drive_client.provider.domain_resource, + resource=drive_client.policies, + resource_id="drivePolicies", + resource_name="Drive Policies", + customer_id=drive_client.provider.identity.customer_id, ) allow_publishing = drive_client.policies.allow_publishing_files diff --git a/prowler/providers/googleworkspace/services/drive/drive_shared_drive_creation_allowed/drive_shared_drive_creation_allowed.py b/prowler/providers/googleworkspace/services/drive/drive_shared_drive_creation_allowed/drive_shared_drive_creation_allowed.py index e82b995418..e381ad8f26 100644 --- a/prowler/providers/googleworkspace/services/drive/drive_shared_drive_creation_allowed/drive_shared_drive_creation_allowed.py +++ b/prowler/providers/googleworkspace/services/drive/drive_shared_drive_creation_allowed/drive_shared_drive_creation_allowed.py @@ -20,7 +20,10 @@ class drive_shared_drive_creation_allowed(Check): if drive_client.policies_fetched: report = CheckReportGoogleWorkspace( metadata=self.metadata(), - resource=drive_client.provider.domain_resource, + resource=drive_client.policies, + resource_id="drivePolicies", + resource_name="Drive Policies", + customer_id=drive_client.provider.identity.customer_id, ) allow_creation = drive_client.policies.allow_shared_drive_creation diff --git a/prowler/providers/googleworkspace/services/drive/drive_shared_drive_disable_download_print_copy/drive_shared_drive_disable_download_print_copy.py b/prowler/providers/googleworkspace/services/drive/drive_shared_drive_disable_download_print_copy/drive_shared_drive_disable_download_print_copy.py index a065fc08d0..85972f3674 100644 --- a/prowler/providers/googleworkspace/services/drive/drive_shared_drive_disable_download_print_copy/drive_shared_drive_disable_download_print_copy.py +++ b/prowler/providers/googleworkspace/services/drive/drive_shared_drive_disable_download_print_copy/drive_shared_drive_disable_download_print_copy.py @@ -19,7 +19,10 @@ class drive_shared_drive_disable_download_print_copy(Check): if drive_client.policies_fetched: report = CheckReportGoogleWorkspace( metadata=self.metadata(), - resource=drive_client.provider.domain_resource, + resource=drive_client.policies, + resource_id="drivePolicies", + resource_name="Drive Policies", + customer_id=drive_client.provider.identity.customer_id, ) allowed = drive_client.policies.allowed_parties_for_download_print_copy diff --git a/prowler/providers/googleworkspace/services/drive/drive_shared_drive_managers_cannot_override/drive_shared_drive_managers_cannot_override.py b/prowler/providers/googleworkspace/services/drive/drive_shared_drive_managers_cannot_override/drive_shared_drive_managers_cannot_override.py index 72d01ea73b..b6f6d1b887 100644 --- a/prowler/providers/googleworkspace/services/drive/drive_shared_drive_managers_cannot_override/drive_shared_drive_managers_cannot_override.py +++ b/prowler/providers/googleworkspace/services/drive/drive_shared_drive_managers_cannot_override/drive_shared_drive_managers_cannot_override.py @@ -19,7 +19,10 @@ class drive_shared_drive_managers_cannot_override(Check): if drive_client.policies_fetched: report = CheckReportGoogleWorkspace( metadata=self.metadata(), - resource=drive_client.provider.domain_resource, + resource=drive_client.policies, + resource_id="drivePolicies", + resource_name="Drive Policies", + customer_id=drive_client.provider.identity.customer_id, ) allow_override = drive_client.policies.allow_managers_to_override_settings diff --git a/prowler/providers/googleworkspace/services/drive/drive_shared_drive_members_only_access/drive_shared_drive_members_only_access.py b/prowler/providers/googleworkspace/services/drive/drive_shared_drive_members_only_access/drive_shared_drive_members_only_access.py index 2056fdb2d2..34cde3f6c6 100644 --- a/prowler/providers/googleworkspace/services/drive/drive_shared_drive_members_only_access/drive_shared_drive_members_only_access.py +++ b/prowler/providers/googleworkspace/services/drive/drive_shared_drive_members_only_access/drive_shared_drive_members_only_access.py @@ -19,7 +19,10 @@ class drive_shared_drive_members_only_access(Check): if drive_client.policies_fetched: report = CheckReportGoogleWorkspace( metadata=self.metadata(), - resource=drive_client.provider.domain_resource, + resource=drive_client.policies, + resource_id="drivePolicies", + resource_name="Drive Policies", + customer_id=drive_client.provider.identity.customer_id, ) allow_non_member = drive_client.policies.allow_non_member_access diff --git a/prowler/providers/googleworkspace/services/drive/drive_sharing_allowlisted_domains/drive_sharing_allowlisted_domains.py b/prowler/providers/googleworkspace/services/drive/drive_sharing_allowlisted_domains/drive_sharing_allowlisted_domains.py index 7a3d77bfce..766afecda5 100644 --- a/prowler/providers/googleworkspace/services/drive/drive_sharing_allowlisted_domains/drive_sharing_allowlisted_domains.py +++ b/prowler/providers/googleworkspace/services/drive/drive_sharing_allowlisted_domains/drive_sharing_allowlisted_domains.py @@ -18,7 +18,10 @@ class drive_sharing_allowlisted_domains(Check): if drive_client.policies_fetched: report = CheckReportGoogleWorkspace( metadata=self.metadata(), - resource=drive_client.provider.domain_resource, + resource=drive_client.policies, + resource_id="drivePolicies", + resource_name="Drive Policies", + customer_id=drive_client.provider.identity.customer_id, ) mode = drive_client.policies.external_sharing_mode diff --git a/prowler/providers/googleworkspace/services/drive/drive_warn_sharing_with_allowlisted_domains/drive_warn_sharing_with_allowlisted_domains.py b/prowler/providers/googleworkspace/services/drive/drive_warn_sharing_with_allowlisted_domains/drive_warn_sharing_with_allowlisted_domains.py index 549c089881..23fd47a229 100644 --- a/prowler/providers/googleworkspace/services/drive/drive_warn_sharing_with_allowlisted_domains/drive_warn_sharing_with_allowlisted_domains.py +++ b/prowler/providers/googleworkspace/services/drive/drive_warn_sharing_with_allowlisted_domains/drive_warn_sharing_with_allowlisted_domains.py @@ -19,7 +19,10 @@ class drive_warn_sharing_with_allowlisted_domains(Check): if drive_client.policies_fetched: report = CheckReportGoogleWorkspace( metadata=self.metadata(), - resource=drive_client.provider.domain_resource, + resource=drive_client.policies, + resource_id="drivePolicies", + resource_name="Drive Policies", + customer_id=drive_client.provider.identity.customer_id, ) warn_enabled = ( diff --git a/tests/providers/googleworkspace/services/calendar/calendar_external_invitations_warning/calendar_external_invitations_warning_test.py b/tests/providers/googleworkspace/services/calendar/calendar_external_invitations_warning/calendar_external_invitations_warning_test.py index 0320ea4a82..5ff2cee8f6 100644 --- a/tests/providers/googleworkspace/services/calendar/calendar_external_invitations_warning/calendar_external_invitations_warning_test.py +++ b/tests/providers/googleworkspace/services/calendar/calendar_external_invitations_warning/calendar_external_invitations_warning_test.py @@ -5,7 +5,6 @@ from prowler.providers.googleworkspace.services.calendar.calendar_service import ) from tests.providers.googleworkspace.googleworkspace_fixtures import ( CUSTOMER_ID, - DOMAIN, set_mocked_googleworkspace_provider, ) @@ -40,7 +39,7 @@ class TestCalendarExternalInvitationsWarning: assert len(findings) == 1 assert findings[0].status == "PASS" assert "enabled" in findings[0].status_extended - assert findings[0].resource_name == DOMAIN + assert findings[0].resource_name == "Calendar Policies" assert findings[0].customer_id == CUSTOMER_ID def test_fail_warnings_disabled(self): diff --git a/tests/providers/googleworkspace/services/calendar/calendar_external_sharing_primary_calendar/calendar_external_sharing_primary_calendar_test.py b/tests/providers/googleworkspace/services/calendar/calendar_external_sharing_primary_calendar/calendar_external_sharing_primary_calendar_test.py index 0d34c6a9be..175955f4b6 100644 --- a/tests/providers/googleworkspace/services/calendar/calendar_external_sharing_primary_calendar/calendar_external_sharing_primary_calendar_test.py +++ b/tests/providers/googleworkspace/services/calendar/calendar_external_sharing_primary_calendar/calendar_external_sharing_primary_calendar_test.py @@ -5,7 +5,6 @@ from prowler.providers.googleworkspace.services.calendar.calendar_service import ) from tests.providers.googleworkspace.googleworkspace_fixtures import ( CUSTOMER_ID, - DOMAIN, set_mocked_googleworkspace_provider, ) @@ -40,10 +39,15 @@ class TestCalendarExternalSharingPrimaryCalendar: assert len(findings) == 1 assert findings[0].status == "PASS" assert "free/busy information only" in findings[0].status_extended - assert findings[0].resource_name == DOMAIN - assert findings[0].resource_id == CUSTOMER_ID + assert findings[0].resource_name == "Calendar Policies" + assert findings[0].resource_id == "calendarPolicies" assert findings[0].customer_id == CUSTOMER_ID - assert findings[0].resource == mock_provider.domain_resource.dict() + assert ( + findings[0].resource + == CalendarPolicies( + primary_calendar_external_sharing="EXTERNAL_FREE_BUSY_ONLY" + ).dict() + ) def test_fail_read_only(self): """Test FAIL when external sharing allows read-only access""" diff --git a/tests/providers/googleworkspace/services/calendar/calendar_external_sharing_secondary_calendar/calendar_external_sharing_secondary_calendar_test.py b/tests/providers/googleworkspace/services/calendar/calendar_external_sharing_secondary_calendar/calendar_external_sharing_secondary_calendar_test.py index 800f9ab5f0..b513860125 100644 --- a/tests/providers/googleworkspace/services/calendar/calendar_external_sharing_secondary_calendar/calendar_external_sharing_secondary_calendar_test.py +++ b/tests/providers/googleworkspace/services/calendar/calendar_external_sharing_secondary_calendar/calendar_external_sharing_secondary_calendar_test.py @@ -5,7 +5,6 @@ from prowler.providers.googleworkspace.services.calendar.calendar_service import ) from tests.providers.googleworkspace.googleworkspace_fixtures import ( CUSTOMER_ID, - DOMAIN, set_mocked_googleworkspace_provider, ) @@ -40,7 +39,7 @@ class TestCalendarExternalSharingSecondaryCalendar: assert len(findings) == 1 assert findings[0].status == "PASS" assert "free/busy information only" in findings[0].status_extended - assert findings[0].resource_name == DOMAIN + assert findings[0].resource_name == "Calendar Policies" assert findings[0].customer_id == CUSTOMER_ID def test_fail_read_only(self): diff --git a/tests/providers/googleworkspace/services/drive/drive_access_checker_recipients_only/drive_access_checker_recipients_only_test.py b/tests/providers/googleworkspace/services/drive/drive_access_checker_recipients_only/drive_access_checker_recipients_only_test.py index b439429e20..e200836bcd 100644 --- a/tests/providers/googleworkspace/services/drive/drive_access_checker_recipients_only/drive_access_checker_recipients_only_test.py +++ b/tests/providers/googleworkspace/services/drive/drive_access_checker_recipients_only/drive_access_checker_recipients_only_test.py @@ -3,7 +3,6 @@ from unittest.mock import patch from prowler.providers.googleworkspace.services.drive.drive_service import DrivePolicies from tests.providers.googleworkspace.googleworkspace_fixtures import ( CUSTOMER_ID, - DOMAIN, set_mocked_googleworkspace_provider, ) @@ -38,7 +37,7 @@ class TestDriveAccessCheckerRecipientsOnly: assert len(findings) == 1 assert findings[0].status == "PASS" assert "recipients only" in findings[0].status_extended - assert findings[0].resource_name == DOMAIN + assert findings[0].resource_name == "Drive Policies" assert findings[0].customer_id == CUSTOMER_ID def test_fail_recipients_or_audience(self): diff --git a/tests/providers/googleworkspace/services/drive/drive_desktop_access_disabled/drive_desktop_access_disabled_test.py b/tests/providers/googleworkspace/services/drive/drive_desktop_access_disabled/drive_desktop_access_disabled_test.py index 00ed8dfa26..7225974c68 100644 --- a/tests/providers/googleworkspace/services/drive/drive_desktop_access_disabled/drive_desktop_access_disabled_test.py +++ b/tests/providers/googleworkspace/services/drive/drive_desktop_access_disabled/drive_desktop_access_disabled_test.py @@ -3,7 +3,6 @@ from unittest.mock import patch from prowler.providers.googleworkspace.services.drive.drive_service import DrivePolicies from tests.providers.googleworkspace.googleworkspace_fixtures import ( CUSTOMER_ID, - DOMAIN, set_mocked_googleworkspace_provider, ) @@ -36,7 +35,7 @@ class TestDriveDesktopAccessDisabled: assert len(findings) == 1 assert findings[0].status == "PASS" assert "disabled" in findings[0].status_extended - assert findings[0].resource_name == DOMAIN + assert findings[0].resource_name == "Drive Policies" assert findings[0].customer_id == CUSTOMER_ID def test_fail_desktop_enabled(self): diff --git a/tests/providers/googleworkspace/services/drive/drive_external_sharing_warn_users/drive_external_sharing_warn_users_test.py b/tests/providers/googleworkspace/services/drive/drive_external_sharing_warn_users/drive_external_sharing_warn_users_test.py index 8520971268..3b66837460 100644 --- a/tests/providers/googleworkspace/services/drive/drive_external_sharing_warn_users/drive_external_sharing_warn_users_test.py +++ b/tests/providers/googleworkspace/services/drive/drive_external_sharing_warn_users/drive_external_sharing_warn_users_test.py @@ -3,7 +3,6 @@ from unittest.mock import patch from prowler.providers.googleworkspace.services.drive.drive_service import DrivePolicies from tests.providers.googleworkspace.googleworkspace_fixtures import ( CUSTOMER_ID, - DOMAIN, set_mocked_googleworkspace_provider, ) @@ -36,10 +35,13 @@ class TestDriveExternalSharingWarnUsers: assert len(findings) == 1 assert findings[0].status == "PASS" assert "enabled" in findings[0].status_extended - assert findings[0].resource_name == DOMAIN - assert findings[0].resource_id == CUSTOMER_ID + assert findings[0].resource_name == "Drive Policies" + assert findings[0].resource_id == "drivePolicies" assert findings[0].customer_id == CUSTOMER_ID - assert findings[0].resource == mock_provider.domain_resource.dict() + assert ( + findings[0].resource + == DrivePolicies(warn_for_external_sharing=True).dict() + ) def test_fail_warning_disabled(self): """Test FAIL when external sharing warning is explicitly disabled""" diff --git a/tests/providers/googleworkspace/services/drive/drive_internal_users_distribute_content/drive_internal_users_distribute_content_test.py b/tests/providers/googleworkspace/services/drive/drive_internal_users_distribute_content/drive_internal_users_distribute_content_test.py index 5ac3067102..b089d52d58 100644 --- a/tests/providers/googleworkspace/services/drive/drive_internal_users_distribute_content/drive_internal_users_distribute_content_test.py +++ b/tests/providers/googleworkspace/services/drive/drive_internal_users_distribute_content/drive_internal_users_distribute_content_test.py @@ -3,7 +3,6 @@ from unittest.mock import patch from prowler.providers.googleworkspace.services.drive.drive_service import DrivePolicies from tests.providers.googleworkspace.googleworkspace_fixtures import ( CUSTOMER_ID, - DOMAIN, set_mocked_googleworkspace_provider, ) @@ -38,7 +37,7 @@ class TestDriveInternalUsersDistributeContent: assert len(findings) == 1 assert findings[0].status == "PASS" assert "ELIGIBLE_INTERNAL_USERS" in findings[0].status_extended - assert findings[0].resource_name == DOMAIN + assert findings[0].resource_name == "Drive Policies" assert findings[0].customer_id == CUSTOMER_ID def test_pass_none_allowed(self): diff --git a/tests/providers/googleworkspace/services/drive/drive_publishing_files_disabled/drive_publishing_files_disabled_test.py b/tests/providers/googleworkspace/services/drive/drive_publishing_files_disabled/drive_publishing_files_disabled_test.py index cbcef4f900..8d6a0efcff 100644 --- a/tests/providers/googleworkspace/services/drive/drive_publishing_files_disabled/drive_publishing_files_disabled_test.py +++ b/tests/providers/googleworkspace/services/drive/drive_publishing_files_disabled/drive_publishing_files_disabled_test.py @@ -3,7 +3,6 @@ from unittest.mock import patch from prowler.providers.googleworkspace.services.drive.drive_service import DrivePolicies from tests.providers.googleworkspace.googleworkspace_fixtures import ( CUSTOMER_ID, - DOMAIN, set_mocked_googleworkspace_provider, ) @@ -36,7 +35,7 @@ class TestDrivePublishingFilesDisabled: assert len(findings) == 1 assert findings[0].status == "PASS" assert "disabled" in findings[0].status_extended - assert findings[0].resource_name == DOMAIN + assert findings[0].resource_name == "Drive Policies" assert findings[0].customer_id == CUSTOMER_ID def test_fail_publishing_enabled(self): diff --git a/tests/providers/googleworkspace/services/drive/drive_shared_drive_creation_allowed/drive_shared_drive_creation_allowed_test.py b/tests/providers/googleworkspace/services/drive/drive_shared_drive_creation_allowed/drive_shared_drive_creation_allowed_test.py index 016e643f2d..6ad0222f06 100644 --- a/tests/providers/googleworkspace/services/drive/drive_shared_drive_creation_allowed/drive_shared_drive_creation_allowed_test.py +++ b/tests/providers/googleworkspace/services/drive/drive_shared_drive_creation_allowed/drive_shared_drive_creation_allowed_test.py @@ -3,7 +3,6 @@ from unittest.mock import patch from prowler.providers.googleworkspace.services.drive.drive_service import DrivePolicies from tests.providers.googleworkspace.googleworkspace_fixtures import ( CUSTOMER_ID, - DOMAIN, set_mocked_googleworkspace_provider, ) @@ -36,7 +35,7 @@ class TestDriveSharedDriveCreationAllowed: assert len(findings) == 1 assert findings[0].status == "PASS" assert "allowed" in findings[0].status_extended - assert findings[0].resource_name == DOMAIN + assert findings[0].resource_name == "Drive Policies" assert findings[0].customer_id == CUSTOMER_ID def test_fail_creation_disabled(self): diff --git a/tests/providers/googleworkspace/services/drive/drive_shared_drive_disable_download_print_copy/drive_shared_drive_disable_download_print_copy_test.py b/tests/providers/googleworkspace/services/drive/drive_shared_drive_disable_download_print_copy/drive_shared_drive_disable_download_print_copy_test.py index 05edcb57a2..4a7a926745 100644 --- a/tests/providers/googleworkspace/services/drive/drive_shared_drive_disable_download_print_copy/drive_shared_drive_disable_download_print_copy_test.py +++ b/tests/providers/googleworkspace/services/drive/drive_shared_drive_disable_download_print_copy/drive_shared_drive_disable_download_print_copy_test.py @@ -3,7 +3,6 @@ from unittest.mock import patch from prowler.providers.googleworkspace.services.drive.drive_service import DrivePolicies from tests.providers.googleworkspace.googleworkspace_fixtures import ( CUSTOMER_ID, - DOMAIN, set_mocked_googleworkspace_provider, ) @@ -38,7 +37,7 @@ class TestDriveSharedDriveDisableDownloadPrintCopy: assert len(findings) == 1 assert findings[0].status == "PASS" assert "EDITORS_ONLY" in findings[0].status_extended - assert findings[0].resource_name == DOMAIN + assert findings[0].resource_name == "Drive Policies" assert findings[0].customer_id == CUSTOMER_ID def test_pass_managers_only(self): diff --git a/tests/providers/googleworkspace/services/drive/drive_shared_drive_managers_cannot_override/drive_shared_drive_managers_cannot_override_test.py b/tests/providers/googleworkspace/services/drive/drive_shared_drive_managers_cannot_override/drive_shared_drive_managers_cannot_override_test.py index 4b29aa5a0a..99e4af7d16 100644 --- a/tests/providers/googleworkspace/services/drive/drive_shared_drive_managers_cannot_override/drive_shared_drive_managers_cannot_override_test.py +++ b/tests/providers/googleworkspace/services/drive/drive_shared_drive_managers_cannot_override/drive_shared_drive_managers_cannot_override_test.py @@ -3,7 +3,6 @@ from unittest.mock import patch from prowler.providers.googleworkspace.services.drive.drive_service import DrivePolicies from tests.providers.googleworkspace.googleworkspace_fixtures import ( CUSTOMER_ID, - DOMAIN, set_mocked_googleworkspace_provider, ) @@ -38,7 +37,7 @@ class TestDriveSharedDriveManagersCannotOverride: assert len(findings) == 1 assert findings[0].status == "PASS" assert "cannot override" in findings[0].status_extended - assert findings[0].resource_name == DOMAIN + assert findings[0].resource_name == "Drive Policies" assert findings[0].customer_id == CUSTOMER_ID def test_fail_override_allowed(self): diff --git a/tests/providers/googleworkspace/services/drive/drive_shared_drive_members_only_access/drive_shared_drive_members_only_access_test.py b/tests/providers/googleworkspace/services/drive/drive_shared_drive_members_only_access/drive_shared_drive_members_only_access_test.py index 06b1877d52..b25fa33cf0 100644 --- a/tests/providers/googleworkspace/services/drive/drive_shared_drive_members_only_access/drive_shared_drive_members_only_access_test.py +++ b/tests/providers/googleworkspace/services/drive/drive_shared_drive_members_only_access/drive_shared_drive_members_only_access_test.py @@ -3,7 +3,6 @@ from unittest.mock import patch from prowler.providers.googleworkspace.services.drive.drive_service import DrivePolicies from tests.providers.googleworkspace.googleworkspace_fixtures import ( CUSTOMER_ID, - DOMAIN, set_mocked_googleworkspace_provider, ) @@ -36,7 +35,7 @@ class TestDriveSharedDriveMembersOnlyAccess: assert len(findings) == 1 assert findings[0].status == "PASS" assert "members only" in findings[0].status_extended - assert findings[0].resource_name == DOMAIN + assert findings[0].resource_name == "Drive Policies" assert findings[0].customer_id == CUSTOMER_ID def test_fail_non_member_access_enabled(self): diff --git a/tests/providers/googleworkspace/services/drive/drive_sharing_allowlisted_domains/drive_sharing_allowlisted_domains_test.py b/tests/providers/googleworkspace/services/drive/drive_sharing_allowlisted_domains/drive_sharing_allowlisted_domains_test.py index 0323e5e399..337afdc9aa 100644 --- a/tests/providers/googleworkspace/services/drive/drive_sharing_allowlisted_domains/drive_sharing_allowlisted_domains_test.py +++ b/tests/providers/googleworkspace/services/drive/drive_sharing_allowlisted_domains/drive_sharing_allowlisted_domains_test.py @@ -3,7 +3,6 @@ from unittest.mock import patch from prowler.providers.googleworkspace.services.drive.drive_service import DrivePolicies from tests.providers.googleworkspace.googleworkspace_fixtures import ( CUSTOMER_ID, - DOMAIN, set_mocked_googleworkspace_provider, ) @@ -38,7 +37,7 @@ class TestDriveSharingAllowlistedDomains: assert len(findings) == 1 assert findings[0].status == "PASS" assert "allowlisted domains" in findings[0].status_extended - assert findings[0].resource_name == DOMAIN + assert findings[0].resource_name == "Drive Policies" assert findings[0].customer_id == CUSTOMER_ID def test_fail_allowed(self): diff --git a/tests/providers/googleworkspace/services/drive/drive_warn_sharing_with_allowlisted_domains/drive_warn_sharing_with_allowlisted_domains_test.py b/tests/providers/googleworkspace/services/drive/drive_warn_sharing_with_allowlisted_domains/drive_warn_sharing_with_allowlisted_domains_test.py index 1731b81fcc..1aadeb924b 100644 --- a/tests/providers/googleworkspace/services/drive/drive_warn_sharing_with_allowlisted_domains/drive_warn_sharing_with_allowlisted_domains_test.py +++ b/tests/providers/googleworkspace/services/drive/drive_warn_sharing_with_allowlisted_domains/drive_warn_sharing_with_allowlisted_domains_test.py @@ -3,7 +3,6 @@ from unittest.mock import patch from prowler.providers.googleworkspace.services.drive.drive_service import DrivePolicies from tests.providers.googleworkspace.googleworkspace_fixtures import ( CUSTOMER_ID, - DOMAIN, set_mocked_googleworkspace_provider, ) @@ -38,7 +37,7 @@ class TestDriveWarnSharingWithAllowlistedDomains: assert len(findings) == 1 assert findings[0].status == "PASS" assert "warned" in findings[0].status_extended - assert findings[0].resource_name == DOMAIN + assert findings[0].resource_name == "Drive Policies" assert findings[0].customer_id == CUSTOMER_ID def test_fail_warning_disabled(self):