diff --git a/prowler/__main__.py b/prowler/__main__.py index 4313f198f8..4c2bc63fc4 100644 --- a/prowler/__main__.py +++ b/prowler/__main__.py @@ -171,8 +171,7 @@ def prowler(): checks_to_execute = sorted(checks_to_execute) # Setup Mute List - if hasattr(args, "mutelist_file"): - global_provider.mutelist = args.mutelist_file + global_provider.mutelist = args.mutelist_file # Setup Output Options global_provider.output_options = (args, bulk_checks_metadata) diff --git a/tests/providers/aws/services/glue/glue_data_catalogs_connection_passwords_encryption_enabled/glue_data_catalogs_connection_passwords_encryption_enabled_test.py b/tests/providers/aws/services/glue/glue_data_catalogs_connection_passwords_encryption_enabled/glue_data_catalogs_connection_passwords_encryption_enabled_test.py index ac4fb1bd93..1b513ec61c 100644 --- a/tests/providers/aws/services/glue/glue_data_catalogs_connection_passwords_encryption_enabled/glue_data_catalogs_connection_passwords_encryption_enabled_test.py +++ b/tests/providers/aws/services/glue/glue_data_catalogs_connection_passwords_encryption_enabled/glue_data_catalogs_connection_passwords_encryption_enabled_test.py @@ -1,7 +1,12 @@ from unittest import mock from prowler.providers.aws.services.glue.glue_service import CatalogEncryptionSetting -from tests.providers.aws.utils import AWS_REGION_US_EAST_1, set_mocked_aws_provider +from tests.providers.aws.utils import ( + AWS_ACCOUNT_NUMBER, + AWS_COMMERCIAL_PARTITION, + AWS_REGION_US_EAST_1, + set_mocked_aws_provider, +) class Test_glue_data_catalogs_connection_passwords_encryption_enabled: @@ -37,8 +42,8 @@ class Test_glue_data_catalogs_connection_passwords_encryption_enabled: password_kms_id=None, ) ] - glue_client.audited_account = "12345678912" - glue_client.audited_partition = "aws" + glue_client.audited_account = AWS_ACCOUNT_NUMBER + glue_client.audited_partition = AWS_COMMERCIAL_PARTITION glue_client.region = AWS_REGION_US_EAST_1 glue_client.data_catalog_arn_template = f"arn:{glue_client.audited_partition}:glue:{glue_client.region}:{glue_client.audited_account}:data-catalog" glue_client.__get_data_catalog_arn_template__ = mock.MagicMock( @@ -62,7 +67,8 @@ class Test_glue_data_catalogs_connection_passwords_encryption_enabled: result[0].status_extended == "Glue data catalog connection password is not encrypted." ) - assert result[0].resource_id == "12345678912" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER + assert result[0].resource_arn == glue_client.data_catalog_arn_template assert result[0].region == AWS_REGION_US_EAST_1 def test_glue_catalog_password_unencrypted_ignoring(self): @@ -78,8 +84,8 @@ class Test_glue_data_catalogs_connection_passwords_encryption_enabled: password_kms_id=None, ) ] - glue_client.audited_account = "12345678912" - glue_client.audited_partition = "aws" + glue_client.audited_account = AWS_ACCOUNT_NUMBER + glue_client.audited_partition = AWS_COMMERCIAL_PARTITION glue_client.region = AWS_REGION_US_EAST_1 glue_client.data_catalog_arn_template = f"arn:{glue_client.audited_partition}:glue:{glue_client.region}:{glue_client.audited_account}:data-catalog" glue_client.__get_data_catalog_arn_template__ = mock.MagicMock( @@ -113,8 +119,8 @@ class Test_glue_data_catalogs_connection_passwords_encryption_enabled: password_kms_id=None, ) ] - glue_client.audited_account = "12345678912" - glue_client.audited_partition = "aws" + glue_client.audited_account = AWS_ACCOUNT_NUMBER + glue_client.audited_partition = AWS_COMMERCIAL_PARTITION glue_client.region = AWS_REGION_US_EAST_1 glue_client.data_catalog_arn_template = f"arn:{glue_client.audited_partition}:glue:{glue_client.region}:{glue_client.audited_account}:data-catalog" glue_client.__get_data_catalog_arn_template__ = mock.MagicMock( @@ -139,7 +145,8 @@ class Test_glue_data_catalogs_connection_passwords_encryption_enabled: result[0].status_extended == "Glue data catalog connection password is not encrypted." ) - assert result[0].resource_id == "12345678912" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER + assert result[0].resource_arn == glue_client.data_catalog_arn_template assert result[0].region == AWS_REGION_US_EAST_1 def test_glue_catalog_encrypted(self): @@ -154,7 +161,13 @@ class Test_glue_data_catalogs_connection_passwords_encryption_enabled: password_kms_id="kms-key", ) ] - glue_client.audited_account = "12345678912" + glue_client.audited_account = AWS_ACCOUNT_NUMBER + glue_client.audited_partition = "aws" + glue_client.region = AWS_REGION_US_EAST_1 + glue_client.data_catalog_arn_template = f"arn:{glue_client.audited_partition}:glue:{glue_client.region}:{glue_client.audited_account}:data-catalog" + glue_client.__get_data_catalog_arn_template__ = mock.MagicMock( + return_value=glue_client.data_catalog_arn_template + ) with mock.patch( "prowler.providers.aws.services.glue.glue_service.Glue", @@ -174,5 +187,6 @@ class Test_glue_data_catalogs_connection_passwords_encryption_enabled: result[0].status_extended == "Glue data catalog connection password is encrypted with KMS key kms-key." ) - assert result[0].resource_id == "12345678912" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER + assert result[0].resource_arn == glue_client.data_catalog_arn_template assert result[0].region == AWS_REGION_US_EAST_1 diff --git a/tests/providers/aws/services/glue/glue_data_catalogs_metadata_encryption_enabled/glue_data_catalogs_metadata_encryption_enabled_test.py b/tests/providers/aws/services/glue/glue_data_catalogs_metadata_encryption_enabled/glue_data_catalogs_metadata_encryption_enabled_test.py index 999e941595..9d8ed4a15d 100644 --- a/tests/providers/aws/services/glue/glue_data_catalogs_metadata_encryption_enabled/glue_data_catalogs_metadata_encryption_enabled_test.py +++ b/tests/providers/aws/services/glue/glue_data_catalogs_metadata_encryption_enabled/glue_data_catalogs_metadata_encryption_enabled_test.py @@ -2,7 +2,12 @@ from re import search from unittest import mock from prowler.providers.aws.services.glue.glue_service import CatalogEncryptionSetting -from tests.providers.aws.utils import AWS_REGION_US_EAST_1, set_mocked_aws_provider +from tests.providers.aws.utils import ( + AWS_ACCOUNT_NUMBER, + AWS_COMMERCIAL_PARTITION, + AWS_REGION_US_EAST_1, + set_mocked_aws_provider, +) class Test_glue_data_catalogs_metadata_encryption_enabled: @@ -38,8 +43,8 @@ class Test_glue_data_catalogs_metadata_encryption_enabled: password_kms_id=None, ) ] - glue_client.audited_account = "12345678912" - glue_client.audited_partition = "aws" + glue_client.audited_account = AWS_ACCOUNT_NUMBER + glue_client.audited_partition = AWS_COMMERCIAL_PARTITION glue_client.region = AWS_REGION_US_EAST_1 glue_client.data_catalog_arn_template = f"arn:{glue_client.audited_partition}:glue:{glue_client.region}:{glue_client.audited_account}:data-catalog" glue_client.__get_data_catalog_arn_template__ = mock.MagicMock( @@ -63,7 +68,8 @@ class Test_glue_data_catalogs_metadata_encryption_enabled: result[0].status_extended == "Glue data catalog settings have metadata encryption disabled." ) - assert result[0].resource_id == "12345678912" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER + assert result[0].resource_arn == glue_client.data_catalog_arn_template assert result[0].region == AWS_REGION_US_EAST_1 def test_glue_catalog_unencrypted_ignoring(self): @@ -79,9 +85,9 @@ class Test_glue_data_catalogs_metadata_encryption_enabled: password_kms_id=None, ) ] - glue_client.audited_account = "12345678912" + glue_client.audited_account = AWS_ACCOUNT_NUMBER glue_client.provider._ignore_unused_services = True - glue_client.audited_partition = "aws" + glue_client.audited_partition = AWS_COMMERCIAL_PARTITION glue_client.region = AWS_REGION_US_EAST_1 glue_client.data_catalog_arn_template = f"arn:{glue_client.audited_partition}:glue:{glue_client.region}:{glue_client.audited_account}:data-catalog" glue_client.__get_data_catalog_arn_template__ = mock.MagicMock( @@ -114,9 +120,9 @@ class Test_glue_data_catalogs_metadata_encryption_enabled: password_kms_id=None, ) ] - glue_client.audited_account = "12345678912" + glue_client.audited_account = AWS_ACCOUNT_NUMBER glue_client.provider._ignore_unused_services = True - glue_client.audited_partition = "aws" + glue_client.audited_partition = AWS_COMMERCIAL_PARTITION glue_client.region = AWS_REGION_US_EAST_1 glue_client.data_catalog_arn_template = f"arn:{glue_client.audited_partition}:glue:{glue_client.region}:{glue_client.audited_account}:data-catalog" glue_client.__get_data_catalog_arn_template__ = mock.MagicMock( @@ -140,7 +146,8 @@ class Test_glue_data_catalogs_metadata_encryption_enabled: "Glue data catalog settings have metadata encryption disabled.", result[0].status_extended, ) - assert result[0].resource_id == "12345678912" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER + assert result[0].resource_arn == glue_client.data_catalog_arn_template assert result[0].region == AWS_REGION_US_EAST_1 def test_glue_catalog_encrypted(self): @@ -156,8 +163,8 @@ class Test_glue_data_catalogs_metadata_encryption_enabled: password_kms_id=None, ) ] - glue_client.audited_account = "12345678912" - glue_client.audited_partition = "aws" + glue_client.audited_account = AWS_ACCOUNT_NUMBER + glue_client.audited_partition = AWS_COMMERCIAL_PARTITION glue_client.region = AWS_REGION_US_EAST_1 glue_client.data_catalog_arn_template = f"arn:{glue_client.audited_partition}:glue:{glue_client.region}:{glue_client.audited_account}:data-catalog" glue_client.__get_data_catalog_arn_template__ = mock.MagicMock( @@ -181,5 +188,6 @@ class Test_glue_data_catalogs_metadata_encryption_enabled: result[0].status_extended == "Glue data catalog settings have metadata encryption enabled with KMS key kms-key." ) - assert result[0].resource_id == "12345678912" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER + assert result[0].resource_arn == glue_client.data_catalog_arn_template assert result[0].region == AWS_REGION_US_EAST_1