mirror of
https://github.com/prowler-cloud/prowler.git
synced 2026-07-04 19:21:51 +00:00
feat(azure): add databricks_workspace_public_network_access_disabled check (#11035)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com> Co-authored-by: Hugo P.Brito <hugopbrito@Hugos-MacBook-Pro.local>
This commit is contained in:
@@ -18,6 +18,7 @@ def mock_databricks_get_workspaces(_):
|
||||
id="test-workspace-id",
|
||||
name="test-workspace",
|
||||
location="eastus",
|
||||
public_network_access="Disabled",
|
||||
custom_managed_vnet_id="test-vnet-id",
|
||||
managed_disk_encryption=ManagedDiskEncryption(
|
||||
key_name="test-key",
|
||||
@@ -53,6 +54,7 @@ class Test_Databricks_Service:
|
||||
assert workspace.id == "test-workspace-id"
|
||||
assert workspace.name == "test-workspace"
|
||||
assert workspace.location == "eastus"
|
||||
assert workspace.public_network_access == "Disabled"
|
||||
assert workspace.custom_managed_vnet_id == "test-vnet-id"
|
||||
assert (
|
||||
workspace.managed_disk_encryption.__class__.__name__
|
||||
|
||||
+170
@@ -0,0 +1,170 @@
|
||||
from unittest import mock
|
||||
from uuid import uuid4
|
||||
|
||||
from prowler.providers.azure.services.databricks.databricks_service import (
|
||||
DatabricksWorkspace,
|
||||
)
|
||||
from tests.providers.azure.azure_fixtures import (
|
||||
AZURE_SUBSCRIPTION_DISPLAY,
|
||||
AZURE_SUBSCRIPTION_ID,
|
||||
AZURE_SUBSCRIPTION_NAME,
|
||||
set_mocked_azure_provider,
|
||||
)
|
||||
|
||||
|
||||
class Test_databricks_workspace_public_network_access_disabled:
|
||||
def test_databricks_no_workspaces(self):
|
||||
databricks_client = mock.MagicMock
|
||||
databricks_client.subscriptions = {
|
||||
AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME
|
||||
}
|
||||
databricks_client.workspaces = {}
|
||||
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=set_mocked_azure_provider(),
|
||||
),
|
||||
mock.patch(
|
||||
"prowler.providers.azure.services.databricks.databricks_workspace_public_network_access_disabled.databricks_workspace_public_network_access_disabled.databricks_client",
|
||||
new=databricks_client,
|
||||
),
|
||||
):
|
||||
from prowler.providers.azure.services.databricks.databricks_workspace_public_network_access_disabled.databricks_workspace_public_network_access_disabled import (
|
||||
databricks_workspace_public_network_access_disabled,
|
||||
)
|
||||
|
||||
check = databricks_workspace_public_network_access_disabled()
|
||||
result = check.execute()
|
||||
assert len(result) == 0
|
||||
|
||||
def test_databricks_workspace_public_network_access_enabled(self):
|
||||
workspace_id = str(uuid4())
|
||||
workspace_name = "test-workspace"
|
||||
databricks_client = mock.MagicMock
|
||||
databricks_client.subscriptions = {
|
||||
AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME
|
||||
}
|
||||
databricks_client.workspaces = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
workspace_id: DatabricksWorkspace(
|
||||
id=workspace_id,
|
||||
name=workspace_name,
|
||||
location="eastus",
|
||||
public_network_access="Enabled",
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=set_mocked_azure_provider(),
|
||||
),
|
||||
mock.patch(
|
||||
"prowler.providers.azure.services.databricks.databricks_workspace_public_network_access_disabled.databricks_workspace_public_network_access_disabled.databricks_client",
|
||||
new=databricks_client,
|
||||
),
|
||||
):
|
||||
from prowler.providers.azure.services.databricks.databricks_workspace_public_network_access_disabled.databricks_workspace_public_network_access_disabled import (
|
||||
databricks_workspace_public_network_access_disabled,
|
||||
)
|
||||
|
||||
check = databricks_workspace_public_network_access_disabled()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Databricks workspace {workspace_name} in subscription {AZURE_SUBSCRIPTION_DISPLAY} has public network access enabled."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUBSCRIPTION_ID
|
||||
assert result[0].resource_name == workspace_name
|
||||
assert result[0].resource_id == workspace_id
|
||||
assert result[0].location == "eastus"
|
||||
|
||||
def test_databricks_workspace_public_network_access_not_set(self):
|
||||
workspace_id = str(uuid4())
|
||||
workspace_name = "test-workspace"
|
||||
databricks_client = mock.MagicMock
|
||||
databricks_client.subscriptions = {
|
||||
AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME
|
||||
}
|
||||
databricks_client.workspaces = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
workspace_id: DatabricksWorkspace(
|
||||
id=workspace_id,
|
||||
name=workspace_name,
|
||||
location="eastus",
|
||||
public_network_access=None,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=set_mocked_azure_provider(),
|
||||
),
|
||||
mock.patch(
|
||||
"prowler.providers.azure.services.databricks.databricks_workspace_public_network_access_disabled.databricks_workspace_public_network_access_disabled.databricks_client",
|
||||
new=databricks_client,
|
||||
),
|
||||
):
|
||||
from prowler.providers.azure.services.databricks.databricks_workspace_public_network_access_disabled.databricks_workspace_public_network_access_disabled import (
|
||||
databricks_workspace_public_network_access_disabled,
|
||||
)
|
||||
|
||||
check = databricks_workspace_public_network_access_disabled()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Databricks workspace {workspace_name} in subscription {AZURE_SUBSCRIPTION_DISPLAY} has public network access enabled."
|
||||
)
|
||||
|
||||
def test_databricks_workspace_public_network_access_disabled(self):
|
||||
workspace_id = str(uuid4())
|
||||
workspace_name = "test-workspace"
|
||||
databricks_client = mock.MagicMock
|
||||
databricks_client.subscriptions = {
|
||||
AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME
|
||||
}
|
||||
databricks_client.workspaces = {
|
||||
AZURE_SUBSCRIPTION_ID: {
|
||||
workspace_id: DatabricksWorkspace(
|
||||
id=workspace_id,
|
||||
name=workspace_name,
|
||||
location="eastus",
|
||||
public_network_access="Disabled",
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with (
|
||||
mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=set_mocked_azure_provider(),
|
||||
),
|
||||
mock.patch(
|
||||
"prowler.providers.azure.services.databricks.databricks_workspace_public_network_access_disabled.databricks_workspace_public_network_access_disabled.databricks_client",
|
||||
new=databricks_client,
|
||||
),
|
||||
):
|
||||
from prowler.providers.azure.services.databricks.databricks_workspace_public_network_access_disabled.databricks_workspace_public_network_access_disabled import (
|
||||
databricks_workspace_public_network_access_disabled,
|
||||
)
|
||||
|
||||
check = databricks_workspace_public_network_access_disabled()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Databricks workspace {workspace_name} in subscription {AZURE_SUBSCRIPTION_DISPLAY} has public network access disabled."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUBSCRIPTION_ID
|
||||
assert result[0].resource_name == workspace_name
|
||||
assert result[0].resource_id == workspace_id
|
||||
assert result[0].location == "eastus"
|
||||
Reference in New Issue
Block a user