diff --git a/prowler/__main__.py b/prowler/__main__.py index d8d929decc..4313f198f8 100644 --- a/prowler/__main__.py +++ b/prowler/__main__.py @@ -161,10 +161,8 @@ def prowler(): checks_to_execute, excluded_services, provider ) - # Once the audit_info is set and we have the eventual checks based on the resource identifier, + # Once the provider is set and we have the eventual checks based on the resource identifier, # it is time to check what Prowler's checks are going to be executed - # TODO: the following if is done within the function - # if global_provider.audit_resources: checks_from_resources = global_provider.get_checks_to_execute_by_audit_resources() if checks_from_resources: checks_to_execute = checks_to_execute.intersection(checks_from_resources) @@ -211,7 +209,7 @@ def prowler(): # os.environ["SLACK_CHANNEL_ID"], # stats, # provider, - # audit_info, + # provider, # ) # else: # logger.critical( diff --git a/prowler/config/config.py b/prowler/config/config.py index 24456048f7..4532555ff9 100644 --- a/prowler/config/config.py +++ b/prowler/config/config.py @@ -92,22 +92,6 @@ def check_current_version(): return f"{prowler_version_string}" -# TODO: remove after changing tests for this function -# def change_config_var(variable: str, value: str, audit_info): -# try: -# if ( -# hasattr(audit_info, "audit_config") -# and audit_info.audit_config is not None -# and variable in audit_info.audit_config -# ): -# audit_info.audit_config[variable] = value -# return audit_info -# except Exception as error: -# logger.error( -# f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}] -- {error}" -# ) - - # TODO: revisit this function def update_provider_config(variable: str, value: str): try: diff --git a/prowler/lib/check/check.py b/prowler/lib/check/check.py index 2b22838a71..1993a95ab0 100644 --- a/prowler/lib/check/check.py +++ b/prowler/lib/check/check.py @@ -128,12 +128,12 @@ def parse_checks_from_folder(provider, input_folder: str) -> int: try: imported_checks = 0 # Check if input folder is a S3 URI - if provider.provider == "aws" and re.search( + if provider.type == "aws" and re.search( "^s3://([^/]+)/(.*?([^/]+))/$", input_folder ): bucket = input_folder.split("/")[2] key = ("/").join(input_folder.split("/")[3:]) - s3_resource = provider.session.session.resource("s3") + s3_resource = provider.session.current_session.resource("s3") bucket = s3_resource.Bucket(bucket) for obj in bucket.objects.filter(Prefix=key): if not os.path.exists(os.path.dirname(obj.key)): @@ -150,7 +150,7 @@ def parse_checks_from_folder(provider, input_folder: str) -> int: # Copy checks to specific provider/service folder check_service = check.name.split("_")[0] prowler_dir = prowler.__path__ - prowler_module = f"{prowler_dir[0]}/providers/{provider.provider}/services/{check_service}/{check.name}" + prowler_module = f"{prowler_dir[0]}/providers/{provider.type}/services/{check_service}/{check.name}" if os.path.exists(prowler_module): shutil.rmtree(prowler_module) shutil.copytree(check_module, prowler_module) diff --git a/prowler/lib/outputs/common.py b/prowler/lib/outputs/common.py index f6fc917860..e47237de23 100644 --- a/prowler/lib/outputs/common.py +++ b/prowler/lib/outputs/common.py @@ -103,6 +103,7 @@ def generate_provider_output(provider, finding, csv_data) -> FindingOutput: return finding_output +# TODO: add test for outputs_unix_timestamp def fill_common_finding_data(finding: dict, unix_timestamp: bool) -> dict: finding_data = { "timestamp": outputs_unix_timestamp(unix_timestamp, timestamp), diff --git a/prowler/lib/outputs/compliance/compliance.py b/prowler/lib/outputs/compliance/compliance.py index 80fdbad7d0..4a6241bc2e 100644 --- a/prowler/lib/outputs/compliance/compliance.py +++ b/prowler/lib/outputs/compliance/compliance.py @@ -23,7 +23,7 @@ from prowler.lib.outputs.compliance.mitre_attack_aws import ( def add_manual_controls( - output_options, audit_info, file_descriptors, input_compliance_frameworks + output_options, provider, file_descriptors, input_compliance_frameworks ): try: # Check if MANUAL control was already added to output @@ -41,7 +41,7 @@ def add_manual_controls( fill_compliance( output_options, manual_finding, - audit_info, + provider, file_descriptors, input_compliance_frameworks, ) diff --git a/prowler/lib/outputs/json_asff/json_asff.py b/prowler/lib/outputs/json_asff/json_asff.py index 956f970992..4f4e2a61f6 100644 --- a/prowler/lib/outputs/json_asff/json_asff.py +++ b/prowler/lib/outputs/json_asff/json_asff.py @@ -2,6 +2,7 @@ from prowler.config.config import prowler_version, timestamp_utc from prowler.lib.logger import logger from prowler.lib.outputs.compliance.compliance import get_check_compliance from prowler.lib.outputs.json_asff.models import ( + Check_Output_JSON_ASFF, Compliance, ProductFields, Resource, @@ -44,51 +45,34 @@ def generate_json_asff_resource_tags(tags): ) -def fill_json_asff(finding_output, provider, finding, output_options): +def fill_json_asff(provider, finding): + """ + Fill the finding's output in JSON ASFF format. + + Parameters: + - provider: The provider object containing information about the provider (e.g., AWS) and the output options object containing information about the desired output format. + - finding: The finding object containing information about the specific finding. + + Returns: + - finding_output: The filled finding's output in JSON ASFF format. + """ + try: # Check if there are no resources in the finding if finding.resource_arn == "": if finding.resource_id == "": finding.resource_id = "NONE_PROVIDED" finding.resource_arn = finding.resource_id - # The following line cannot be changed because it is the format we use to generate unique findings for AWS Security Hub - # If changed some findings could be lost because the unique identifier will be different - # TODO: get this from the provider output - finding_output.Id = f"prowler-{finding.check_metadata.CheckID}-{provider.identity.account}-{finding.region}-{hash_sha512(finding.resource_id)}" - finding_output.ProductArn = f"arn:{provider.identity.partition}:securityhub:{finding.region}::product/prowler/prowler" - finding_output.ProductFields = ProductFields( - ProviderVersion=prowler_version, ProwlerResourceName=finding.resource_arn - ) - finding_output.GeneratorId = "prowler-" + finding.check_metadata.CheckID - finding_output.AwsAccountId = provider.identity.account - finding_output.Types = finding.check_metadata.CheckType - finding_output.FirstObservedAt = finding_output.UpdatedAt = ( - finding_output.CreatedAt - ) = timestamp_utc.strftime("%Y-%m-%dT%H:%M:%SZ") - finding_output.Severity = Severity( - Label=finding.check_metadata.Severity.upper() - ) - finding_output.Title = finding.check_metadata.CheckTitle - # Description should NOT be longer than 1024 characters - finding_output.Description = ( - (finding.status_extended[:1000] + "...") - if len(finding.status_extended) > 1000 - else finding.status_extended - ) + + timestamp = timestamp_utc.strftime("%Y-%m-%dT%H:%M:%SZ") resource_tags = generate_json_asff_resource_tags(finding.resource_tags) - finding_output.Resources = [ - Resource( - Id=finding.resource_arn, - Type=finding.check_metadata.ResourceType, - Partition=provider.identity.partition, - Region=finding.region, - Tags=resource_tags, - ) - ] + # Iterate for each compliance framework compliance_summary = [] associated_standards = [] - check_compliance = get_check_compliance(finding, "aws", output_options) + check_compliance = get_check_compliance( + finding, provider.type, provider.output_options + ) for key, value in check_compliance.items(): if ( len(associated_standards) < 20 @@ -102,19 +86,49 @@ def fill_json_asff(finding_output, provider, finding, output_options): # Ensures finding_status matches allowed values in ASFF finding_status = generate_json_asff_status(finding.status) - finding_output.Compliance = Compliance( - Status=finding_status, - AssociatedStandards=associated_standards, - RelatedRequirements=compliance_summary, + json_asff_output = Check_Output_JSON_ASFF( + # The following line cannot be changed because it is the format we use to generate unique findings for AWS Security Hub + # If changed some findings could be lost because the unique identifier will be different + # TODO: get this from the provider output + Id=f"prowler-{finding.check_metadata.CheckID}-{provider.identity.account}-{finding.region}-{hash_sha512(finding.resource_id)}", + ProductArn=f"arn:{provider.identity.partition}:securityhub:{finding.region}::product/prowler/prowler", + ProductFields=ProductFields( + ProviderVersion=prowler_version, + ProwlerResourceName=finding.resource_arn, + ), + GeneratorId="prowler-" + finding.check_metadata.CheckID, + AwsAccountId=provider.identity.account, + Types=finding.check_metadata.CheckType, + FirstObservedAt=timestamp, + UpdatedAt=timestamp, + CreatedAt=timestamp, + Severity=Severity(Label=finding.check_metadata.Severity.upper()), + Title=finding.check_metadata.CheckTitle, + # Description should NOT be longer than 1024 characters + Description=( + (finding.status_extended[:1000] + "...") + if len(finding.status_extended) > 1000 + else finding.status_extended + ), + Resources=[ + Resource( + Id=finding.resource_arn, + Type=finding.check_metadata.ResourceType, + Partition=provider.identity.partition, + Region=finding.region, + Tags=resource_tags, + ) + ], + Compliance=Compliance( + Status=finding_status, + AssociatedStandards=associated_standards, + RelatedRequirements=compliance_summary, + ), + Remediation={ + "Recommendation": finding.check_metadata.Remediation.Recommendation + }, ) - # Fill Recommendation Url if it is blank - if not finding.check_metadata.Remediation.Recommendation.Url: - finding.check_metadata.Remediation.Recommendation.Url = "https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html" - finding_output.Remediation = { - "Recommendation": finding.check_metadata.Remediation.Recommendation - } - - return finding_output + return json_asff_output except Exception as error: logger.error( f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" diff --git a/prowler/lib/outputs/json_asff/models.py b/prowler/lib/outputs/json_asff/models.py index 56738d611d..bb57db68f8 100644 --- a/prowler/lib/outputs/json_asff/models.py +++ b/prowler/lib/outputs/json_asff/models.py @@ -36,16 +36,16 @@ class Check_Output_JSON_ASFF(BaseModel): Id: str = "" ProductArn: str = "" RecordState: str = "ACTIVE" - ProductFields: ProductFields = None # type: ignore + ProductFields: ProductFields GeneratorId: str = "" AwsAccountId: str = "" Types: list[str] = None FirstObservedAt: str = "" UpdatedAt: str = "" CreatedAt: str = "" - Severity: Severity = None # type: ignore + Severity: Severity Title: str = "" Description: str = "" Resources: list[Resource] = None - Compliance: Compliance = None # type: ignore + Compliance: Compliance Remediation: dict = None diff --git a/prowler/lib/outputs/json_ocsf/json_ocsf.py b/prowler/lib/outputs/json_ocsf/json_ocsf.py index 18645f07aa..4790613646 100644 --- a/prowler/lib/outputs/json_ocsf/json_ocsf.py +++ b/prowler/lib/outputs/json_ocsf/json_ocsf.py @@ -93,6 +93,7 @@ def fill_json_ocsf(finding_output: FindingOutput) -> DetectionFinding: uid=finding_output.resource_uid, group=Group(name=finding_output.service_name), type=finding_output.resource_type, + # TODO: this should be included only if using the Cloud profile cloud_partition=finding_output.partition, region=finding_output.region, ) @@ -118,21 +119,19 @@ def fill_json_ocsf(finding_output: FindingOutput) -> DetectionFinding: # TODO: Get the PID of the namespace (we only have the name of the namespace) # detection_finding.namespace_pid=, else: - detection_finding.cloud = ( - Cloud( - account=Account( - name=finding_output.account_name, - type_id=cloud_account_type.value, - type=cloud_account_type.name, - uid=finding_output.account_uid, - ), - org=Organization( - uid=finding_output.account_organization_uid, - name=finding_output.account_organization_name, - ), - provider=finding_output.provider, - region=finding_output.region, + detection_finding.cloud = Cloud( + account=Account( + name=finding_output.account_name, + type_id=cloud_account_type.value, + type=cloud_account_type.name, + uid=finding_output.account_uid, ), + org=Organization( + uid=finding_output.account_organization_uid, + name=finding_output.account_organization_name, + ), + provider=finding_output.provider, + region=finding_output.region, ) return detection_finding diff --git a/prowler/lib/outputs/outputs.py b/prowler/lib/outputs/outputs.py index 7dcd321f6b..4aa019ad31 100644 --- a/prowler/lib/outputs/outputs.py +++ b/prowler/lib/outputs/outputs.py @@ -19,7 +19,6 @@ from prowler.lib.outputs.compliance.compliance import ( from prowler.lib.outputs.csv.csv import generate_csv_fields from prowler.lib.outputs.file_descriptors import fill_file_descriptors from prowler.lib.outputs.json_asff.json_asff import fill_json_asff -from prowler.lib.outputs.json_asff.models import Check_Output_JSON_ASFF from prowler.lib.outputs.json_ocsf.json_ocsf import fill_json_ocsf from prowler.lib.outputs.utils import unroll_dict @@ -105,13 +104,10 @@ def report(check_findings, provider): if finding.check_metadata.Provider == "aws": if "json-asff" in file_descriptors: # Initialize this field using the class within fill_json_asff not here - finding_output = Check_Output_JSON_ASFF() - fill_json_asff( - finding_output, provider, finding, output_options - ) + json_asff_finding = fill_json_asff(provider, finding) json.dump( - finding_output.dict(exclude_none=True), + json_asff_finding.dict(exclude_none=True), file_descriptors["json-asff"], indent=4, ) diff --git a/prowler/lib/outputs/slack.py b/prowler/lib/outputs/slack.py index d972d372d1..8fbaff73b1 100644 --- a/prowler/lib/outputs/slack.py +++ b/prowler/lib/outputs/slack.py @@ -23,18 +23,29 @@ def send_slack_message(token, channel, stats, provider, audit_info): ) -def create_message_identity(provider, audit_info): +# TODO: move this to each provider +def create_message_identity(provider): + """ + Create a Slack message identity based on the provider type. + + Parameters: + - provider (Provider): The Provider (e.g. "AwsProvider", "GcpProvider", "AzureProvide"). + + Returns: + - identity (str): The message identity based on the provider type. + - logo (str): The logo URL associated with the provider type. + """ try: identity = "" logo = aws_logo - if provider == "aws": - identity = f"AWS Account *{audit_info.audited_account}*" - elif provider == "gcp": - identity = f"GCP Projects *{', '.join(audit_info.project_ids)}*" + if provider.type == "aws": + identity = f"AWS Account *{provider.identity.account}*" + elif provider.type == "gcp": + identity = f"GCP Projects *{', '.join(provider.project_ids)}*" logo = gcp_logo - elif provider == "azure": + elif provider.type == "azure": printed_subscriptions = [] - for key, value in audit_info.identity.subscriptions.items(): + for key, value in provider.identity.subscriptions.items(): intermediate = f"- *{key}: {value}*\n" printed_subscriptions.append(intermediate) identity = f"Azure Subscriptions:\n{''.join(printed_subscriptions)}" diff --git a/prowler/providers/aws/aws_provider.py b/prowler/providers/aws/aws_provider.py index 14c9260525..56476fda18 100644 --- a/prowler/providers/aws/aws_provider.py +++ b/prowler/providers/aws/aws_provider.py @@ -21,6 +21,7 @@ from prowler.providers.aws.config import ( ROLE_SESSION_NAME, ) from prowler.providers.aws.lib.arn.arn import parse_iam_credentials_arn +from prowler.providers.aws.lib.arn.models import ARN from prowler.providers.aws.lib.organizations.organizations import ( get_organizations_metadata, parse_organizations_metadata, @@ -49,7 +50,7 @@ class AwsProvider(Provider): _audit_config: dict _ignore_unused_services: bool = False _enabled_regions: set = set() - _mutelist: dict + _mutelist: dict = {} _output_options: AWSOutputOptions # TODO: this is not optional, enforce for all providers audit_metadata: Audit_Metadata @@ -81,7 +82,7 @@ class AwsProvider(Provider): # Configure the initial AWS Session using the local credentials: profile or environment variables aws_session = self.setup_session(input_mfa, input_profile, input_role) - session_config = self._set_session_config(aws_retries_max_attempts) + session_config = self.set_session_config(aws_retries_max_attempts) # Current session and the original session points to the same session object until we get a new one, if needed self._session = AWSSession( current_session=aws_session, @@ -356,14 +357,14 @@ class AwsProvider(Provider): logger.info(f"Original AWS Caller Identity UserId: {caller_identity.user_id}") logger.info(f"Original AWS Caller Identity ARN: {caller_identity.arn}") - partition = parse_iam_credentials_arn(caller_identity.arn).partition + partition = parse_iam_credentials_arn(caller_identity.arn.arn).partition return AWSIdentityInfo( account=caller_identity.account, account_arn=f"arn:{partition}:iam::{caller_identity.account}:root", user_id=caller_identity.user_id, partition=partition, - identity_arn=caller_identity.arn, + identity_arn=caller_identity.arn.arn, profile=input_profile, profile_region=profile_region, audited_regions=input_regions, @@ -552,7 +553,6 @@ Caller Identity ARN: {Fore.YELLOW}[{self._identity.identity_arn}]{Style.RESET_AL json_regions = set( data["services"][service]["regions"][self._identity.partition] ) - # Check for input aws audit_info.audited_regions if self._identity.audited_regions: # Get common regions between input and json regions = json_regions.intersection(self._identity.audited_regions) @@ -637,9 +637,24 @@ Caller Identity ARN: {Fore.YELLOW}[{self._identity.identity_arn}]{Style.RESET_AL audited_regions.add(region) return audited_regions - def get_tagged_resources(self, input_resource_tags: list): + def get_tagged_resources(self, input_resource_tags: list[str]): """ - get_tagged_resources returns a list of the resources that are going to be scanned based on the given input tags + Returns a list of the resources that are going to be scanned based on the given input tags. + + Parameters: + - input_resource_tags: A list of strings representing the tags to filter the resources. Each string should be in the format "key=value". + + Returns: + - A list of strings representing the ARNs (Amazon Resource Names) of the tagged resources. + + Note: + - This method uses the AWS Resource Groups Tagging API to retrieve the tagged resources. + - The method generates regional clients for the Resource Groups Tagging API for each enabled region in the AWS provider. + - The method paginates through the results of the 'get_resources' operation to retrieve all the tagged resources. + + Example usage: + input_resource_tags = ["Environment=Production", "Owner=John Doe"] + tagged_resources = get_tagged_resources(input_resource_tags) """ try: resource_tags = [] @@ -676,9 +691,8 @@ Caller Identity ARN: {Fore.YELLOW}[{self._identity.identity_arn}]{Style.RESET_AL def get_default_region(self, service: str) -> str: """get_default_region returns the default region based on the profile and audited service regions""" service_regions = self.get_available_aws_service_regions(service) - default_region = ( - self.get_global_region() - ) # global region of the partition when all regions are audited and there is no profile region + default_region = self.get_global_region() + # global region of the partition when all regions are audited and there is no profile region if self._identity.profile_region in service_regions: # return profile region only if it is audited default_region = self._identity.profile_region @@ -704,10 +718,9 @@ Caller Identity ARN: {Fore.YELLOW}[{self._identity.identity_arn}]{Style.RESET_AL mfa_TOTP = input("Enter MFA code: ") return AWSMFAInfo(arn=mfa_ARN, totp=mfa_TOTP) - # TODO: rename function - def _set_session_config(self, aws_retries_max_attempts: int) -> Config: + def set_session_config(self, aws_retries_max_attempts: int) -> Config: """ - _set_session_config returns a botocore Config object with the Prowler user agent and the default retrier configuration if nothing is passed as argument + set_session_config returns a botocore Config object with the Prowler user agent and the default retrier configuration if nothing is passed as argument """ # Set the maximum retries for the standard retrier config default_session_config = Config( @@ -723,9 +736,7 @@ Caller Identity ARN: {Fore.YELLOW}[{self._identity.identity_arn}]{Style.RESET_AL }, ) # Merge the new configuration - default_session_config.merge(config) - # TODO: I don't understand the following line - # default_session_config = self.session.session_config.merge(config) + default_session_config = default_session_config.merge(config) return default_session_config @@ -801,7 +812,7 @@ Caller Identity ARN: {Fore.YELLOW}[{self._identity.identity_arn}]{Style.RESET_AL # TODO: review this function # Maybe this should be done within the AwsProvider and not in __main__.py def get_checks_to_execute_by_audit_resources(self) -> set[str]: - # Once the audit_info is set and we have the eventual checks from arn, it is time to exclude the others + # Once the provider is set and we have the eventual checks from arn, it is time to exclude the others try: checks = set() # TODO: self._audit_resources should be a list[ARN] instead of list[str] @@ -819,6 +830,12 @@ Caller Identity ARN: {Fore.YELLOW}[{self._identity.identity_arn}]{Style.RESET_AL def read_aws_regions_file() -> dict: + """ + Reads the AWS services JSON file and returns the parsed data as a dictionary. + + Returns: + dict: The parsed data from the AWS services JSON file. + """ # Get JSON locally actual_directory = pathlib.Path(os.path.dirname(os.path.realpath(__file__))) with open_file(f"{actual_directory}/{aws_services_json_file}") as f: @@ -827,7 +844,13 @@ def read_aws_regions_file() -> dict: return data -def get_aws_available_regions(): +def get_aws_available_regions() -> set: + """ + Get the available AWS regions from the AWS services JSON file. + + Returns: + set: A set of available AWS regions. + """ try: data = read_aws_regions_file() @@ -839,7 +862,7 @@ def get_aws_available_regions(): return regions except Exception as error: logger.error(f"{error.__class__.__name__}: {error}") - return [] + return set() # TODO: This can be moved to another class since it doesn't need self @@ -858,7 +881,7 @@ def validate_aws_credentials( return AWSCallerIdentity( user_id=caller_identity.get("UserId"), account=caller_identity.get("Account"), - arn=caller_identity.get("Arn"), + arn=ARN(caller_identity.get("Arn")), region=aws_region, ) except Exception as error: @@ -890,6 +913,26 @@ def get_aws_region_for_sts(session_region: str, input_regions: set[str]) -> str: def create_sts_session( session: session.Session, aws_region: str ) -> session.Session.client: - return session.client( - "sts", aws_region, endpoint_url=f"https://sts.{aws_region}.amazonaws.com" - ) + """ + Create an STS session client. + + Parameters: + - session (session.Session): The AWS session object. + - aws_region (str): The AWS region to use for the session. + + Returns: + - session.Session.client: The STS session client. + + Example: + session = boto3.session.Session() + sts_client = create_sts_session(session, 'us-west-2') + """ + try: + return session.client( + "sts", aws_region, endpoint_url=f"https://sts.{aws_region}.amazonaws.com" + ) + except Exception as error: + logger.critical( + f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + ) + sys.exit(1) diff --git a/prowler/providers/aws/lib/arguments/arguments.py b/prowler/providers/aws/lib/arguments/arguments.py index fefe8f0a0e..98757a163f 100644 --- a/prowler/providers/aws/lib/arguments/arguments.py +++ b/prowler/providers/aws/lib/arguments/arguments.py @@ -200,7 +200,7 @@ def validate_role_session_name(session_name): validates that the role session name is valid Documentation: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html """ - if fullmatch("[\w+=,.@-]{2,64}", session_name): + if fullmatch(r"[\w+=,.@-]{2,64}", session_name): return session_name else: raise ArgumentTypeError( diff --git a/prowler/providers/aws/lib/arn/arn.py b/prowler/providers/aws/lib/arn/arn.py index 97656d1e3a..908d2b8d6c 100644 --- a/prowler/providers/aws/lib/arn/arn.py +++ b/prowler/providers/aws/lib/arn/arn.py @@ -19,6 +19,7 @@ def arn_type(arn: str) -> bool: return arn +# TODO: review this function just to parse the ARN not to re-instantiate it def parse_iam_credentials_arn(arn: str) -> ARN: arn_parsed = ARN(arn) # First check if region is empty (in IAM ARN's region is always empty) diff --git a/prowler/providers/aws/lib/credentials/__init__.py b/prowler/providers/aws/lib/credentials/__init__.py deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/prowler/providers/aws/lib/quick_inventory/quick_inventory.py b/prowler/providers/aws/lib/quick_inventory/quick_inventory.py index db7ad39e6b..c06c30b76a 100644 --- a/prowler/providers/aws/lib/quick_inventory/quick_inventory.py +++ b/prowler/providers/aws/lib/quick_inventory/quick_inventory.py @@ -1,6 +1,7 @@ import csv import json from copy import deepcopy +from typing import Any from alive_progress import alive_bar from botocore.client import ClientError @@ -18,33 +19,32 @@ from prowler.providers.aws.lib.arn.models import get_arn_resource_type from prowler.providers.aws.lib.s3.s3 import send_to_s3_bucket -# TODO(Audit_Info): use provider here -def quick_inventory(audit_info: AWS_Audit_Info, args): +def quick_inventory(provider: Any, args): resources = [] global_resources = [] total_resources_per_region = {} iam_was_scanned = False # If not inputed regions, check all of them - if not audit_info.audited_regions: + if not provider.audited_regions: # EC2 client for describing all regions - ec2_client = audit_info.audit_session.client( - "ec2", region_name=audit_info.profile_region + ec2_client = provider.audit_session.client( + "ec2", region_name=provider.profile_region ) # Get all the available regions - audit_info.audited_regions = [ + provider.audited_regions = [ region["RegionName"] for region in ec2_client.describe_regions()["Regions"] ] with alive_bar( - total=len(audit_info.audited_regions), + total=len(provider.audited_regions), ctrl_c=False, bar="blocks", spinner="classic", stats=False, enrich_print=False, ) as bar: - for region in sorted(audit_info.audited_regions): - bar.title = f"Inventorying AWS Account {orange_color}{audit_info.audited_account}{Style.RESET_ALL}" + for region in sorted(provider.audited_regions): + bar.title = f"Inventorying AWS Account {orange_color}{provider.audited_account}{Style.RESET_ALL}" resources_in_region = [] # { # eu-west-1: 100,... @@ -53,13 +53,13 @@ def quick_inventory(audit_info: AWS_Audit_Info, args): try: # Scan IAM only once if not iam_was_scanned: - global_resources.extend(get_iam_resources(audit_info.audit_session)) + global_resources.extend(get_iam_resources(provider.audit_session)) iam_was_scanned = True # Get regional S3 buckets since none-tagged buckets are not supported by the resourcegroupstaggingapi - resources_in_region.extend(get_regional_buckets(audit_info, region)) + resources_in_region.extend(get_regional_buckets(provider, region)) - client = audit_info.audit_session.client( + client = provider.audit_session.client( "resourcegroupstaggingapi", region_name=region ) # Get all the resources @@ -109,7 +109,7 @@ def quick_inventory(audit_info: AWS_Audit_Info, args): inventory_table = create_inventory_table(resources, total_resources_per_region) print( - f"\nQuick Inventory of AWS Account {Fore.YELLOW}{audit_info.audited_account}{Style.RESET_ALL}:" + f"\nQuick Inventory of AWS Account {Fore.YELLOW}{provider.audited_account}{Style.RESET_ALL}:" ) print( @@ -119,7 +119,7 @@ def quick_inventory(audit_info: AWS_Audit_Info, args): ) print(f"\nTotal resources found: {Fore.GREEN}{len(resources)}{Style.RESET_ALL}") - create_output(resources, audit_info, args) + create_output(resources, provider, args) def create_inventory_table(resources: list, resources_in_region: dict) -> dict: @@ -209,20 +209,19 @@ def create_inventory_table(resources: list, resources_in_region: dict) -> dict: return inventory_table -# TODO(Audit_Info): use provider here -def create_output(resources: list, audit_info: AWS_Audit_Info, args): +def create_output(resources: list, provider: Any, args): json_output = [] # Check if custom output filename was input, if not, set the default if not hasattr(args, "output_filename") or args.output_filename is None: output_file = ( - f"prowler-inventory-{audit_info.audited_account}-{output_file_timestamp}" + f"prowler-inventory-{provider.audited_account}-{output_file_timestamp}" ) else: output_file = args.output_filename for item in sorted(resources, key=lambda d: d["arn"]): resource = {} - resource["AWS_AccountID"] = audit_info.audited_account + resource["AWS_AccountID"] = provider.audited_account resource["AWS_Region"] = item["arn"].split(":")[3] resource["AWS_Partition"] = item["arn"].split(":")[1] resource["AWS_Service"] = item["arn"].split(":")[2] @@ -289,11 +288,11 @@ def create_output(resources: list, audit_info: AWS_Audit_Info, args): # Check if -B was input if args.output_bucket: output_bucket = args.output_bucket - bucket_session = audit_info.audit_session + bucket_session = provider.audit_session # Check if -D was input elif args.output_bucket_no_assume: output_bucket = args.output_bucket_no_assume - bucket_session = audit_info.original_session + bucket_session = provider.original_session send_to_s3_bucket( output_file, args.output_directory, @@ -303,10 +302,9 @@ def create_output(resources: list, audit_info: AWS_Audit_Info, args): ) -# TODO(Audit_Info): use provider here -def get_regional_buckets(audit_info: AWS_Audit_Info, region: str) -> list: +def get_regional_buckets(provider: Any, region: str) -> list: regional_buckets = [] - s3_client = audit_info.audit_session.client("s3", region_name=region) + s3_client = provider.audit_session.client("s3", region_name=region) try: buckets = s3_client.list_buckets() for bucket in buckets["Buckets"]: @@ -329,7 +327,7 @@ def get_regional_buckets(audit_info: AWS_Audit_Info, region: str) -> list: f"{region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) bucket_arn = ( - f"arn:{audit_info.audited_partition}:s3:{region}::{bucket['Name']}" + f"arn:{provider.audited_partition}:s3:{region}::{bucket['Name']}" ) regional_buckets.append({"arn": bucket_arn, "tags": bucket_tags}) except Exception as error: diff --git a/prowler/providers/aws/lib/security_hub/security_hub.py b/prowler/providers/aws/lib/security_hub/security_hub.py index 94e83ee575..433644d666 100644 --- a/prowler/providers/aws/lib/security_hub/security_hub.py +++ b/prowler/providers/aws/lib/security_hub/security_hub.py @@ -4,7 +4,6 @@ from botocore.client import ClientError from prowler.config.config import timestamp_utc from prowler.lib.logger import logger from prowler.lib.outputs.json_asff.json_asff import fill_json_asff -from prowler.lib.outputs.json_asff.models import Check_Output_JSON_ASFF SECURITY_HUB_INTEGRATION_NAME = "prowler/prowler" SECURITY_HUB_MAX_BATCH = 100 @@ -29,10 +28,8 @@ def prepare_security_hub_findings( continue # Handle status filters, if any - if ( - not output_options.status - or finding.status in output_options.status - or output_options.send_sh_only_fails + if (finding.status != "FAIL" and output_options.send_sh_only_fails) or ( + output_options.status and finding.status not in output_options.status ): continue @@ -40,9 +37,7 @@ def prepare_security_hub_findings( region = finding.region # Format the finding in the JSON ASFF format - finding_json_asff = fill_json_asff( - Check_Output_JSON_ASFF(), provider, finding, output_options - ) + finding_json_asff = fill_json_asff(provider, finding) # Include that finding within their region in the JSON format security_hub_findings_per_region[region].append( diff --git a/prowler/providers/aws/models.py b/prowler/providers/aws/models.py index c027b493bf..678e7c3cf1 100644 --- a/prowler/providers/aws/models.py +++ b/prowler/providers/aws/models.py @@ -70,7 +70,7 @@ class AWSSession: class AWSCallerIdentity: user_id: str account: str - arn: str + arn: ARN region: str diff --git a/prowler/providers/azure/azure_provider.py b/prowler/providers/azure/azure_provider.py index c42a2512ad..27cc243811 100644 --- a/prowler/providers/azure/azure_provider.py +++ b/prowler/providers/azure/azure_provider.py @@ -138,6 +138,7 @@ class AzureProvider(Provider): self._mutelist = mutelist # TODO: this should be moved to the argparse, if not we need to enforce it from the Provider + # previously was using the AzureException def validate_arguments( self, az_cli_auth, sp_env_auth, browser_auth, managed_entity_auth, tenant_id ): diff --git a/prowler/providers/azure/lib/audit_info/__init__.py b/prowler/providers/azure/lib/audit_info/__init__.py deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/prowler/providers/azure/lib/audit_info/audit_info.py b/prowler/providers/azure/lib/audit_info/audit_info.py deleted file mode 100644 index 7f086d7984..0000000000 --- a/prowler/providers/azure/lib/audit_info/audit_info.py +++ /dev/null @@ -1,15 +0,0 @@ -from prowler.providers.azure.lib.audit_info.models import ( - Azure_Audit_Info, - AzureIdentityInfo, - AzureRegionConfig, -) - -azure_audit_info = Azure_Audit_Info( - credentials=None, - identity=AzureIdentityInfo(), - audit_resources=None, - audit_metadata=None, - audit_config=None, - azure_region_config=AzureRegionConfig(), - locations=None, -) diff --git a/prowler/providers/azure/lib/audit_info/models.py b/prowler/providers/azure/lib/audit_info/models.py deleted file mode 100644 index 1ee60326fe..0000000000 --- a/prowler/providers/azure/lib/audit_info/models.py +++ /dev/null @@ -1,49 +0,0 @@ -from dataclasses import dataclass -from typing import Any, Optional - -from azure.identity import DefaultAzureCredential -from pydantic import BaseModel - - -class AzureIdentityInfo(BaseModel): - identity_id: str = "" - identity_type: str = "" - tenant_ids: list[str] = [] - domain: str = "Unknown tenant domain (missing AAD permissions)" - subscriptions: dict = {} - - -class AzureRegionConfig(BaseModel): - name: str = "" - authority: str = None - base_url: str = "" - credential_scopes: list = [] - - -@dataclass -class Azure_Audit_Info: - credentials: DefaultAzureCredential - identity: AzureIdentityInfo - audit_resources: Optional[Any] - audit_metadata: Optional[Any] - audit_config: dict - azure_region_config: AzureRegionConfig - locations: list[str] - - def __init__( - self, - credentials, - identity, - audit_metadata, - audit_resources, - audit_config, - azure_region_config, - locations, - ): - self.credentials = credentials - self.identity = identity - self.audit_metadata = audit_metadata - self.audit_resources = audit_resources - self.audit_config = audit_config - self.azure_region_config = azure_region_config - self.locations = locations diff --git a/prowler/providers/azure/models.py b/prowler/providers/azure/models.py index cc669a7dcf..cf0cd4be9b 100644 --- a/prowler/providers/azure/models.py +++ b/prowler/providers/azure/models.py @@ -32,13 +32,6 @@ class AzureOutputOptions(ProviderOutputOptions): # First call Provider_Output_Options init super().__init__(arguments, bulk_checks_metadata) - # Confire Shodan API - # TODO: review shodan for the new AWS provider - # if arguments.shodan: - # audit_info = change_config_var( - # "shodan_api_key", arguments.shodan, audit_info - # ) - # Check if custom output filename was input, if not, set the default if ( not hasattr(arguments, "output_filename") diff --git a/prowler/providers/common/models.py b/prowler/providers/common/models.py index 189ead571b..4f42d0960a 100644 --- a/prowler/providers/common/models.py +++ b/prowler/providers/common/models.py @@ -17,7 +17,7 @@ class Audit_Metadata(BaseModel): class ProviderOutputOptions: - status: bool + status: list[str] output_modes: list output_directory: str bulk_checks_metadata: dict diff --git a/prowler/providers/common/provider.py b/prowler/providers/common/provider.py index e13e4ae9ac..8da222e5b1 100644 --- a/prowler/providers/common/provider.py +++ b/prowler/providers/common/provider.py @@ -1,4 +1,5 @@ from abc import ABC, abstractmethod +from typing import Any # TODO: with this we can enforce that all classes ending with "Provider" needs to inherint from the Provider class # class ProviderMeta: @@ -14,91 +15,131 @@ from abc import ABC, abstractmethod # TODO: enforce audit_metadata for all the providers class Provider(ABC): + """ + The Provider class is an abstract base class that defines the interface for all provider classes in the auditing system. + + Attributes: + type (property): The type of the provider. + identity (property): The identity of the provider for auditing. + session (property): The session of the provider for auditing. + audit_config (property): The audit configuration of the provider. + output_options (property): The output configuration of the provider for auditing. + + Methods: + print_credentials(): Displays the provider's credentials used for auditing in the command-line interface. + setup_session(): Sets up the session for the provider. + get_output_mapping(): Returns the output mapping between the provider and the generic model. + validate_arguments(): Validates the arguments for the provider. + get_checks_to_execute_by_audit_resources(): Returns a set of checks based on the input resources to scan. + + Note: + This is an abstract base class and should not be instantiated directly. Each provider should implement its own + version of the Provider class by inheriting from this base class and implementing the required methods and properties. + """ @property @abstractmethod - def type(self): + def type(self) -> str: """ type method stores the provider's type. This method needs to be created in each provider. """ + raise NotImplementedError() @property @abstractmethod - def identity(self): + def identity(self) -> str: """ identity method stores the provider's identity to audit. This method needs to be created in each provider. """ + raise NotImplementedError() + + @abstractmethod + def setup_session(self) -> Any: + """ + setup_session sets up the session for the provider. + + This method needs to be created in each provider. + """ + raise NotImplementedError() @property @abstractmethod - def session(self): + def session(self) -> str: """ session method stores the provider's session to audit. This method needs to be created in each provider. """ + raise NotImplementedError() @property @abstractmethod - def audit_config(self): + def audit_config(self) -> str: """ audit_config method stores the provider's audit configuration. This method needs to be created in each provider. """ + raise NotImplementedError() @abstractmethod - def print_credentials(self): + def print_credentials(self) -> None: """ print_credentials is used to display in the CLI the provider's credentials used to audit. This method needs to be created in each provider. """ - - @abstractmethod - def setup_session(self): - pass + raise NotImplementedError() @property @abstractmethod - def output_options(self): + def output_options(self) -> str: """ output_options method returns the provider's audit output configuration. This method needs to be created in each provider. """ + raise NotImplementedError() @output_options.setter @abstractmethod - def output_options(self): + def output_options(self, value: str) -> Any: """ output_options.setter sets the provider's audit output configuration. This method needs to be created in each provider. """ + raise NotImplementedError() @abstractmethod - def get_output_mapping(self): + def get_output_mapping(self) -> dict: """ - get_output_mapping return the CSV output mapping between the provider and the generic model. + get_output_mapping returns the output mapping between the provider and the generic model. This method needs to be created in each provider. """ + raise NotImplementedError() # TODO: probably this won't be here since we want to do the arguments validation during the parse() - def validate_arguments(self): - pass + def validate_arguments(self) -> None: + """ + validate_arguments validates the arguments for the provider. - def get_checks_to_execute_by_audit_resources(self): + This method can be overridden in each provider if needed. + """ + raise NotImplementedError() + + def get_checks_to_execute_by_audit_resources(self) -> set: """ get_checks_to_execute_by_audit_resources returns a set of checks based on the input resources to scan. This is a fallback that returns None if the service has not implemented this function. """ + return set() @property @abstractmethod @@ -108,6 +149,7 @@ class Provider(ABC): This method needs to be created in each provider. """ + raise NotImplementedError() @mutelist.setter @abstractmethod @@ -117,3 +159,4 @@ class Provider(ABC): This method needs to be created in each provider. """ + raise NotImplementedError() diff --git a/prowler/providers/gcp/lib/audit_info/__init__.py b/prowler/providers/gcp/lib/audit_info/__init__.py deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/prowler/providers/gcp/lib/audit_info/audit_info.py b/prowler/providers/gcp/lib/audit_info/audit_info.py deleted file mode 100644 index 5bc5e87813..0000000000 --- a/prowler/providers/gcp/lib/audit_info/audit_info.py +++ /dev/null @@ -1,10 +0,0 @@ -from prowler.providers.gcp.lib.audit_info.models import GCP_Audit_Info - -gcp_audit_info = GCP_Audit_Info( - credentials=None, - default_project_id=None, - project_ids=[], - audit_resources=None, - audit_metadata=None, - audit_config=None, -) diff --git a/prowler/providers/gcp/lib/audit_info/models.py b/prowler/providers/gcp/lib/audit_info/models.py deleted file mode 100644 index 4cb8fcfb0f..0000000000 --- a/prowler/providers/gcp/lib/audit_info/models.py +++ /dev/null @@ -1,30 +0,0 @@ -from dataclasses import dataclass -from typing import Any, Optional - -from google.oauth2.credentials import Credentials - - -@dataclass -class GCP_Audit_Info: - credentials: Credentials - default_project_id: str - project_ids: list - audit_resources: Optional[Any] - audit_metadata: Optional[Any] - audit_config: Optional[dict] - - def __init__( - self, - credentials, - default_project_id, - project_ids, - audit_metadata, - audit_resources, - audit_config, - ): - self.credentials = credentials - self.default_project_id = default_project_id - self.project_ids = project_ids - self.audit_metadata = audit_metadata - self.audit_resources = audit_resources - self.audit_config = audit_config diff --git a/prowler/providers/kubernetes/kubernetes_provider.py b/prowler/providers/kubernetes/kubernetes_provider.py index 2c972483c8..98b2c3535c 100644 --- a/prowler/providers/kubernetes/kubernetes_provider.py +++ b/prowler/providers/kubernetes/kubernetes_provider.py @@ -225,7 +225,7 @@ class KubernetesProvider(Provider): ) sys.exit(1) - def get_all_namespaces(self): + def get_all_namespaces(self) -> list[str]: """ Retrieves all namespaces. Returns: diff --git a/prowler/providers/kubernetes/lib/audit_info/__init__.py b/prowler/providers/kubernetes/lib/audit_info/__init__.py deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/prowler/providers/kubernetes/lib/audit_info/audit_info.py b/prowler/providers/kubernetes/lib/audit_info/audit_info.py deleted file mode 100644 index ce9c977e83..0000000000 --- a/prowler/providers/kubernetes/lib/audit_info/audit_info.py +++ /dev/null @@ -1,9 +0,0 @@ -from prowler.providers.kubernetes.lib.audit_info.models import Kubernetes_Audit_Info - -kubernetes_audit_info = Kubernetes_Audit_Info( - api_client=None, - context=None, - audit_resources=None, - audit_metadata=None, - audit_config=None, -) diff --git a/prowler/providers/kubernetes/lib/audit_info/models.py b/prowler/providers/kubernetes/lib/audit_info/models.py deleted file mode 100644 index 7ef5ff7a2f..0000000000 --- a/prowler/providers/kubernetes/lib/audit_info/models.py +++ /dev/null @@ -1,27 +0,0 @@ -from dataclasses import dataclass -from typing import Any, Optional - -from kubernetes import client - - -@dataclass -class Kubernetes_Audit_Info: - api_client: client.ApiClient - context: Optional[str] - audit_resources: Optional[Any] - audit_metadata: Optional[Any] - audit_config: Optional[dict] - - def __init__( - self, - api_client, - context, - audit_metadata, - audit_resources, - audit_config, - ): - self.api_client = api_client - self.context = context - self.audit_metadata = audit_metadata - self.audit_resources = audit_resources - self.audit_config = audit_config diff --git a/tests/config/config_test.py b/tests/config/config_test.py index e7ca8138f2..5017b8ea7f 100644 --- a/tests/config/config_test.py +++ b/tests/config/config_test.py @@ -2,16 +2,17 @@ import os import pathlib from unittest import mock +import pytest from requests import Response from prowler.config.config import ( - change_config_var, check_current_version, get_available_compliance_frameworks, load_and_validate_config_file, + update_provider_config, ) from prowler.providers.aws.aws_provider import get_aws_available_regions -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info +from tests.providers.aws.utils import set_mocked_aws_provider MOCK_PROWLER_VERSION = "3.3.0" MOCK_OLD_PROWLER_VERSION = "0.0.0" @@ -78,61 +79,30 @@ class Test_Config: == f"Prowler {MOCK_OLD_PROWLER_VERSION} (latest is {MOCK_PROWLER_VERSION}, upgrade for the latest features)" ) - def test_change_config_var_aws(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=None, - audited_account=None, - audited_account_arn=None, - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region=None, - credentials=None, - assumed_role_info=None, - audited_regions=["us-east-1", "eu-west-1"], - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=None, - audit_config={"shodan_api_key": ""}, + def test_update_provider_config_aws(self): + aws_provider = set_mocked_aws_provider( + audit_config={"shodan_api_key": "DEFAULT-KEY"} ) - updated_audit_info = change_config_var("shodan_api_key", "XXXXXX", audit_info) - assert audit_info == updated_audit_info - assert audit_info.audit_config.get( - "shodan_api_key" - ) == updated_audit_info.audit_config.get("shodan_api_key") + with mock.patch( + "prowler.config.config.get_global_provider", + return_value=aws_provider, + ): + update_provider_config("shodan_api_key", "TEST-API-KEY") + assert aws_provider.audit_config.get("shodan_api_key") == "TEST-API-KEY" - def test_change_config_var_aws_not_present(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=None, - audited_account=None, - audited_account_arn=None, - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region=None, - credentials=None, - assumed_role_info=None, - audited_regions=["us-east-1", "eu-west-1"], - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=None, - audit_config={}, + def test_update_provider_config_aws_not_present(self): + aws_provider = set_mocked_aws_provider( + audit_config={"shodan_api_key": "DEFAULT-KEY"} ) - updated_audit_info = change_config_var("not_found", "no_value", audit_info) - assert audit_info == updated_audit_info - assert updated_audit_info.audit_config.get("not_found") is None + with mock.patch( + "prowler.config.config.get_global_provider", + return_value=aws_provider, + ): - # Test load_and_validate_config_file + update_provider_config("not_found", "no_value") + assert aws_provider.audit_config.get("not_found") is None def test_get_available_compliance_frameworks(self): compliance_frameworks = [ @@ -202,3 +172,10 @@ class Test_Config: assert load_and_validate_config_file("aws", config_test_file) == config_aws assert load_and_validate_config_file("gcp", config_test_file) == {} assert load_and_validate_config_file("azure", config_test_file) == {} + + def test_load_and_validate_config_file_invalid_config_file_path(self): + provider = "aws" + config_file_path = "invalid/path/to/config.yaml" + + with pytest.raises(SystemExit): + load_and_validate_config_file(provider, config_file_path) diff --git a/tests/lib/check/check_test.py b/tests/lib/check/check_test.py index 1728bfec0f..51239b0687 100644 --- a/tests/lib/check/check_test.py +++ b/tests/lib/check/check_test.py @@ -1,5 +1,6 @@ import os import pathlib +from argparse import Namespace from importlib.machinery import FileFinder from pkgutil import ModuleInfo @@ -23,14 +24,11 @@ from prowler.lib.check.check import ( update_audit_metadata, ) from prowler.lib.check.models import load_check_metadata -from prowler.providers.aws.aws_provider import ( - get_checks_from_input_arn, - get_regions_from_audit_resources, -) -from tests.providers.aws.utils import set_mocked_aws_audit_info +from prowler.providers.aws.aws_provider import AwsProvider +from tests.providers.aws.utils import AWS_REGION_US_EAST_1 -AWS_ACCOUNT_NUMBER = "123456789012" -AWS_REGION = "us-east-1" +# AWS_ACCOUNT_NUMBER = "123456789012" +# AWS_REGION = "us-east-1" expected_packages = [ ModuleInfo( @@ -390,147 +388,7 @@ def mock_recover_checks_from_aws_provider(*_): ] -def mock_recover_checks_from_aws_provider_lambda_service(*_): - return [ - ( - "awslambda_function_invoke_api_operations_cloudtrail_logging_enabled", - "/root_dir/fake_path/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled", - ), - ( - "awslambda_function_url_cors_policy", - "/root_dir/fake_path/awslambda/awslambda_function_url_cors_policy", - ), - ( - "awslambda_function_no_secrets_in_code", - "/root_dir/fake_path/awslambda/awslambda_function_no_secrets_in_code", - ), - ] - - -def mock_recover_checks_from_aws_provider_elb_service(*_): - return [ - ( - "elb_insecure_ssl_ciphers", - "/root_dir/fake_path/elb/elb_insecure_ssl_ciphers", - ), - ( - "elb_internet_facing", - "/root_dir/fake_path/elb/elb_internet_facing", - ), - ( - "elb_logging_enabled", - "/root_dir/fake_path/elb/elb_logging_enabled", - ), - ] - - -def mock_recover_checks_from_aws_provider_efs_service(*_): - return [ - ( - "efs_encryption_at_rest_enabled", - "/root_dir/fake_path/efs/efs_encryption_at_rest_enabled", - ), - ( - "efs_have_backup_enabled", - "/root_dir/fake_path/efs/efs_have_backup_enabled", - ), - ( - "efs_not_publicly_accessible", - "/root_dir/fake_path/efs/efs_not_publicly_accessible", - ), - ] - - -def mock_recover_checks_from_aws_provider_iam_service(*_): - return [ - ( - "iam_customer_attached_policy_no_administrative_privileges", - "/root_dir/fake_path/iam/iam_customer_attached_policy_no_administrative_privileges", - ), - ( - "iam_check_saml_providers_sts", - "/root_dir/fake_path/iam/iam_check_saml_providers_sts", - ), - ( - "iam_password_policy_minimum_length_14", - "/root_dir/fake_path/iam/iam_password_policy_minimum_length_14", - ), - ] - - -def mock_recover_checks_from_aws_provider_s3_service(*_): - return [ - ( - "s3_account_level_public_access_blocks", - "/root_dir/fake_path/s3/s3_account_level_public_access_blocks", - ), - ( - "s3_bucket_acl_prohibited", - "/root_dir/fake_path/s3/s3_bucket_acl_prohibited", - ), - ( - "s3_bucket_policy_public_write_access", - "/root_dir/fake_path/s3/s3_bucket_policy_public_write_access", - ), - ] - - -def mock_recover_checks_from_aws_provider_cloudwatch_service(*_): - return [ - ( - "cloudwatch_changes_to_network_acls_alarm_configured", - "/root_dir/fake_path/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured", - ), - ( - "cloudwatch_changes_to_network_gateways_alarm_configured", - "/root_dir/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured", - ), - ( - "cloudwatch_changes_to_network_route_tables_alarm_configured", - "/root_dir/fake_path/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured", - ), - ] - - -def mock_recover_checks_from_aws_provider_ec2_service(*_): - return [ - ( - "ec2_securitygroup_allow_ingress_from_internet_to_any_port", - "/root_dir/fake_path/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port", - ), - ( - "ec2_networkacl_allow_ingress_any_port", - "/root_dir/fake_path/ec2/ec2_networkacl_allow_ingress_any_port", - ), - ( - "ec2_ami_public", - "/root_dir/fake_path/ec2/ec2_ami_public", - ), - ] - - -def mock_recover_checks_from_aws_provider_rds_service(*_): - return [ - ( - "rds_instance_backup_enabled", - "/root_dir/fake_path/rds/rds_instance_backup_enabled", - ), - ( - "rds_instance_deletion_protection", - "/root_dir/fake_path/rds/rds_instance_deletion_protection", - ), - ( - "rds_snapshots_public_access", - "/root_dir/fake_path/rds/rds_snapshots_public_access", - ), - ] - - -def mock_recover_checks_from_aws_provider_cognito_service(*_): - return [] - - -class Test_Check: +class TestCheck: def test_load_check_metadata(self): test_cases = [ { @@ -574,7 +432,7 @@ class Test_Check: f"{pathlib.Path().absolute()}/tests/lib/check/fixtures/checks_folder" ) # Create bucket and upload checks folder - s3_client = client("s3", region_name=AWS_REGION) + s3_client = client("s3", region_name=AWS_REGION_US_EAST_1) s3_client.create_bucket(Bucket="test") # Iterate through the files in the folder and upload each one for subdir, _, files in os.walk(test_checks_folder): @@ -601,14 +459,14 @@ class Test_Check: "expected": 3, }, ] + + arguments = Namespace() + aws_provider = AwsProvider(arguments) for test in test_cases: check_folder = test["input"]["path"] provider = test["input"]["provider"] assert ( - parse_checks_from_folder( - set_mocked_aws_audit_info(), check_folder, provider - ) - == test["expected"] + parse_checks_from_folder(aws_provider, check_folder) == test["expected"] ) remove_custom_checks_module(check_folder, provider) @@ -787,182 +645,6 @@ class Test_Check: recovered_checks = recover_checks_from_service(service_list, provider) assert recovered_checks == expected_checks - @patch( - "prowler.lib.check.check.recover_checks_from_provider", - new=mock_recover_checks_from_aws_provider_elb_service, - ) - def test_get_checks_from_input_arn_elb(self): - audit_resources = [ - f"arn:aws:elasticloadbalancing:us-east-1:{AWS_ACCOUNT_NUMBER}:loadbalancer/test" - ] - provider = "aws" - expected_checks = [ - "elb_insecure_ssl_ciphers", - "elb_internet_facing", - "elb_logging_enabled", - ] - recovered_checks = get_checks_from_input_arn(audit_resources, provider) - assert recovered_checks == expected_checks - - @patch( - "prowler.lib.check.check.recover_checks_from_provider", - new=mock_recover_checks_from_aws_provider_efs_service, - ) - def test_get_checks_from_input_arn_efs(self): - audit_resources = [ - f"arn:aws:elasticfilesystem:us-east-1:{AWS_ACCOUNT_NUMBER}:file-system/fs-01234567" - ] - provider = "aws" - expected_checks = [ - "efs_encryption_at_rest_enabled", - "efs_have_backup_enabled", - "efs_not_publicly_accessible", - ] - recovered_checks = get_checks_from_input_arn(audit_resources, provider) - assert recovered_checks == expected_checks - - @patch( - "prowler.lib.check.check.recover_checks_from_provider", - new=mock_recover_checks_from_aws_provider_lambda_service, - ) - def test_get_checks_from_input_arn_lambda(self): - audit_resources = ["arn:aws:lambda:us-east-1:123456789:function:test-lambda"] - provider = "aws" - expected_checks = [ - "awslambda_function_invoke_api_operations_cloudtrail_logging_enabled", - "awslambda_function_no_secrets_in_code", - "awslambda_function_url_cors_policy", - ] - recovered_checks = get_checks_from_input_arn(audit_resources, provider) - assert recovered_checks == expected_checks - - @patch( - "prowler.lib.check.check.recover_checks_from_provider", - new=mock_recover_checks_from_aws_provider_iam_service, - ) - def test_get_checks_from_input_arn_iam(self): - audit_resources = [f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:user/user-name"] - provider = "aws" - expected_checks = [ - "iam_check_saml_providers_sts", - "iam_customer_attached_policy_no_administrative_privileges", - "iam_password_policy_minimum_length_14", - ] - recovered_checks = get_checks_from_input_arn(audit_resources, provider) - assert recovered_checks == expected_checks - - @patch( - "prowler.lib.check.check.recover_checks_from_provider", - new=mock_recover_checks_from_aws_provider_s3_service, - ) - def test_get_checks_from_input_arn_s3(self): - audit_resources = ["arn:aws:s3:::bucket-name"] - provider = "aws" - expected_checks = [ - "s3_account_level_public_access_blocks", - "s3_bucket_acl_prohibited", - "s3_bucket_policy_public_write_access", - ] - recovered_checks = get_checks_from_input_arn(audit_resources, provider) - assert recovered_checks == expected_checks - - @patch( - "prowler.lib.check.check.recover_checks_from_provider", - new=mock_recover_checks_from_aws_provider_cloudwatch_service, - ) - def test_get_checks_from_input_arn_cloudwatch(self): - audit_resources = [ - f"arn:aws:logs:us-east-1:{AWS_ACCOUNT_NUMBER}:destination:testDestination" - ] - provider = "aws" - expected_checks = [ - "cloudwatch_changes_to_network_acls_alarm_configured", - "cloudwatch_changes_to_network_gateways_alarm_configured", - "cloudwatch_changes_to_network_route_tables_alarm_configured", - ] - recovered_checks = get_checks_from_input_arn(audit_resources, provider) - assert recovered_checks == expected_checks - - @patch( - "prowler.lib.check.check.recover_checks_from_provider", - new=mock_recover_checks_from_aws_provider_cognito_service, - ) - def test_get_checks_from_input_arn_cognito(self): - audit_resources = [ - f"arn:aws:cognito-idp:us-east-1:{AWS_ACCOUNT_NUMBER}:userpool/test" - ] - provider = "aws" - expected_checks = [] - recovered_checks = get_checks_from_input_arn(audit_resources, provider) - assert recovered_checks == expected_checks - - @patch( - "prowler.lib.check.check.recover_checks_from_provider", - new=mock_recover_checks_from_aws_provider_ec2_service, - ) - def test_get_checks_from_input_arn_ec2_security_group(self): - audit_resources = [ - f"arn:aws:ec2:us-east-1:{AWS_ACCOUNT_NUMBER}:security-group/sg-1111111111" - ] - provider = "aws" - expected_checks = ["ec2_securitygroup_allow_ingress_from_internet_to_any_port"] - recovered_checks = get_checks_from_input_arn(audit_resources, provider) - assert recovered_checks == expected_checks - - @patch( - "prowler.lib.check.check.recover_checks_from_provider", - new=mock_recover_checks_from_aws_provider_ec2_service, - ) - def test_get_checks_from_input_arn_ec2_acl(self): - audit_resources = [ - f"arn:aws:ec2:us-west-2:{AWS_ACCOUNT_NUMBER}:network-acl/acl-1" - ] - provider = "aws" - expected_checks = ["ec2_networkacl_allow_ingress_any_port"] - recovered_checks = get_checks_from_input_arn(audit_resources, provider) - assert recovered_checks == expected_checks - - @patch( - "prowler.lib.check.check.recover_checks_from_provider", - new=mock_recover_checks_from_aws_provider_rds_service, - ) - def test_get_checks_from_input_arn_rds_snapshots(self): - audit_resources = [ - f"arn:aws:rds:us-east-2:{AWS_ACCOUNT_NUMBER}:snapshot:rds:snapshot-1" - ] - provider = "aws" - expected_checks = ["rds_snapshots_public_access"] - recovered_checks = get_checks_from_input_arn(audit_resources, provider) - assert recovered_checks == expected_checks - - @patch( - "prowler.lib.check.check.recover_checks_from_provider", - new=mock_recover_checks_from_aws_provider_ec2_service, - ) - def test_get_checks_from_input_arn_ec2_ami(self): - audit_resources = [f"arn:aws:ec2:us-west-2:{AWS_ACCOUNT_NUMBER}:image/ami-1"] - provider = "aws" - expected_checks = ["ec2_ami_public"] - recovered_checks = get_checks_from_input_arn(audit_resources, provider) - assert recovered_checks == expected_checks - - def test_get_regions_from_audit_resources_with_regions(self): - audit_resources = [ - f"arn:aws:lambda:us-east-1:{AWS_ACCOUNT_NUMBER}:function:test-lambda", - f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:policy/test", - f"arn:aws:ec2:eu-west-1:{AWS_ACCOUNT_NUMBER}:security-group/sg-test", - "arn:aws:s3:::bucket-name", - "arn:aws:apigateway:us-east-2::/restapis/api-id/stages/stage-name", - ] - expected_regions = {"us-east-1", "eu-west-1", "us-east-2"} - recovered_regions = get_regions_from_audit_resources(audit_resources) - assert recovered_regions == expected_regions - - def test_get_regions_from_audit_resources_without_regions(self): - audit_resources = ["arn:aws:s3:::bucket-name"] - recovered_regions = get_regions_from_audit_resources(audit_resources) - assert not recovered_regions - # def test_parse_checks_from_compliance_framework_two(self): # test_case = { # "input": {"compliance_frameworks": ["cis_v1.4_aws", "ens_v3_aws"]}, diff --git a/tests/lib/check/custom_checks_metadata_test.py b/tests/lib/check/custom_checks_metadata_test.py index 5530ce8b9e..cae29e50b1 100644 --- a/tests/lib/check/custom_checks_metadata_test.py +++ b/tests/lib/check/custom_checks_metadata_test.py @@ -85,7 +85,7 @@ class TestCustomChecksMetadata: def test_parse_custom_checks_metadata_file_for_kubernetes(self): assert parse_custom_checks_metadata_file( KUBERNETES_PROVIDER, CUSTOM_CHECKS_METADATA_FIXTURE_FILE - ) == {"Checks": {"bigquery_dataset_cmk_encryption": {"Severity": "low"}}} + ) == {"Checks": {"apiserver_anonymous_requests": {"Severity": "low"}}} def test_parse_custom_checks_metadata_file_for_aws_validation_error(self, caplog): caplog.set_level(logging.CRITICAL) diff --git a/tests/lib/cli/parser_test.py b/tests/lib/cli/parser_test.py index b17d1dbc0e..a681b466ae 100644 --- a/tests/lib/cli/parser_test.py +++ b/tests/lib/cli/parser_test.py @@ -79,7 +79,6 @@ class Test_Parser: assert not parsed.output_bucket assert not parsed.output_bucket_no_assume assert not parsed.shodan - assert not parsed.mutelist_file assert not parsed.resource_tags assert not parsed.ignore_unused_services diff --git a/tests/lib/outputs/fixtures/fixtures.py b/tests/lib/outputs/fixtures/fixtures.py new file mode 100644 index 0000000000..39ba5ebaf8 --- /dev/null +++ b/tests/lib/outputs/fixtures/fixtures.py @@ -0,0 +1,54 @@ +from datetime import datetime + +from prowler.config.config import prowler_version +from prowler.lib.outputs.common_models import FindingOutput +from tests.providers.aws.utils import AWS_ACCOUNT_NUMBER + + +# TODO: customize it per provider +def generate_finding_output(status, severity, muted, region) -> FindingOutput: + # TODO: Include metadata from a valid file + + return FindingOutput( + auth_method="profile: default", + timestamp=datetime.now(), + account_uid=AWS_ACCOUNT_NUMBER, + account_name=AWS_ACCOUNT_NUMBER, + account_email="", + account_organization_uid="test-organization-id", + account_organization_name="test-organization", + account_tags="", + finding_uid="test-unique-finding", + provider="aws", + check_id="test-check-id", + check_title="test-check-id", + check_type="test-type", + status=status, + status_extended="status extended", + muted=muted, + service_name="test-service", + subservice_name="", + severity=severity, + resource_type="test-resource", + resource_uid="resource-id", + resource_name="resource_name", + resource_details="resource_details", + resource_tags="", + partition="aws", + region=region, + description="check description", + risk="", + related_url="", + remediation_recommendation_text="", + remediation_recommendation_url="", + remediation_code_nativeiac="", + remediation_code_terraform="", + remediation_code_cli="", + remediation_code_other="", + compliance="", + categories="", + depends_on="", + related_to="", + notes="", + prowler_version=prowler_version, + ) diff --git a/tests/lib/outputs/json_asff/json_asff_test.py b/tests/lib/outputs/json_asff/json_asff_test.py new file mode 100644 index 0000000000..c67e51724a --- /dev/null +++ b/tests/lib/outputs/json_asff/json_asff_test.py @@ -0,0 +1,457 @@ +from os import path + +import mock + +from prowler.config.config import prowler_version, timestamp_utc +from prowler.lib.check.models import Check_Report, load_check_metadata +from prowler.lib.outputs.json_asff.json_asff import ( + fill_json_asff, + generate_json_asff_resource_tags, + generate_json_asff_status, +) +from prowler.lib.outputs.json_asff.models import ( + Check_Output_JSON_ASFF, + Compliance, + ProductFields, + Resource, + Severity, +) +from prowler.lib.utils.utils import hash_sha512 +from tests.providers.aws.utils import AWS_ACCOUNT_NUMBER, set_mocked_aws_provider + +METADATA_FIXTURE_PATH = ( + f"{path.dirname(path.realpath(__file__))}/../fixtures/metadata.json" +) + + +class TestOutputJSONASFF: + def test_fill_json_asff(self): + aws_provider = set_mocked_aws_provider() + finding = Check_Report(load_check_metadata(METADATA_FIXTURE_PATH).json()) + finding.resource_details = "Test resource details" + finding.resource_id = "test-resource" + finding.resource_arn = "test-arn" + finding.region = "eu-west-1" + finding.status = "PASS" + finding.status_extended = "This is a test" + + timestamp = timestamp_utc.strftime("%Y-%m-%dT%H:%M:%SZ") + + expected = Check_Output_JSON_ASFF( + Id=f"prowler-{finding.check_metadata.CheckID}-123456789012-eu-west-1-{hash_sha512('test-resource')}", + ProductArn="arn:aws:securityhub:eu-west-1::product/prowler/prowler", + ProductFields=ProductFields( + ProviderVersion=prowler_version, ProwlerResourceName="test-arn" + ), + GeneratorId="prowler-" + finding.check_metadata.CheckID, + AwsAccountId=AWS_ACCOUNT_NUMBER, + Types=finding.check_metadata.CheckType, + FirstObservedAt=timestamp, + UpdatedAt=timestamp, + CreatedAt=timestamp, + Severity=Severity(Label=finding.check_metadata.Severity.upper()), + Title=finding.check_metadata.CheckTitle, + Description=finding.status_extended, + Resources=[ + Resource( + Id="test-arn", + Type=finding.check_metadata.ResourceType, + Partition="aws", + Region="eu-west-1", + ) + ], + Compliance=Compliance( + Status="PASS" + "ED", + RelatedRequirements=[], + AssociatedStandards=[], + ), + Remediation={ + "Recommendation": finding.check_metadata.Remediation.Recommendation + }, + ) + + assert fill_json_asff(aws_provider, finding) == expected + + def test_fill_json_asff_without_remediation_recommendation_url(self): + aws_provider = set_mocked_aws_provider() + finding = Check_Report(load_check_metadata(METADATA_FIXTURE_PATH).json()) + + # Empty the Remediation.Recomendation.URL + finding.check_metadata.Remediation.Recommendation.Url = "" + + finding.resource_details = "Test resource details" + finding.resource_id = "test-resource" + finding.resource_arn = "test-arn" + finding.region = "eu-west-1" + finding.status = "PASS" + finding.status_extended = "This is a test" + + timestamp = timestamp_utc.strftime("%Y-%m-%dT%H:%M:%SZ") + + expected = Check_Output_JSON_ASFF( + Id=f"prowler-{finding.check_metadata.CheckID}-123456789012-eu-west-1-{hash_sha512('test-resource')}", + ProductArn="arn:aws:securityhub:eu-west-1::product/prowler/prowler", + ProductFields=ProductFields( + ProviderVersion=prowler_version, ProwlerResourceName="test-arn" + ), + GeneratorId="prowler-" + finding.check_metadata.CheckID, + AwsAccountId=AWS_ACCOUNT_NUMBER, + Types=finding.check_metadata.CheckType, + FirstObservedAt=timestamp, + UpdatedAt=timestamp, + CreatedAt=timestamp, + Severity=Severity(Label=finding.check_metadata.Severity.upper()), + Title=finding.check_metadata.CheckTitle, + Description=finding.status_extended, + Resources=[ + Resource( + Id="test-arn", + Type=finding.check_metadata.ResourceType, + Partition="aws", + Region="eu-west-1", + ) + ], + Compliance=Compliance( + Status="PASS" + "ED", + RelatedRequirements=[], + AssociatedStandards=[], + ), + Remediation={ + "Recommendation": finding.check_metadata.Remediation.Recommendation, + # "Code": finding.check_metadata.Remediation.Code, + }, + ) + + expected.Remediation["Recommendation"].Text = ( + finding.check_metadata.Remediation.Recommendation.Text + ) + expected.Remediation["Recommendation"].Url = ( + "https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html" + ) + + assert fill_json_asff(aws_provider, finding) == expected + + def test_fill_json_asff_with_long_description(self): + aws_provider = set_mocked_aws_provider() + finding = Check_Report(load_check_metadata(METADATA_FIXTURE_PATH).json()) + + # Empty the Remediation.Recomendation.URL + finding.check_metadata.Remediation.Recommendation.Url = "" + + finding.resource_details = "Test resource details" + finding.resource_id = "test-resource" + finding.resource_arn = "test-arn" + finding.region = "eu-west-1" + finding.status = "PASS" + finding.status_extended = "x" * 2000 # it has to be limited to 1000+... + + timestamp = timestamp_utc.strftime("%Y-%m-%dT%H:%M:%SZ") + + expected = Check_Output_JSON_ASFF( + Id=f"prowler-{finding.check_metadata.CheckID}-123456789012-eu-west-1-{hash_sha512('test-resource')}", + ProductArn="arn:aws:securityhub:eu-west-1::product/prowler/prowler", + ProductFields=ProductFields( + ProviderVersion=prowler_version, ProwlerResourceName="test-arn" + ), + GeneratorId="prowler-" + finding.check_metadata.CheckID, + AwsAccountId=AWS_ACCOUNT_NUMBER, + Types=finding.check_metadata.CheckType, + FirstObservedAt=timestamp, + UpdatedAt=timestamp, + CreatedAt=timestamp, + Severity=Severity(Label=finding.check_metadata.Severity.upper()), + Title=finding.check_metadata.CheckTitle, + Description=finding.status_extended[:1000] + "...", + Resources=[ + Resource( + Id="test-arn", + Type=finding.check_metadata.ResourceType, + Partition="aws", + Region="eu-west-1", + ) + ], + Compliance=Compliance( + Status="PASS" + "ED", + RelatedRequirements=[], + AssociatedStandards=[], + ), + Remediation={ + "Recommendation": finding.check_metadata.Remediation.Recommendation, + # "Code": finding.check_metadata.Remediation.Code, + }, + ) + + expected.Remediation["Recommendation"].Text = ( + finding.check_metadata.Remediation.Recommendation.Text + ) + expected.Remediation["Recommendation"].Url = ( + "https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html" + ) + + assert fill_json_asff(aws_provider, finding) == expected + + def test_fill_json_asff_with_long_associated_standards(self): + aws_provider = set_mocked_aws_provider() + with mock.patch( + "prowler.lib.outputs.json_asff.json_asff.get_check_compliance", + return_value={ + "CISA": ["your-systems-3", "your-data-2"], + "SOC2": ["cc_2_1", "cc_7_2", "cc_a_1_2"], + "CIS-1.4": ["3.1"], + "CIS-1.5": ["3.1"], + "GDPR": ["article_25", "article_30"], + "AWS-Foundational-Security-Best-Practices": ["cloudtrail"], + "HIPAA": [ + "164_308_a_1_ii_d", + "164_308_a_3_ii_a", + "164_308_a_6_ii", + "164_312_b", + "164_312_e_2_i", + ], + "ISO27001": ["A.12.4"], + "GxP-21-CFR-Part-11": ["11.10-e", "11.10-k", "11.300-d"], + "AWS-Well-Architected-Framework-Security-Pillar": [ + "SEC04-BP02", + "SEC04-BP03", + ], + "GxP-EU-Annex-11": [ + "1-risk-management", + "4.2-validation-documentation-change-control", + ], + "NIST-800-171-Revision-2": [ + "3_1_12", + "3_3_1", + "3_3_2", + "3_3_3", + "3_4_1", + "3_6_1", + "3_6_2", + "3_13_1", + "3_13_2", + "3_14_6", + "3_14_7", + ], + "NIST-800-53-Revision-4": [ + "ac_2_4", + "ac_2", + "au_2", + "au_3", + "au_12", + "cm_2", + ], + "NIST-800-53-Revision-5": [ + "ac_2_4", + "ac_3_1", + "ac_3_10", + "ac_4_26", + "ac_6_9", + "au_2_b", + "au_3_1", + "au_3_a", + "au_3_b", + "au_3_c", + "au_3_d", + "au_3_e", + "au_3_f", + "au_6_3", + "au_6_4", + "au_6_6", + "au_6_9", + "au_8_b", + "au_10", + "au_12_a", + "au_12_c", + "au_12_1", + "au_12_2", + "au_12_3", + "au_12_4", + "au_14_a", + "au_14_b", + "au_14_3", + "ca_7_b", + "cm_5_1_b", + "cm_6_a", + "cm_9_b", + "ia_3_3_b", + "ma_4_1_a", + "pm_14_a_1", + "pm_14_b", + "pm_31", + "sc_7_9_b", + "si_1_1_c", + "si_3_8_b", + "si_4_2", + "si_4_17", + "si_4_20", + "si_7_8", + "si_10_1_c", + ], + "ENS-RD2022": [ + "op.acc.6.r5.aws.iam.1", + "op.exp.5.aws.ct.1", + "op.exp.8.aws.ct.1", + "op.exp.8.aws.ct.6", + "op.exp.9.aws.ct.1", + "op.mon.1.aws.ct.1", + ], + "NIST-CSF-1.1": [ + "ae_1", + "ae_3", + "ae_4", + "cm_1", + "cm_3", + "cm_6", + "cm_7", + "am_3", + "ac_6", + "ds_5", + "ma_2", + "pt_1", + ], + "RBI-Cyber-Security-Framework": ["annex_i_7_4"], + "FFIEC": [ + "d2-ma-ma-b-1", + "d2-ma-ma-b-2", + "d3-dc-an-b-3", + "d3-dc-an-b-4", + "d3-dc-an-b-5", + "d3-dc-ev-b-1", + "d3-dc-ev-b-3", + "d3-pc-im-b-3", + "d3-pc-im-b-7", + "d5-dr-de-b-3", + ], + "PCI-3.2.1": ["cloudtrail"], + "FedRamp-Moderate-Revision-4": [ + "ac-2-4", + "ac-2-g", + "au-2-a-d", + "au-3", + "au-6-1-3", + "au-12-a-c", + "ca-7-a-b", + "si-4-16", + "si-4-2", + "si-4-4", + "si-4-5", + ], + "FedRAMP-Low-Revision-4": ["ac-2", "au-2", "ca-7"], + }, + ): + finding = Check_Report(load_check_metadata(METADATA_FIXTURE_PATH).json()) + + # Empty the Remediation.Recomendation.URL + finding.check_metadata.Remediation.Recommendation.Url = "" + + finding.resource_details = "Test resource details" + finding.resource_id = "test-resource" + finding.resource_arn = "test-arn" + finding.region = "eu-west-1" + finding.status = "PASS" + finding.status_extended = "This is a test" + + timestamp = timestamp_utc.strftime("%Y-%m-%dT%H:%M:%SZ") + + expected = Check_Output_JSON_ASFF( + Id=f"prowler-{finding.check_metadata.CheckID}-123456789012-eu-west-1-{hash_sha512('test-resource')}", + ProductArn="arn:aws:securityhub:eu-west-1::product/prowler/prowler", + ProductFields=ProductFields( + ProviderVersion=prowler_version, ProwlerResourceName="test-arn" + ), + GeneratorId="prowler-" + finding.check_metadata.CheckID, + AwsAccountId=AWS_ACCOUNT_NUMBER, + Types=finding.check_metadata.CheckType, + FirstObservedAt=timestamp, + UpdatedAt=timestamp, + CreatedAt=timestamp, + Severity=Severity(Label=finding.check_metadata.Severity.upper()), + Title=finding.check_metadata.CheckTitle, + Description=finding.status_extended, + Resources=[ + Resource( + Id="test-arn", + Type=finding.check_metadata.ResourceType, + Partition="aws", + Region="eu-west-1", + ) + ], + Compliance=Compliance( + Status="PASS" + "ED", + RelatedRequirements=[ + "CISA your-systems-3 your-data-2", + "SOC2 cc_2_1 cc_7_2 cc_a_1_2", + "CIS-1.4 3.1", + "CIS-1.5 3.1", + "GDPR article_25 article_30", + "AWS-Foundational-Security-Best-Practices cloudtrail", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "ISO27001 A.12.4", + "GxP-21-CFR-Part-11 11.10-e 11.10-k 11.300-d", + "AWS-Well-Architected-Framework-Security-Pillar SEC04-BP02 SEC04", + "GxP-EU-Annex-11 1-risk-management 4.2-validation-documentation-", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_2 3_3_3 3_4_1 3_6_1 3_", + "NIST-800-53-Revision-4 ac_2_4 ac_2 au_2 au_3 au_12 cm_2", + "NIST-800-53-Revision-5 ac_2_4 ac_3_1 ac_3_10 ac_4_26 ac_6_9 au_", + "ENS-RD2022 op.acc.6.r5.aws.iam.1 op.exp.5.aws.ct.1 op.exp.8.aws", + "NIST-CSF-1.1 ae_1 ae_3 ae_4 cm_1 cm_3 cm_6 cm_7 am_3 ac_6 ds_5 ", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", + "PCI-3.2.1 cloudtrail", + "FedRamp-Moderate-Revision-4 ac-2-4 ac-2-g au-2-a-d au-3 au-6-1-", + ], + AssociatedStandards=[ + {"StandardsId": "CISA"}, + {"StandardsId": "SOC2"}, + {"StandardsId": "CIS-1.4"}, + {"StandardsId": "CIS-1.5"}, + {"StandardsId": "GDPR"}, + {"StandardsId": "AWS-Foundational-Security-Best-Practices"}, + {"StandardsId": "HIPAA"}, + {"StandardsId": "ISO27001"}, + {"StandardsId": "GxP-21-CFR-Part-11"}, + { + "StandardsId": "AWS-Well-Architected-Framework-Security-Pillar" + }, + {"StandardsId": "GxP-EU-Annex-11"}, + {"StandardsId": "NIST-800-171-Revision-2"}, + {"StandardsId": "NIST-800-53-Revision-4"}, + {"StandardsId": "NIST-800-53-Revision-5"}, + {"StandardsId": "ENS-RD2022"}, + {"StandardsId": "NIST-CSF-1.1"}, + {"StandardsId": "RBI-Cyber-Security-Framework"}, + {"StandardsId": "FFIEC"}, + {"StandardsId": "PCI-3.2.1"}, + {"StandardsId": "FedRamp-Moderate-Revision-4"}, + ], + ), + Remediation={ + "Recommendation": finding.check_metadata.Remediation.Recommendation, + # "Code": finding.check_metadata.Remediation.Code, + }, + ) + + expected.Remediation["Recommendation"].Text = ( + finding.check_metadata.Remediation.Recommendation.Text + ) + expected.Remediation["Recommendation"].Url = ( + "https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html" + ) + + assert fill_json_asff(aws_provider, finding) == expected + + def test_generate_json_asff_status(self): + assert generate_json_asff_status("PASS") == "PASSED" + assert generate_json_asff_status("FAIL") == "FAILED" + assert generate_json_asff_status("MUTED") == "MUTED" + assert generate_json_asff_status("SOMETHING ELSE") == "NOT_AVAILABLE" + + def test_generate_json_asff_resource_tags(self): + assert generate_json_asff_resource_tags(None) is None + assert generate_json_asff_resource_tags([]) is None + assert generate_json_asff_resource_tags([{}]) is None + assert generate_json_asff_resource_tags([{"key1": "value1"}]) == { + "key1": "value1" + } + assert generate_json_asff_resource_tags( + [{"Key": "key1", "Value": "value1"}] + ) == {"key1": "value1"} diff --git a/tests/lib/outputs/json_ocsf/json_ocsf_test.py b/tests/lib/outputs/json_ocsf/json_ocsf_test.py new file mode 100644 index 0000000000..dbd66bdac8 --- /dev/null +++ b/tests/lib/outputs/json_ocsf/json_ocsf_test.py @@ -0,0 +1,225 @@ +# from datetime import datetime +from os import path + +from py_ocsf_models.events.base_event import SeverityID, StatusID +from py_ocsf_models.events.findings.detection_finding import ( + TypeID as DetectionFindingTypeID, +) +from py_ocsf_models.events.findings.finding import ActivityID, FindingInformation +from py_ocsf_models.objects.account import Account, TypeID +from py_ocsf_models.objects.cloud import Cloud +from py_ocsf_models.objects.group import Group +from py_ocsf_models.objects.metadata import Metadata +from py_ocsf_models.objects.organization import Organization +from py_ocsf_models.objects.product import Product + +# from py_ocsf_models.events.findings.detection_finding import DetectionFinding +from py_ocsf_models.objects.remediation import Remediation +from py_ocsf_models.objects.resource_details import ResourceDetails + +from prowler.config.config import prowler_version +from prowler.lib.outputs.json_ocsf.json_ocsf import ( + fill_json_ocsf, + get_account_type_id_by_provider, + get_finding_status_id, +) +from tests.lib.outputs.fixtures.fixtures import generate_finding_output +from tests.providers.aws.utils import AWS_REGION_EU_WEST_1 + +METADATA_FIXTURE_PATH = ( + f"{path.dirname(path.realpath(__file__))}/../fixtures/metadata.json" +) + + +class TestOutputJSONOCSF: + # test_fill_json_ocsf_iso_format_timestamp + def test_finding_output_cloud_pass_low_muted(self): + finding_output = generate_finding_output( + "PASS", "low", True, AWS_REGION_EU_WEST_1 + ) + + finding_json_ocsf = fill_json_ocsf(finding_output) + + # Activity + assert finding_json_ocsf.activity_id == ActivityID.Create.value + assert finding_json_ocsf.activity_name == ActivityID.Create.name + + # Finding Information + finding_information = finding_json_ocsf.finding_info + + assert isinstance(finding_information, FindingInformation) + assert finding_information.created_time == finding_output.timestamp + assert finding_information.desc == finding_output.description + assert finding_information.title == finding_output.check_title + assert finding_information.uid == finding_output.finding_uid + assert finding_information.product_uid == "prowler" + + # Event time + assert finding_json_ocsf.event_time == finding_output.timestamp + + # Remediation + remediation = finding_json_ocsf.remediation + assert isinstance(remediation, Remediation) + assert remediation.desc == finding_output.remediation_recommendation_text + assert remediation.references == [] + + # Severity + assert finding_json_ocsf.severity_id == SeverityID.Low + assert finding_json_ocsf.severity == SeverityID.Low.name + + # Status + assert finding_json_ocsf.status_id == StatusID.Suppressed.value + assert finding_json_ocsf.status == StatusID.Suppressed.name + assert finding_json_ocsf.status_code == finding_output.status + assert finding_json_ocsf.status_detail == finding_output.status_extended + + # ResourceDetails + resource_details = finding_json_ocsf.resources + + assert len(resource_details) == 1 + assert isinstance(resource_details, list) + assert isinstance(resource_details[0], ResourceDetails) + assert resource_details[0].labels == [] + assert resource_details[0].name == finding_output.resource_name + assert resource_details[0].uid == finding_output.resource_uid + assert resource_details[0].type == finding_output.resource_type + assert resource_details[0].cloud_partition == finding_output.partition + assert resource_details[0].region == finding_output.region + + resource_details_group = resource_details[0].group + assert isinstance(resource_details_group, Group) + assert resource_details_group.name == finding_output.service_name + + # Metadata + metadata = finding_json_ocsf.metadata + assert isinstance(metadata, Metadata) + + metadata_product = metadata.product + assert isinstance(metadata_product, Product) + assert metadata_product.name == "Prowler" + assert metadata_product.vendor_name == "Prowler" + assert metadata_product.version == prowler_version + + # Type + assert finding_json_ocsf.type_uid == DetectionFindingTypeID.Create + assert finding_json_ocsf.type_name == DetectionFindingTypeID.Create.name + + # Cloud + cloud = finding_json_ocsf.cloud + assert isinstance(cloud, Cloud) + assert cloud.provider == "aws" + assert cloud.region == finding_output.region + + cloud_account = cloud.account + assert isinstance(cloud_account, Account) + assert cloud_account.name == finding_output.account_name + assert cloud_account.type_id == TypeID.AWS_Account + assert cloud_account.type == TypeID.AWS_Account.name + assert cloud_account.uid == finding_output.account_uid + + cloud_organization = cloud.org + assert isinstance(cloud_organization, Organization) + assert cloud_organization.uid == finding_output.account_organization_uid + assert cloud_organization.name == finding_output.account_organization_name + + def test_finding_output_cloud_fail_low_not_muted(self): + finding_output = generate_finding_output( + "FAIL", "low", False, AWS_REGION_EU_WEST_1 + ) + + finding_json_ocsf = fill_json_ocsf(finding_output) + + # Status + assert finding_json_ocsf.status_id == StatusID.New.value + assert finding_json_ocsf.status == StatusID.New.name + assert finding_json_ocsf.status_code == finding_output.status + assert finding_json_ocsf.status_detail == finding_output.status_extended + + def test_finding_output_cloud_pass_low_not_muted(self): + finding_output = generate_finding_output( + "PASS", "low", False, AWS_REGION_EU_WEST_1 + ) + + finding_json_ocsf = fill_json_ocsf(finding_output) + + # Status + assert finding_json_ocsf.status_id == StatusID.Other.value + assert finding_json_ocsf.status == StatusID.Other.name + assert finding_json_ocsf.status_code == finding_output.status + assert finding_json_ocsf.status_detail == finding_output.status_extended + + # Returns TypeID.AWS_Account when provider is 'aws' + def test_returns_aws_account_when_provider_is_aws(self): + provider = "aws" + result = get_account_type_id_by_provider(provider) + + assert result == TypeID.AWS_Account + + # Returns TypeID.Azure_AD_Account when provider is 'azure' + def test_returns_azure_ad_account_when_provider_is_azure(self): + provider = "azure" + result = get_account_type_id_by_provider(provider) + + assert result == TypeID.Azure_AD_Account + + # Returns TypeID.GCP_Account when provider is 'gcp' + def test_returns_gcp_account_when_provider_is_gcp(self): + provider = "gcp" + result = get_account_type_id_by_provider(provider) + + assert result == TypeID.GCP_Account + + # Returns TypeID.Other when provider is None + def test_returns_other_when_provider_is_none(self): + provider = None + result = get_account_type_id_by_provider(provider) + + assert result == TypeID.Other + + # Returns StatusID.New when status is "FAIL" and muted is False + def test_new_when_status_fail_and_not_muted(self): + status = "FAIL" + muted = False + result = get_finding_status_id(status, muted) + + assert result == StatusID.New + + # Returns StatusID.Suppressed when status is "FAIL" and muted is True + def test_suppressed_when_status_fail_and_muted(self): + status = "FAIL" + muted = True + result = get_finding_status_id(status, muted) + + assert result == StatusID.Suppressed + + # Returns StatusID.Other when status is None and muted is False + def test_other_when_status_whatever_and_not_muted(self): + status = None + muted = False + result = get_finding_status_id(status, muted) + + assert result == StatusID.Other + + # Returns StatusID.Suppresed when status is None and muted is True + def test_other_when_status_whatever_and_muted(self): + status = None + muted = True + result = get_finding_status_id(status, muted) + + assert result == StatusID.Suppressed + + # Returns StatusID.Suppressed when muted is True and status is not "FAIL" + def test_suppressed_when_status_pass_and_muted(self): + status = "PASS" + muted = True + result = get_finding_status_id(status, muted) + + assert result == StatusID.Suppressed + + # Returns StatusID.Other when muted is False and status is not "FAIL" + def test_other_when_status_pass_and_not_muted(self): + status = "PASS" + muted = False + result = get_finding_status_id(status, muted) + + assert result == StatusID.Other diff --git a/tests/lib/outputs/outputs_test.py b/tests/lib/outputs/outputs_test.py index 9b93741f5c..7ed4209cb6 100644 --- a/tests/lib/outputs/outputs_test.py +++ b/tests/lib/outputs/outputs_test.py @@ -1,21 +1,15 @@ import os from os import path, remove -from time import mktime from unittest import mock import pytest from colorama import Fore -from mock import patch from prowler.config.config import ( csv_file_suffix, json_asff_file_suffix, - json_file_suffix, - orange_color, + json_ocsf_file_suffix, output_file_timestamp, - prowler_version, - timestamp, - timestamp_utc, ) from prowler.lib.check.compliance_models import ( CIS_Requirement_Attribute, @@ -23,76 +17,27 @@ from prowler.lib.check.compliance_models import ( Compliance_Requirement, ) from prowler.lib.check.models import Check_Report, load_check_metadata +from prowler.lib.outputs.common_models import FindingOutput +from prowler.lib.outputs.compliance.compliance import get_check_compliance +from prowler.lib.outputs.csv.csv import generate_csv_fields from prowler.lib.outputs.file_descriptors import fill_file_descriptors -from prowler.lib.outputs.json import ( - fill_json_asff, - fill_json_ocsf, - generate_json_asff_resource_tags, - generate_json_asff_status, -) -from prowler.lib.outputs.models import ( - Account, - Check_Output_CSV, - Check_Output_JSON_ASFF, - Check_Output_JSON_OCSF, - Cloud, - Compliance, - Compliance_OCSF, - Feature, - Finding, - Group, - Metadata, - Organization, - Product, - ProductFields, - Remediation_OCSF, - Resource, - Resources, - Severity, - generate_csv_fields, - get_check_compliance, +from prowler.lib.outputs.outputs import extract_findings_statistics, set_report_color +from prowler.lib.outputs.utils import ( parse_json_tags, unroll_dict, unroll_dict_to_list, unroll_list, unroll_tags, ) -from prowler.lib.outputs.outputs import extract_findings_statistics, set_report_color -from prowler.lib.utils.utils import hash_sha512, open_file -from prowler.providers.common.models import Audit_Metadata - -AWS_ACCOUNT_ID = "123456789012" +from prowler.lib.utils.utils import open_file +from tests.providers.aws.utils import AWS_ACCOUNT_NUMBER, set_mocked_aws_provider -class Test_Outputs: - def test_fill_file_descriptors(self): - audited_account = AWS_ACCOUNT_ID +class TestOutputs: + def test_fill_file_descriptors_aws(self): + audited_account = AWS_ACCOUNT_NUMBER output_directory = f"{os.path.dirname(os.path.realpath(__file__))}" - # TODO(Audit_Info): use provider here - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=None, - audited_account=AWS_ACCOUNT_ID, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:root", - audited_identity_arn="test-arn", - audited_user_id="test", - audited_partition="aws", - profile="default", - profile_region="eu-west-1", - credentials=None, - assumed_role_info=None, - audited_regions=["eu-west-2", "eu-west-1"], - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) + aws_provider = set_mocked_aws_provider() test_output_modes = [ ["csv"], ["json-asff"], @@ -115,7 +60,7 @@ class Test_Outputs: }, { "json-ocsf": open_file( - f"{output_directory}/{output_filename}{json_asff_file_suffix}", + f"{output_directory}/{output_filename}{json_ocsf_file_suffix}", "a", ) }, @@ -124,14 +69,14 @@ class Test_Outputs: f"{output_directory}/{output_filename}{csv_file_suffix}", "a", ), - "json-ocsf": open_file( - f"{output_directory}/{output_filename}{json_file_suffix}", - "a", - ), "json-asff": open_file( f"{output_directory}/{output_filename}{json_asff_file_suffix}", "a", ), + "json-ocsf": open_file( + f"{output_directory}/{output_filename}{json_ocsf_file_suffix}", + "a", + ), }, ] @@ -140,7 +85,7 @@ class Test_Outputs: output_mode_list, output_directory, output_filename, - audit_info, + aws_provider, ) for output_mode in output_mode_list: assert ( @@ -150,8 +95,8 @@ class Test_Outputs: remove(expected[index][output_mode].name) def test_set_report_color(self): - test_status = ["PASS", "FAIL", "ERROR", "MUTED"] - test_colors = [Fore.GREEN, Fore.RED, Fore.BLACK, orange_color] + test_status = ["PASS", "FAIL", "ERROR", "MANUAL"] + test_colors = [Fore.GREEN, Fore.RED, Fore.BLACK, Fore.YELLOW] for status in test_status: assert set_report_color(status) in test_colors @@ -169,37 +114,50 @@ class Test_Outputs: def test_generate_common_csv_fields(self): expected = [ - "assessment_start_time", - "finding_unique_id", + "auth_method", + "timestamp", + "account_uid", + "account_name", + "account_email", + "account_organization_uid", + "account_organization_name", + "account_tags", + "finding_uid", "provider", "check_id", "check_title", "check_type", "status", "status_extended", + "muted", "service_name", "subservice_name", "severity", "resource_type", + "resource_uid", + "resource_name", "resource_details", "resource_tags", + "partition", + "region", "description", "risk", "related_url", "remediation_recommendation_text", "remediation_recommendation_url", - "remediation_recommendation_code_nativeiac", - "remediation_recommendation_code_terraform", - "remediation_recommendation_code_cli", - "remediation_recommendation_code_other", + "remediation_code_nativeiac", + "remediation_code_terraform", + "remediation_code_cli", + "remediation_code_other", "compliance", "categories", "depends_on", "related_to", "notes", + "prowler_version", ] - assert generate_csv_fields(Check_Output_CSV) == expected + assert generate_csv_fields(FindingOutput) == expected def test_unroll_list(self): list = ["test", "test1", "test2"] @@ -305,849 +263,6 @@ class Test_Outputs: assert parse_json_tags([{}]) == {} assert parse_json_tags(None) == {} - # def test_fill_json(self): - # input_audit_info = AWS_Audit_Info( - # session_config = None, - # original_session=None, - # audit_session=None, - # audited_account=AWS_ACCOUNT_ID, - # audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:root", - # audited_identity_arn="test-arn", - # audited_user_id="test", - # audited_partition="aws", - # profile="default", - # profile_region="eu-west-1", - # credentials=None, - # assumed_role_info=None, - # audited_regions=["eu-west-2", "eu-west-1"], - # organizations_metadata=None, - # ) - # finding = Check_Report( - # load_check_metadata( - # f"{path.dirname(path.realpath(__file__))}/fixtures/metadata.json" - # ).json() - # ) - # finding.resource_details = "Test resource details" - # finding.resource_id = "test-resource" - # finding.resource_arn = "test-arn" - # finding.region = "eu-west-1" - # finding.status = "PASS" - # finding.status_extended = "This is a test" - - # input = Check_Output_JSON(**finding.check_metadata.dict()) - - # expected = Check_Output_JSON(**finding.check_metadata.dict()) - # expected.AssessmentStartTime = timestamp_iso - # expected.FindingUniqueId = "" - # expected.Profile = "default" - # expected.AccountId = AWS_ACCOUNT_ID - # expected.OrganizationsInfo = None - # expected.Region = "eu-west-1" - # expected.Status = "PASS" - # expected.StatusExtended = "This is a test" - # expected.ResourceId = "test-resource" - # expected.ResourceArn = "test-arn" - # expected.ResourceDetails = "Test resource details" - - # assert fill_json(input, input_audit_info, finding) == expected - - def test_fill_json_asff(self): - input_audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=None, - audited_account=AWS_ACCOUNT_ID, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:root", - audited_identity_arn="test-arn", - audited_user_id="test", - audited_partition="aws", - profile="default", - profile_region="eu-west-1", - credentials=None, - assumed_role_info=None, - audited_regions=["eu-west-2", "eu-west-1"], - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - finding = Check_Report( - load_check_metadata( - f"{path.dirname(path.realpath(__file__))}/fixtures/metadata.json" - ).json() - ) - finding.resource_details = "Test resource details" - finding.resource_id = "test-resource" - finding.resource_arn = "test-arn" - finding.region = "eu-west-1" - finding.status = "PASS" - finding.status_extended = "This is a test" - - expected = Check_Output_JSON_ASFF() - expected.Id = f"prowler-{finding.check_metadata.CheckID}-123456789012-eu-west-1-{hash_sha512('test-resource')}" - expected.ProductArn = "arn:aws:securityhub:eu-west-1::product/prowler/prowler" - expected.ProductFields = ProductFields( - ProviderVersion=prowler_version, ProwlerResourceName="test-arn" - ) - expected.GeneratorId = "prowler-" + finding.check_metadata.CheckID - expected.AwsAccountId = AWS_ACCOUNT_ID - expected.Types = finding.check_metadata.CheckType - expected.FirstObservedAt = expected.UpdatedAt = expected.CreatedAt = ( - timestamp_utc.strftime("%Y-%m-%dT%H:%M:%SZ") - ) - expected.Severity = Severity(Label=finding.check_metadata.Severity.upper()) - expected.Title = finding.check_metadata.CheckTitle - expected.Description = finding.status_extended - expected.Resources = [ - Resource( - Id="test-arn", - Type=finding.check_metadata.ResourceType, - Partition="aws", - Region="eu-west-1", - ) - ] - - expected.Compliance = Compliance( - Status="PASS" + "ED", - RelatedRequirements=[], - AssociatedStandards=[], - ) - expected.Remediation = { - "Recommendation": finding.check_metadata.Remediation.Recommendation - } - - input = Check_Output_JSON_ASFF() - output_options = mock.MagicMock() - - assert ( - fill_json_asff(input, input_audit_info, finding, output_options) == expected - ) - - def test_fill_json_asff_without_remediation_recommendation_url(self): - input_audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=None, - audited_account=AWS_ACCOUNT_ID, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:root", - audited_identity_arn="test-arn", - audited_user_id="test", - audited_partition="aws", - profile="default", - profile_region="eu-west-1", - credentials=None, - assumed_role_info=None, - audited_regions=["eu-west-2", "eu-west-1"], - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - finding = Check_Report( - load_check_metadata( - f"{path.dirname(path.realpath(__file__))}/fixtures/metadata.json" - ).json() - ) - - # Empty the Remediation.Recomendation.URL - finding.check_metadata.Remediation.Recommendation.Url = "" - - finding.resource_details = "Test resource details" - finding.resource_id = "test-resource" - finding.resource_arn = "test-arn" - finding.region = "eu-west-1" - finding.status = "PASS" - finding.status_extended = "This is a test" - - expected = Check_Output_JSON_ASFF() - expected.Id = f"prowler-{finding.check_metadata.CheckID}-123456789012-eu-west-1-{hash_sha512('test-resource')}" - expected.ProductArn = "arn:aws:securityhub:eu-west-1::product/prowler/prowler" - expected.ProductFields = ProductFields( - ProviderVersion=prowler_version, ProwlerResourceName="test-arn" - ) - expected.GeneratorId = "prowler-" + finding.check_metadata.CheckID - expected.AwsAccountId = AWS_ACCOUNT_ID - expected.Types = finding.check_metadata.CheckType - expected.FirstObservedAt = expected.UpdatedAt = expected.CreatedAt = ( - timestamp_utc.strftime("%Y-%m-%dT%H:%M:%SZ") - ) - expected.Severity = Severity(Label=finding.check_metadata.Severity.upper()) - expected.Title = finding.check_metadata.CheckTitle - expected.Description = finding.status_extended - expected.Resources = [ - Resource( - Id="test-arn", - Type=finding.check_metadata.ResourceType, - Partition="aws", - Region="eu-west-1", - ) - ] - - expected.Compliance = Compliance( - Status="PASS" + "ED", - RelatedRequirements=[], - AssociatedStandards=[], - ) - - # Set the check's remediation - expected.Remediation = { - "Recommendation": finding.check_metadata.Remediation.Recommendation, - # "Code": finding.check_metadata.Remediation.Code, - } - - expected.Remediation["Recommendation"].Text = ( - finding.check_metadata.Remediation.Recommendation.Text - ) - expected.Remediation["Recommendation"].Url = ( - "https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html" - ) - - input = Check_Output_JSON_ASFF() - output_options = mock.MagicMock() - - assert ( - fill_json_asff(input, input_audit_info, finding, output_options) == expected - ) - - def test_fill_json_asff_with_long_description(self): - input_audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=None, - audited_account=AWS_ACCOUNT_ID, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:root", - audited_identity_arn="test-arn", - audited_user_id="test", - audited_partition="aws", - profile="default", - profile_region="eu-west-1", - credentials=None, - assumed_role_info=None, - audited_regions=["eu-west-2", "eu-west-1"], - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - finding = Check_Report( - load_check_metadata( - f"{path.dirname(path.realpath(__file__))}/fixtures/metadata.json" - ).json() - ) - - # Empty the Remediation.Recomendation.URL - finding.check_metadata.Remediation.Recommendation.Url = "" - - finding.resource_details = "Test resource details" - finding.resource_id = "test-resource" - finding.resource_arn = "test-arn" - finding.region = "eu-west-1" - finding.status = "PASS" - finding.status_extended = "x" * 2000 # it has to be limited to 1000+... - - expected = Check_Output_JSON_ASFF() - expected.Id = f"prowler-{finding.check_metadata.CheckID}-123456789012-eu-west-1-{hash_sha512('test-resource')}" - expected.ProductArn = "arn:aws:securityhub:eu-west-1::product/prowler/prowler" - expected.ProductFields = ProductFields( - ProviderVersion=prowler_version, ProwlerResourceName="test-arn" - ) - expected.GeneratorId = "prowler-" + finding.check_metadata.CheckID - expected.AwsAccountId = AWS_ACCOUNT_ID - expected.Types = finding.check_metadata.CheckType - expected.FirstObservedAt = expected.UpdatedAt = expected.CreatedAt = ( - timestamp_utc.strftime("%Y-%m-%dT%H:%M:%SZ") - ) - expected.Severity = Severity(Label=finding.check_metadata.Severity.upper()) - expected.Title = finding.check_metadata.CheckTitle - expected.Description = finding.status_extended[:1000] + "..." - expected.Resources = [ - Resource( - Id="test-arn", - Type=finding.check_metadata.ResourceType, - Partition="aws", - Region="eu-west-1", - ) - ] - - expected.Compliance = Compliance( - Status="PASS" + "ED", - RelatedRequirements=[], - AssociatedStandards=[], - ) - - # Set the check's remediation - expected.Remediation = { - "Recommendation": finding.check_metadata.Remediation.Recommendation, - # "Code": finding.check_metadata.Remediation.Code, - } - - expected.Remediation["Recommendation"].Text = ( - finding.check_metadata.Remediation.Recommendation.Text - ) - expected.Remediation["Recommendation"].Url = ( - "https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html" - ) - - input = Check_Output_JSON_ASFF() - output_options = mock.MagicMock() - - assert ( - fill_json_asff(input, input_audit_info, finding, output_options) == expected - ) - - def test_fill_json_asff_with_long_associated_standards(self): - input_audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=None, - audited_account=AWS_ACCOUNT_ID, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:root", - audited_identity_arn="test-arn", - audited_user_id="test", - audited_partition="aws", - profile="default", - profile_region="eu-west-1", - credentials=None, - assumed_role_info=None, - audited_regions=["eu-west-2", "eu-west-1"], - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - with patch( - "prowler.lib.outputs.json.get_check_compliance", - return_value={ - "CISA": ["your-systems-3", "your-data-2"], - "SOC2": ["cc_2_1", "cc_7_2", "cc_a_1_2"], - "CIS-1.4": ["3.1"], - "CIS-1.5": ["3.1"], - "GDPR": ["article_25", "article_30"], - "AWS-Foundational-Security-Best-Practices": ["cloudtrail"], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i", - ], - "ISO27001": ["A.12.4"], - "GxP-21-CFR-Part-11": ["11.10-e", "11.10-k", "11.300-d"], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03", - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control", - ], - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7", - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2", - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c", - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1", - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1", - ], - "RBI-Cyber-Security-Framework": ["annex_i_7_4"], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3", - ], - "PCI-3.2.1": ["cloudtrail"], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5", - ], - "FedRAMP-Low-Revision-4": ["ac-2", "au-2", "ca-7"], - }, - ): - finding = Check_Report( - load_check_metadata( - f"{path.dirname(path.realpath(__file__))}/fixtures/metadata.json" - ).json() - ) - - # Empty the Remediation.Recomendation.URL - finding.check_metadata.Remediation.Recommendation.Url = "" - - finding.resource_details = "Test resource details" - finding.resource_id = "test-resource" - finding.resource_arn = "test-arn" - finding.region = "eu-west-1" - finding.status = "PASS" - finding.status_extended = "This is a test" - - expected = Check_Output_JSON_ASFF() - expected.Id = f"prowler-{finding.check_metadata.CheckID}-123456789012-eu-west-1-{hash_sha512('test-resource')}" - expected.ProductArn = ( - "arn:aws:securityhub:eu-west-1::product/prowler/prowler" - ) - expected.ProductFields = ProductFields( - ProviderVersion=prowler_version, ProwlerResourceName="test-arn" - ) - expected.GeneratorId = "prowler-" + finding.check_metadata.CheckID - expected.AwsAccountId = AWS_ACCOUNT_ID - expected.Types = finding.check_metadata.CheckType - expected.FirstObservedAt = expected.UpdatedAt = expected.CreatedAt = ( - timestamp_utc.strftime("%Y-%m-%dT%H:%M:%SZ") - ) - expected.Severity = Severity(Label=finding.check_metadata.Severity.upper()) - expected.Title = finding.check_metadata.CheckTitle - expected.Description = finding.status_extended - expected.Resources = [ - Resource( - Id="test-arn", - Type=finding.check_metadata.ResourceType, - Partition="aws", - Region="eu-west-1", - ) - ] - - expected.Compliance = Compliance( - Status="PASS" + "ED", - RelatedRequirements=[ - "CISA your-systems-3 your-data-2", - "SOC2 cc_2_1 cc_7_2 cc_a_1_2", - "CIS-1.4 3.1", - "CIS-1.5 3.1", - "GDPR article_25 article_30", - "AWS-Foundational-Security-Best-Practices cloudtrail", - "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", - "ISO27001 A.12.4", - "GxP-21-CFR-Part-11 11.10-e 11.10-k 11.300-d", - "AWS-Well-Architected-Framework-Security-Pillar SEC04-BP02 SEC04", - "GxP-EU-Annex-11 1-risk-management 4.2-validation-documentation-", - "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_2 3_3_3 3_4_1 3_6_1 3_", - "NIST-800-53-Revision-4 ac_2_4 ac_2 au_2 au_3 au_12 cm_2", - "NIST-800-53-Revision-5 ac_2_4 ac_3_1 ac_3_10 ac_4_26 ac_6_9 au_", - "ENS-RD2022 op.acc.6.r5.aws.iam.1 op.exp.5.aws.ct.1 op.exp.8.aws", - "NIST-CSF-1.1 ae_1 ae_3 ae_4 cm_1 cm_3 cm_6 cm_7 am_3 ac_6 ds_5 ", - "RBI-Cyber-Security-Framework annex_i_7_4", - "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", - "PCI-3.2.1 cloudtrail", - "FedRamp-Moderate-Revision-4 ac-2-4 ac-2-g au-2-a-d au-3 au-6-1-", - ], - AssociatedStandards=[ - {"StandardsId": "CISA"}, - {"StandardsId": "SOC2"}, - {"StandardsId": "CIS-1.4"}, - {"StandardsId": "CIS-1.5"}, - {"StandardsId": "GDPR"}, - {"StandardsId": "AWS-Foundational-Security-Best-Practices"}, - {"StandardsId": "HIPAA"}, - {"StandardsId": "ISO27001"}, - {"StandardsId": "GxP-21-CFR-Part-11"}, - {"StandardsId": "AWS-Well-Architected-Framework-Security-Pillar"}, - {"StandardsId": "GxP-EU-Annex-11"}, - {"StandardsId": "NIST-800-171-Revision-2"}, - {"StandardsId": "NIST-800-53-Revision-4"}, - {"StandardsId": "NIST-800-53-Revision-5"}, - {"StandardsId": "ENS-RD2022"}, - {"StandardsId": "NIST-CSF-1.1"}, - {"StandardsId": "RBI-Cyber-Security-Framework"}, - {"StandardsId": "FFIEC"}, - {"StandardsId": "PCI-3.2.1"}, - {"StandardsId": "FedRamp-Moderate-Revision-4"}, - ], - ) - - # Set the check's remediation - expected.Remediation = { - "Recommendation": finding.check_metadata.Remediation.Recommendation, - # "Code": finding.check_metadata.Remediation.Code, - } - - expected.Remediation["Recommendation"].Text = ( - finding.check_metadata.Remediation.Recommendation.Text - ) - expected.Remediation["Recommendation"].Url = ( - "https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html" - ) - - input = Check_Output_JSON_ASFF() - output_options = mock.MagicMock() - - assert ( - fill_json_asff(input, input_audit_info, finding, output_options) - == expected - ) - - def test_fill_json_ocsf_iso_format_timestamp(self): - input_audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=None, - audited_account=AWS_ACCOUNT_ID, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:root", - audited_identity_arn="test-arn", - audited_user_id="test", - audited_partition="aws", - profile="default", - profile_region="eu-west-1", - credentials=None, - assumed_role_info=None, - audited_regions=["eu-west-2", "eu-west-1"], - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - finding = Check_Report( - load_check_metadata( - f"{path.dirname(path.realpath(__file__))}/fixtures/metadata.json" - ).json() - ) - finding.resource_details = "Test resource details" - finding.resource_id = "test-resource" - finding.resource_arn = "test-arn" - finding.region = "eu-west-1" - finding.status = "PASS" - finding.status_extended = "This is a test" - - expected = Check_Output_JSON_OCSF( - finding=Finding( - title="Ensure Access Keys unused are disabled", - desc="Ensure Access Keys unused are disabled", - supporting_data={ - "Risk": "Risk associated.", - "Notes": "additional information", - }, - remediation=Remediation_OCSF( - kb_articles=[ - "code or URL to the code location.", - "code or URL to the code location.", - "cli command or URL to the cli command location.", - "cli command or URL to the cli command location.", - "https://myfp.com/recommendations/dangerous_things_and_how_to_fix_them.html", - ], - desc="Run sudo yum update and cross your fingers and toes.", - ), - types=["Software and Configuration Checks"], - src_url="https://serviceofficialsiteorpageforthissubject", - uid="prowler-aws-iam_user_accesskey_unused-123456789012-eu-west-1-test-resource", - related_events=[ - "othercheck1", - "othercheck2", - "othercheck3", - "othercheck4", - ], - ), - resources=[ - Resources( - group=Group(name="iam"), - region="eu-west-1", - name="test-resource", - uid="test-arn", - labels=[], - type="AwsIamAccessAnalyzer", - details="Test resource details", - ) - ], - status_detail="This is a test", - compliance=Compliance_OCSF( - status="Success", requirements=[], status_detail="This is a test" - ), - message="This is a test", - severity_id=2, - severity="Low", - cloud=Cloud( - account=Account(name="", uid="123456789012"), - region="eu-west-1", - org=Organization(uid="", name=""), - provider="aws", - project_uid="", - ), - time=timestamp.isoformat(), - metadata=Metadata( - original_time=timestamp.isoformat(), - profiles=["default"], - product=Product( - language="en", - name="Prowler", - version=prowler_version, - vendor_name="Prowler/ProwlerPro", - feature=Feature( - name="iam_user_accesskey_unused", - uid="iam_user_accesskey_unused", - version=prowler_version, - ), - ), - version="1.0.0-rc.3", - ), - state_id=0, - state="New", - status_id=1, - status="Success", - type_uid=200101, - type_name="Security Finding: Create", - impact_id=0, - impact="Unknown", - confidence_id=0, - confidence="Unknown", - activity_id=1, - activity_name="Create", - category_uid=2, - category_name="Findings", - class_uid=2001, - class_name="Security Finding", - ) - output_options = mock.MagicMock() - output_options.unix_timestamp = False - assert fill_json_ocsf(input_audit_info, finding, output_options) == expected - - def test_fill_json_ocsf_unix_timestamp(self): - input_audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=None, - audited_account=AWS_ACCOUNT_ID, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:root", - audited_identity_arn="test-arn", - audited_user_id="test", - audited_partition="aws", - profile="default", - profile_region="eu-west-1", - credentials=None, - assumed_role_info=None, - audited_regions=["eu-west-2", "eu-west-1"], - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - finding = Check_Report( - load_check_metadata( - f"{path.dirname(path.realpath(__file__))}/fixtures/metadata.json" - ).json() - ) - finding.resource_details = "Test resource details" - finding.resource_id = "test-resource" - finding.resource_arn = "test-arn" - finding.region = "eu-west-1" - finding.status = "PASS" - finding.status_extended = "This is a test" - - expected = Check_Output_JSON_OCSF( - finding=Finding( - title="Ensure Access Keys unused are disabled", - desc="Ensure Access Keys unused are disabled", - supporting_data={ - "Risk": "Risk associated.", - "Notes": "additional information", - }, - remediation=Remediation_OCSF( - kb_articles=[ - "code or URL to the code location.", - "code or URL to the code location.", - "cli command or URL to the cli command location.", - "cli command or URL to the cli command location.", - "https://myfp.com/recommendations/dangerous_things_and_how_to_fix_them.html", - ], - desc="Run sudo yum update and cross your fingers and toes.", - ), - types=["Software and Configuration Checks"], - src_url="https://serviceofficialsiteorpageforthissubject", - uid="prowler-aws-iam_user_accesskey_unused-123456789012-eu-west-1-test-resource", - related_events=[ - "othercheck1", - "othercheck2", - "othercheck3", - "othercheck4", - ], - ), - resources=[ - Resources( - group=Group(name="iam"), - region="eu-west-1", - name="test-resource", - uid="test-arn", - labels=[], - type="AwsIamAccessAnalyzer", - details="Test resource details", - ) - ], - status_detail="This is a test", - compliance=Compliance_OCSF( - status="Success", requirements=[], status_detail="This is a test" - ), - message="This is a test", - severity_id=2, - severity="Low", - cloud=Cloud( - account=Account(name="", uid="123456789012"), - region="eu-west-1", - org=Organization(uid="", name=""), - provider="aws", - project_uid="", - ), - time=int(mktime(timestamp.timetuple())), - metadata=Metadata( - original_time=int(mktime(timestamp.timetuple())), - profiles=["default"], - product=Product( - language="en", - name="Prowler", - version=prowler_version, - vendor_name="Prowler/ProwlerPro", - feature=Feature( - name="iam_user_accesskey_unused", - uid="iam_user_accesskey_unused", - version=prowler_version, - ), - ), - version="1.0.0-rc.3", - ), - state_id=0, - state="New", - status_id=1, - status="Success", - type_uid=200101, - type_name="Security Finding: Create", - impact_id=0, - impact="Unknown", - confidence_id=0, - confidence="Unknown", - activity_id=1, - activity_name="Create", - category_uid=2, - category_name="Findings", - class_uid=2001, - class_name="Security Finding", - ) - output_options = mock.MagicMock() - output_options.unix_timestamp = True - assert fill_json_ocsf(input_audit_info, finding, output_options) == expected - def test_extract_findings_statistics_different_resources(self): finding_1 = mock.MagicMock() finding_1.status = "PASS" @@ -1285,20 +400,3 @@ class Test_Outputs: "CIS-1.4": ["2.1.3"], "CIS-1.5": ["2.1.3"], } - - def test_generate_json_asff_status(self): - assert generate_json_asff_status("PASS") == "PASSED" - assert generate_json_asff_status("FAIL") == "FAILED" - assert generate_json_asff_status("MUTED") == "MUTED" - assert generate_json_asff_status("SOMETHING ELSE") == "NOT_AVAILABLE" - - def test_generate_json_asff_resource_tags(self): - assert generate_json_asff_resource_tags(None) is None - assert generate_json_asff_resource_tags([]) is None - assert generate_json_asff_resource_tags([{}]) is None - assert generate_json_asff_resource_tags([{"key1": "value1"}]) == { - "key1": "value1" - } - assert generate_json_asff_resource_tags( - [{"Key": "key1", "Value": "value1"}] - ) == {"key1": "value1"} diff --git a/tests/lib/outputs/slack_test.py b/tests/lib/outputs/slack_test.py index 850749d8e9..f8758d6281 100644 --- a/tests/lib/outputs/slack_test.py +++ b/tests/lib/outputs/slack_test.py @@ -7,15 +7,13 @@ from prowler.lib.outputs.slack import ( create_message_identity, send_slack_message, ) -from prowler.providers.azure.lib.audit_info.models import ( - Azure_Audit_Info, - AzureIdentityInfo, - AzureRegionConfig, +from tests.providers.aws.utils import AWS_ACCOUNT_NUMBER, set_mocked_aws_provider +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, + set_mocked_azure_provider, ) -from prowler.providers.common.models import Audit_Metadata -from prowler.providers.gcp.lib.audit_info.models import GCP_Audit_Info - -AWS_ACCOUNT_ID = "123456789012" +from tests.providers.gcp.gcp_fixtures import set_mocked_gcp_provider def mock_create_message_blocks(*_): @@ -26,75 +24,36 @@ def mock_create_message_identity(*_): return "", "" -class Test_Slack_Integration: - def test_create_message_identity(self): - # TODO(Audit_Info): use provider here - aws_audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=None, - audited_account=AWS_ACCOUNT_ID, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:root", - audited_identity_arn="test-arn", - audited_user_id="test", - audited_partition="aws", - profile="default", - profile_region="eu-west-1", - credentials=None, - assumed_role_info=None, - audited_regions=["eu-west-2", "eu-west-1"], - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - audit_config=None, - ) - gcp_audit_info = GCP_Audit_Info( - credentials=None, - default_project_id="test-project1", - project_ids=["test-project1", "test-project2"], - audit_resources=None, - audit_metadata=None, - audit_config=None, - ) - azure_audit_info = Azure_Audit_Info( - credentials=None, - identity=AzureIdentityInfo( - identity_id="", - identity_type="", - tenant_ids=[], - domain="", - subscriptions={ - "subscription 1": "qwerty", - "subscription 2": "asdfg", - }, - ), - audit_resources=None, - audit_metadata=None, - audit_config=None, - AzureRegionConfig=AzureRegionConfig(), - locations=None, - ) - assert create_message_identity("aws", aws_audit_info) == ( - f"AWS Account *{aws_audit_info.audited_account}*", +class TestSlackIntegration: + def test_create_message_identity_aws(self): + aws_provider = set_mocked_aws_provider() + + assert create_message_identity(aws_provider) == ( + f"AWS Account *{aws_provider.identity.account}*", aws_logo, ) - assert create_message_identity("gcp", gcp_audit_info) == ( - f"GCP Projects *{', '.join(gcp_audit_info.project_ids)}*", - gcp_logo, - ) - assert create_message_identity("azure", azure_audit_info) == ( - "Azure Subscriptions:\n- *subscription 1: qwerty*\n- *subscription 2: asdfg*\n", + + def test_create_message_identity_azure(self): + azure_provider = set_mocked_azure_provider() + + assert create_message_identity(azure_provider) == ( + f"Azure Subscriptions:\n- *{AZURE_SUBSCRIPTION_ID}: {AZURE_SUBSCRIPTION_NAME}*\n", azure_logo, ) + def test_create_message_identity_gcp(self): + gcp_provider = set_mocked_gcp_provider( + project_ids=["test-project1", "test-project2"], + default_project_id="test-project1", + ) + + assert create_message_identity(gcp_provider) == ( + f"GCP Projects *{', '.join(gcp_provider.project_ids)}*", + gcp_logo, + ) + def test_create_message_blocks(self): - aws_identity = f"AWS Account *{AWS_ACCOUNT_ID}*" + aws_identity = f"AWS Account *{AWS_ACCOUNT_NUMBER}*" azure_identity = "Azure Subscriptions:\n- *subscription 1: qwerty*\n- *subscription 2: asdfg*\n" gcp_identity = "GCP Project *gcp-project*" stats = {} diff --git a/tests/lib/utils/utils_test.py b/tests/lib/utils/utils_test.py index 03f8fc8187..c73a849b0b 100644 --- a/tests/lib/utils/utils_test.py +++ b/tests/lib/utils/utils_test.py @@ -156,8 +156,9 @@ class TestFilePermissions: temp_file.close() os.chmod(temp_file.name, 0o644) # Set permissions to 644 (-rw-r--r--) # Check ownership for the temporary file - is_root = is_owned_by_root(temp_file.name) - assert not is_root + assert not is_owned_by_root(temp_file.name) os.unlink(temp_file.name) + assert not is_owned_by_root("not_existing_file") - assert is_owned_by_root("/etc/passwd") + # Not valid for darwin systems + # assert is_owned_by_root("/etc/passwd") diff --git a/tests/providers/aws/aws_provider_test.py b/tests/providers/aws/aws_provider_test.py index 4d9203198d..2c29e567cc 100644 --- a/tests/providers/aws/aws_provider_test.py +++ b/tests/providers/aws/aws_provider_test.py @@ -1,424 +1,680 @@ +import json +import os +import re +import tempfile +from argparse import Namespace +from datetime import datetime +from json import dumps +from os import rmdir from re import search -import boto3 +import botocore +from boto3 import client, session +from freezegun import freeze_time from mock import patch from moto import mock_aws from prowler.providers.aws.aws_provider import ( - AWS_Provider, - assume_role, - generate_regional_clients, - get_available_aws_service_regions, - get_default_region, - get_global_region, + AwsProvider, + create_sts_session, + get_aws_available_regions, + get_aws_region_for_sts, + validate_aws_credentials, +) +from prowler.providers.aws.config import ( + AWS_STS_GLOBAL_ENDPOINT_REGION, + BOTO3_USER_AGENT_EXTRA, +) +from prowler.providers.aws.lib.arn.models import ARN +from prowler.providers.aws.models import ( + AWSAssumeRoleInfo, + AWSCallerIdentity, + AWSCredentials, + AWSMFAInfo, + AWSOrganizationsInfo, + AWSOutputOptions, ) -from prowler.providers.aws.lib.audit_info.models import AWS_Assume_Role from tests.providers.aws.utils import ( + AWS_ACCOUNT_ARN, AWS_ACCOUNT_NUMBER, AWS_CHINA_PARTITION, + AWS_COMMERCIAL_PARTITION, AWS_GOV_CLOUD_PARTITION, AWS_ISO_PARTITION, - AWS_REGION_CHINA_NORHT_1, + AWS_REGION_CN_NORTH_1, + AWS_REGION_CN_NORTHWEST_1, + AWS_REGION_EU_CENTRAL_1, AWS_REGION_EU_WEST_1, AWS_REGION_GOV_CLOUD_US_EAST_1, AWS_REGION_ISO_GLOBAL, AWS_REGION_US_EAST_1, AWS_REGION_US_EAST_2, - set_mocked_aws_audit_info, + EXAMPLE_AMI_ID, ) +# Mocking GetCallerIdentity for China and GovCloud +make_api_call = botocore.client.BaseClient._make_api_call -class Test_AWS_Provider: + +def mock_get_caller_identity_china(self, operation_name, kwarg): + if operation_name == "GetCallerIdentity": + return { + "UserId": "XXXXXXXXXXXXXXXXXXXXX", + "Account": AWS_ACCOUNT_NUMBER, + "Arn": f"arn:{AWS_CHINA_PARTITION}:iam::{AWS_ACCOUNT_NUMBER}:user/test-user", + } + + return make_api_call(self, operation_name, kwarg) + + +def mock_get_caller_identity_gov_cloud(self, operation_name, kwarg): + if operation_name == "GetCallerIdentity": + return { + "UserId": "XXXXXXXXXXXXXXXXXXXXX", + "Account": AWS_ACCOUNT_NUMBER, + "Arn": f"arn:{AWS_GOV_CLOUD_PARTITION}:iam::{AWS_ACCOUNT_NUMBER}:user/test-user", + } + + return make_api_call(self, operation_name, kwarg) + + +def mock_recover_checks_from_aws_provider(*_): + return [ + ( + "accessanalyzer_enabled_without_findings", + "/root_dir/fake_path/accessanalyzer/accessanalyzer_enabled_without_findings", + ), + ( + "awslambda_function_url_cors_policy", + "/root_dir/fake_path/awslambda/awslambda_function_url_cors_policy", + ), + ( + "ec2_securitygroup_allow_ingress_from_internet_to_any_port", + "/root_dir/fake_path/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port", + ), + ] + + +def mock_recover_checks_from_aws_provider_lambda_service(*_): + return [ + ( + "awslambda_function_invoke_api_operations_cloudtrail_logging_enabled", + "/root_dir/fake_path/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled", + ), + ( + "awslambda_function_url_cors_policy", + "/root_dir/fake_path/awslambda/awslambda_function_url_cors_policy", + ), + ( + "awslambda_function_no_secrets_in_code", + "/root_dir/fake_path/awslambda/awslambda_function_no_secrets_in_code", + ), + ] + + +def mock_recover_checks_from_aws_provider_elb_service(*_): + return [ + ( + "elb_insecure_ssl_ciphers", + "/root_dir/fake_path/elb/elb_insecure_ssl_ciphers", + ), + ( + "elb_internet_facing", + "/root_dir/fake_path/elb/elb_internet_facing", + ), + ( + "elb_logging_enabled", + "/root_dir/fake_path/elb/elb_logging_enabled", + ), + ] + + +def mock_recover_checks_from_aws_provider_efs_service(*_): + return [ + ( + "efs_encryption_at_rest_enabled", + "/root_dir/fake_path/efs/efs_encryption_at_rest_enabled", + ), + ( + "efs_have_backup_enabled", + "/root_dir/fake_path/efs/efs_have_backup_enabled", + ), + ( + "efs_not_publicly_accessible", + "/root_dir/fake_path/efs/efs_not_publicly_accessible", + ), + ] + + +def mock_recover_checks_from_aws_provider_iam_service(*_): + return [ + ( + "iam_customer_attached_policy_no_administrative_privileges", + "/root_dir/fake_path/iam/iam_customer_attached_policy_no_administrative_privileges", + ), + ( + "iam_check_saml_providers_sts", + "/root_dir/fake_path/iam/iam_check_saml_providers_sts", + ), + ( + "iam_password_policy_minimum_length_14", + "/root_dir/fake_path/iam/iam_password_policy_minimum_length_14", + ), + ] + + +def mock_recover_checks_from_aws_provider_s3_service(*_): + return [ + ( + "s3_account_level_public_access_blocks", + "/root_dir/fake_path/s3/s3_account_level_public_access_blocks", + ), + ( + "s3_bucket_acl_prohibited", + "/root_dir/fake_path/s3/s3_bucket_acl_prohibited", + ), + ( + "s3_bucket_policy_public_write_access", + "/root_dir/fake_path/s3/s3_bucket_policy_public_write_access", + ), + ] + + +def mock_recover_checks_from_aws_provider_cloudwatch_service(*_): + return [ + ( + "cloudwatch_changes_to_network_acls_alarm_configured", + "/root_dir/fake_path/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured", + ), + ( + "cloudwatch_changes_to_network_gateways_alarm_configured", + "/root_dir/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured", + ), + ( + "cloudwatch_changes_to_network_route_tables_alarm_configured", + "/root_dir/fake_path/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured", + ), + ] + + +def mock_recover_checks_from_aws_provider_ec2_service(*_): + return [ + ( + "ec2_securitygroup_allow_ingress_from_internet_to_any_port", + "/root_dir/fake_path/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port", + ), + ( + "ec2_networkacl_allow_ingress_any_port", + "/root_dir/fake_path/ec2/ec2_networkacl_allow_ingress_any_port", + ), + ( + "ec2_ami_public", + "/root_dir/fake_path/ec2/ec2_ami_public", + ), + ] + + +def mock_recover_checks_from_aws_provider_rds_service(*_): + return [ + ( + "rds_instance_backup_enabled", + "/root_dir/fake_path/rds/rds_instance_backup_enabled", + ), + ( + "rds_instance_deletion_protection", + "/root_dir/fake_path/rds/rds_instance_deletion_protection", + ), + ( + "rds_snapshots_public_access", + "/root_dir/fake_path/rds/rds_snapshots_public_access", + ), + ] + + +def mock_recover_checks_from_aws_provider_cognito_service(*_): + return [] + + +class TestAWSProvider: @mock_aws - def test_aws_provider_user_without_mfa(self): - # sessionName = "ProwlerAssessmentSession" - # Boto 3 client to create our user - iam_client = boto3.client("iam", region_name=AWS_REGION_US_EAST_1) - # IAM user - iam_user = iam_client.create_user(UserName="test-user")["User"] - access_key = iam_client.create_access_key(UserName=iam_user["UserName"])[ - "AccessKey" - ] - access_key_id = access_key["AccessKeyId"] - secret_access_key = access_key["SecretAccessKey"] - # New Boto3 session with the previously create user - session = boto3.session.Session( - aws_access_key_id=access_key_id, - aws_secret_access_key=secret_access_key, - region_name=AWS_REGION_US_EAST_1, + def test_aws_provider_default(self): + arguments = Namespace() + arguments.mfa = False + arguments.ignore_unused_services = True + aws_provider = AwsProvider(arguments) + + assert aws_provider.type == "aws" + assert aws_provider.ignore_unused_services is True + assert aws_provider.audit_config == {} + assert aws_provider.session.current_session.region_name == AWS_REGION_US_EAST_1 + + @mock_aws + def test_aws_provider_organizations_delegated_administrator(self): + organizations_client = client("organizations", region_name=AWS_REGION_EU_WEST_1) + organization = organizations_client.create_organization()["Organization"] + organizations_client.tag_resource( + ResourceId=AWS_ACCOUNT_NUMBER, + Tags=[ + {"Key": "tagged", "Value": "true"}, + ], ) - audit_info = set_mocked_aws_audit_info( - audited_regions=[AWS_REGION_EU_WEST_1], - assumed_role_info=AWS_Assume_Role( - role_arn=None, - session_duration=None, - external_id=None, - mfa_enabled=False, - role_session_name="ProwlerAssessmentSession", - ), - original_session=session, + arguments = Namespace() + aws_provider = AwsProvider(arguments) + + assert isinstance(aws_provider.organizations_metadata, AWSOrganizationsInfo) + assert aws_provider.organizations_metadata.account_email == "master@example.com" + assert aws_provider.organizations_metadata.account_name == "master" + assert aws_provider.organizations_metadata.account_tags == "tagged:true" + assert ( + aws_provider.organizations_metadata.organization_account_arn + == f"arn:aws:organizations::{AWS_ACCOUNT_NUMBER}:account/{organization['Id']}/{AWS_ACCOUNT_NUMBER}" + ) + assert aws_provider.organizations_metadata.organization_id == organization["Id"] + assert ( + aws_provider.organizations_metadata.organization_arn == organization["Arn"] ) - # Call assume_role + @mock_aws + def test_aws_provider_organizations_with_role(self): + iam_client = client("iam", region_name=AWS_REGION_EU_WEST_1) + policy_name = "describe_organizations_policy" + policy_document = { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "organizations:DescribeAccount", + "organizations:ListTagsForResource", + ], + "Resource": "*", + }, + ], + } + + policy = iam_client.create_policy( + PolicyName=policy_name, + PolicyDocument=dumps(policy_document), + )["Policy"] + print(policy) + assume_policy_document = { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": {"AWS": f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"}, + "Action": "sts:AssumeRole", + } + ], + } + role_name = "organizations_role" + organizations_role = iam_client.create_role( + RoleName=role_name, AssumeRolePolicyDocument=dumps(assume_policy_document) + )["Role"] + iam_client.attach_role_policy( + RoleName=role_name, + PolicyArn=policy["Arn"], + ) + organizations_client = client("organizations", region_name=AWS_REGION_EU_WEST_1) + organization = organizations_client.create_organization()["Organization"] + organizations_client.tag_resource( + ResourceId=AWS_ACCOUNT_NUMBER, + Tags=[ + {"Key": "tagged", "Value": "true"}, + ], + ) + + arguments = Namespace() + arguments.organizations_role = organizations_role["Arn"] + arguments.session_duration = 900 + aws_provider = AwsProvider(arguments) + + assert isinstance(aws_provider.organizations_metadata, AWSOrganizationsInfo) + assert aws_provider.organizations_metadata.account_email == "master@example.com" + assert aws_provider.organizations_metadata.account_name == "master" + assert aws_provider.organizations_metadata.account_tags == "tagged:true" + assert ( + aws_provider.organizations_metadata.organization_account_arn + == f"arn:aws:organizations::{AWS_ACCOUNT_NUMBER}:account/{organization['Id']}/{AWS_ACCOUNT_NUMBER}" + ) + assert aws_provider.organizations_metadata.organization_id == organization["Id"] + assert ( + aws_provider.organizations_metadata.organization_arn == organization["Arn"] + ) + + @mock_aws + def test_aws_provider_session_with_mfa(self): + arguments = Namespace() + arguments.mfa = True + with patch( - "prowler.providers.aws.aws_provider.input_role_mfa_token_and_code", - return_value=( - f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:mfa/test-role-mfa", - "111111", + "prowler.providers.aws.aws_provider.AwsProvider.__input_role_mfa_token_and_code__", + return_value=AWSMFAInfo( + arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:mfa/test-role-mfa", + totp="111111", ), ): - aws_provider = AWS_Provider(audit_info) - assert aws_provider.aws_session.region_name == AWS_REGION_US_EAST_1 - assert aws_provider.role_info == AWS_Assume_Role( - role_arn=None, - session_duration=None, - external_id=None, - mfa_enabled=False, - role_session_name="ProwlerAssessmentSession", + + aws_provider = AwsProvider(arguments) + + assert aws_provider.type == "aws" + assert aws_provider.ignore_unused_services is None + assert aws_provider.audit_config == {} + assert ( + aws_provider.session.current_session.region_name == AWS_REGION_US_EAST_1 + ) + assert ( + aws_provider.session.current_session.region_name == AWS_REGION_US_EAST_1 ) @mock_aws - def test_aws_provider_user_with_mfa(self): - # Boto 3 client to create our user - iam_client = boto3.client("iam", region_name=AWS_REGION_US_EAST_1) - # IAM user - iam_user = iam_client.create_user(UserName="test-user")["User"] - access_key = iam_client.create_access_key(UserName=iam_user["UserName"])[ - "AccessKey" - ] - access_key_id = access_key["AccessKeyId"] - secret_access_key = access_key["SecretAccessKey"] - # New Boto3 session with the previously create user - session = boto3.session.Session( - aws_access_key_id=access_key_id, - aws_secret_access_key=secret_access_key, - region_name=AWS_REGION_US_EAST_1, - ) + def test_aws_provider_get_output_mapping(self): + arguments = Namespace() - audit_info = set_mocked_aws_audit_info( - audited_regions=[AWS_REGION_EU_WEST_1], - assumed_role_info=AWS_Assume_Role( - role_arn=None, - session_duration=None, - external_id=None, - mfa_enabled=False, - role_session_name="ProwlerAssessmentSession", - ), - original_session=session, - profile_region=AWS_REGION_US_EAST_1, - ) + aws_provider = AwsProvider(arguments) - # Call assume_role - with patch( - "prowler.providers.aws.aws_provider.input_role_mfa_token_and_code", - return_value=( - f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:mfa/test-role-mfa", - "111111", - ), - ): - aws_provider = AWS_Provider(audit_info) - assert aws_provider.aws_session.region_name == AWS_REGION_US_EAST_1 - assert aws_provider.role_info == AWS_Assume_Role( - role_arn=None, - session_duration=None, - external_id=None, - mfa_enabled=False, - role_session_name="ProwlerAssessmentSession", - ) + assert aws_provider.get_output_mapping == { + "auth_method": "identity.profile", + "provider": "type", + "account_uid": "identity.account", + "account_name": "organizations_metadata.account_name", + "account_email": "organizations_metadata.account_email", + "account_organization_uid": "organizations_metadata.organization_arn", + "account_organization_name": "organizations_metadata.organization_id", + "account_tags": "organizations_metadata.account_tags", + "partition": "identity.partition", + } @mock_aws def test_aws_provider_assume_role_with_mfa(self): # Variables + arguments = Namespace() + arguments.mfa = True role_name = "test-role" - role_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:role/{role_name}" - session_duration_seconds = 900 - sessionName = "ProwlerAssessmentSession" + arguments.role = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:role/{role_name}" + arguments.session_duration = 900 + arguments.role_session_name = "ProwlerAssessmentSession" + arguments.external_id = "test-external-id" - # Boto 3 client to create our user - iam_client = boto3.client("iam", region_name=AWS_REGION_US_EAST_1) - # IAM user - iam_user = iam_client.create_user(UserName="test-user")["User"] - access_key = iam_client.create_access_key(UserName=iam_user["UserName"])[ - "AccessKey" - ] - access_key_id = access_key["AccessKeyId"] - secret_access_key = access_key["SecretAccessKey"] - # New Boto3 session with the previously create user - session = boto3.session.Session( - aws_access_key_id=access_key_id, - aws_secret_access_key=secret_access_key, - region_name=AWS_REGION_US_EAST_1, - ) - - audit_info = set_mocked_aws_audit_info( - audited_regions=[AWS_REGION_EU_WEST_1], - assumed_role_info=AWS_Assume_Role( - role_arn=role_arn, - session_duration=session_duration_seconds, - external_id=None, - mfa_enabled=True, - role_session_name="ProwlerAssessmentSession", - ), - original_session=session, - profile_region=AWS_REGION_US_EAST_1, - ) - - aws_provider = AWS_Provider(audit_info) - # Patch MFA with patch( - "prowler.providers.aws.aws_provider.input_role_mfa_token_and_code", - return_value=( - f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:mfa/test-role-mfa", - "111111", + "prowler.providers.aws.aws_provider.AwsProvider.__input_role_mfa_token_and_code__", + return_value=AWSMFAInfo( + arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:mfa/test-role-mfa", + totp="111111", ), ): - assume_role_response = assume_role( - aws_provider.aws_session, aws_provider.role_info - ) - # Recover credentials for the assume role operation - credentials = assume_role_response["Credentials"] - # Test the response - # SessionToken - assert len(credentials["SessionToken"]) == 356 - assert search(r"^FQoGZXIvYXdzE.*$", credentials["SessionToken"]) - # AccessKeyId - assert len(credentials["AccessKeyId"]) == 20 - assert search(r"^ASIA.*$", credentials["AccessKeyId"]) - # SecretAccessKey - assert len(credentials["SecretAccessKey"]) == 40 - # Assumed Role + aws_provider = AwsProvider(arguments) assert ( - assume_role_response["AssumedRoleUser"]["Arn"] - == f"arn:aws:sts::{AWS_ACCOUNT_NUMBER}:assumed-role/{role_name}/{sessionName}" + aws_provider.session.current_session.region_name == AWS_REGION_US_EAST_1 + ) + assert aws_provider.identity.account == AWS_ACCOUNT_NUMBER + assert aws_provider.identity.account_arn == AWS_ACCOUNT_ARN + assert aws_provider.identity.partition == AWS_COMMERCIAL_PARTITION + assert isinstance( + aws_provider._assumed_role_configuration.info, AWSAssumeRoleInfo + ) + assert aws_provider._assumed_role_configuration.info == AWSAssumeRoleInfo( + role_arn=ARN(arn=arguments.role), + session_duration=arguments.session_duration, + external_id=arguments.external_id, + mfa_enabled=True, # <- MFA configuration + role_session_name=arguments.role_session_name, ) - # AssumedRoleUser - assert search( - r"^AROA.*$", assume_role_response["AssumedRoleUser"]["AssumedRoleId"] - ) - assert search( - rf"^.*:{sessionName}$", - assume_role_response["AssumedRoleUser"]["AssumedRoleId"], - ) - assert len( - assume_role_response["AssumedRoleUser"]["AssumedRoleId"] - ) == 21 + 1 + len(sessionName) + credentials = aws_provider._assumed_role_configuration.credentials + assert isinstance(credentials, AWSCredentials) + + assert credentials.aws_access_key_id + assert len(credentials.aws_access_key_id) == 20 + assert search(r"^ASIA.*$", credentials.aws_access_key_id) + + assert credentials.aws_session_token + assert len(credentials.aws_session_token) == 356 + assert search(r"^FQoGZXIvYXdzE.*$", credentials.aws_session_token) + + assert credentials.aws_secret_access_key + assert len(credentials.aws_secret_access_key) == 40 + + assert credentials.expiration + # assert credentials.expiration == datetime.now(tzinfo=tzutc()) @mock_aws def test_aws_provider_assume_role_without_mfa(self): # Variables + arguments = Namespace() + arguments.mfa = False role_name = "test-role" - role_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:role/{role_name}" - session_duration_seconds = 900 - sessionName = "ProwlerAssessmentSession" + arguments.role = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:role/{role_name}" + arguments.session_duration = 900 + arguments.role_session_name = "ProwlerAssessmentSession" - # Boto 3 client to create our user - iam_client = boto3.client("iam", region_name=AWS_REGION_US_EAST_1) - # IAM user - iam_user = iam_client.create_user(UserName="test-user")["User"] - access_key = iam_client.create_access_key(UserName=iam_user["UserName"])[ - "AccessKey" - ] - access_key_id = access_key["AccessKeyId"] - secret_access_key = access_key["SecretAccessKey"] - # New Boto3 session with the previously create user - session = boto3.session.Session( - aws_access_key_id=access_key_id, - aws_secret_access_key=secret_access_key, - region_name=AWS_REGION_US_EAST_1, - ) - - audit_info = set_mocked_aws_audit_info( - audited_regions=[AWS_REGION_EU_WEST_1], - assumed_role_info=AWS_Assume_Role( - role_arn=role_arn, - session_duration=session_duration_seconds, - external_id=None, - mfa_enabled=False, - role_session_name="ProwlerAssessmentSession", + with patch( + "prowler.providers.aws.aws_provider.AwsProvider.__input_role_mfa_token_and_code__", + return_value=AWSMFAInfo( + arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:mfa/test-role-mfa", + totp="111111", ), - original_session=session, - profile_region=AWS_REGION_US_EAST_1, - ) + ): + aws_provider = AwsProvider(arguments) + assert ( + aws_provider.session.current_session.region_name == AWS_REGION_US_EAST_1 + ) + assert aws_provider.identity.account == AWS_ACCOUNT_NUMBER + assert aws_provider.identity.account_arn == AWS_ACCOUNT_ARN + assert aws_provider.identity.partition == AWS_COMMERCIAL_PARTITION + assert isinstance( + aws_provider._assumed_role_configuration.info, AWSAssumeRoleInfo + ) + assert aws_provider._assumed_role_configuration.info == AWSAssumeRoleInfo( + role_arn=ARN(arn=arguments.role), + session_duration=arguments.session_duration, + external_id=None, + mfa_enabled=False, # <- MFA configuration + role_session_name=arguments.role_session_name, + ) - aws_provider = AWS_Provider(audit_info) - assume_role_response = assume_role( - aws_provider.aws_session, aws_provider.role_info - ) - # Recover credentials for the assume role operation - credentials = assume_role_response["Credentials"] - # Test the response - # SessionToken - assert len(credentials["SessionToken"]) == 356 - assert search(r"^FQoGZXIvYXdzE.*$", credentials["SessionToken"]) - # AccessKeyId - assert len(credentials["AccessKeyId"]) == 20 - assert search(r"^ASIA.*$", credentials["AccessKeyId"]) - # SecretAccessKey - assert len(credentials["SecretAccessKey"]) == 40 - # Assumed Role - assert ( - assume_role_response["AssumedRoleUser"]["Arn"] - == f"arn:aws:sts::{AWS_ACCOUNT_NUMBER}:assumed-role/{role_name}/{sessionName}" - ) + credentials = aws_provider._assumed_role_configuration.credentials + assert isinstance(credentials, AWSCredentials) - # AssumedRoleUser - assert search( - r"^AROA.*$", assume_role_response["AssumedRoleUser"]["AssumedRoleId"] - ) - assert search( - rf"^.*:{sessionName}$", - assume_role_response["AssumedRoleUser"]["AssumedRoleId"], - ) - assert len( - assume_role_response["AssumedRoleUser"]["AssumedRoleId"] - ) == 21 + 1 + len(sessionName) + assert credentials.aws_access_key_id + assert len(credentials.aws_access_key_id) == 20 + assert search(r"^ASIA.*$", credentials.aws_access_key_id) + + assert credentials.aws_session_token + assert len(credentials.aws_session_token) == 356 + assert search(r"^FQoGZXIvYXdzE.*$", credentials.aws_session_token) + + assert credentials.aws_secret_access_key + assert len(credentials.aws_secret_access_key) == 40 + + assert credentials.expiration + # assert credentials.expiration == datetime.now(tzinfo=tzutc()) @mock_aws - def test_assume_role_with_sts_endpoint_region(self): - # Variables - role_name = "test-role" - role_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:role/{role_name}" - session_duration_seconds = 900 - AWS_REGION_US_EAST_1 = AWS_REGION_EU_WEST_1 - sts_endpoint_region = AWS_REGION_US_EAST_1 - sessionName = "ProwlerAssessmentSession" + def test_aws_provider_config(self): + config = """ +aws: + test_key: value""" - # Boto 3 client to create our user - iam_client = boto3.client("iam", region_name=AWS_REGION_US_EAST_1) - # IAM user - iam_user = iam_client.create_user(UserName="test-user")["User"] - access_key = iam_client.create_access_key(UserName=iam_user["UserName"])[ - "AccessKey" - ] - access_key_id = access_key["AccessKeyId"] - secret_access_key = access_key["SecretAccessKey"] - # New Boto3 session with the previously create user - session = boto3.session.Session( - aws_access_key_id=access_key_id, - aws_secret_access_key=secret_access_key, - region_name=AWS_REGION_US_EAST_1, - ) + config_file = tempfile.NamedTemporaryFile(delete=False) + config_file.write(bytes(config, encoding="raw_unicode_escape")) + config_file.close() + arguments = Namespace() + arguments.config_file = config_file.name + aws_provider = AwsProvider(arguments) - audit_info = set_mocked_aws_audit_info( - audited_regions=[AWS_REGION_EU_WEST_1], - assumed_role_info=AWS_Assume_Role( - role_arn=role_arn, - session_duration=session_duration_seconds, - external_id=None, - mfa_enabled=False, - role_session_name="ProwlerAssessmentSession", - ), - original_session=session, - profile_region=AWS_REGION_US_EAST_1, - ) + os.remove(config_file.name) - aws_provider = AWS_Provider(audit_info) - assume_role_response = assume_role( - aws_provider.aws_session, aws_provider.role_info, sts_endpoint_region - ) - # Recover credentials for the assume role operation - credentials = assume_role_response["Credentials"] - # Test the response - # SessionToken - assert len(credentials["SessionToken"]) == 356 - assert search(r"^FQoGZXIvYXdzE.*$", credentials["SessionToken"]) - # AccessKeyId - assert len(credentials["AccessKeyId"]) == 20 - assert search(r"^ASIA.*$", credentials["AccessKeyId"]) - # SecretAccessKey - assert len(credentials["SecretAccessKey"]) == 40 - # Assumed Role - assert ( - assume_role_response["AssumedRoleUser"]["Arn"] - == f"arn:aws:sts::{AWS_ACCOUNT_NUMBER}:assumed-role/{role_name}/{sessionName}" - ) + assert aws_provider.audit_config == {"test_key": "value"} - # AssumedRoleUser - assert search( - r"^AROA.*$", assume_role_response["AssumedRoleUser"]["AssumedRoleId"] - ) - assert search( - rf"^.*:{sessionName}$", - assume_role_response["AssumedRoleUser"]["AssumedRoleId"], - ) - assert len( - assume_role_response["AssumedRoleUser"]["AssumedRoleId"] - ) == 21 + 1 + len(sessionName) + @mock_aws + def test_aws_provider_mutelist(self): + mutelist = { + "Accounts": { + AWS_ACCOUNT_NUMBER: { + "Checks": { + "test-check": { + "Regions": [], + "Resources": [], + "Tags": [], + "Exceptions": { + "Accounts": [], + "Regions": [], + "Resources": [], + "Tags": [], + }, + } + } + } + } + } + mutelist_content = {"Mute List": mutelist} - def test_generate_regional_clients(self): - audited_regions = [AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1] - audit_info = set_mocked_aws_audit_info( - audited_regions=audited_regions, - audit_session=boto3.session.Session( - region_name=AWS_REGION_US_EAST_1, - ), - enabled_regions=audited_regions, - ) + config_file = tempfile.NamedTemporaryFile(delete=False) + with open(config_file.name, "w") as allowlist_file: + allowlist_file.write(json.dumps(mutelist_content, indent=4)) - generate_regional_clients_response = generate_regional_clients( - "ec2", audit_info - ) + arguments = Namespace() + aws_provider = AwsProvider(arguments) - assert set(generate_regional_clients_response.keys()) == set(audited_regions) + aws_provider.mutelist = config_file.name + os.remove(config_file.name) + + assert aws_provider.mutelist == mutelist + + @mock_aws + def test_aws_provider_mutelist_none(self): + arguments = Namespace() + aws_provider = AwsProvider(arguments) + aws_provider.mutelist = None + + assert aws_provider.mutelist == {} + + @mock_aws + def test_generate_regional_clients_all_enabled_regions(self): + arguments = Namespace() + aws_provider = AwsProvider(arguments) + response = aws_provider.generate_regional_clients("ec2") + + assert len(response.keys()) == 27 + + @mock_aws + def test_generate_regional_clients_with_enabled_regions(self): + arguments = Namespace() + aws_provider = AwsProvider(arguments) + enabled_regions = [AWS_REGION_EU_WEST_1] + aws_provider._enabled_regions = enabled_regions + + response = aws_provider.generate_regional_clients("ec2") + + assert list(response.keys()) == enabled_regions + + @mock_aws + def test_generate_regional_clients_with_enabled_regions_and_input_regions(self): + arguments = Namespace() + arguments.region = [AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1] + aws_provider = AwsProvider(arguments) + + enabled_regions = [AWS_REGION_EU_WEST_1] + aws_provider._enabled_regions = enabled_regions + + response = aws_provider.generate_regional_clients("ec2") + + assert list(response.keys()) == enabled_regions + + @mock_aws def test_generate_regional_clients_cn_partition(self): - audited_regions = ["cn-northwest-1", "cn-north-1"] - audit_info = set_mocked_aws_audit_info( - audited_regions=audited_regions, - audit_session=boto3.session.Session( - region_name=AWS_REGION_US_EAST_1, - ), - enabled_regions=audited_regions, - ) - generate_regional_clients_response = generate_regional_clients( - "shield", audit_info - ) + arguments = Namespace() + arguments.region = [AWS_REGION_CN_NORTH_1, AWS_REGION_CN_NORTHWEST_1] + aws_provider = AwsProvider(arguments) - # Shield does not exist in China - assert generate_regional_clients_response == {} + response = aws_provider.generate_regional_clients("ec2") + assert AWS_REGION_CN_NORTH_1 in response.keys() + assert AWS_REGION_CN_NORTHWEST_1 in response.keys() + @mock_aws + def test_generate_regional_clients_cn_partition_not_present_service(self): + arguments = Namespace() + arguments.region = ["cn-northwest-1", "cn-north-1"] + aws_provider = AwsProvider(arguments) + + response = aws_provider.generate_regional_clients("shield") + + assert response == {} + + @mock_aws def test_get_default_region(self): - audit_info = set_mocked_aws_audit_info( - profile_region=AWS_REGION_EU_WEST_1, - audited_regions=[AWS_REGION_EU_WEST_1], - ) - assert get_default_region("ec2", audit_info) == AWS_REGION_EU_WEST_1 + arguments = Namespace() + arguments.region = [AWS_REGION_EU_WEST_1] + aws_provider = AwsProvider(arguments) + aws_provider._identity.profile_region = AWS_REGION_EU_WEST_1 + assert aws_provider.get_default_region("ec2") == AWS_REGION_EU_WEST_1 + + @mock_aws def test_get_default_region_profile_region_not_audited(self): - audit_info = set_mocked_aws_audit_info( - profile_region=AWS_REGION_US_EAST_2, - audited_regions=[AWS_REGION_EU_WEST_1], - ) - assert get_default_region("ec2", audit_info) == AWS_REGION_EU_WEST_1 + arguments = Namespace() + arguments.region = [AWS_REGION_EU_WEST_1] + aws_provider = AwsProvider(arguments) + aws_provider._identity.profile_region = AWS_REGION_US_EAST_2 + assert aws_provider.get_default_region("ec2") == AWS_REGION_EU_WEST_1 + + @mock_aws def test_get_default_region_non_profile_region(self): - audit_info = set_mocked_aws_audit_info( - audited_regions=[AWS_REGION_EU_WEST_1], - ) - assert get_default_region("ec2", audit_info) == AWS_REGION_EU_WEST_1 + arguments = Namespace() + arguments.region = [AWS_REGION_EU_WEST_1] + aws_provider = AwsProvider(arguments) + aws_provider._identity.profile_region = None + assert aws_provider.get_default_region("ec2") == AWS_REGION_EU_WEST_1 + + @mock_aws def test_get_default_region_non_profile_or_audited_region(self): - audit_info = set_mocked_aws_audit_info() - assert get_default_region("ec2", audit_info) == AWS_REGION_US_EAST_1 + arguments = Namespace() + aws_provider = AwsProvider(arguments) + aws_provider._identity.profile_region = None + assert aws_provider.get_default_region("ec2") == AWS_REGION_US_EAST_1 + @mock_aws + def test_get_default_region_profile_region_not_present_in_service(self): + arguments = Namespace() + arguments.region = [AWS_REGION_EU_WEST_1] + aws_provider = AwsProvider(arguments) + aws_provider._identity.profile_region = "non-existent-region" + assert aws_provider.get_default_region("ec2") == AWS_REGION_EU_WEST_1 + + @mock_aws def test_aws_gov_get_global_region(self): - audit_info = set_mocked_aws_audit_info( - audited_partition=AWS_GOV_CLOUD_PARTITION - ) - assert get_global_region(audit_info) == AWS_REGION_GOV_CLOUD_US_EAST_1 + arguments = Namespace() + aws_provider = AwsProvider(arguments) + aws_provider._identity.partition = AWS_GOV_CLOUD_PARTITION + assert aws_provider.get_global_region() == AWS_REGION_GOV_CLOUD_US_EAST_1 + + @mock_aws def test_aws_cn_get_global_region(self): - audit_info = set_mocked_aws_audit_info(audited_partition=AWS_CHINA_PARTITION) - assert get_global_region(audit_info) == AWS_REGION_CHINA_NORHT_1 + arguments = Namespace() + aws_provider = AwsProvider(arguments) + aws_provider._identity.partition = AWS_CHINA_PARTITION + assert aws_provider.get_global_region() == AWS_REGION_CN_NORTH_1 + + @mock_aws def test_aws_iso_get_global_region(self): - audit_info = set_mocked_aws_audit_info(audited_partition=AWS_ISO_PARTITION) - assert get_global_region(audit_info) == AWS_REGION_ISO_GLOBAL + arguments = Namespace() + aws_provider = AwsProvider(arguments) + aws_provider._identity.partition = AWS_ISO_PARTITION + assert aws_provider.get_global_region() == AWS_REGION_ISO_GLOBAL + + @mock_aws def test_get_available_aws_service_regions_with_us_east_1_audited(self): - audit_info = set_mocked_aws_audit_info(audited_regions=[AWS_REGION_US_EAST_1]) + arguments = Namespace() + arguments.region = [AWS_REGION_US_EAST_1] + aws_provider = AwsProvider(arguments) with patch( "prowler.providers.aws.aws_provider.parse_json_file", @@ -450,12 +706,14 @@ class Test_AWS_Provider: } }, ): - assert get_available_aws_service_regions("ec2", audit_info) == { + assert aws_provider.get_available_aws_service_regions("ec2") == { AWS_REGION_US_EAST_1 } + @mock_aws def test_get_available_aws_service_regions_with_all_regions_audited(self): - audit_info = set_mocked_aws_audit_info() + arguments = Namespace() + aws_provider = AwsProvider(arguments) with patch( "prowler.providers.aws.aws_provider.parse_json_file", @@ -487,4 +745,659 @@ class Test_AWS_Provider: } }, ): - assert len(get_available_aws_service_regions("ec2", audit_info)) == 17 + assert len(aws_provider.get_available_aws_service_regions("ec2")) == 17 + + @mock_aws + def test_get_tagged_resources(self): + ec2_client = client("ec2", region_name=AWS_REGION_EU_CENTRAL_1) + instances = ec2_client.run_instances( + ImageId=EXAMPLE_AMI_ID, + MinCount=1, + MaxCount=1, + InstanceType="t2.micro", + TagSpecifications=[ + { + "ResourceType": "instance", + "Tags": [ + {"Key": "MY_TAG1", "Value": "MY_VALUE1"}, + {"Key": "MY_TAG2", "Value": "MY_VALUE2"}, + ], + }, + { + "ResourceType": "instance", + "Tags": [{"Key": "ami", "Value": "test"}], + }, + ], + ) + instance_id = instances["Instances"][0]["InstanceId"] + instance_arn = f"arn:aws:ec2:{AWS_REGION_EU_CENTRAL_1}::instance/{instance_id}" + image_id = ec2_client.create_image(Name="testami", InstanceId=instance_id)[ + "ImageId" + ] + image_arn = f"arn:aws:ec2:{AWS_REGION_EU_CENTRAL_1}::image/{image_id}" + ec2_client.create_tags( + Resources=[image_id], Tags=[{"Key": "ami", "Value": "test"}] + ) + + # Through the AWS provider + arguments = Namespace() + arguments.region = [AWS_REGION_EU_CENTRAL_1] + arguments.resource_tags = ["ami=test"] + aws_provider = AwsProvider(arguments) + + tagged_resources = aws_provider.audit_resources + assert len(tagged_resources) == 2 + assert image_arn in tagged_resources + assert instance_arn in tagged_resources + + # Calling directly the function + tagged_resources = aws_provider.get_tagged_resources(["MY_TAG1=MY_VALUE1"]) + + assert len(tagged_resources) == 1 + assert instance_arn in tagged_resources + + @mock_aws + def test_aws_provider_resource_tags(self): + arguments = Namespace() + arguments.resource_arn = [AWS_ACCOUNT_ARN] + aws_provider = AwsProvider(arguments) + + assert aws_provider.audit_resources == [AWS_ACCOUNT_ARN] + + @mock_aws + @freeze_time(datetime.today()) + def test_set_provider_output_options_aws_no_output_filename(self): + arguments = Namespace() + arguments.status = ["FAIL"] + arguments.output_modes = ["csv"] + arguments.output_directory = "output_test_directory" + arguments.verbose = True + arguments.security_hub = True + arguments.shodan = "test-api-key" + arguments.only_logs = False + arguments.unix_timestamp = False + arguments.send_sh_only_fails = True + + aws_provider = AwsProvider(arguments) + + aws_provider.output_options = arguments, {} + + assert isinstance(aws_provider.output_options, AWSOutputOptions) + assert aws_provider.output_options.security_hub_enabled + assert aws_provider.output_options.send_sh_only_fails + assert aws_provider.output_options.status == ["FAIL"] + assert aws_provider.output_options.output_modes == ["csv", "json-asff"] + assert ( + aws_provider.output_options.output_directory == arguments.output_directory + ) + assert aws_provider.output_options.bulk_checks_metadata == {} + assert aws_provider.output_options.verbose + assert ( + f"prowler-output-{AWS_ACCOUNT_NUMBER}" + in aws_provider.output_options.output_filename + ) + # Flaky due to the millisecond part of the timestamp + # assert ( + # aws_provider.output_options.output_filename + # == f"prowler-output-{AWS_ACCOUNT_NUMBER}-{datetime.today().strftime('%Y%m%d%H%M%S')}" + # ) + + # Delete testing directory + rmdir(f"{arguments.output_directory}/compliance") + rmdir(arguments.output_directory) + + @mock_aws + @freeze_time(datetime.today()) + def test_set_provider_output_options_aws(self): + arguments = Namespace() + arguments.status = [] + arguments.output_modes = ["csv"] + arguments.output_directory = "output_test_directory" + arguments.verbose = True + arguments.output_filename = "output_test_filename" + arguments.security_hub = True + arguments.shodan = "test-api-key" + arguments.only_logs = False + arguments.unix_timestamp = False + arguments.send_sh_only_fails = True + + aws_provider = AwsProvider(arguments) + + aws_provider.output_options = arguments, {} + + assert isinstance(aws_provider.output_options, AWSOutputOptions) + assert aws_provider.output_options.security_hub_enabled + assert aws_provider.output_options.send_sh_only_fails + assert aws_provider.output_options.status == [] + assert aws_provider.output_options.output_modes == ["csv", "json-asff"] + assert ( + aws_provider.output_options.output_directory == arguments.output_directory + ) + assert aws_provider.output_options.bulk_checks_metadata == {} + assert aws_provider.output_options.verbose + assert aws_provider.output_options.output_filename == arguments.output_filename + + # Delete testing directory + rmdir(f"{arguments.output_directory}/compliance") + rmdir(arguments.output_directory) + + @mock_aws + def test_validate_credentials_commercial_partition_with_regions(self): + # AWS Region for AWS COMMERCIAL + aws_region = AWS_REGION_EU_WEST_1 + aws_partition = AWS_COMMERCIAL_PARTITION + # Create a mock IAM user + iam_client = client("iam", region_name=aws_region) + iam_user = iam_client.create_user(UserName="test-user")["User"] + # Create a mock IAM access keys + access_key = iam_client.create_access_key(UserName=iam_user["UserName"])[ + "AccessKey" + ] + access_key_id = access_key["AccessKeyId"] + secret_access_key = access_key["SecretAccessKey"] + + # Create AWS session to validate + current_session = session.Session( + aws_access_key_id=access_key_id, + aws_secret_access_key=secret_access_key, + region_name=aws_region, + ) + + get_caller_identity = validate_aws_credentials(current_session, aws_region) + + assert isinstance(get_caller_identity, AWSCallerIdentity) + + assert re.match("[0-9a-zA-Z]{20}", get_caller_identity.user_id) + assert get_caller_identity.account == AWS_ACCOUNT_NUMBER + assert get_caller_identity.region == aws_region + + assert isinstance(get_caller_identity.arn, ARN) + assert get_caller_identity.arn.partition == aws_partition + assert get_caller_identity.arn.region is None + assert get_caller_identity.arn.resource == "test-user" + assert get_caller_identity.arn.resource_type == "user" + + @mock_aws + def test_validate_credentials_commercial_partition_with_regions_none_and_profile_region_so_profile_region( + self, + ): + # AWS Region for AWS COMMERCIAL + aws_region = AWS_REGION_EU_WEST_1 + aws_partition = AWS_COMMERCIAL_PARTITION + # Create a mock IAM user + iam_client = client("iam", region_name=aws_region) + iam_user = iam_client.create_user(UserName="test-user")["User"] + # Create a mock IAM access keys + access_key = iam_client.create_access_key(UserName=iam_user["UserName"])[ + "AccessKey" + ] + access_key_id = access_key["AccessKeyId"] + secret_access_key = access_key["SecretAccessKey"] + + # Create AWS session to validate + current_session = session.Session( + aws_access_key_id=access_key_id, + aws_secret_access_key=secret_access_key, + region_name=aws_region, + ) + + get_caller_identity = validate_aws_credentials(current_session, None) + + assert isinstance(get_caller_identity, AWSCallerIdentity) + + assert re.match("[0-9a-zA-Z]{20}", get_caller_identity.user_id) + assert get_caller_identity.account == AWS_ACCOUNT_NUMBER + assert get_caller_identity.region is None + + assert isinstance(get_caller_identity.arn, ARN) + assert get_caller_identity.arn.partition == aws_partition + assert get_caller_identity.arn.region is None + assert get_caller_identity.arn.resource == "test-user" + assert get_caller_identity.arn.resource_type == "user" + + @mock_aws + @patch( + "botocore.client.BaseClient._make_api_call", new=mock_get_caller_identity_china + ) + def test_validate_credentials_china_partition(self): + # AWS Region for AWS CHINA + aws_region = AWS_REGION_CN_NORTH_1 + aws_partition = AWS_CHINA_PARTITION + # Create a mock IAM user + iam_client = client("iam", region_name=aws_region) + iam_user = iam_client.create_user(UserName="test-user")["User"] + # Create a mock IAM access keys + access_key = iam_client.create_access_key(UserName=iam_user["UserName"])[ + "AccessKey" + ] + access_key_id = access_key["AccessKeyId"] + secret_access_key = access_key["SecretAccessKey"] + + # Create AWS session to validate + current_session = session.Session( + aws_access_key_id=access_key_id, + aws_secret_access_key=secret_access_key, + region_name=aws_region, + ) + + # To use GovCloud or China it is either required: + # - Set the AWS profile region with a valid partition region + # - Use the -f/--region with a valid partition region + get_caller_identity = validate_aws_credentials(current_session, aws_region) + + assert isinstance(get_caller_identity, AWSCallerIdentity) + + assert re.match("[0-9a-zA-Z]{20}", get_caller_identity.user_id) + assert get_caller_identity.account == AWS_ACCOUNT_NUMBER + assert get_caller_identity.region == aws_region + + assert isinstance(get_caller_identity.arn, ARN) + assert get_caller_identity.arn.partition == aws_partition + assert get_caller_identity.arn.region is None + assert get_caller_identity.arn.resource == "test-user" + assert get_caller_identity.arn.resource_type == "user" + + @mock_aws + @patch( + "botocore.client.BaseClient._make_api_call", + new=mock_get_caller_identity_gov_cloud, + ) + def test_validate_credentials_gov_cloud_partition(self): + aws_region = AWS_REGION_GOV_CLOUD_US_EAST_1 + aws_partition = AWS_GOV_CLOUD_PARTITION + # Create a mock IAM user + iam_client = client("iam", region_name=aws_region) + iam_user = iam_client.create_user(UserName="test-user")["User"] + # Create a mock IAM access keys + access_key = iam_client.create_access_key(UserName=iam_user["UserName"])[ + "AccessKey" + ] + access_key_id = access_key["AccessKeyId"] + secret_access_key = access_key["SecretAccessKey"] + + # Create AWS session to validate + current_session = session.Session( + aws_access_key_id=access_key_id, + aws_secret_access_key=secret_access_key, + region_name=aws_region, + ) + + # To use GovCloud or China it is either required: + # - Set the AWS profile region with a valid partition region + # - Use the -f/--region with a valid partition region + get_caller_identity = validate_aws_credentials(current_session, aws_region) + + assert isinstance(get_caller_identity, AWSCallerIdentity) + + assert re.match("[0-9a-zA-Z]{20}", get_caller_identity.user_id) + assert get_caller_identity.account == AWS_ACCOUNT_NUMBER + assert get_caller_identity.region == aws_region + + assert isinstance(get_caller_identity.arn, ARN) + assert get_caller_identity.arn.partition == aws_partition + assert get_caller_identity.arn.region is None + assert get_caller_identity.arn.resource == "test-user" + assert get_caller_identity.arn.resource_type == "user" + + @mock_aws + def test_create_sts_session(self): + current_session = session.Session() + aws_region = AWS_REGION_US_EAST_1 + sts_session = create_sts_session(current_session, aws_region) + + assert sts_session._service_model.service_name == "sts" + assert sts_session._client_config.region_name == aws_region + assert sts_session._endpoint._endpoint_prefix == "sts" + assert sts_session._endpoint.host == f"https://sts.{aws_region}.amazonaws.com" + + @mock_aws + def test_create_sts_session_gov_cloud(self): + current_session = session.Session() + aws_region = AWS_REGION_GOV_CLOUD_US_EAST_1 + sts_session = create_sts_session(current_session, aws_region) + + assert sts_session._service_model.service_name == "sts" + assert sts_session._client_config.region_name == aws_region + assert sts_session._endpoint._endpoint_prefix == "sts" + assert sts_session._endpoint.host == f"https://sts.{aws_region}.amazonaws.com" + + @mock_aws + def test_create_sts_session_china(self): + current_session = session.Session() + aws_region = AWS_REGION_CN_NORTH_1 + sts_session = create_sts_session(current_session, aws_region) + + assert sts_session._service_model.service_name == "sts" + assert sts_session._client_config.region_name == aws_region + assert sts_session._endpoint._endpoint_prefix == "sts" + assert sts_session._endpoint.host == f"https://sts.{aws_region}.amazonaws.com" + + @mock_aws + @patch( + "prowler.lib.check.check.recover_checks_from_provider", + new=mock_recover_checks_from_aws_provider_elb_service, + ) + def test_get_checks_from_input_arn_elb(self): + + expected_checks = [ + "elb_insecure_ssl_ciphers", + "elb_internet_facing", + "elb_logging_enabled", + ] + arguments = Namespace() + aws_provider = AwsProvider(arguments) + aws_provider._audit_resources = [ + f"arn:aws:elasticloadbalancing:us-east-1:{AWS_ACCOUNT_NUMBER}:loadbalancer/test" + ] + recovered_checks = aws_provider.get_checks_from_input_arn() + + assert recovered_checks == expected_checks + + @mock_aws + @patch( + "prowler.lib.check.check.recover_checks_from_provider", + new=mock_recover_checks_from_aws_provider_efs_service, + ) + def test_get_checks_from_input_arn_efs(self): + + expected_checks = [ + "efs_encryption_at_rest_enabled", + "efs_have_backup_enabled", + "efs_not_publicly_accessible", + ] + arguments = Namespace() + aws_provider = AwsProvider(arguments) + aws_provider._audit_resources = [ + f"arn:aws:elasticfilesystem:us-east-1:{AWS_ACCOUNT_NUMBER}:file-system/fs-01234567" + ] + recovered_checks = aws_provider.get_checks_from_input_arn() + + assert recovered_checks == expected_checks + + @mock_aws + @patch( + "prowler.lib.check.check.recover_checks_from_provider", + new=mock_recover_checks_from_aws_provider_lambda_service, + ) + def test_get_checks_from_input_arn_lambda(self): + expected_checks = [ + "awslambda_function_invoke_api_operations_cloudtrail_logging_enabled", + "awslambda_function_no_secrets_in_code", + "awslambda_function_url_cors_policy", + ] + arguments = Namespace() + aws_provider = AwsProvider(arguments) + aws_provider._audit_resources = [ + "arn:aws:lambda:us-east-1:123456789:function:test-lambda" + ] + recovered_checks = aws_provider.get_checks_from_input_arn() + + assert recovered_checks == expected_checks + + @mock_aws + @patch( + "prowler.lib.check.check.recover_checks_from_provider", + new=mock_recover_checks_from_aws_provider_iam_service, + ) + def test_get_checks_from_input_arn_iam(self): + + expected_checks = [ + "iam_check_saml_providers_sts", + "iam_customer_attached_policy_no_administrative_privileges", + "iam_password_policy_minimum_length_14", + ] + arguments = Namespace() + aws_provider = AwsProvider(arguments) + aws_provider._audit_resources = [ + f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:user/user-name" + ] + recovered_checks = aws_provider.get_checks_from_input_arn() + + assert recovered_checks == expected_checks + + @mock_aws + @mock_aws + @patch( + "prowler.lib.check.check.recover_checks_from_provider", + new=mock_recover_checks_from_aws_provider_s3_service, + ) + def test_get_checks_from_input_arn_s3(self): + + expected_checks = [ + "s3_account_level_public_access_blocks", + "s3_bucket_acl_prohibited", + "s3_bucket_policy_public_write_access", + ] + arguments = Namespace() + aws_provider = AwsProvider(arguments) + aws_provider._audit_resources = ["arn:aws:s3:::bucket-name"] + recovered_checks = aws_provider.get_checks_from_input_arn() + + assert recovered_checks == expected_checks + + @mock_aws + @patch( + "prowler.lib.check.check.recover_checks_from_provider", + new=mock_recover_checks_from_aws_provider_cloudwatch_service, + ) + def test_get_checks_from_input_arn_cloudwatch(self): + expected_checks = [ + "cloudwatch_changes_to_network_acls_alarm_configured", + "cloudwatch_changes_to_network_gateways_alarm_configured", + "cloudwatch_changes_to_network_route_tables_alarm_configured", + ] + arguments = Namespace() + aws_provider = AwsProvider(arguments) + aws_provider._audit_resources = [ + f"arn:aws:logs:us-east-1:{AWS_ACCOUNT_NUMBER}:destination:testDestination" + ] + recovered_checks = aws_provider.get_checks_from_input_arn() + + assert recovered_checks == expected_checks + + @mock_aws + @patch( + "prowler.lib.check.check.recover_checks_from_provider", + new=mock_recover_checks_from_aws_provider_cognito_service, + ) + def test_get_checks_from_input_arn_cognito(self): + expected_checks = [] + arguments = Namespace() + aws_provider = AwsProvider(arguments) + aws_provider._audit_resources = [ + f"arn:aws:cognito-idp:us-east-1:{AWS_ACCOUNT_NUMBER}:userpool/test" + ] + recovered_checks = aws_provider.get_checks_from_input_arn() + + assert recovered_checks == expected_checks + + @mock_aws + @patch( + "prowler.lib.check.check.recover_checks_from_provider", + new=mock_recover_checks_from_aws_provider_ec2_service, + ) + def test_get_checks_from_input_arn_ec2_security_group(self): + expected_checks = ["ec2_securitygroup_allow_ingress_from_internet_to_any_port"] + arguments = Namespace() + aws_provider = AwsProvider(arguments) + aws_provider._audit_resources = [ + f"arn:aws:ec2:us-east-1:{AWS_ACCOUNT_NUMBER}:security-group/sg-1111111111" + ] + recovered_checks = aws_provider.get_checks_from_input_arn() + + assert recovered_checks == expected_checks + + @mock_aws + @patch( + "prowler.lib.check.check.recover_checks_from_provider", + new=mock_recover_checks_from_aws_provider_ec2_service, + ) + def test_get_checks_from_input_arn_ec2_acl(self): + expected_checks = ["ec2_networkacl_allow_ingress_any_port"] + arguments = Namespace() + aws_provider = AwsProvider(arguments) + aws_provider._audit_resources = [ + f"arn:aws:ec2:us-west-2:{AWS_ACCOUNT_NUMBER}:network-acl/acl-1" + ] + recovered_checks = aws_provider.get_checks_from_input_arn() + + assert recovered_checks == expected_checks + + @mock_aws + @patch( + "prowler.lib.check.check.recover_checks_from_provider", + new=mock_recover_checks_from_aws_provider_rds_service, + ) + def test_get_checks_from_input_arn_rds_snapshots(self): + expected_checks = ["rds_snapshots_public_access"] + arguments = Namespace() + aws_provider = AwsProvider(arguments) + aws_provider._audit_resources = [ + f"arn:aws:rds:us-east-2:{AWS_ACCOUNT_NUMBER}:snapshot:rds:snapshot-1", + ] + recovered_checks = aws_provider.get_checks_from_input_arn() + + assert recovered_checks == expected_checks + + @mock_aws + @patch( + "prowler.lib.check.check.recover_checks_from_provider", + new=mock_recover_checks_from_aws_provider_ec2_service, + ) + def test_get_checks_from_input_arn_ec2_ami(self): + expected_checks = ["ec2_ami_public"] + arguments = Namespace() + aws_provider = AwsProvider(arguments) + aws_provider._audit_resources = [ + f"arn:aws:ec2:us-west-2:{AWS_ACCOUNT_NUMBER}:image/ami-1" + ] + recovered_checks = aws_provider.get_checks_from_input_arn() + + assert recovered_checks == expected_checks + + @mock_aws + def test_get_regions_from_audit_resources_with_regions(self): + audit_resources = [ + f"arn:aws:lambda:us-east-1:{AWS_ACCOUNT_NUMBER}:function:test-lambda", + f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:policy/test", + f"arn:aws:ec2:eu-west-1:{AWS_ACCOUNT_NUMBER}:security-group/sg-test", + "arn:aws:s3:::bucket-name", + "arn:aws:apigateway:us-east-2::/restapis/api-id/stages/stage-name", + ] + expected_regions = {"us-east-1", "eu-west-1", "us-east-2"} + arguments = Namespace() + aws_provider = AwsProvider(arguments) + recovered_regions = aws_provider.get_regions_from_audit_resources( + audit_resources + ) + assert recovered_regions == expected_regions + + @mock_aws + def test_get_regions_from_audit_resources_without_regions(self): + audit_resources = ["arn:aws:s3:::bucket-name"] + arguments = Namespace() + aws_provider = AwsProvider(arguments) + recovered_regions = aws_provider.get_regions_from_audit_resources( + audit_resources + ) + assert not recovered_regions + + def test_get_aws_available_regions(self): + with patch( + "prowler.providers.aws.aws_provider.read_aws_regions_file", + return_value={ + "services": { + "acm": { + "regions": { + "aws": [ + "af-south-1", + ], + "aws-cn": [ + "cn-north-1", + ], + "aws-us-gov": [ + "us-gov-west-1", + ], + } + } + } + }, + ): + assert get_aws_available_regions() == { + "af-south-1", + "cn-north-1", + "us-gov-west-1", + } + + def test_get_aws_region_for_sts_input_regions_none_session_region_none(self): + input_regions = None + session_region = None + assert ( + get_aws_region_for_sts(session_region, input_regions) + == AWS_STS_GLOBAL_ENDPOINT_REGION + ) + + def test_get_aws_region_for_sts_input_regions_none_session_region_ireland(self): + input_regions = None + session_region = AWS_REGION_EU_WEST_1 + assert ( + get_aws_region_for_sts(session_region, input_regions) + == AWS_REGION_EU_WEST_1 + ) + + def test_get_aws_region_for_sts_input_regions_empty_session_region_none(self): + input_regions = set() + session_region = None + assert ( + get_aws_region_for_sts(session_region, input_regions) + == AWS_STS_GLOBAL_ENDPOINT_REGION + ) + + def test_get_aws_region_for_sts_input_regions_empty_session_region_ireland(self): + input_regions = set() + session_region = AWS_REGION_EU_WEST_1 + assert ( + get_aws_region_for_sts(session_region, input_regions) + == AWS_REGION_EU_WEST_1 + ) + + def test_get_aws_region_for_sts_input_regions_ireland_and_virgninia(self): + input_regions = [AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1] + session_region = None + assert ( + get_aws_region_for_sts(session_region, input_regions) + == AWS_REGION_EU_WEST_1 + ) + + @mock_aws + def test_set_session_config_default(self): + arguments = Namespace() + aws_provider = AwsProvider(arguments) + session_config = aws_provider.set_session_config(None) + + assert session_config.user_agent_extra == BOTO3_USER_AGENT_EXTRA + assert session_config.retries == {"max_attempts": 3, "mode": "standard"} + + @mock_aws + def test_set_session_config_10_max_attempts(self): + arguments = Namespace() + aws_provider = AwsProvider(arguments) + session_config = aws_provider.set_session_config(10) + + assert session_config.user_agent_extra == BOTO3_USER_AGENT_EXTRA + assert session_config.retries == {"max_attempts": 10, "mode": "standard"} + + @mock_aws + @patch( + "prowler.lib.check.check.recover_checks_from_provider", + new=mock_recover_checks_from_aws_provider_ec2_service, + ) + def test_get_checks_to_execute_by_audit_resources(self): + arguments = Namespace() + aws_provider = AwsProvider(arguments) + aws_provider._audit_resources = [ + f"arn:aws:ec2:us-west-2:{AWS_ACCOUNT_NUMBER}:network-acl/acl-1" + ] + aws_provider.get_checks_to_execute_by_audit_resources() == { + "ec2_networkacl_allow_ingress_any_port" + } diff --git a/tests/providers/aws/lib/credentials/credentials_test.py b/tests/providers/aws/lib/credentials/credentials_test.py deleted file mode 100644 index 6397cc3d64..0000000000 --- a/tests/providers/aws/lib/credentials/credentials_test.py +++ /dev/null @@ -1,510 +0,0 @@ -import re - -import boto3 -import botocore -from mock import patch -from moto import mock_aws - -from prowler.providers.aws.lib.arn.arn import parse_iam_credentials_arn -from prowler.providers.aws.lib.credentials.credentials import ( - create_sts_session, - validate_aws_credentials, -) - -AWS_ACCOUNT_NUMBER = "123456789012" - - -# Mocking GetCallerIdentity for China and GovCloud -make_api_call = botocore.client.BaseClient._make_api_call - - -def mock_get_caller_identity_china(self, operation_name, kwarg): - if operation_name == "GetCallerIdentity": - return { - "UserId": "XXXXXXXXXXXXXXXXXXXXX", - "Account": AWS_ACCOUNT_NUMBER, - "Arn": f"arn:aws-cn:iam::{AWS_ACCOUNT_NUMBER}:user/test-user", - } - - return make_api_call(self, operation_name, kwarg) - - -def mock_get_caller_identity_gov_cloud(self, operation_name, kwarg): - if operation_name == "GetCallerIdentity": - return { - "UserId": "XXXXXXXXXXXXXXXXXXXXX", - "Account": AWS_ACCOUNT_NUMBER, - "Arn": f"arn:aws-us-gov:iam::{AWS_ACCOUNT_NUMBER}:user/test-user", - } - - return make_api_call(self, operation_name, kwarg) - - -class Test_AWS_Credentials: - @mock_aws - def test_validate_credentials_commercial_partition_with_regions(self): - # AWS Region for AWS COMMERCIAL - aws_region = "eu-west-1" - aws_partition = "aws" - # Create a mock IAM user - iam_client = boto3.client("iam", region_name=aws_region) - iam_user = iam_client.create_user(UserName="test-user")["User"] - # Create a mock IAM access keys - access_key = iam_client.create_access_key(UserName=iam_user["UserName"])[ - "AccessKey" - ] - access_key_id = access_key["AccessKeyId"] - secret_access_key = access_key["SecretAccessKey"] - - # Create AWS session to validate - session = boto3.session.Session( - aws_access_key_id=access_key_id, - aws_secret_access_key=secret_access_key, - region_name=aws_region, - ) - - get_caller_identity = validate_aws_credentials(session, [aws_region]) - - assert get_caller_identity["region"] == aws_region - - caller_identity_arn = parse_iam_credentials_arn(get_caller_identity["Arn"]) - - assert caller_identity_arn.partition == aws_partition - assert caller_identity_arn.region is None - assert caller_identity_arn.resource == "test-user" - assert caller_identity_arn.resource_type == "user" - assert re.match("[0-9a-zA-Z]{20}", get_caller_identity["UserId"]) - assert get_caller_identity["Account"] == AWS_ACCOUNT_NUMBER - - @mock_aws - def test_validate_credentials_commercial_partition_with_regions_none_and_profile_region_so_profile_region( - self, - ): - # AWS Region for AWS COMMERCIAL - aws_region = "eu-west-1" - aws_partition = "aws" - # Create a mock IAM user - iam_client = boto3.client("iam", region_name=aws_region) - iam_user = iam_client.create_user(UserName="test-user")["User"] - # Create a mock IAM access keys - access_key = iam_client.create_access_key(UserName=iam_user["UserName"])[ - "AccessKey" - ] - access_key_id = access_key["AccessKeyId"] - secret_access_key = access_key["SecretAccessKey"] - - # Create AWS session to validate - session = boto3.session.Session( - aws_access_key_id=access_key_id, - aws_secret_access_key=secret_access_key, - region_name=aws_region, - ) - - get_caller_identity = validate_aws_credentials(session, None) - - assert get_caller_identity["region"] == aws_region - - caller_identity_arn = parse_iam_credentials_arn(get_caller_identity["Arn"]) - - assert caller_identity_arn.partition == aws_partition - assert caller_identity_arn.region is None - assert caller_identity_arn.resource == "test-user" - assert caller_identity_arn.resource_type == "user" - assert re.match("[0-9a-zA-Z]{20}", get_caller_identity["UserId"]) - assert get_caller_identity["Account"] == AWS_ACCOUNT_NUMBER - - @mock_aws - def test_validate_credentials_commercial_partition_with_0_regions_and_profile_region_so_profile_region( - self, - ): - # AWS Region for AWS COMMERCIAL - aws_region = "eu-west-1" - aws_partition = "aws" - # Create a mock IAM user - iam_client = boto3.client("iam", region_name=aws_region) - iam_user = iam_client.create_user(UserName="test-user")["User"] - # Create a mock IAM access keys - access_key = iam_client.create_access_key(UserName=iam_user["UserName"])[ - "AccessKey" - ] - access_key_id = access_key["AccessKeyId"] - secret_access_key = access_key["SecretAccessKey"] - - # Create AWS session to validate - session = boto3.session.Session( - aws_access_key_id=access_key_id, - aws_secret_access_key=secret_access_key, - region_name=aws_region, - ) - - get_caller_identity = validate_aws_credentials(session, []) - - assert get_caller_identity["region"] == aws_region - - caller_identity_arn = parse_iam_credentials_arn(get_caller_identity["Arn"]) - - assert caller_identity_arn.partition == aws_partition - assert caller_identity_arn.region is None - assert caller_identity_arn.resource == "test-user" - assert caller_identity_arn.resource_type == "user" - assert re.match("[0-9a-zA-Z]{20}", get_caller_identity["UserId"]) - assert get_caller_identity["Account"] == AWS_ACCOUNT_NUMBER - - @mock_aws - def test_validate_credentials_commercial_partition_without_regions_and_profile_region_so_us_east_1( - self, - ): - # AWS Region for AWS COMMERCIAL - aws_region = "eu-west-1" - aws_partition = "aws" - # Create a mock IAM user - iam_client = boto3.client("iam", region_name=aws_region) - iam_user = iam_client.create_user(UserName="test-user")["User"] - # Create a mock IAM access keys - access_key = iam_client.create_access_key(UserName=iam_user["UserName"])[ - "AccessKey" - ] - access_key_id = access_key["AccessKeyId"] - secret_access_key = access_key["SecretAccessKey"] - - # Create AWS session to validate - session = boto3.session.Session( - aws_access_key_id=access_key_id, - aws_secret_access_key=secret_access_key, - region_name=None, - ) - - get_caller_identity = validate_aws_credentials(session, []) - - assert get_caller_identity["region"] == "us-east-1" - - caller_identity_arn = parse_iam_credentials_arn(get_caller_identity["Arn"]) - - assert caller_identity_arn.partition == aws_partition - assert caller_identity_arn.region is None - assert caller_identity_arn.resource == "test-user" - assert caller_identity_arn.resource_type == "user" - assert re.match("[0-9a-zA-Z]{20}", get_caller_identity["UserId"]) - assert get_caller_identity["Account"] == AWS_ACCOUNT_NUMBER - - @mock_aws - def test_validate_credentials_commercial_partition_with_regions_none_and_profile_region_but_sts_endpoint_region( - self, - ): - # AWS Region for AWS COMMERCIAL - aws_region = "eu-west-1" - sts_endpoint_region = aws_region - aws_partition = "aws" - # Create a mock IAM user - iam_client = boto3.client("iam", region_name=aws_region) - iam_user = iam_client.create_user(UserName="test-user")["User"] - # Create a mock IAM access keys - access_key = iam_client.create_access_key(UserName=iam_user["UserName"])[ - "AccessKey" - ] - access_key_id = access_key["AccessKeyId"] - secret_access_key = access_key["SecretAccessKey"] - - # Create AWS session to validate - session = boto3.session.Session( - aws_access_key_id=access_key_id, - aws_secret_access_key=secret_access_key, - region_name=aws_region, - ) - - get_caller_identity = validate_aws_credentials( - session, None, sts_endpoint_region - ) - - assert get_caller_identity["region"] == aws_region - - caller_identity_arn = parse_iam_credentials_arn(get_caller_identity["Arn"]) - - assert caller_identity_arn.partition == aws_partition - assert caller_identity_arn.region is None - assert caller_identity_arn.resource == "test-user" - assert caller_identity_arn.resource_type == "user" - assert re.match("[0-9a-zA-Z]{20}", get_caller_identity["UserId"]) - assert get_caller_identity["Account"] == AWS_ACCOUNT_NUMBER - - @mock_aws - def test_validate_credentials_china_partition_without_regions_and_profile_region_so_us_east_1( - self, - ): - # AWS Region for AWS COMMERCIAL - aws_region = "eu-west-1" - aws_partition = "aws" - # Create a mock IAM user - iam_client = boto3.client("iam", region_name=aws_region) - iam_user = iam_client.create_user(UserName="test-user")["User"] - # Create a mock IAM access keys - access_key = iam_client.create_access_key(UserName=iam_user["UserName"])[ - "AccessKey" - ] - access_key_id = access_key["AccessKeyId"] - secret_access_key = access_key["SecretAccessKey"] - - # Create AWS session to validate - session = boto3.session.Session( - aws_access_key_id=access_key_id, - aws_secret_access_key=secret_access_key, - region_name=None, - ) - - get_caller_identity = validate_aws_credentials(session, []) - - assert get_caller_identity["region"] == "us-east-1" - - caller_identity_arn = parse_iam_credentials_arn(get_caller_identity["Arn"]) - - assert caller_identity_arn.partition == aws_partition - assert caller_identity_arn.region is None - assert caller_identity_arn.resource == "test-user" - assert caller_identity_arn.resource_type == "user" - assert re.match("[0-9a-zA-Z]{20}", get_caller_identity["UserId"]) - assert get_caller_identity["Account"] == AWS_ACCOUNT_NUMBER - - @mock_aws - @patch( - "botocore.client.BaseClient._make_api_call", new=mock_get_caller_identity_china - ) - def test_validate_credentials_china_partition(self): - # AWS Region for AWS CHINA - aws_region = "cn-north-1" - aws_partition = "aws-cn" - # Create a mock IAM user - iam_client = boto3.client("iam", region_name=aws_region) - iam_user = iam_client.create_user(UserName="test-user")["User"] - # Create a mock IAM access keys - access_key = iam_client.create_access_key(UserName=iam_user["UserName"])[ - "AccessKey" - ] - access_key_id = access_key["AccessKeyId"] - secret_access_key = access_key["SecretAccessKey"] - - # Create AWS session to validate - session = boto3.session.Session( - aws_access_key_id=access_key_id, - aws_secret_access_key=secret_access_key, - region_name=aws_region, - ) - - get_caller_identity = validate_aws_credentials(session, [aws_region]) - - # To use GovCloud or China it is either required: - # - Set the AWS profile region with a valid partition region - # - Use the -f/--region with a valid partition region - assert get_caller_identity["region"] == aws_region - - caller_identity_arn = parse_iam_credentials_arn(get_caller_identity["Arn"]) - - assert caller_identity_arn.partition == aws_partition - assert caller_identity_arn.region is None - assert caller_identity_arn.resource == "test-user" - assert caller_identity_arn.resource_type == "user" - assert re.match("[0-9a-zA-Z]{20}", get_caller_identity["UserId"]) - assert get_caller_identity["Account"] == AWS_ACCOUNT_NUMBER - - @mock_aws - @patch( - "botocore.client.BaseClient._make_api_call", new=mock_get_caller_identity_china - ) - def test_validate_credentials_china_partition_without_regions_but_sts_endpoint_region( - self, - ): - # AWS Region for AWS CHINA - aws_region = "cn-north-1" - sts_endpoint_region = aws_region - aws_partition = "aws-cn" - # Create a mock IAM user - iam_client = boto3.client("iam", region_name=aws_region) - iam_user = iam_client.create_user(UserName="test-user")["User"] - # Create a mock IAM access keys - access_key = iam_client.create_access_key(UserName=iam_user["UserName"])[ - "AccessKey" - ] - access_key_id = access_key["AccessKeyId"] - secret_access_key = access_key["SecretAccessKey"] - - # Create AWS session to validate - session = boto3.session.Session( - aws_access_key_id=access_key_id, - aws_secret_access_key=secret_access_key, - region_name=aws_region, - ) - - get_caller_identity = validate_aws_credentials( - session, None, sts_endpoint_region - ) - - # To use GovCloud or China it is either required: - # - Set the AWS profile region with a valid partition region - # - Use the -f/--region with a valid partition region - assert get_caller_identity["region"] == aws_region - - caller_identity_arn = parse_iam_credentials_arn(get_caller_identity["Arn"]) - - assert caller_identity_arn.partition == aws_partition - assert caller_identity_arn.region is None - assert caller_identity_arn.resource == "test-user" - assert caller_identity_arn.resource_type == "user" - assert re.match("[0-9a-zA-Z]{20}", get_caller_identity["UserId"]) - assert get_caller_identity["Account"] == AWS_ACCOUNT_NUMBER - - @mock_aws - @patch( - "botocore.client.BaseClient._make_api_call", - new=mock_get_caller_identity_gov_cloud, - ) - def test_validate_credentials_gov_cloud_partition(self): - # AWS Region for US GOV CLOUD - aws_region = "us-gov-east-1" - aws_partition = "aws-us-gov" - # Create a mock IAM user - iam_client = boto3.client("iam", region_name=aws_region) - iam_user = iam_client.create_user(UserName="test-user")["User"] - # Create a mock IAM access keys - access_key = iam_client.create_access_key(UserName=iam_user["UserName"])[ - "AccessKey" - ] - access_key_id = access_key["AccessKeyId"] - secret_access_key = access_key["SecretAccessKey"] - - # Create AWS session to validate - session = boto3.session.Session( - aws_access_key_id=access_key_id, - aws_secret_access_key=secret_access_key, - region_name=aws_region, - ) - - get_caller_identity = validate_aws_credentials(session, [aws_region]) - - # To use GovCloud or China it is either required: - # - Set the AWS profile region with a valid partition region - # - Use the -f/--region with a valid partition region - assert get_caller_identity["region"] == aws_region - - caller_identity_arn = parse_iam_credentials_arn(get_caller_identity["Arn"]) - - assert caller_identity_arn.partition == aws_partition - assert caller_identity_arn.region is None - assert caller_identity_arn.resource == "test-user" - assert caller_identity_arn.resource_type == "user" - assert re.match("[0-9a-zA-Z]{20}", get_caller_identity["UserId"]) - assert get_caller_identity["Account"] == AWS_ACCOUNT_NUMBER - - @mock_aws - @patch( - "botocore.client.BaseClient._make_api_call", - new=mock_get_caller_identity_gov_cloud, - ) - def test_validate_credentials_gov_cloud_partition_without_regions_but_sts_endpoint_region( - self, - ): - # AWS Region for US GOV CLOUD - aws_region = "us-gov-east-1" - sts_endpoint_region = aws_region - aws_partition = "aws-us-gov" - # Create a mock IAM user - iam_client = boto3.client("iam", region_name=aws_region) - iam_user = iam_client.create_user(UserName="test-user")["User"] - # Create a mock IAM access keys - access_key = iam_client.create_access_key(UserName=iam_user["UserName"])[ - "AccessKey" - ] - access_key_id = access_key["AccessKeyId"] - secret_access_key = access_key["SecretAccessKey"] - - # Create AWS session to validate - session = boto3.session.Session( - aws_access_key_id=access_key_id, - aws_secret_access_key=secret_access_key, - region_name=aws_region, - ) - - get_caller_identity = validate_aws_credentials( - session, None, sts_endpoint_region - ) - - # To use GovCloud or China it is either required: - # - Set the AWS profile region with a valid partition region - # - Use the -f/--region with a valid partition region - assert get_caller_identity["region"] == aws_region - - caller_identity_arn = parse_iam_credentials_arn(get_caller_identity["Arn"]) - - assert caller_identity_arn.partition == aws_partition - assert caller_identity_arn.region is None - assert caller_identity_arn.resource == "test-user" - assert caller_identity_arn.resource_type == "user" - assert re.match("[0-9a-zA-Z]{20}", get_caller_identity["UserId"]) - assert get_caller_identity["Account"] == AWS_ACCOUNT_NUMBER - - @mock_aws - def test_create_sts_session(self): - aws_region = "eu-west-1" - # Create a mock IAM user - iam_client = boto3.client("iam", region_name=aws_region) - iam_user = iam_client.create_user(UserName="test-user")["User"] - # Create a mock IAM access keys - access_key = iam_client.create_access_key(UserName=iam_user["UserName"])[ - "AccessKey" - ] - access_key_id = access_key["AccessKeyId"] - secret_access_key = access_key["SecretAccessKey"] - # Create AWS session to validate - session = boto3.session.Session( - aws_access_key_id=access_key_id, - aws_secret_access_key=secret_access_key, - region_name=aws_region, - ) - sts_client = create_sts_session(session, aws_region) - - assert sts_client._endpoint._endpoint_prefix == "sts" - assert sts_client._endpoint.host == f"https://sts.{aws_region}.amazonaws.com" - - @mock_aws - def test_create_sts_session_gov_cloud(self): - aws_region = "us-gov-east-1" - # Create a mock IAM user - iam_client = boto3.client("iam", region_name=aws_region) - iam_user = iam_client.create_user(UserName="test-user")["User"] - # Create a mock IAM access keys - access_key = iam_client.create_access_key(UserName=iam_user["UserName"])[ - "AccessKey" - ] - access_key_id = access_key["AccessKeyId"] - secret_access_key = access_key["SecretAccessKey"] - # Create AWS session to validate - session = boto3.session.Session( - aws_access_key_id=access_key_id, - aws_secret_access_key=secret_access_key, - region_name=aws_region, - ) - sts_client = create_sts_session(session, aws_region) - - assert sts_client._endpoint._endpoint_prefix == "sts" - assert sts_client._endpoint.host == f"https://sts.{aws_region}.amazonaws.com" - - @mock_aws - def test_create_sts_session_china(self): - aws_region = "cn-north-1" - # Create a mock IAM user - iam_client = boto3.client("iam", region_name=aws_region) - iam_user = iam_client.create_user(UserName="test-user")["User"] - # Create a mock IAM access keys - access_key = iam_client.create_access_key(UserName=iam_user["UserName"])[ - "AccessKey" - ] - access_key_id = access_key["AccessKeyId"] - secret_access_key = access_key["SecretAccessKey"] - # Create AWS session to validate - session = boto3.session.Session( - aws_access_key_id=access_key_id, - aws_secret_access_key=secret_access_key, - region_name=aws_region, - ) - sts_client = create_sts_session(session, aws_region) - - assert sts_client._endpoint._endpoint_prefix == "sts" - assert sts_client._endpoint.host == f"https://sts.{aws_region}.amazonaws.com" diff --git a/tests/providers/aws/lib/organizations/organizations_test.py b/tests/providers/aws/lib/organizations/organizations_test.py index b7274d72d6..83f830847d 100644 --- a/tests/providers/aws/lib/organizations/organizations_test.py +++ b/tests/providers/aws/lib/organizations/organizations_test.py @@ -1,13 +1,11 @@ -import json - import boto3 from moto import mock_aws -from prowler.providers.aws.lib.audit_info.models import AWS_Organizations_Info from prowler.providers.aws.lib.organizations.organizations import ( get_organizations_metadata, parse_organizations_metadata, ) +from prowler.providers.aws.models import AWSOrganizationsInfo from tests.providers.aws.utils import AWS_ACCOUNT_NUMBER, AWS_REGION_US_EAST_1 @@ -15,8 +13,6 @@ class Test_AWS_Organizations: @mock_aws def test_organizations(self): client = boto3.client("organizations", region_name=AWS_REGION_US_EAST_1) - iam_client = boto3.client("iam", region_name=AWS_REGION_US_EAST_1) - sts_client = boto3.client("sts", region_name=AWS_REGION_US_EAST_1) mockname = "mock-account" mockdomain = "moto-example.org" @@ -31,53 +27,47 @@ class Test_AWS_Organizations: ResourceId=account_id, Tags=[{"Key": "key", "Value": "value"}] ) - trust_policy_document = { - "Version": "2012-10-17", - "Statement": { - "Effect": "Allow", - "Principal": {"AWS": f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"}, - "Action": "sts:AssumeRole", - }, - } - iam_role_arn = iam_client.role_arn = iam_client.create_role( - RoleName="test-role", - AssumeRolePolicyDocument=json.dumps(trust_policy_document), - )["Role"]["Arn"] - session_name = "new-session" - assumed_role = sts_client.assume_role( - RoleArn=iam_role_arn, RoleSessionName=session_name - ) - - metadata, tags = get_organizations_metadata(account_id, assumed_role) + metadata, tags = get_organizations_metadata(account_id, boto3.Session()) org = parse_organizations_metadata(metadata, tags) - assert org.account_details_email == mockemail - assert org.account_details_name == mockname + assert isinstance(org, AWSOrganizationsInfo) + assert org.account_email == mockemail + assert org.account_name == mockname assert ( - org.account_details_arn + org.organization_account_arn == f"arn:aws:organizations::{AWS_ACCOUNT_NUMBER}:account/{org_id}/{account_id}" ) - assert org.account_details_org == org_id - assert org.account_details_tags == "key:value" + assert ( + org.organization_arn + == f"arn:aws:organizations::{AWS_ACCOUNT_NUMBER}:organization/{org_id}" + ) + assert org.organization_id == org_id + assert org.account_tags == "key:value" def test_parse_organizations_metadata(self): tags = {"Tags": [{"Key": "test-key", "Value": "test-value"}]} - name = "test-name" - email = "test-email" - organization_name = "test-org" + name = "mock-account" + email = "mock-account@moto-example.org" + organization_name = "o-v4bzbxm7ib" arn = f"arn:aws:organizations::{AWS_ACCOUNT_NUMBER}:organization/{organization_name}" metadata = { "Account": { - "Name": name, - "Email": email, - "Arn": arn, + "Id": AWS_ACCOUNT_NUMBER, + "Arn": f"arn:aws:organizations::123456789012:account/o-v4bzbxm7ib/{AWS_ACCOUNT_NUMBER}", + "Email": "mock-account@moto-example.org", + "Name": "mock-account", + "Status": "ACTIVE", } } + org = parse_organizations_metadata(metadata, tags) - assert isinstance(org, AWS_Organizations_Info) - assert org.account_details_email == email - assert org.account_details_name == name - assert org.account_details_arn == arn - assert org.account_details_org == organization_name - assert org.account_details_tags == "test-key:test-value" + assert isinstance(org, AWSOrganizationsInfo) + assert org.account_email == email + assert org.account_name == name + assert ( + org.organization_account_arn + == f"arn:aws:organizations::{AWS_ACCOUNT_NUMBER}:account/{organization_name}/{AWS_ACCOUNT_NUMBER}" + ) + assert org.organization_arn == arn + assert org.account_tags == "test-key:test-value" diff --git a/tests/providers/aws/lib/s3/s3_test.py b/tests/providers/aws/lib/s3/s3_test.py index ef34655a6f..2d11532b7a 100644 --- a/tests/providers/aws/lib/s3/s3_test.py +++ b/tests/providers/aws/lib/s3/s3_test.py @@ -24,19 +24,19 @@ class TestS3: @mock_aws def test_send_to_s3_bucket(self): # Mock Audit Info - audit_info = MagicMock() + provider = MagicMock() # Create mock session - audit_info.audit_session = boto3.session.Session(region_name=AWS_REGION) - audit_info.identity.account = AWS_ACCOUNT_ID + provider.current_session = boto3.session.Session(region_name=AWS_REGION) + provider.identity.account = AWS_ACCOUNT_ID # Create mock bucket - client = audit_info.audit_session.client("s3") + client = provider.current_session.client("s3") client.create_bucket(Bucket=S3_BUCKET_NAME) # Mocked CSV output file output_directory = f"{ACTUAL_DIRECTORY}/{FIXTURES_DIR_NAME}" - filename = f"prowler-output-{audit_info.identity.account}" + filename = f"prowler-output-{provider.identity.account}" # Send mock CSV file to mock S3 Bucket send_to_s3_bucket( @@ -44,7 +44,7 @@ class TestS3: output_directory, OUTPUT_MODE_CSV, S3_BUCKET_NAME, - audit_info.audit_session, + provider.current_session, ) bucket_directory = get_s3_object_path(output_directory) @@ -63,19 +63,19 @@ class TestS3: @mock_aws def test_send_to_s3_bucket_compliance(self): # Mock Audit Info - audit_info = MagicMock() + provider = MagicMock() # Create mock session - audit_info.audit_session = boto3.session.Session(region_name=AWS_REGION) - audit_info.identity.account = AWS_ACCOUNT_ID + provider.current_session = boto3.session.Session(region_name=AWS_REGION) + provider.identity.account = AWS_ACCOUNT_ID # Create mock bucket - client = audit_info.audit_session.client("s3") + client = provider.current_session.client("s3") client.create_bucket(Bucket=S3_BUCKET_NAME) # Mocked CSV output file output_directory = f"{ACTUAL_DIRECTORY}/{FIXTURES_DIR_NAME}" - filename = f"prowler-output-{audit_info.identity.account}" + filename = f"prowler-output-{provider.identity.account}" # Send mock CSV file to mock S3 Bucket send_to_s3_bucket( @@ -83,7 +83,7 @@ class TestS3: output_directory, OUTPUT_MODE_CIS_1_4_AWS, S3_BUCKET_NAME, - audit_info.audit_session, + provider.current_session, ) bucket_directory = get_s3_object_path(output_directory) diff --git a/tests/providers/aws/lib/security_hub/security_hub_test.py b/tests/providers/aws/lib/security_hub/security_hub_test.py index 0fe9b095f7..2f4f9ed6c1 100644 --- a/tests/providers/aws/lib/security_hub/security_hub_test.py +++ b/tests/providers/aws/lib/security_hub/security_hub_test.py @@ -18,7 +18,7 @@ from tests.providers.aws.utils import ( AWS_COMMERCIAL_PARTITION, AWS_REGION_EU_WEST_1, AWS_REGION_EU_WEST_2, - set_mocked_aws_audit_info, + set_mocked_aws_provider, ) @@ -108,11 +108,11 @@ class Test_SecurityHub: return finding def set_mocked_output_options( - self, is_quiet: bool = False, send_sh_only_fails: bool = False + self, status: list[str] = [], send_sh_only_fails: bool = False ): output_options = MagicMock output_options.bulk_checks_metadata = {} - output_options.is_quiet = is_quiet + output_options.status = status output_options.send_sh_only_fails = send_sh_only_fails return output_options @@ -160,7 +160,7 @@ class Test_SecurityHub: ( "root", WARNING, - f"ClientError -- [68]: An error occurred ({error_code}) when calling the {operation_name} operation: {error_message}", + f"ClientError -- [64]: An error occurred ({error_code}) when calling the {operation_name} operation: {error_message}", ) ] @@ -220,7 +220,7 @@ class Test_SecurityHub: ( "root", ERROR, - f"ClientError -- [68]: An error occurred ({error_code}) when calling the {operation_name} operation: {error_message}", + f"ClientError -- [64]: An error occurred ({error_code}) when calling the {operation_name} operation: {error_message}", ) ] @@ -246,83 +246,83 @@ class Test_SecurityHub: ( "root", ERROR, - f"Exception -- [68]: {error_message}", + f"Exception -- [64]: {error_message}", ) ] - def test_prepare_security_hub_findings_enabled_region_not_quiet(self): + def test_prepare_security_hub_findings_enabled_region_all_statuses(self): enabled_regions = [AWS_REGION_EU_WEST_1] - output_options = self.set_mocked_output_options(is_quiet=False) + output_options = self.set_mocked_output_options() findings = [self.generate_finding("PASS", AWS_REGION_EU_WEST_1)] - audit_info = set_mocked_aws_audit_info( + aws_provider = set_mocked_aws_provider( audited_regions=[AWS_REGION_EU_WEST_1, AWS_REGION_EU_WEST_2] ) assert prepare_security_hub_findings( findings, - audit_info, + aws_provider, output_options, enabled_regions, ) == { AWS_REGION_EU_WEST_1: [get_security_hub_finding("PASSED")], } - def test_prepare_security_hub_findings_quiet_INFO_finding(self): + def test_prepare_security_hub_findings_all_statuses_MANUAL_finding(self): enabled_regions = [AWS_REGION_EU_WEST_1] - output_options = self.set_mocked_output_options(is_quiet=False) - findings = [self.generate_finding("INFO", AWS_REGION_EU_WEST_1)] - audit_info = set_mocked_aws_audit_info( + output_options = self.set_mocked_output_options() + findings = [self.generate_finding("MANUAL", AWS_REGION_EU_WEST_1)] + aws_provider = set_mocked_aws_provider( audited_regions=[AWS_REGION_EU_WEST_1, AWS_REGION_EU_WEST_2] ) assert prepare_security_hub_findings( findings, - audit_info, + aws_provider, output_options, enabled_regions, ) == {AWS_REGION_EU_WEST_1: []} def test_prepare_security_hub_findings_disabled_region(self): enabled_regions = [AWS_REGION_EU_WEST_1] - output_options = self.set_mocked_output_options(is_quiet=False) + output_options = self.set_mocked_output_options() findings = [self.generate_finding("PASS", AWS_REGION_EU_WEST_2)] - audit_info = set_mocked_aws_audit_info( + aws_provider = set_mocked_aws_provider( audited_regions=[AWS_REGION_EU_WEST_1, AWS_REGION_EU_WEST_2] ) assert prepare_security_hub_findings( findings, - audit_info, + aws_provider, output_options, enabled_regions, ) == {AWS_REGION_EU_WEST_1: []} - def test_prepare_security_hub_findings_quiet_PASS(self): + def test_prepare_security_hub_findings_PASS_and_FAIL_statuses(self): enabled_regions = [AWS_REGION_EU_WEST_1] - output_options = self.set_mocked_output_options(is_quiet=True) + output_options = self.set_mocked_output_options(status=["FAIL"]) findings = [self.generate_finding("PASS", AWS_REGION_EU_WEST_1)] - audit_info = set_mocked_aws_audit_info( + aws_provider = set_mocked_aws_provider( audited_regions=[AWS_REGION_EU_WEST_1, AWS_REGION_EU_WEST_2] ) assert prepare_security_hub_findings( findings, - audit_info, + aws_provider, output_options, enabled_regions, ) == {AWS_REGION_EU_WEST_1: []} - def test_prepare_security_hub_findings_quiet_FAIL(self): + def test_prepare_security_hub_findings_FAIL_and_FAIL_statuses(self): enabled_regions = [AWS_REGION_EU_WEST_1] - output_options = self.set_mocked_output_options(is_quiet=True) + output_options = self.set_mocked_output_options(status=["FAIL"]) findings = [self.generate_finding("FAIL", AWS_REGION_EU_WEST_1)] - audit_info = set_mocked_aws_audit_info( + aws_provider = set_mocked_aws_provider( audited_regions=[AWS_REGION_EU_WEST_1, AWS_REGION_EU_WEST_2] ) assert prepare_security_hub_findings( findings, - audit_info, + aws_provider, output_options, enabled_regions, ) == {AWS_REGION_EU_WEST_1: [get_security_hub_finding("FAILED")]} @@ -331,13 +331,13 @@ class Test_SecurityHub: enabled_regions = [AWS_REGION_EU_WEST_1] output_options = self.set_mocked_output_options(send_sh_only_fails=True) findings = [self.generate_finding("PASS", AWS_REGION_EU_WEST_1)] - audit_info = set_mocked_aws_audit_info( + aws_provider = set_mocked_aws_provider( audited_regions=[AWS_REGION_EU_WEST_1, AWS_REGION_EU_WEST_2] ) assert prepare_security_hub_findings( findings, - audit_info, + aws_provider, output_options, enabled_regions, ) == {AWS_REGION_EU_WEST_1: []} @@ -346,26 +346,26 @@ class Test_SecurityHub: enabled_regions = [AWS_REGION_EU_WEST_1] output_options = self.set_mocked_output_options(send_sh_only_fails=True) findings = [self.generate_finding("FAIL", AWS_REGION_EU_WEST_1)] - audit_info = set_mocked_aws_audit_info( + aws_provider = set_mocked_aws_provider( audited_regions=[AWS_REGION_EU_WEST_1, AWS_REGION_EU_WEST_2] ) assert prepare_security_hub_findings( findings, - audit_info, + aws_provider, output_options, enabled_regions, ) == {AWS_REGION_EU_WEST_1: [get_security_hub_finding("FAILED")]} def test_prepare_security_hub_findings_no_audited_regions(self): enabled_regions = [AWS_REGION_EU_WEST_1] - output_options = self.set_mocked_output_options(is_quiet=False) + output_options = self.set_mocked_output_options() findings = [self.generate_finding("PASS", AWS_REGION_EU_WEST_1)] - audit_info = set_mocked_aws_audit_info() + aws_provider = set_mocked_aws_provider() assert prepare_security_hub_findings( findings, - audit_info, + aws_provider, output_options, enabled_regions, ) == { @@ -375,16 +375,16 @@ class Test_SecurityHub: @patch("botocore.client.BaseClient._make_api_call", new=mock_make_api_call) def test_batch_send_to_security_hub_one_finding(self): enabled_regions = [AWS_REGION_EU_WEST_1] - output_options = self.set_mocked_output_options(is_quiet=False) + output_options = self.set_mocked_output_options() findings = [self.generate_finding("PASS", AWS_REGION_EU_WEST_1)] - audit_info = set_mocked_aws_audit_info( + aws_provider = set_mocked_aws_provider( audited_regions=[AWS_REGION_EU_WEST_1, AWS_REGION_EU_WEST_2] ) session = self.set_mocked_session(AWS_REGION_EU_WEST_1) security_hub_findings = prepare_security_hub_findings( findings, - audit_info, + aws_provider, output_options, enabled_regions, ) diff --git a/tests/providers/aws/lib/service/service_test.py b/tests/providers/aws/lib/service/service_test.py index 37cb17763d..76f436e44e 100644 --- a/tests/providers/aws/lib/service/service_test.py +++ b/tests/providers/aws/lib/service/service_test.py @@ -6,7 +6,7 @@ from tests.providers.aws.utils import ( AWS_ACCOUNT_NUMBER, AWS_COMMERCIAL_PARTITION, AWS_REGION_US_EAST_1, - set_mocked_aws_audit_info, + set_mocked_aws_provider, ) @@ -22,10 +22,10 @@ def mock_generate_regional_clients(provider, service): "prowler.providers.aws.aws_provider.AwsProvider.generate_regional_clients", new=mock_generate_regional_clients, ) -class Test_AWSService: +class TestAWSService: def test_AWSService_init(self): service_name = "s3" - provider = set_mocked_aws_audit_info() + provider = set_mocked_aws_provider() service = AWSService(service_name, provider) assert service.provider == provider @@ -46,7 +46,7 @@ class Test_AWSService: def test_AWSService_init_global_service(self): service_name = "cloudfront" - provider = set_mocked_aws_audit_info() + provider = set_mocked_aws_provider() service = AWSService(service_name, provider, global_service=True) assert service.provider == provider diff --git a/tests/providers/aws/services/iam/iam_securityaudit_role_created/iam_securityaudit_role_created_test.py b/tests/providers/aws/services/iam/iam_securityaudit_role_created/iam_securityaudit_role_created_test.py index 3d6c0eaa2d..7301d91c72 100644 --- a/tests/providers/aws/services/iam/iam_securityaudit_role_created/iam_securityaudit_role_created_test.py +++ b/tests/providers/aws/services/iam/iam_securityaudit_role_created/iam_securityaudit_role_created_test.py @@ -12,7 +12,6 @@ from tests.providers.aws.utils import AWS_REGION_US_EAST_1, set_mocked_aws_provi class Test_iam_securityaudit_role_created: @mock_aws(config={"iam": {"load_aws_managed_policies": True}}) def test_securityaudit_role_created(self): - aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1]) iam = client("iam") role_name = "test_securityaudit_role_created" assume_role_policy_document = { @@ -33,6 +32,8 @@ class Test_iam_securityaudit_role_created: PolicyArn="arn:aws:iam::aws:policy/SecurityAudit", ) + aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1]) + with mock.patch( "prowler.providers.common.common.get_global_provider", return_value=aws_provider, diff --git a/tests/providers/aws/services/organizations/organizations_account_part_of_organizations/organizations_account_part_of_organizations_test.py b/tests/providers/aws/services/organizations/organizations_account_part_of_organizations/organizations_account_part_of_organizations_test.py index 7a14758381..1acd6483e3 100644 --- a/tests/providers/aws/services/organizations/organizations_account_part_of_organizations/organizations_account_part_of_organizations_test.py +++ b/tests/providers/aws/services/organizations/organizations_account_part_of_organizations/organizations_account_part_of_organizations_test.py @@ -17,7 +17,9 @@ from tests.providers.aws.utils import ( class Test_organizations_account_part_of_organizations: @mock_aws def test_no_organization(self): - aws_provider = set_mocked_aws_provider([AWS_REGION_EU_WEST_1]) + aws_provider = set_mocked_aws_provider( + [AWS_REGION_EU_WEST_1], create_default_organization=False + ) with mock.patch( "prowler.providers.common.common.get_global_provider", diff --git a/tests/providers/aws/services/organizations/organizations_delegated_administrators/organizations_delegated_administrators_test.py b/tests/providers/aws/services/organizations/organizations_delegated_administrators/organizations_delegated_administrators_test.py index d9cec555de..75e180a63c 100644 --- a/tests/providers/aws/services/organizations/organizations_delegated_administrators/organizations_delegated_administrators_test.py +++ b/tests/providers/aws/services/organizations/organizations_delegated_administrators/organizations_delegated_administrators_test.py @@ -13,7 +13,9 @@ from tests.providers.aws.utils import AWS_REGION_EU_WEST_1, set_mocked_aws_provi class Test_organizations_delegated_administrators: @mock_aws def test_no_organization(self): - aws_provider = set_mocked_aws_provider([AWS_REGION_EU_WEST_1]) + aws_provider = set_mocked_aws_provider( + [AWS_REGION_EU_WEST_1], create_default_organization=False + ) aws_provider._audit_config = { "organizations_trusted_delegated_administrators": [] } diff --git a/tests/providers/aws/services/organizations/organizations_scp_check_deny_regions/organizations_scp_check_deny_regions_test.py b/tests/providers/aws/services/organizations/organizations_scp_check_deny_regions/organizations_scp_check_deny_regions_test.py index 3a877d54a3..c7544ed117 100644 --- a/tests/providers/aws/services/organizations/organizations_scp_check_deny_regions/organizations_scp_check_deny_regions_test.py +++ b/tests/providers/aws/services/organizations/organizations_scp_check_deny_regions/organizations_scp_check_deny_regions_test.py @@ -22,7 +22,9 @@ def scp_restrict_regions_with_deny(): class Test_organizations_scp_check_deny_regions: @mock_aws def test_no_organization(self): - aws_provider = set_mocked_aws_provider([AWS_REGION_EU_WEST_1]) + aws_provider = set_mocked_aws_provider( + [AWS_REGION_EU_WEST_1], create_default_organization=False + ) aws_provider._audit_config = { "organizations_enabled_regions": [AWS_REGION_EU_WEST_1] } diff --git a/tests/providers/aws/services/organizations/organizations_service_test.py b/tests/providers/aws/services/organizations/organizations_service_test.py index 6f6383b56a..d5e0a9ba88 100644 --- a/tests/providers/aws/services/organizations/organizations_service_test.py +++ b/tests/providers/aws/services/organizations/organizations_service_test.py @@ -26,7 +26,9 @@ class Test_Organizations_Service: conn = client("organizations", region_name=AWS_REGION_EU_WEST_1) response = conn.create_organization() # Mock - aws_provider = set_mocked_aws_provider([AWS_REGION_EU_WEST_1]) + aws_provider = set_mocked_aws_provider( + [AWS_REGION_EU_WEST_1], create_default_organization=False + ) organizations = Organizations(aws_provider) # Tests assert len(organizations.organizations) == 1 diff --git a/tests/providers/aws/utils.py b/tests/providers/aws/utils.py index b4ca0b7e07..34740421cd 100644 --- a/tests/providers/aws/utils.py +++ b/tests/providers/aws/utils.py @@ -1,6 +1,6 @@ from argparse import Namespace -from boto3 import session +from boto3 import client, session from botocore.config import Config from moto import mock_aws @@ -20,8 +20,6 @@ AWS_REGION_EU_WEST_1 = "eu-west-1" AWS_REGION_EU_WEST_1_AZA = "eu-west-1a" AWS_REGION_EU_WEST_1_AZB = "eu-west-1b" AWS_REGION_EU_WEST_2 = "eu-west-2" -AWS_REGION_CN_NORTHWEST_1 = "cn-northwest-1" -AWS_REGION_CN_NORTH_1 = "cn-north-1" AWS_REGION_EU_SOUTH_2 = "eu-south-2" AWS_REGION_EU_SOUTH_3 = "eu-south-3" AWS_REGION_US_WEST_2 = "us-west-2" @@ -30,7 +28,8 @@ AWS_REGION_EU_CENTRAL_1 = "eu-central-1" # China Regions -AWS_REGION_CHINA_NORHT_1 = "cn-north-1" +AWS_REGION_CN_NORTHWEST_1 = "cn-northwest-1" +AWS_REGION_CN_NORTH_1 = "cn-north-1" # Gov Cloud Regions AWS_REGION_GOV_CLOUD_US_EAST_1 = "us-gov-east-1" @@ -44,37 +43,8 @@ AWS_GOV_CLOUD_PARTITION = "aws-us-gov" AWS_CHINA_PARTITION = "aws-cn" AWS_ISO_PARTITION = "aws-iso" -# Commercial Regions -AWS_REGION_US_EAST_1 = "us-east-1" -AWS_REGION_US_EAST_1_AZA = "us-east-1a" -AWS_REGION_US_EAST_1_AZB = "us-east-1b" -AWS_REGION_EU_WEST_1 = "eu-west-1" -AWS_REGION_EU_WEST_1_AZA = "eu-west-1a" -AWS_REGION_EU_WEST_1_AZB = "eu-west-1b" -AWS_REGION_EU_WEST_2 = "eu-west-2" -AWS_REGION_CN_NORTHWEST_1 = "cn-northwest-1" -AWS_REGION_CN_NORTH_1 = "cn-north-1" -AWS_REGION_EU_SOUTH_2 = "eu-south-2" -AWS_REGION_EU_SOUTH_3 = "eu-south-3" -AWS_REGION_US_WEST_2 = "us-west-2" -AWS_REGION_US_EAST_2 = "us-east-2" -AWS_REGION_EU_CENTRAL_1 = "eu-central-1" - - -# China Regions -AWS_REGION_CHINA_NORHT_1 = "cn-north-1" - -# Gov Cloud Regions -AWS_REGION_GOV_CLOUD_US_EAST_1 = "us-gov-east-1" - -# Iso Regions -AWS_REGION_ISO_GLOBAL = "aws-iso-global" - -# AWS Partitions -AWS_COMMERCIAL_PARTITION = "aws" -AWS_GOV_CLOUD_PARTITION = "aws-us-gov" -AWS_CHINA_PARTITION = "aws-cn" -AWS_ISO_PARTITION = "aws-iso" +# EC2 +EXAMPLE_AMI_ID = "ami-12c6146b" # Mocked AWS Provider @@ -89,16 +59,28 @@ def set_mocked_aws_provider( profile_region: str = None, audit_config: dict = {}, ignore_unused_services: bool = False, - # assumed_role_info: AWSAssumeRole = None, audit_session: session.Session = session.Session( profile_name=None, botocore_session=None, ), original_session: session.Session = None, enabled_regions: set = None, + arguments: Namespace = Namespace(), + create_default_organization: bool = True, ) -> AwsProvider: - # Create default AWS Provider - provider = AwsProvider(Namespace()) + if create_default_organization: + # Create default AWS Organization + create_default_aws_organization() + + # Default arguments + arguments = set_default_provider_arguments(arguments) + + # AWS Provider + provider = AwsProvider(arguments) + + # Output options + provider.output_options = arguments, {} + # Mock Session provider._session.session_config = None provider._session.original_session = original_session @@ -130,3 +112,36 @@ def set_mocked_aws_provider( ) return provider + + +def set_default_provider_arguments(arguments: Namespace) -> Namespace: + arguments.status = [] + arguments.output_modes = [] + arguments.output_directory = "" + arguments.verbose = False + arguments.only_logs = False + arguments.unix_timestamp = False + arguments.shodan = None + arguments.security_hub = False + arguments.send_sh_only_fails = False + + return arguments + + +@mock_aws +def create_default_aws_organization(): + # Create default AWS Organization + organizations_client = client("organizations", region_name=AWS_REGION_US_EAST_1) + + mockname = "mock-account" + mockdomain = "moto-example.org" + mockemail = "@".join([mockname, mockdomain]) + + _ = organizations_client.create_organization(FeatureSet="ALL")["Organization"]["Id"] + account_id = organizations_client.create_account( + AccountName=mockname, Email=mockemail + )["CreateAccountStatus"]["AccountId"] + + _ = organizations_client.tag_resource( + ResourceId=account_id, Tags=[{"Key": "test", "Value": "aws-provider"}] + ) diff --git a/tests/providers/azure/azure_fixtures.py b/tests/providers/azure/azure_fixtures.py index 55741defff..51b919e0d6 100644 --- a/tests/providers/azure/azure_fixtures.py +++ b/tests/providers/azure/azure_fixtures.py @@ -1,14 +1,13 @@ from uuid import uuid4 from azure.identity import DefaultAzureCredential +from mock import MagicMock -from prowler.providers.azure.lib.audit_info.models import ( - Azure_Audit_Info, - Azure_Identity_Info, - Azure_Region_Config, -) +from prowler.providers.azure.azure_provider import AzureProvider +from prowler.providers.azure.models import AzureIdentityInfo, AzureRegionConfig -AZURE_SUBSCRIPTION = str(uuid4()) +AZURE_SUBSCRIPTION_ID = str(uuid4()) +AZURE_SUBSCRIPTION_NAME = "Subscription Name" # Azure Identity IDENTITY_ID = "00000000-0000-0000-0000-000000000000" @@ -18,26 +17,26 @@ DOMAIN = "user.onmicrosoft.com" # Mocked Azure Audit Info -def set_mocked_azure_audit_info( +def set_mocked_azure_provider( credentials: DefaultAzureCredential = DefaultAzureCredential(), - identity: Azure_Identity_Info = Azure_Identity_Info( + identity: AzureIdentityInfo = AzureIdentityInfo( identity_id=IDENTITY_ID, identity_type=IDENTITY_TYPE, tenant_ids=TENANT_IDS, domain=DOMAIN, - subscriptions={AZURE_SUBSCRIPTION: "id_subscription"}, + subscriptions={AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME}, ), audit_config: dict = None, - azure_region_config: Azure_Region_Config = Azure_Region_Config(), + azure_region_config: AzureRegionConfig = AzureRegionConfig(), locations: list = None, -): - audit_info = Azure_Audit_Info( - credentials=credentials, - identity=identity, - audit_metadata=None, - audit_resources=None, - audit_config=audit_config, - azure_region_config=azure_region_config, - locations=locations, - ) - return audit_info +) -> AzureProvider: + + provider = MagicMock() + provider.type = "azure" + provider.session.credentials = credentials + provider.identity.locations = locations + provider.identity = identity + provider.audit_config = audit_config + provider.region_config = azure_region_config + + return provider diff --git a/tests/providers/azure/azure_provider_test.py b/tests/providers/azure/azure_provider_test.py index e69de29bb2..a4c3c85936 100644 --- a/tests/providers/azure/azure_provider_test.py +++ b/tests/providers/azure/azure_provider_test.py @@ -0,0 +1,214 @@ +from argparse import Namespace +from datetime import datetime +from os import rmdir + +import pytest +from azure.identity import DefaultAzureCredential +from freezegun import freeze_time +from mock import patch + +from prowler.config.config import default_config_file_path +from prowler.providers.azure.azure_provider import AzureProvider +from prowler.providers.azure.models import ( + AzureIdentityInfo, + AzureOutputOptions, + AzureRegionConfig, +) + + +class TestAzureProvider: + def test_azure_provider(self): + arguments = Namespace() + arguments.subscription_ids = None + arguments.tenant_id = None + # We need to set exactly one auth method + arguments.az_cli_auth = True + arguments.sp_env_auth = None + arguments.browser_auth = None + arguments.managed_identity_auth = None + + arguments.config_file = default_config_file_path + arguments.azure_region = "AzureCloud" + + with patch( + "prowler.providers.azure.azure_provider.AzureProvider.setup_identity", + return_value=AzureIdentityInfo(), + ), patch( + "prowler.providers.azure.azure_provider.AzureProvider.get_locations", + return_value={}, + ): + azure_provider = AzureProvider(arguments) + + assert azure_provider.region_config == AzureRegionConfig( + name="AzureCloud", + authority=None, + base_url="https://management.azure.com", + credential_scopes=["https://management.azure.com/.default"], + ) + assert isinstance(azure_provider.session, DefaultAzureCredential) + assert azure_provider.identity == AzureIdentityInfo( + identity_id="", + identity_type="", + tenant_ids=[], + tenant_domain="Unknown tenant domain (missing AAD permissions)", + subscriptions={}, + locations={}, + ) + assert azure_provider.audit_config == { + "shodan_api_key": None, + "php_latest_version": "8.2", + "python_latest_version": "3.12", + "java_latest_version": "17", + } + + def test_azure_provider_not_auth_methods(self): + arguments = Namespace() + arguments.subscription_ids = None + arguments.tenant_id = None + # We need to set exactly one auth method + arguments.az_cli_auth = None + arguments.sp_env_auth = None + arguments.browser_auth = None + arguments.managed_identity_auth = None + + arguments.config_file = default_config_file_path + arguments.azure_region = "AzureCloud" + + with patch( + "prowler.providers.azure.azure_provider.AzureProvider.setup_identity", + return_value=AzureIdentityInfo(), + ), patch( + "prowler.providers.azure.azure_provider.AzureProvider.get_locations", + return_value={}, + ): + + with pytest.raises(SystemExit) as exception: + _ = AzureProvider(arguments) + assert exception.type == SystemExit + assert ( + exception.value.args[0] + == "Azure provider requires at least one authentication method set: [--az-cli-auth | --sp-env-auth | --browser-auth | --managed-identity-auth]" + ) + + def test_azure_provider_browser_auth_but_not_tenant_id(self): + arguments = Namespace() + arguments.subscription_ids = None + arguments.tenant_id = None + # We need to set exactly one auth method + arguments.az_cli_auth = None + arguments.sp_env_auth = None + arguments.browser_auth = True + arguments.managed_identity_auth = None + + arguments.config_file = default_config_file_path + arguments.azure_region = "AzureCloud" + + with patch( + "prowler.providers.azure.azure_provider.AzureProvider.setup_identity", + return_value=AzureIdentityInfo(), + ), patch( + "prowler.providers.azure.azure_provider.AzureProvider.get_locations", + return_value={}, + ): + + with pytest.raises(SystemExit) as exception: + _ = AzureProvider(arguments) + assert exception.type == SystemExit + assert ( + exception.value.args[0] + == "Azure Tenant ID (--tenant-id) is required for browser authentication mode" + ) + + def test_azure_provider_not_browser_auth_but_tenant_id(self): + arguments = Namespace() + arguments.subscription_ids = None + arguments.tenant_id = "test-tenant-id" + # We need to set exactly one auth method + arguments.az_cli_auth = None + arguments.sp_env_auth = None + arguments.browser_auth = False + arguments.managed_identity_auth = None + + arguments.config_file = default_config_file_path + arguments.azure_region = "AzureCloud" + + with patch( + "prowler.providers.azure.azure_provider.AzureProvider.setup_identity", + return_value=AzureIdentityInfo(), + ), patch( + "prowler.providers.azure.azure_provider.AzureProvider.get_locations", + return_value={}, + ): + + with pytest.raises(SystemExit) as exception: + _ = AzureProvider(arguments) + assert exception.type == SystemExit + assert ( + exception.value.args[0] + == "Azure provider requires at least one authentication method set: [--az-cli-auth | --sp-env-auth | --browser-auth | --managed-identity-auth]" + ) + + @freeze_time(datetime.today()) + def test_azure_provider_output_options_with_domain(self): + arguments = Namespace() + arguments.subscription_ids = None + arguments.tenant_id = None + + # We need to set exactly one auth method + arguments.az_cli_auth = None + arguments.sp_env_auth = True + arguments.browser_auth = None + arguments.managed_identity_auth = None + + arguments.config_file = default_config_file_path + arguments.azure_region = "AzureCloud" + + # Output Options + arguments.output_modes = ["csv"] + arguments.output_directory = "output_test_directory" + arguments.status = [] + arguments.verbose = True + arguments.only_logs = False + arguments.unix_timestamp = False + arguments.shodan = "test-api-key" + + tenant_domain = "test-domain" + with patch( + "prowler.providers.azure.azure_provider.AzureProvider.setup_identity", + return_value=AzureIdentityInfo(tenant_domain=tenant_domain), + ), patch( + "prowler.providers.azure.azure_provider.AzureProvider.get_locations", + return_value={}, + ), patch( + "prowler.providers.azure.azure_provider.AzureProvider.setup_session", + return_value=DefaultAzureCredential(), + ): + azure_provider = AzureProvider(arguments) + + azure_provider.output_options = arguments, {} + + assert isinstance(azure_provider.output_options, AzureOutputOptions) + assert azure_provider.output_options.status == [] + assert azure_provider.output_options.output_modes == [ + "csv", + ] + assert ( + azure_provider.output_options.output_directory + == arguments.output_directory + ) + assert azure_provider.output_options.bulk_checks_metadata == {} + assert azure_provider.output_options.verbose + # Flaky due to the millisecond part of the timestamp + # assert ( + # azure_provider.output_options.output_filename + # == f"prowler-output-{azure_provider.identity.tenant_domain}-{datetime.today().strftime('%Y%m%d%H%M%S')}" + # ) + assert ( + f"prowler-output-{azure_provider.identity.tenant_domain}" + in azure_provider.output_options.output_filename + ) + + # Delete testing directory + # TODO: move this to a fixtures file + rmdir(f"{arguments.output_directory}/compliance") + rmdir(arguments.output_directory) diff --git a/tests/providers/azure/services/aks/aks_cluster_rbac_enabled/aks_cluster_rbac_enabled_test.py b/tests/providers/azure/services/aks/aks_cluster_rbac_enabled/aks_cluster_rbac_enabled_test.py index 57865223c1..07f5665286 100644 --- a/tests/providers/azure/services/aks/aks_cluster_rbac_enabled/aks_cluster_rbac_enabled_test.py +++ b/tests/providers/azure/services/aks/aks_cluster_rbac_enabled/aks_cluster_rbac_enabled_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.aks.aks_service import Cluster -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_aks_cluster_rbac_enabled: @@ -11,6 +14,9 @@ class Test_aks_cluster_rbac_enabled: aks_client.clusters = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.aks.aks_cluster_rbac_enabled.aks_cluster_rbac_enabled.aks_client", new=aks_client, ): @@ -24,9 +30,12 @@ class Test_aks_cluster_rbac_enabled: def test_aks_subscription_empty(self): aks_client = mock.MagicMock - aks_client.clusters = {AZURE_SUBSCRIPTION: {}} + aks_client.clusters = {AZURE_SUBSCRIPTION_ID: {}} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.aks.aks_cluster_rbac_enabled.aks_cluster_rbac_enabled.aks_client", new=aks_client, ): @@ -42,7 +51,7 @@ class Test_aks_cluster_rbac_enabled: aks_client = mock.MagicMock cluster_id = str(uuid4()) aks_client.clusters = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { cluster_id: Cluster( name="cluster_name", public_fqdn="public_fqdn", @@ -55,6 +64,9 @@ class Test_aks_cluster_rbac_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.aks.aks_cluster_rbac_enabled.aks_cluster_rbac_enabled.aks_client", new=aks_client, ): @@ -68,17 +80,17 @@ class Test_aks_cluster_rbac_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"RBAC is enabled for cluster 'cluster_name' in subscription '{AZURE_SUBSCRIPTION}'." + == f"RBAC is enabled for cluster 'cluster_name' in subscription '{AZURE_SUBSCRIPTION_ID}'." ) assert result[0].resource_name == "cluster_name" assert result[0].resource_id == cluster_id - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID def test_aks_rbac_not_enabled(self): aks_client = mock.MagicMock cluster_id = str(uuid4()) aks_client.clusters = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { cluster_id: Cluster( name="cluster_name", public_fqdn="public_fqdn", @@ -91,6 +103,9 @@ class Test_aks_cluster_rbac_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.aks.aks_cluster_rbac_enabled.aks_cluster_rbac_enabled.aks_client", new=aks_client, ): @@ -104,8 +119,8 @@ class Test_aks_cluster_rbac_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"RBAC is not enabled for cluster 'cluster_name' in subscription '{AZURE_SUBSCRIPTION}'." + == f"RBAC is not enabled for cluster 'cluster_name' in subscription '{AZURE_SUBSCRIPTION_ID}'." ) assert result[0].resource_name == "cluster_name" assert result[0].resource_id == cluster_id - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID diff --git a/tests/providers/azure/services/aks/aks_clusters_created_with_private_nodes/aks_clusters_created_with_private_nodes_test.py b/tests/providers/azure/services/aks/aks_clusters_created_with_private_nodes/aks_clusters_created_with_private_nodes_test.py index 145254bf74..e4ef70d4fd 100644 --- a/tests/providers/azure/services/aks/aks_clusters_created_with_private_nodes/aks_clusters_created_with_private_nodes_test.py +++ b/tests/providers/azure/services/aks/aks_clusters_created_with_private_nodes/aks_clusters_created_with_private_nodes_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.aks.aks_service import Cluster -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_aks_clusters_created_with_private_nodes: @@ -11,6 +14,9 @@ class Test_aks_clusters_created_with_private_nodes: aks_client.clusters = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.aks.aks_clusters_created_with_private_nodes.aks_clusters_created_with_private_nodes.aks_client", new=aks_client, ): @@ -24,9 +30,12 @@ class Test_aks_clusters_created_with_private_nodes: def test_aks_subscription_empty(self): aks_client = mock.MagicMock - aks_client.clusters = {AZURE_SUBSCRIPTION: {}} + aks_client.clusters = {AZURE_SUBSCRIPTION_ID: {}} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.aks.aks_clusters_created_with_private_nodes.aks_clusters_created_with_private_nodes.aks_client", new=aks_client, ): @@ -42,7 +51,7 @@ class Test_aks_clusters_created_with_private_nodes: aks_client = mock.MagicMock cluster_id = str(uuid4()) aks_client.clusters = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { cluster_id: Cluster( name="cluster_name", public_fqdn="public_fqdn", @@ -55,6 +64,9 @@ class Test_aks_clusters_created_with_private_nodes: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.aks.aks_clusters_created_with_private_nodes.aks_clusters_created_with_private_nodes.aks_client", new=aks_client, ): @@ -68,17 +80,17 @@ class Test_aks_clusters_created_with_private_nodes: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Cluster 'cluster_name' was not created with private nodes in subscription '{AZURE_SUBSCRIPTION}'" + == f"Cluster 'cluster_name' was not created with private nodes in subscription '{AZURE_SUBSCRIPTION_ID}'" ) assert result[0].resource_id == cluster_id assert result[0].resource_name == "cluster_name" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID def test_aks_cluster_private_nodes(self): aks_client = mock.MagicMock cluster_id = str(uuid4()) aks_client.clusters = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { cluster_id: Cluster( name="cluster_name", public_fqdn="public_fqdn", @@ -91,6 +103,9 @@ class Test_aks_clusters_created_with_private_nodes: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.aks.aks_clusters_created_with_private_nodes.aks_clusters_created_with_private_nodes.aks_client", new=aks_client, ): @@ -104,17 +119,17 @@ class Test_aks_clusters_created_with_private_nodes: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Cluster 'cluster_name' was created with private nodes in subscription '{AZURE_SUBSCRIPTION}'" + == f"Cluster 'cluster_name' was created with private nodes in subscription '{AZURE_SUBSCRIPTION_ID}'" ) assert result[0].resource_id == cluster_id assert result[0].resource_name == "cluster_name" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID def test_aks_cluster_public_and_private_nodes(self): aks_client = mock.MagicMock cluster_id = str(uuid4()) aks_client.clusters = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { cluster_id: Cluster( name="cluster_name", public_fqdn="public_fqdn", @@ -131,6 +146,9 @@ class Test_aks_clusters_created_with_private_nodes: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.aks.aks_clusters_created_with_private_nodes.aks_clusters_created_with_private_nodes.aks_client", new=aks_client, ): @@ -144,8 +162,8 @@ class Test_aks_clusters_created_with_private_nodes: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Cluster 'cluster_name' was not created with private nodes in subscription '{AZURE_SUBSCRIPTION}'" + == f"Cluster 'cluster_name' was not created with private nodes in subscription '{AZURE_SUBSCRIPTION_ID}'" ) assert result[0].resource_id == cluster_id assert result[0].resource_name == "cluster_name" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID diff --git a/tests/providers/azure/services/aks/aks_clusters_public_access_disabled/aks_clusters_public_access_disabled_test.py b/tests/providers/azure/services/aks/aks_clusters_public_access_disabled/aks_clusters_public_access_disabled_test.py index 140c96da54..6fce459af9 100644 --- a/tests/providers/azure/services/aks/aks_clusters_public_access_disabled/aks_clusters_public_access_disabled_test.py +++ b/tests/providers/azure/services/aks/aks_clusters_public_access_disabled/aks_clusters_public_access_disabled_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.aks.aks_service import Cluster -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_aks_clusters_public_access_disabled: @@ -11,6 +14,9 @@ class Test_aks_clusters_public_access_disabled: aks_client.clusters = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.aks.aks_clusters_public_access_disabled.aks_clusters_public_access_disabled.aks_client", new=aks_client, ): @@ -24,9 +30,12 @@ class Test_aks_clusters_public_access_disabled: def test_aks_subscription_empty(self): aks_client = mock.MagicMock - aks_client.clusters = {AZURE_SUBSCRIPTION: {}} + aks_client.clusters = {AZURE_SUBSCRIPTION_ID: {}} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.aks.aks_clusters_public_access_disabled.aks_clusters_public_access_disabled.aks_client", new=aks_client, ): @@ -42,7 +51,7 @@ class Test_aks_clusters_public_access_disabled: aks_client = mock.MagicMock cluster_id = str(uuid4()) aks_client.clusters = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { cluster_id: Cluster( name="cluster_name", public_fqdn="public_fqdn", @@ -55,6 +64,9 @@ class Test_aks_clusters_public_access_disabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.aks.aks_clusters_public_access_disabled.aks_clusters_public_access_disabled.aks_client", new=aks_client, ): @@ -68,17 +80,17 @@ class Test_aks_clusters_public_access_disabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Public access to nodes is enabled for cluster 'cluster_name' in subscription '{AZURE_SUBSCRIPTION}'" + == f"Public access to nodes is enabled for cluster 'cluster_name' in subscription '{AZURE_SUBSCRIPTION_ID}'" ) assert result[0].resource_id == cluster_id assert result[0].resource_name == "cluster_name" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID def test_aks_cluster_private_fqdn(self): aks_client = mock.MagicMock cluster_id = str(uuid4()) aks_client.clusters = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { cluster_id: Cluster( name="cluster_name", public_fqdn="public_fqdn", @@ -91,6 +103,9 @@ class Test_aks_clusters_public_access_disabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.aks.aks_clusters_public_access_disabled.aks_clusters_public_access_disabled.aks_client", new=aks_client, ): @@ -104,17 +119,17 @@ class Test_aks_clusters_public_access_disabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Public access to nodes is disabled for cluster 'cluster_name' in subscription '{AZURE_SUBSCRIPTION}'" + == f"Public access to nodes is disabled for cluster 'cluster_name' in subscription '{AZURE_SUBSCRIPTION_ID}'" ) assert result[0].resource_id == cluster_id assert result[0].resource_name == "cluster_name" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID def test_aks_cluster_private_fqdn_with_public_ip(self): aks_client = mock.MagicMock cluster_id = str(uuid4()) aks_client.clusters = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { cluster_id: Cluster( name="cluster_name", public_fqdn="public_fqdn", @@ -127,6 +142,9 @@ class Test_aks_clusters_public_access_disabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.aks.aks_clusters_public_access_disabled.aks_clusters_public_access_disabled.aks_client", new=aks_client, ): @@ -140,8 +158,8 @@ class Test_aks_clusters_public_access_disabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Public access to nodes is enabled for cluster 'cluster_name' in subscription '{AZURE_SUBSCRIPTION}'" + == f"Public access to nodes is enabled for cluster 'cluster_name' in subscription '{AZURE_SUBSCRIPTION_ID}'" ) assert result[0].resource_id == cluster_id assert result[0].resource_name == "cluster_name" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID diff --git a/tests/providers/azure/services/aks/aks_network_policy_enabled/aks_network_policy_enabled_test.py b/tests/providers/azure/services/aks/aks_network_policy_enabled/aks_network_policy_enabled_test.py index d48555c30d..1da40bdbe4 100644 --- a/tests/providers/azure/services/aks/aks_network_policy_enabled/aks_network_policy_enabled_test.py +++ b/tests/providers/azure/services/aks/aks_network_policy_enabled/aks_network_policy_enabled_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.aks.aks_service import Cluster -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_aks_network_policy_enabled: @@ -11,6 +14,9 @@ class Test_aks_network_policy_enabled: aks_client.clusters = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.aks.aks_network_policy_enabled.aks_network_policy_enabled.aks_client", new=aks_client, ): @@ -24,9 +30,12 @@ class Test_aks_network_policy_enabled: def test_aks_subscription_empty(self): aks_client = mock.MagicMock - aks_client.clusters = {AZURE_SUBSCRIPTION: {}} + aks_client.clusters = {AZURE_SUBSCRIPTION_ID: {}} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.aks.aks_network_policy_enabled.aks_network_policy_enabled.aks_client", new=aks_client, ): @@ -42,7 +51,7 @@ class Test_aks_network_policy_enabled: aks_client = mock.MagicMock cluster_id = str(uuid4()) aks_client.clusters = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { cluster_id: Cluster( name="cluster_name", public_fqdn="public_fqdn", @@ -55,6 +64,9 @@ class Test_aks_network_policy_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.aks.aks_network_policy_enabled.aks_network_policy_enabled.aks_client", new=aks_client, ): @@ -68,17 +80,17 @@ class Test_aks_network_policy_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Network policy is enabled for cluster 'cluster_name' in subscription '{AZURE_SUBSCRIPTION}'." + == f"Network policy is enabled for cluster 'cluster_name' in subscription '{AZURE_SUBSCRIPTION_ID}'." ) assert result[0].resource_name == "cluster_name" assert result[0].resource_id == cluster_id - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID def test_aks_network_policy_disabled(self): aks_client = mock.MagicMock cluster_id = str(uuid4()) aks_client.clusters = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { cluster_id: Cluster( name="cluster_name", public_fqdn="public_fqdn", @@ -91,6 +103,9 @@ class Test_aks_network_policy_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.aks.aks_network_policy_enabled.aks_network_policy_enabled.aks_client", new=aks_client, ): @@ -104,8 +119,8 @@ class Test_aks_network_policy_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Network policy is not enabled for cluster 'cluster_name' in subscription '{AZURE_SUBSCRIPTION}'." + == f"Network policy is not enabled for cluster 'cluster_name' in subscription '{AZURE_SUBSCRIPTION_ID}'." ) assert result[0].resource_name == "cluster_name" assert result[0].resource_id == cluster_id - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID diff --git a/tests/providers/azure/services/aks/aks_service_test.py b/tests/providers/azure/services/aks/aks_service_test.py index 4bbdddf704..c95b5bda6e 100644 --- a/tests/providers/azure/services/aks/aks_service_test.py +++ b/tests/providers/azure/services/aks/aks_service_test.py @@ -2,14 +2,14 @@ from unittest.mock import patch from prowler.providers.azure.services.aks.aks_service import AKS, Cluster from tests.providers.azure.azure_fixtures import ( - AZURE_SUBSCRIPTION, - set_mocked_azure_audit_info, + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, ) def mock_aks_get_clusters(_): return { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "cluster_id-1": Cluster( name="cluster_name", public_fqdn="public_fqdn", @@ -28,33 +28,36 @@ def mock_aks_get_clusters(_): ) class Test_AppInsights_Service: def test__get_client__(self): - aks = AKS(set_mocked_azure_audit_info()) + aks = AKS(set_mocked_azure_provider()) assert ( - aks.clients[AZURE_SUBSCRIPTION].__class__.__name__ + aks.clients[AZURE_SUBSCRIPTION_ID].__class__.__name__ == "ContainerServiceClient" ) def test__get_subscriptions__(self): - aks = AKS(set_mocked_azure_audit_info()) + aks = AKS(set_mocked_azure_provider()) assert aks.subscriptions.__class__.__name__ == "dict" def test__get_components__(self): - aks = AKS(set_mocked_azure_audit_info()) + aks = AKS(set_mocked_azure_provider()) assert len(aks.clusters) == 1 - assert aks.clusters[AZURE_SUBSCRIPTION]["cluster_id-1"].name == "cluster_name" assert ( - aks.clusters[AZURE_SUBSCRIPTION]["cluster_id-1"].public_fqdn + aks.clusters[AZURE_SUBSCRIPTION_ID]["cluster_id-1"].name == "cluster_name" + ) + assert ( + aks.clusters[AZURE_SUBSCRIPTION_ID]["cluster_id-1"].public_fqdn == "public_fqdn" ) assert ( - aks.clusters[AZURE_SUBSCRIPTION]["cluster_id-1"].private_fqdn + aks.clusters[AZURE_SUBSCRIPTION_ID]["cluster_id-1"].private_fqdn == "private_fqdn" ) assert ( - aks.clusters[AZURE_SUBSCRIPTION]["cluster_id-1"].network_policy + aks.clusters[AZURE_SUBSCRIPTION_ID]["cluster_id-1"].network_policy == "network_policy" ) assert ( - aks.clusters[AZURE_SUBSCRIPTION]["cluster_id-1"].agent_pool_profiles == [] + aks.clusters[AZURE_SUBSCRIPTION_ID]["cluster_id-1"].agent_pool_profiles + == [] ) - assert aks.clusters[AZURE_SUBSCRIPTION]["cluster_id-1"].rbac_enabled + assert aks.clusters[AZURE_SUBSCRIPTION_ID]["cluster_id-1"].rbac_enabled diff --git a/tests/providers/azure/services/app/app_client_certificates_on/app_client_certificates_on_test.py b/tests/providers/azure/services/app/app_client_certificates_on/app_client_certificates_on_test.py index d2c5537b02..50bc47e7de 100644 --- a/tests/providers/azure/services/app/app_client_certificates_on/app_client_certificates_on_test.py +++ b/tests/providers/azure/services/app/app_client_certificates_on/app_client_certificates_on_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.app.app_service import WebApp -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_app_client_certificates_on: @@ -11,6 +14,9 @@ class Test_app_client_certificates_on: app_client.apps = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_client_certificates_on.app_client_certificates_on.app_client", new=app_client, ): @@ -24,9 +30,12 @@ class Test_app_client_certificates_on: def test_app_subscription_empty(self): app_client = mock.MagicMock - app_client.apps = {AZURE_SUBSCRIPTION: {}} + app_client.apps = {AZURE_SUBSCRIPTION_ID: {}} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_client_certificates_on.app_client_certificates_on.app_client", new=app_client, ): @@ -42,7 +51,7 @@ class Test_app_client_certificates_on: resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock app_client.apps = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "app_id-1": WebApp( resource_id=resource_id, auth_enabled=True, @@ -55,6 +64,9 @@ class Test_app_client_certificates_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_client_certificates_on.app_client_certificates_on.app_client", new=app_client, ): @@ -68,17 +80,17 @@ class Test_app_client_certificates_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Clients are required to present a certificate for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION}'." + == f"Clients are required to present a certificate for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID def test_app_client_certificates_off(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock app_client.apps = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "app_id-1": WebApp( resource_id=resource_id, auth_enabled=True, @@ -91,6 +103,9 @@ class Test_app_client_certificates_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_client_certificates_on.app_client_certificates_on.app_client", new=app_client, ): @@ -104,8 +119,8 @@ class Test_app_client_certificates_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Clients are not required to present a certificate for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION}'." + == f"Clients are not required to present a certificate for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID diff --git a/tests/providers/azure/services/app/app_ensure_auth_is_set_up/app_ensure_auth_is_set_up_test.py b/tests/providers/azure/services/app/app_ensure_auth_is_set_up/app_ensure_auth_is_set_up_test.py index 61b77e03cb..0b718148c2 100644 --- a/tests/providers/azure/services/app/app_ensure_auth_is_set_up/app_ensure_auth_is_set_up_test.py +++ b/tests/providers/azure/services/app/app_ensure_auth_is_set_up/app_ensure_auth_is_set_up_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.app.app_service import WebApp -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_app_ensure_auth_is_set_up: @@ -11,6 +14,9 @@ class Test_app_ensure_auth_is_set_up: app_client.apps = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_ensure_auth_is_set_up.app_ensure_auth_is_set_up.app_client", new=app_client, ): @@ -24,9 +30,12 @@ class Test_app_ensure_auth_is_set_up: def test_app_subscription_empty(self): app_client = mock.MagicMock - app_client.apps = {AZURE_SUBSCRIPTION: {}} + app_client.apps = {AZURE_SUBSCRIPTION_ID: {}} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_ensure_auth_is_set_up.app_ensure_auth_is_set_up.app_client", new=app_client, ): @@ -42,7 +51,7 @@ class Test_app_ensure_auth_is_set_up: resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock app_client.apps = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "app_id-1": WebApp( resource_id=resource_id, auth_enabled=True, @@ -55,6 +64,9 @@ class Test_app_ensure_auth_is_set_up: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_ensure_auth_is_set_up.app_ensure_auth_is_set_up.app_client", new=app_client, ): @@ -68,17 +80,17 @@ class Test_app_ensure_auth_is_set_up: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Authentication is set up for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION}'." + == f"Authentication is set up for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." ) assert result[0].resource_name == "app_id-1" assert result[0].resource_id == resource_id - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID def test_app_auth_disabled(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock app_client.apps = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "app_id-1": WebApp( resource_id=resource_id, auth_enabled=False, @@ -91,6 +103,9 @@ class Test_app_ensure_auth_is_set_up: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_ensure_auth_is_set_up.app_ensure_auth_is_set_up.app_client", new=app_client, ): @@ -104,8 +119,8 @@ class Test_app_ensure_auth_is_set_up: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Authentication is not set up for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION}'." + == f"Authentication is not set up for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." ) assert result[0].resource_name == "app_id-1" assert result[0].resource_id == resource_id - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID diff --git a/tests/providers/azure/services/app/app_ensure_http_is_redirected_to_https/app_ensure_http_is_redirected_to_https_test.py b/tests/providers/azure/services/app/app_ensure_http_is_redirected_to_https/app_ensure_http_is_redirected_to_https_test.py index cba1a49a7d..fa982cc648 100644 --- a/tests/providers/azure/services/app/app_ensure_http_is_redirected_to_https/app_ensure_http_is_redirected_to_https_test.py +++ b/tests/providers/azure/services/app/app_ensure_http_is_redirected_to_https/app_ensure_http_is_redirected_to_https_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.app.app_service import WebApp -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_app_ensure_http_is_redirected_to_https: @@ -11,6 +14,9 @@ class Test_app_ensure_http_is_redirected_to_https: app_client.apps = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_ensure_http_is_redirected_to_https.app_ensure_http_is_redirected_to_https.app_client", new=app_client, ): @@ -24,9 +30,12 @@ class Test_app_ensure_http_is_redirected_to_https: def test_app_subscriptions_empty_empty(self): app_client = mock.MagicMock - app_client.apps = {AZURE_SUBSCRIPTION: {}} + app_client.apps = {AZURE_SUBSCRIPTION_ID: {}} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_ensure_http_is_redirected_to_https.app_ensure_http_is_redirected_to_https.app_client", new=app_client, ): @@ -42,7 +51,7 @@ class Test_app_ensure_http_is_redirected_to_https: resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock app_client.apps = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "app_id-1": WebApp( resource_id=resource_id, auth_enabled=True, @@ -55,6 +64,9 @@ class Test_app_ensure_http_is_redirected_to_https: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_ensure_http_is_redirected_to_https.app_ensure_http_is_redirected_to_https.app_client", new=app_client, ): @@ -68,17 +80,17 @@ class Test_app_ensure_http_is_redirected_to_https: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"HTTP is not redirected to HTTPS for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION}'." + == f"HTTP is not redirected to HTTPS for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." ) assert result[0].resource_name == "app_id-1" assert result[0].resource_id == resource_id - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID def test_app_http_to_https_enabled(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock app_client.apps = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "app_id-1": WebApp( resource_id=resource_id, auth_enabled=True, @@ -91,6 +103,9 @@ class Test_app_ensure_http_is_redirected_to_https: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_ensure_http_is_redirected_to_https.app_ensure_http_is_redirected_to_https.app_client", new=app_client, ): @@ -104,8 +119,8 @@ class Test_app_ensure_http_is_redirected_to_https: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"HTTP is redirected to HTTPS for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION}'." + == f"HTTP is redirected to HTTPS for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." ) assert result[0].resource_name == "app_id-1" assert result[0].resource_id == resource_id - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID diff --git a/tests/providers/azure/services/app/app_ensure_java_version_is_latest/app_ensure_java_version_is_latest_test.py b/tests/providers/azure/services/app/app_ensure_java_version_is_latest/app_ensure_java_version_is_latest_test.py index e4f057a023..cb8bd5cd81 100644 --- a/tests/providers/azure/services/app/app_ensure_java_version_is_latest/app_ensure_java_version_is_latest_test.py +++ b/tests/providers/azure/services/app/app_ensure_java_version_is_latest/app_ensure_java_version_is_latest_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.app.app_service import WebApp -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_app_ensure_java_version_is_latest: @@ -11,6 +14,9 @@ class Test_app_ensure_java_version_is_latest: app_client.apps = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_ensure_java_version_is_latest.app_ensure_java_version_is_latest.app_client", new=app_client, ): @@ -24,9 +30,12 @@ class Test_app_ensure_java_version_is_latest: def test_app_subscriptions_empty(self): app_client = mock.MagicMock - app_client.apps = {AZURE_SUBSCRIPTION: {}} + app_client.apps = {AZURE_SUBSCRIPTION_ID: {}} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_ensure_java_version_is_latest.app_ensure_java_version_is_latest.app_client", new=app_client, ): @@ -42,7 +51,7 @@ class Test_app_ensure_java_version_is_latest: resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock app_client.apps = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "app_id-1": WebApp( resource_id=resource_id, auth_enabled=True, @@ -55,6 +64,9 @@ class Test_app_ensure_java_version_is_latest: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_ensure_java_version_is_latest.app_ensure_java_version_is_latest.app_client", new=app_client, ): @@ -70,7 +82,7 @@ class Test_app_ensure_java_version_is_latest: resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock app_client.apps = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "app_id-1": WebApp( resource_id=resource_id, auth_enabled=True, @@ -87,6 +99,9 @@ class Test_app_ensure_java_version_is_latest: app_client.audit_config = {"java_latest_version": "17"} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_ensure_java_version_is_latest.app_ensure_java_version_is_latest.app_client", new=app_client, ): @@ -100,17 +115,17 @@ class Test_app_ensure_java_version_is_latest: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Java version is set to 'java 17' for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION}'." + == f"Java version is set to 'java 17' for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID def test_app_linux_java_version_not_latest(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock app_client.apps = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "app_id-1": WebApp( resource_id=resource_id, auth_enabled=True, @@ -127,6 +142,9 @@ class Test_app_ensure_java_version_is_latest: app_client.audit_config = {"java_latest_version": "17"} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_ensure_java_version_is_latest.app_ensure_java_version_is_latest.app_client", new=app_client, ): @@ -140,17 +158,17 @@ class Test_app_ensure_java_version_is_latest: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Java version is set to 'Tomcat|9.0-java11', but should be set to 'java 17' for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION}'." + == f"Java version is set to 'Tomcat|9.0-java11', but should be set to 'java 17' for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID def test_app_windows_java_version_latest(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock app_client.apps = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "app_id-1": WebApp( resource_id=resource_id, auth_enabled=True, @@ -167,6 +185,9 @@ class Test_app_ensure_java_version_is_latest: app_client.audit_config = {"java_latest_version": "17"} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_ensure_java_version_is_latest.app_ensure_java_version_is_latest.app_client", new=app_client, ): @@ -180,17 +201,17 @@ class Test_app_ensure_java_version_is_latest: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Java version is set to 'java 17' for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION}'." + == f"Java version is set to 'java 17' for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID def test_app_windows_java_version_not_latest(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock app_client.apps = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "app_id-1": WebApp( resource_id=resource_id, auth_enabled=True, @@ -207,6 +228,9 @@ class Test_app_ensure_java_version_is_latest: app_client.audit_config = {"java_latest_version": "17"} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_ensure_java_version_is_latest.app_ensure_java_version_is_latest.app_client", new=app_client, ): @@ -220,17 +244,17 @@ class Test_app_ensure_java_version_is_latest: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Java version is set to 'java11', but should be set to 'java 17' for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION}'." + == f"Java version is set to 'java11', but should be set to 'java 17' for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID def test_app_linux_php_version_latest(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock app_client.apps = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "app_id-1": WebApp( resource_id=resource_id, auth_enabled=True, @@ -247,6 +271,9 @@ class Test_app_ensure_java_version_is_latest: app_client.audit_config = {"java_latest_version": "17"} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_ensure_java_version_is_latest.app_ensure_java_version_is_latest.app_client", new=app_client, ): diff --git a/tests/providers/azure/services/app/app_ensure_php_version_is_latest/app_ensure_php_version_is_latest_test.py b/tests/providers/azure/services/app/app_ensure_php_version_is_latest/app_ensure_php_version_is_latest_test.py index b9fd80c749..cda0362919 100644 --- a/tests/providers/azure/services/app/app_ensure_php_version_is_latest/app_ensure_php_version_is_latest_test.py +++ b/tests/providers/azure/services/app/app_ensure_php_version_is_latest/app_ensure_php_version_is_latest_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.app.app_service import WebApp -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_app_ensure_php_version_is_latest: @@ -11,6 +14,9 @@ class Test_app_ensure_php_version_is_latest: app_client.apps = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_ensure_php_version_is_latest.app_ensure_php_version_is_latest.app_client", new=app_client, ): @@ -24,9 +30,12 @@ class Test_app_ensure_php_version_is_latest: def test_app_subscription_empty(self): app_client = mock.MagicMock - app_client.apps = {AZURE_SUBSCRIPTION: {}} + app_client.apps = {AZURE_SUBSCRIPTION_ID: {}} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_ensure_php_version_is_latest.app_ensure_php_version_is_latest.app_client", new=app_client, ): @@ -42,7 +51,7 @@ class Test_app_ensure_php_version_is_latest: resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock app_client.apps = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "app_id-1": WebApp( resource_id=resource_id, auth_enabled=True, @@ -55,6 +64,9 @@ class Test_app_ensure_php_version_is_latest: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_ensure_php_version_is_latest.app_ensure_php_version_is_latest.app_client", new=app_client, ): @@ -70,7 +82,7 @@ class Test_app_ensure_php_version_is_latest: resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock app_client.apps = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "app_id-1": WebApp( resource_id=resource_id, auth_enabled=True, @@ -85,6 +97,9 @@ class Test_app_ensure_php_version_is_latest: app_client.audit_config = {"php_latest_version": "8.2"} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_ensure_php_version_is_latest.app_ensure_php_version_is_latest.app_client", new=app_client, ): @@ -98,17 +113,17 @@ class Test_app_ensure_php_version_is_latest: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"PHP version is set to 'php|8.0', the latest version that you could use is the '8.2' version, for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION}'." + == f"PHP version is set to 'php|8.0', the latest version that you could use is the '8.2' version, for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID def test_app_php_version_latest(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock app_client.apps = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "app_id-1": WebApp( resource_id=resource_id, auth_enabled=True, @@ -123,6 +138,9 @@ class Test_app_ensure_php_version_is_latest: app_client.audit_config = {"php_latest_version": "8.2"} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_ensure_php_version_is_latest.app_ensure_php_version_is_latest.app_client", new=app_client, ): @@ -136,8 +154,8 @@ class Test_app_ensure_php_version_is_latest: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"PHP version is set to '8.2' for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION}'." + == f"PHP version is set to '8.2' for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID diff --git a/tests/providers/azure/services/app/app_ensure_python_version_is_latest/app_ensure_python_version_is_latest_test.py b/tests/providers/azure/services/app/app_ensure_python_version_is_latest/app_ensure_python_version_is_latest_test.py index 8795bacb8e..4310a26115 100644 --- a/tests/providers/azure/services/app/app_ensure_python_version_is_latest/app_ensure_python_version_is_latest_test.py +++ b/tests/providers/azure/services/app/app_ensure_python_version_is_latest/app_ensure_python_version_is_latest_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.app.app_service import WebApp -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_app_ensure_python_version_is_latest: @@ -11,6 +14,9 @@ class Test_app_ensure_python_version_is_latest: app_client.apps = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_ensure_python_version_is_latest.app_ensure_python_version_is_latest.app_client", new=app_client, ): @@ -24,9 +30,12 @@ class Test_app_ensure_python_version_is_latest: def test_app_subscriptions_empty(self): app_client = mock.MagicMock - app_client.apps = {AZURE_SUBSCRIPTION: {}} + app_client.apps = {AZURE_SUBSCRIPTION_ID: {}} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_ensure_python_version_is_latest.app_ensure_python_version_is_latest.app_client", new=app_client, ): @@ -42,7 +51,7 @@ class Test_app_ensure_python_version_is_latest: resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock app_client.apps = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "app_id-1": WebApp( resource_id=resource_id, auth_enabled=True, @@ -55,6 +64,9 @@ class Test_app_ensure_python_version_is_latest: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_ensure_python_version_is_latest.app_ensure_python_version_is_latest.app_client", new=app_client, ): @@ -70,7 +82,7 @@ class Test_app_ensure_python_version_is_latest: resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock app_client.apps = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "app_id-1": WebApp( resource_id=resource_id, auth_enabled=True, @@ -85,6 +97,9 @@ class Test_app_ensure_python_version_is_latest: app_client.audit_config = {"python_latest_version": "3.12"} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_ensure_python_version_is_latest.app_ensure_python_version_is_latest.app_client", new=app_client, ): @@ -98,17 +113,17 @@ class Test_app_ensure_python_version_is_latest: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Python version is set to '3.12' for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION}'." + == f"Python version is set to '3.12' for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID def test_app_python_version_not_latest(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock app_client.apps = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "app_id-1": WebApp( resource_id=resource_id, auth_enabled=True, @@ -123,6 +138,9 @@ class Test_app_ensure_python_version_is_latest: app_client.audit_config = {"python_latest_version": "3.12"} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_ensure_python_version_is_latest.app_ensure_python_version_is_latest.app_client", new=app_client, ): @@ -136,8 +154,8 @@ class Test_app_ensure_python_version_is_latest: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Python version is 'python|3.10', the latest version that you could use is the '3.12' version, for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION}'." + == f"Python version is 'python|3.10', the latest version that you could use is the '3.12' version, for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID diff --git a/tests/providers/azure/services/app/app_ensure_using_http20/app_ensure_using_http20_test.py b/tests/providers/azure/services/app/app_ensure_using_http20/app_ensure_using_http20_test.py index a5a04ec4c5..f0023b1f18 100644 --- a/tests/providers/azure/services/app/app_ensure_using_http20/app_ensure_using_http20_test.py +++ b/tests/providers/azure/services/app/app_ensure_using_http20/app_ensure_using_http20_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.app.app_service import WebApp -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_app_ensure_using_http20: @@ -11,6 +14,9 @@ class Test_app_ensure_using_http20: app_client.apps = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_ensure_using_http20.app_ensure_using_http20.app_client", new=app_client, ): @@ -24,9 +30,12 @@ class Test_app_ensure_using_http20: def test_app_subscription_empty(self): app_client = mock.MagicMock - app_client.apps = {AZURE_SUBSCRIPTION: {}} + app_client.apps = {AZURE_SUBSCRIPTION_ID: {}} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_ensure_using_http20.app_ensure_using_http20.app_client", new=app_client, ): @@ -42,7 +51,7 @@ class Test_app_ensure_using_http20: resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock app_client.apps = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "app_id-1": WebApp( resource_id=resource_id, auth_enabled=True, @@ -55,6 +64,9 @@ class Test_app_ensure_using_http20: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_ensure_using_http20.app_ensure_using_http20.app_client", new=app_client, ): @@ -68,17 +80,17 @@ class Test_app_ensure_using_http20: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"HTTP/2.0 is not enabled for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION}'." + == f"HTTP/2.0 is not enabled for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID def test_app_http20_enabled(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock app_client.apps = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "app_id-1": WebApp( resource_id=resource_id, auth_enabled=True, @@ -91,6 +103,9 @@ class Test_app_ensure_using_http20: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_ensure_using_http20.app_ensure_using_http20.app_client", new=app_client, ): @@ -104,17 +119,17 @@ class Test_app_ensure_using_http20: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"HTTP/2.0 is enabled for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION}'." + == f"HTTP/2.0 is enabled for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID def test_app_http20_not_enabled(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock app_client.apps = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "app_id-1": WebApp( resource_id=resource_id, auth_enabled=True, @@ -127,6 +142,9 @@ class Test_app_ensure_using_http20: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_ensure_using_http20.app_ensure_using_http20.app_client", new=app_client, ): @@ -140,8 +158,8 @@ class Test_app_ensure_using_http20: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"HTTP/2.0 is not enabled for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION}'." + == f"HTTP/2.0 is not enabled for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID diff --git a/tests/providers/azure/services/app/app_ftp_deployment_disabled/app_ftp_deployment_disabled_test.py b/tests/providers/azure/services/app/app_ftp_deployment_disabled/app_ftp_deployment_disabled_test.py index 6f522d2a32..f74d2bfec4 100644 --- a/tests/providers/azure/services/app/app_ftp_deployment_disabled/app_ftp_deployment_disabled_test.py +++ b/tests/providers/azure/services/app/app_ftp_deployment_disabled/app_ftp_deployment_disabled_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.app.app_service import WebApp -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_app_ftp_deployment_disabled: @@ -11,6 +14,9 @@ class Test_app_ftp_deployment_disabled: app_client.apps = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_ftp_deployment_disabled.app_ftp_deployment_disabled.app_client", new=app_client, ): @@ -24,9 +30,12 @@ class Test_app_ftp_deployment_disabled: def test_app_subscriptions_empty(self): app_client = mock.MagicMock - app_client.apps = {AZURE_SUBSCRIPTION: {}} + app_client.apps = {AZURE_SUBSCRIPTION_ID: {}} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_ftp_deployment_disabled.app_ftp_deployment_disabled.app_client", new=app_client, ): @@ -42,7 +51,7 @@ class Test_app_ftp_deployment_disabled: resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock app_client.apps = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "app_id-1": WebApp( resource_id=resource_id, auth_enabled=True, @@ -55,6 +64,9 @@ class Test_app_ftp_deployment_disabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_ftp_deployment_disabled.app_ftp_deployment_disabled.app_client", new=app_client, ): @@ -68,17 +80,17 @@ class Test_app_ftp_deployment_disabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"FTP is enabled for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION}'." + == f"FTP is enabled for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID def test_app_ftp_deployment_disabled(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock app_client.apps = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "app_id-1": WebApp( resource_id=resource_id, auth_enabled=True, @@ -91,6 +103,9 @@ class Test_app_ftp_deployment_disabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_ftp_deployment_disabled.app_ftp_deployment_disabled.app_client", new=app_client, ): @@ -104,17 +119,17 @@ class Test_app_ftp_deployment_disabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"FTP is enabled for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION}'." + == f"FTP is enabled for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID def test_app_ftp_deploy_enabled(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock app_client.apps = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "app_id-1": WebApp( resource_id=resource_id, auth_enabled=True, @@ -127,6 +142,9 @@ class Test_app_ftp_deployment_disabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_ftp_deployment_disabled.app_ftp_deployment_disabled.app_client", new=app_client, ): @@ -140,8 +158,8 @@ class Test_app_ftp_deployment_disabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"FTP is disabled for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION}'." + == f"FTP is disabled for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID diff --git a/tests/providers/azure/services/app/app_minimum_tls_version_12/app_minimum_tls_version_12_test.py b/tests/providers/azure/services/app/app_minimum_tls_version_12/app_minimum_tls_version_12_test.py index b408b846f0..82be606224 100644 --- a/tests/providers/azure/services/app/app_minimum_tls_version_12/app_minimum_tls_version_12_test.py +++ b/tests/providers/azure/services/app/app_minimum_tls_version_12/app_minimum_tls_version_12_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.app.app_service import WebApp -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_app_minimum_tls_version_12: @@ -11,6 +14,9 @@ class Test_app_minimum_tls_version_12: app_client.apps = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_minimum_tls_version_12.app_minimum_tls_version_12.app_client", new=app_client, ): @@ -24,9 +30,12 @@ class Test_app_minimum_tls_version_12: def test_app_subscriptions_empty(self): app_client = mock.MagicMock - app_client.apps = {AZURE_SUBSCRIPTION: {}} + app_client.apps = {AZURE_SUBSCRIPTION_ID: {}} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_minimum_tls_version_12.app_minimum_tls_version_12.app_client", new=app_client, ): @@ -42,7 +51,7 @@ class Test_app_minimum_tls_version_12: resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock app_client.apps = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "app_id-1": WebApp( resource_id=resource_id, auth_enabled=True, @@ -55,6 +64,9 @@ class Test_app_minimum_tls_version_12: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_minimum_tls_version_12.app_minimum_tls_version_12.app_client", new=app_client, ): @@ -68,17 +80,17 @@ class Test_app_minimum_tls_version_12: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Minimum TLS version is not set to 1.2 for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION}'." + == f"Minimum TLS version is not set to 1.2 for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID def test_app_min_tls_version_12(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock app_client.apps = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "app_id-1": WebApp( resource_id=resource_id, auth_enabled=True, @@ -91,6 +103,9 @@ class Test_app_minimum_tls_version_12: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_minimum_tls_version_12.app_minimum_tls_version_12.app_client", new=app_client, ): @@ -104,17 +119,17 @@ class Test_app_minimum_tls_version_12: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Minimum TLS version is set to 1.2 for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION}'." + == f"Minimum TLS version is set to 1.2 for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID def test_app_min_tls_version_10(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock app_client.apps = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "app_id-1": WebApp( resource_id=resource_id, auth_enabled=False, @@ -127,6 +142,9 @@ class Test_app_minimum_tls_version_12: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_minimum_tls_version_12.app_minimum_tls_version_12.app_client", new=app_client, ): @@ -140,8 +158,8 @@ class Test_app_minimum_tls_version_12: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Minimum TLS version is not set to 1.2 for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION}'." + == f"Minimum TLS version is not set to 1.2 for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID diff --git a/tests/providers/azure/services/app/app_register_with_identity/app_register_with_identity_test.py b/tests/providers/azure/services/app/app_register_with_identity/app_register_with_identity_test.py index e80075882f..e25141022f 100644 --- a/tests/providers/azure/services/app/app_register_with_identity/app_register_with_identity_test.py +++ b/tests/providers/azure/services/app/app_register_with_identity/app_register_with_identity_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.app.app_service import WebApp -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_app_register_with_identity: @@ -11,6 +14,9 @@ class Test_app_register_with_identity: app_client.apps = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_register_with_identity.app_register_with_identity.app_client", new=app_client, ): @@ -24,9 +30,12 @@ class Test_app_register_with_identity: def test_app_subscriptions_empty(self): app_client = mock.MagicMock - app_client.apps = {AZURE_SUBSCRIPTION: {}} + app_client.apps = {AZURE_SUBSCRIPTION_ID: {}} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_register_with_identity.app_register_with_identity.app_client", new=app_client, ): @@ -42,7 +51,7 @@ class Test_app_register_with_identity: resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock app_client.apps = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "app_id-1": WebApp( resource_id=resource_id, auth_enabled=True, @@ -55,6 +64,9 @@ class Test_app_register_with_identity: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_register_with_identity.app_register_with_identity.app_client", new=app_client, ): @@ -68,17 +80,17 @@ class Test_app_register_with_identity: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"App 'app_id-1' in subscription '{AZURE_SUBSCRIPTION}' does not have an identity configured." + == f"App 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}' does not have an identity configured." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID def test_app_identity(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock app_client.apps = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "app_id-1": WebApp( resource_id=resource_id, auth_enabled=True, @@ -91,6 +103,9 @@ class Test_app_register_with_identity: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.app.app_register_with_identity.app_register_with_identity.app_client", new=app_client, ): @@ -104,8 +119,8 @@ class Test_app_register_with_identity: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"App 'app_id-1' in subscription '{AZURE_SUBSCRIPTION}' has an identity configured." + == f"App 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}' has an identity configured." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID diff --git a/tests/providers/azure/services/app/app_service_test.py b/tests/providers/azure/services/app/app_service_test.py index 6b5d45728e..93520437e3 100644 --- a/tests/providers/azure/services/app/app_service_test.py +++ b/tests/providers/azure/services/app/app_service_test.py @@ -4,14 +4,14 @@ from azure.mgmt.web.models import ManagedServiceIdentity, SiteConfigResource from prowler.providers.azure.services.app.app_service import App, WebApp from tests.providers.azure.azure_fixtures import ( - AZURE_SUBSCRIPTION, - set_mocked_azure_audit_info, + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, ) def mock_app_get_apps(self): return { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "app_id-1": WebApp( resource_id="/subscriptions/resource_id", configurations=SiteConfigResource(), @@ -30,42 +30,42 @@ def mock_app_get_apps(self): ) class Test_App_Service: def test__get_client__(self): - app_service = App(set_mocked_azure_audit_info()) + app_service = App(set_mocked_azure_provider()) assert ( - app_service.clients[AZURE_SUBSCRIPTION].__class__.__name__ + app_service.clients[AZURE_SUBSCRIPTION_ID].__class__.__name__ == "WebSiteManagementClient" ) def test__get_subscriptions__(self): - app_service = App(set_mocked_azure_audit_info()) + app_service = App(set_mocked_azure_provider()) assert app_service.subscriptions.__class__.__name__ == "dict" def test__get_apps__(self): - app_service = App(set_mocked_azure_audit_info()) + app_service = App(set_mocked_azure_provider()) assert len(app_service.apps) == 1 assert ( - app_service.apps[AZURE_SUBSCRIPTION]["app_id-1"].resource_id + app_service.apps[AZURE_SUBSCRIPTION_ID]["app_id-1"].resource_id == "/subscriptions/resource_id" ) - assert app_service.apps[AZURE_SUBSCRIPTION]["app_id-1"].auth_enabled + assert app_service.apps[AZURE_SUBSCRIPTION_ID]["app_id-1"].auth_enabled assert ( - app_service.apps[AZURE_SUBSCRIPTION]["app_id-1"].client_cert_mode + app_service.apps[AZURE_SUBSCRIPTION_ID]["app_id-1"].client_cert_mode == "Required" ) - assert app_service.apps[AZURE_SUBSCRIPTION]["app_id-1"].https_only + assert app_service.apps[AZURE_SUBSCRIPTION_ID]["app_id-1"].https_only assert ( - app_service.apps[AZURE_SUBSCRIPTION]["app_id-1"].identity.type + app_service.apps[AZURE_SUBSCRIPTION_ID]["app_id-1"].identity.type == "SystemAssigned" ) assert ( - app_service.apps[AZURE_SUBSCRIPTION][ + app_service.apps[AZURE_SUBSCRIPTION_ID][ "app_id-1" ].configurations.__class__.__name__ == "SiteConfigResource" ) def test__get_client_cert_mode__(self): - app_service = App(set_mocked_azure_audit_info()) + app_service = App(set_mocked_azure_provider()) assert ( app_service.__get_client_cert_mode__(False, "OptionalInteractiveUser") == "Ignore" diff --git a/tests/providers/azure/services/appinsights/appinsights_ensure_is_configured/appinsights_ensure_is_configured_test.py b/tests/providers/azure/services/appinsights/appinsights_ensure_is_configured/appinsights_ensure_is_configured_test.py index 9ccaf7e8aa..a44b54ef44 100644 --- a/tests/providers/azure/services/appinsights/appinsights_ensure_is_configured/appinsights_ensure_is_configured_test.py +++ b/tests/providers/azure/services/appinsights/appinsights_ensure_is_configured/appinsights_ensure_is_configured_test.py @@ -1,7 +1,10 @@ from unittest import mock from prowler.providers.azure.services.appinsights.appinsights_service import Component -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_appinsights_ensure_is_configured: @@ -10,6 +13,9 @@ class Test_appinsights_ensure_is_configured: appinsights_client.components = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.appinsights.appinsights_ensure_is_configured.appinsights_ensure_is_configured.appinsights_client", new=appinsights_client, ): @@ -23,9 +29,12 @@ class Test_appinsights_ensure_is_configured: def test_no_appinsights(self): appinsights_client = mock.MagicMock - appinsights_client.components = {AZURE_SUBSCRIPTION: {}} + appinsights_client.components = {AZURE_SUBSCRIPTION_ID: {}} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.appinsights.appinsights_ensure_is_configured.appinsights_ensure_is_configured.appinsights_client", new=appinsights_client, ): @@ -36,19 +45,19 @@ class Test_appinsights_ensure_is_configured: check = appinsights_ensure_is_configured() result = check.execute() assert len(result) == 1 - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].status == "FAIL" assert result[0].resource_id == "AppInsights" assert result[0].resource_name == "AppInsights" assert ( result[0].status_extended - == f"There are no AppInsight configured in susbscription {AZURE_SUBSCRIPTION}." + == f"There are no AppInsight configured in susbscription {AZURE_SUBSCRIPTION_ID}." ) def test_appinsights_configured(self): appinsights_client = mock.MagicMock appinsights_client.components = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "app_id-1": Component( resource_id="/subscriptions/resource_id", resource_name="AppInsightsTest", @@ -57,6 +66,9 @@ class Test_appinsights_ensure_is_configured: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.appinsights.appinsights_ensure_is_configured.appinsights_ensure_is_configured.appinsights_client", new=appinsights_client, ): @@ -67,11 +79,11 @@ class Test_appinsights_ensure_is_configured: check = appinsights_ensure_is_configured() result = check.execute() assert len(result) == 1 - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].status == "PASS" assert result[0].resource_id == "AppInsights" assert result[0].resource_name == "AppInsights" assert ( result[0].status_extended - == f"There is at least one AppInsight configured in susbscription {AZURE_SUBSCRIPTION}." + == f"There is at least one AppInsight configured in susbscription {AZURE_SUBSCRIPTION_ID}." ) diff --git a/tests/providers/azure/services/appinsights/appinsights_service_test.py b/tests/providers/azure/services/appinsights/appinsights_service_test.py index 8761e96a3b..302a476bff 100644 --- a/tests/providers/azure/services/appinsights/appinsights_service_test.py +++ b/tests/providers/azure/services/appinsights/appinsights_service_test.py @@ -5,14 +5,14 @@ from prowler.providers.azure.services.appinsights.appinsights_service import ( Component, ) from tests.providers.azure.azure_fixtures import ( - AZURE_SUBSCRIPTION, - set_mocked_azure_audit_info, + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, ) def mock_appinsights_get_components(_): return { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "app_id-1": Component( resource_id="/subscriptions/resource_id", resource_name="AppInsightsTest", @@ -27,24 +27,24 @@ def mock_appinsights_get_components(_): ) class Test_AppInsights_Service: def test__get_client__(self): - app_insights = AppInsights(set_mocked_azure_audit_info()) + app_insights = AppInsights(set_mocked_azure_provider()) assert ( - app_insights.clients[AZURE_SUBSCRIPTION].__class__.__name__ + app_insights.clients[AZURE_SUBSCRIPTION_ID].__class__.__name__ == "ApplicationInsightsManagementClient" ) def test__get_subscriptions__(self): - app_insights = AppInsights(set_mocked_azure_audit_info()) + app_insights = AppInsights(set_mocked_azure_provider()) assert app_insights.subscriptions.__class__.__name__ == "dict" def test__get_components__(self): - appinsights = AppInsights(set_mocked_azure_audit_info()) + appinsights = AppInsights(set_mocked_azure_provider()) assert len(appinsights.components) == 1 assert ( - appinsights.components[AZURE_SUBSCRIPTION]["app_id-1"].resource_id + appinsights.components[AZURE_SUBSCRIPTION_ID]["app_id-1"].resource_id == "/subscriptions/resource_id" ) assert ( - appinsights.components[AZURE_SUBSCRIPTION]["app_id-1"].resource_name + appinsights.components[AZURE_SUBSCRIPTION_ID]["app_id-1"].resource_name == "AppInsightsTest" ) diff --git a/tests/providers/azure/services/cosmosdb/cosmosdb_account_firewall_use_selected_networks/cosmosdb_account_firewall_use_selected_networks_test.py b/tests/providers/azure/services/cosmosdb/cosmosdb_account_firewall_use_selected_networks/cosmosdb_account_firewall_use_selected_networks_test.py index 64187ba0ff..542e1eafb1 100644 --- a/tests/providers/azure/services/cosmosdb/cosmosdb_account_firewall_use_selected_networks/cosmosdb_account_firewall_use_selected_networks_test.py +++ b/tests/providers/azure/services/cosmosdb/cosmosdb_account_firewall_use_selected_networks/cosmosdb_account_firewall_use_selected_networks_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.cosmosdb.cosmosdb_service import Account -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_cosmosdb_account_firewall_use_selected_networks: @@ -11,6 +14,9 @@ class Test_cosmosdb_account_firewall_use_selected_networks: cosmosdb_client.accounts = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.cosmosdb.cosmosdb_account_firewall_use_selected_networks.cosmosdb_account_firewall_use_selected_networks.cosmosdb_client", new=cosmosdb_client, ): @@ -27,7 +33,7 @@ class Test_cosmosdb_account_firewall_use_selected_networks: account_name = "Account Name" account_id = str(uuid4()) cosmosdb_client.accounts = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Account( id=account_id, name=account_name, @@ -42,6 +48,9 @@ class Test_cosmosdb_account_firewall_use_selected_networks: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.cosmosdb.cosmosdb_account_firewall_use_selected_networks.cosmosdb_account_firewall_use_selected_networks.cosmosdb_client", new=cosmosdb_client, ): @@ -55,9 +64,9 @@ class Test_cosmosdb_account_firewall_use_selected_networks: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"CosmosDB account {account_name} from subscription {AZURE_SUBSCRIPTION} has firewall rules that allow access from all networks." + == f"CosmosDB account {account_name} from subscription {AZURE_SUBSCRIPTION_ID} has firewall rules that allow access from all networks." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == account_name assert result[0].resource_id == account_id @@ -66,7 +75,7 @@ class Test_cosmosdb_account_firewall_use_selected_networks: account_name = "Account Name" account_id = str(uuid4()) cosmosdb_client.accounts = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Account( id=account_id, name=account_name, @@ -81,6 +90,9 @@ class Test_cosmosdb_account_firewall_use_selected_networks: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.cosmosdb.cosmosdb_account_firewall_use_selected_networks.cosmosdb_account_firewall_use_selected_networks.cosmosdb_client", new=cosmosdb_client, ): @@ -94,8 +106,8 @@ class Test_cosmosdb_account_firewall_use_selected_networks: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"CosmosDB account {account_name} from subscription {AZURE_SUBSCRIPTION} has firewall rules that allow access only from selected networks." + == f"CosmosDB account {account_name} from subscription {AZURE_SUBSCRIPTION_ID} has firewall rules that allow access only from selected networks." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == account_name assert result[0].resource_id == account_id diff --git a/tests/providers/azure/services/cosmosdb/cosmosdb_account_use_aad_and_rbac/cosmosdb_account_use_aad_and_rbac_test.py b/tests/providers/azure/services/cosmosdb/cosmosdb_account_use_aad_and_rbac/cosmosdb_account_use_aad_and_rbac_test.py index 5530262be3..43bf79b4ac 100644 --- a/tests/providers/azure/services/cosmosdb/cosmosdb_account_use_aad_and_rbac/cosmosdb_account_use_aad_and_rbac_test.py +++ b/tests/providers/azure/services/cosmosdb/cosmosdb_account_use_aad_and_rbac/cosmosdb_account_use_aad_and_rbac_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.cosmosdb.cosmosdb_service import Account -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_cosmosdb_account_use_aad_and_rbac: @@ -11,6 +14,9 @@ class Test_cosmosdb_account_use_aad_and_rbac: cosmosdb_client.accounts = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.cosmosdb.cosmosdb_account_use_aad_and_rbac.cosmosdb_account_use_aad_and_rbac.cosmosdb_client", new=cosmosdb_client, ): @@ -27,7 +33,7 @@ class Test_cosmosdb_account_use_aad_and_rbac: account_name = "Account Name" account_id = str(uuid4()) cosmosdb_client.accounts = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Account( id=account_id, name=account_name, @@ -43,6 +49,9 @@ class Test_cosmosdb_account_use_aad_and_rbac: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.cosmosdb.cosmosdb_account_use_aad_and_rbac.cosmosdb_account_use_aad_and_rbac.cosmosdb_client", new=cosmosdb_client, ): @@ -56,9 +65,9 @@ class Test_cosmosdb_account_use_aad_and_rbac: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"CosmosDB account {account_name} from subscription {AZURE_SUBSCRIPTION} is not using AAD and RBAC" + == f"CosmosDB account {account_name} from subscription {AZURE_SUBSCRIPTION_ID} is not using AAD and RBAC" ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == account_name assert result[0].resource_id == account_id @@ -67,7 +76,7 @@ class Test_cosmosdb_account_use_aad_and_rbac: account_name = "Account Name" account_id = str(uuid4()) cosmosdb_client.accounts = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Account( id=account_id, name=account_name, @@ -83,6 +92,9 @@ class Test_cosmosdb_account_use_aad_and_rbac: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.cosmosdb.cosmosdb_account_use_aad_and_rbac.cosmosdb_account_use_aad_and_rbac.cosmosdb_client", new=cosmosdb_client, ): @@ -96,8 +108,8 @@ class Test_cosmosdb_account_use_aad_and_rbac: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"CosmosDB account {account_name} from subscription {AZURE_SUBSCRIPTION} is using AAD and RBAC" + == f"CosmosDB account {account_name} from subscription {AZURE_SUBSCRIPTION_ID} is using AAD and RBAC" ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == account_name assert result[0].resource_id == account_id diff --git a/tests/providers/azure/services/cosmosdb/cosmosdb_account_use_private_endpoints/cosmosdb_account_use_private_endpoints_test.py b/tests/providers/azure/services/cosmosdb/cosmosdb_account_use_private_endpoints/cosmosdb_account_use_private_endpoints_test.py index 4fdf18a19a..7b0534d4e3 100644 --- a/tests/providers/azure/services/cosmosdb/cosmosdb_account_use_private_endpoints/cosmosdb_account_use_private_endpoints_test.py +++ b/tests/providers/azure/services/cosmosdb/cosmosdb_account_use_private_endpoints/cosmosdb_account_use_private_endpoints_test.py @@ -4,7 +4,10 @@ from uuid import uuid4 from azure.mgmt.cosmosdb.models import PrivateEndpointConnection from prowler.providers.azure.services.cosmosdb.cosmosdb_service import Account -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_cosmosdb_account_use_private_endpoints: @@ -13,6 +16,9 @@ class Test_cosmosdb_account_use_private_endpoints: cosmosdb_client.accounts = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.cosmosdb.cosmosdb_account_use_private_endpoints.cosmosdb_account_use_private_endpoints.cosmosdb_client", new=cosmosdb_client, ): @@ -29,7 +35,7 @@ class Test_cosmosdb_account_use_private_endpoints: account_name = "Account Name" account_id = str(uuid4()) cosmosdb_client.accounts = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Account( id=account_id, name=account_name, @@ -45,6 +51,9 @@ class Test_cosmosdb_account_use_private_endpoints: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.cosmosdb.cosmosdb_account_use_private_endpoints.cosmosdb_account_use_private_endpoints.cosmosdb_client", new=cosmosdb_client, ): @@ -58,9 +67,9 @@ class Test_cosmosdb_account_use_private_endpoints: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"CosmosDB account {account_name} from subscription {AZURE_SUBSCRIPTION} is not using private endpoints connections" + == f"CosmosDB account {account_name} from subscription {AZURE_SUBSCRIPTION_ID} is not using private endpoints connections" ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == account_name assert result[0].resource_id == account_id @@ -69,7 +78,7 @@ class Test_cosmosdb_account_use_private_endpoints: account_name = "Account Name" account_id = str(uuid4()) cosmosdb_client.accounts = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Account( id=account_id, name=account_name, @@ -89,6 +98,9 @@ class Test_cosmosdb_account_use_private_endpoints: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.cosmosdb.cosmosdb_account_use_private_endpoints.cosmosdb_account_use_private_endpoints.cosmosdb_client", new=cosmosdb_client, ): @@ -102,8 +114,8 @@ class Test_cosmosdb_account_use_private_endpoints: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"CosmosDB account {account_name} from subscription {AZURE_SUBSCRIPTION} is using private endpoints connections" + == f"CosmosDB account {account_name} from subscription {AZURE_SUBSCRIPTION_ID} is using private endpoints connections" ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == account_name assert result[0].resource_id == account_id diff --git a/tests/providers/azure/services/cosmosdb/cosmosdb_service_test.py b/tests/providers/azure/services/cosmosdb/cosmosdb_service_test.py index 4e965c8ad9..fbc02c2f6a 100644 --- a/tests/providers/azure/services/cosmosdb/cosmosdb_service_test.py +++ b/tests/providers/azure/services/cosmosdb/cosmosdb_service_test.py @@ -2,14 +2,14 @@ from unittest.mock import patch from prowler.providers.azure.services.cosmosdb.cosmosdb_service import Account, CosmosDB from tests.providers.azure.azure_fixtures import ( - AZURE_SUBSCRIPTION, - set_mocked_azure_audit_info, + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, ) def mock_cosmosdb_get_accounts(_): return { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Account( id="account_id", name="account_name", @@ -30,23 +30,25 @@ def mock_cosmosdb_get_accounts(_): ) class Test_CosmosDB_Service: def test__get_client__(self): - account = CosmosDB(set_mocked_azure_audit_info()) + account = CosmosDB(set_mocked_azure_provider()) assert ( - account.clients[AZURE_SUBSCRIPTION].__class__.__name__ + account.clients[AZURE_SUBSCRIPTION_ID].__class__.__name__ == "CosmosDBManagementClient" ) def test__get_accounts__(self): - account = CosmosDB(set_mocked_azure_audit_info()) - assert account.accounts[AZURE_SUBSCRIPTION][0].__class__.__name__ == "Account" - assert account.accounts[AZURE_SUBSCRIPTION][0].id == "account_id" - assert account.accounts[AZURE_SUBSCRIPTION][0].name == "account_name" - assert account.accounts[AZURE_SUBSCRIPTION][0].kind is None - assert account.accounts[AZURE_SUBSCRIPTION][0].location is None - assert account.accounts[AZURE_SUBSCRIPTION][0].type is None - assert account.accounts[AZURE_SUBSCRIPTION][0].tags is None + account = CosmosDB(set_mocked_azure_provider()) assert ( - account.accounts[AZURE_SUBSCRIPTION][0].is_virtual_network_filter_enabled + account.accounts[AZURE_SUBSCRIPTION_ID][0].__class__.__name__ == "Account" + ) + assert account.accounts[AZURE_SUBSCRIPTION_ID][0].id == "account_id" + assert account.accounts[AZURE_SUBSCRIPTION_ID][0].name == "account_name" + assert account.accounts[AZURE_SUBSCRIPTION_ID][0].kind is None + assert account.accounts[AZURE_SUBSCRIPTION_ID][0].location is None + assert account.accounts[AZURE_SUBSCRIPTION_ID][0].type is None + assert account.accounts[AZURE_SUBSCRIPTION_ID][0].tags is None + assert ( + account.accounts[AZURE_SUBSCRIPTION_ID][0].is_virtual_network_filter_enabled is None ) - assert account.accounts[AZURE_SUBSCRIPTION][0].disable_local_auth is None + assert account.accounts[AZURE_SUBSCRIPTION_ID][0].disable_local_auth is None diff --git a/tests/providers/azure/services/defender/defender_additional_email_configured_with_a_security_contact/defender_additional_email_configured_with_a_security_contact_test.py b/tests/providers/azure/services/defender/defender_additional_email_configured_with_a_security_contact/defender_additional_email_configured_with_a_security_contact_test.py index 5078c909b6..0f43c3947b 100644 --- a/tests/providers/azure/services/defender/defender_additional_email_configured_with_a_security_contact/defender_additional_email_configured_with_a_security_contact_test.py +++ b/tests/providers/azure/services/defender/defender_additional_email_configured_with_a_security_contact/defender_additional_email_configured_with_a_security_contact_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import SecurityContacts -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_defender_additional_email_configured_with_a_security_contact: @@ -11,6 +14,9 @@ class Test_defender_additional_email_configured_with_a_security_contact: defender_client.security_contacts = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_additional_email_configured_with_a_security_contact.defender_additional_email_configured_with_a_security_contact.defender_client", new=defender_client, ): @@ -26,7 +32,7 @@ class Test_defender_additional_email_configured_with_a_security_contact: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.security_contacts = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "default": SecurityContacts( resource_id=resource_id, emails="", @@ -40,6 +46,9 @@ class Test_defender_additional_email_configured_with_a_security_contact: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_additional_email_configured_with_a_security_contact.defender_additional_email_configured_with_a_security_contact.defender_client", new=defender_client, ): @@ -53,9 +62,9 @@ class Test_defender_additional_email_configured_with_a_security_contact: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"There is not another correct email configured for susbscription {AZURE_SUBSCRIPTION}." + == f"There is not another correct email configured for susbscription {AZURE_SUBSCRIPTION_ID}." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "default" assert result[0].resource_id == resource_id @@ -63,7 +72,7 @@ class Test_defender_additional_email_configured_with_a_security_contact: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.security_contacts = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "default": SecurityContacts( resource_id=resource_id, emails="bad_email", @@ -77,6 +86,9 @@ class Test_defender_additional_email_configured_with_a_security_contact: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_additional_email_configured_with_a_security_contact.defender_additional_email_configured_with_a_security_contact.defender_client", new=defender_client, ): @@ -90,9 +102,9 @@ class Test_defender_additional_email_configured_with_a_security_contact: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"There is not another correct email configured for susbscription {AZURE_SUBSCRIPTION}." + == f"There is not another correct email configured for susbscription {AZURE_SUBSCRIPTION_ID}." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "default" assert result[0].resource_id == resource_id @@ -100,7 +112,7 @@ class Test_defender_additional_email_configured_with_a_security_contact: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.security_contacts = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "default": SecurityContacts( resource_id=resource_id, emails="test@test.es, test@test.email.com", @@ -114,6 +126,9 @@ class Test_defender_additional_email_configured_with_a_security_contact: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_additional_email_configured_with_a_security_contact.defender_additional_email_configured_with_a_security_contact.defender_client", new=defender_client, ): @@ -127,9 +142,9 @@ class Test_defender_additional_email_configured_with_a_security_contact: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"There is not another correct email configured for susbscription {AZURE_SUBSCRIPTION}." + == f"There is not another correct email configured for susbscription {AZURE_SUBSCRIPTION_ID}." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "default" assert result[0].resource_id == resource_id @@ -137,7 +152,7 @@ class Test_defender_additional_email_configured_with_a_security_contact: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.security_contacts = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "default": SecurityContacts( resource_id=resource_id, emails="test@test.com", @@ -151,6 +166,9 @@ class Test_defender_additional_email_configured_with_a_security_contact: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_additional_email_configured_with_a_security_contact.defender_additional_email_configured_with_a_security_contact.defender_client", new=defender_client, ): @@ -164,9 +182,9 @@ class Test_defender_additional_email_configured_with_a_security_contact: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"There is another correct email configured for susbscription {AZURE_SUBSCRIPTION}." + == f"There is another correct email configured for susbscription {AZURE_SUBSCRIPTION_ID}." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "default" assert result[0].resource_id == resource_id @@ -174,7 +192,7 @@ class Test_defender_additional_email_configured_with_a_security_contact: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.security_contacts = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "default": SecurityContacts( resource_id=resource_id, emails="test@test.mail.es; bad_mail", @@ -188,6 +206,9 @@ class Test_defender_additional_email_configured_with_a_security_contact: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_additional_email_configured_with_a_security_contact.defender_additional_email_configured_with_a_security_contact.defender_client", new=defender_client, ): @@ -201,18 +222,18 @@ class Test_defender_additional_email_configured_with_a_security_contact: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"There is another correct email configured for susbscription {AZURE_SUBSCRIPTION}." + == f"There is another correct email configured for susbscription {AZURE_SUBSCRIPTION_ID}." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "default" assert result[0].resource_id == resource_id def test_defender_default_security_contact_not_found(self): defender_client = mock.MagicMock defender_client.security_contacts = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "default": SecurityContacts( - resource_id=f"/subscriptions/{AZURE_SUBSCRIPTION}/providers/Microsoft.Security/securityContacts/default", + resource_id=f"/subscriptions/{AZURE_SUBSCRIPTION_ID}/providers/Microsoft.Security/securityContacts/default", emails="", phone="", alert_notifications_minimal_severity="", @@ -224,6 +245,9 @@ class Test_defender_additional_email_configured_with_a_security_contact: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_additional_email_configured_with_a_security_contact.defender_additional_email_configured_with_a_security_contact.defender_client", new=defender_client, ): @@ -237,11 +261,11 @@ class Test_defender_additional_email_configured_with_a_security_contact: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"There is not another correct email configured for susbscription {AZURE_SUBSCRIPTION}." + == f"There is not another correct email configured for susbscription {AZURE_SUBSCRIPTION_ID}." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "default" assert ( result[0].resource_id - == f"/subscriptions/{AZURE_SUBSCRIPTION}/providers/Microsoft.Security/securityContacts/default" + == f"/subscriptions/{AZURE_SUBSCRIPTION_ID}/providers/Microsoft.Security/securityContacts/default" ) diff --git a/tests/providers/azure/services/defender/defender_assessments_vm_endpoint_protection_installed/defender_assessments_vm_endpoint_protection_installed_test.py b/tests/providers/azure/services/defender/defender_assessments_vm_endpoint_protection_installed/defender_assessments_vm_endpoint_protection_installed_test.py index d88615c4aa..758e9b722f 100644 --- a/tests/providers/azure/services/defender/defender_assessments_vm_endpoint_protection_installed/defender_assessments_vm_endpoint_protection_installed_test.py +++ b/tests/providers/azure/services/defender/defender_assessments_vm_endpoint_protection_installed/defender_assessments_vm_endpoint_protection_installed_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Assesment -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_defender_assessments_vm_endpoint_protection_installed: @@ -11,6 +14,9 @@ class Test_defender_assessments_vm_endpoint_protection_installed: defender_client.assessments = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_assessments_vm_endpoint_protection_installed.defender_assessments_vm_endpoint_protection_installed.defender_client", new=defender_client, ): @@ -24,9 +30,12 @@ class Test_defender_assessments_vm_endpoint_protection_installed: def test_defender_subscriptions_with_no_assessments(self): defender_client = mock.MagicMock - defender_client.assessments = {AZURE_SUBSCRIPTION: {}} + defender_client.assessments = {AZURE_SUBSCRIPTION_ID: {}} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_assessments_vm_endpoint_protection_installed.defender_assessments_vm_endpoint_protection_installed.defender_client", new=defender_client, ): @@ -42,7 +51,7 @@ class Test_defender_assessments_vm_endpoint_protection_installed: defender_client = mock.MagicMock resource_id = str(uuid4()) defender_client.assessments = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "Install endpoint protection solution on virtual machines": Assesment( resource_id=resource_id, resource_name="vm1", @@ -52,6 +61,9 @@ class Test_defender_assessments_vm_endpoint_protection_installed: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_assessments_vm_endpoint_protection_installed.defender_assessments_vm_endpoint_protection_installed.defender_client", new=defender_client, ): @@ -65,7 +77,7 @@ class Test_defender_assessments_vm_endpoint_protection_installed: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Endpoint protection is set up in all VMs in subscription {AZURE_SUBSCRIPTION}." + == f"Endpoint protection is set up in all VMs in subscription {AZURE_SUBSCRIPTION_ID}." ) assert result[0].resource_name == "vm1" assert result[0].resource_id == resource_id @@ -74,7 +86,7 @@ class Test_defender_assessments_vm_endpoint_protection_installed: defender_client = mock.MagicMock resource_id = str(uuid4()) defender_client.assessments = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "Install endpoint protection solution on virtual machines": Assesment( resource_id=resource_id, resource_name="vm1", @@ -84,6 +96,9 @@ class Test_defender_assessments_vm_endpoint_protection_installed: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_assessments_vm_endpoint_protection_installed.defender_assessments_vm_endpoint_protection_installed.defender_client", new=defender_client, ): @@ -97,7 +112,7 @@ class Test_defender_assessments_vm_endpoint_protection_installed: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Endpoint protection is not set up in all VMs in subscription {AZURE_SUBSCRIPTION}." + == f"Endpoint protection is not set up in all VMs in subscription {AZURE_SUBSCRIPTION_ID}." ) assert result[0].resource_name == "vm1" assert result[0].resource_id == resource_id diff --git a/tests/providers/azure/services/defender/defender_auto_provisioning_log_analytics_agent_vms_on/defender_auto_provisioning_log_analytics_agent_vms_on_test.py b/tests/providers/azure/services/defender/defender_auto_provisioning_log_analytics_agent_vms_on/defender_auto_provisioning_log_analytics_agent_vms_on_test.py index c048075070..1a900f4a43 100644 --- a/tests/providers/azure/services/defender/defender_auto_provisioning_log_analytics_agent_vms_on/defender_auto_provisioning_log_analytics_agent_vms_on_test.py +++ b/tests/providers/azure/services/defender/defender_auto_provisioning_log_analytics_agent_vms_on/defender_auto_provisioning_log_analytics_agent_vms_on_test.py @@ -4,7 +4,10 @@ from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import ( AutoProvisioningSetting, ) -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_defender_auto_provisioning_log_analytics_agent_vms_on: @@ -13,6 +16,9 @@ class Test_defender_auto_provisioning_log_analytics_agent_vms_on: defender_client.auto_provisioning_settings = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_auto_provisioning_log_analytics_agent_vms_on.defender_auto_provisioning_log_analytics_agent_vms_on.defender_client", new=defender_client, ): @@ -28,7 +34,7 @@ class Test_defender_auto_provisioning_log_analytics_agent_vms_on: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.auto_provisioning_settings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "default": AutoProvisioningSetting( resource_id=resource_id, resource_name="default", @@ -39,6 +45,9 @@ class Test_defender_auto_provisioning_log_analytics_agent_vms_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_auto_provisioning_log_analytics_agent_vms_on.defender_auto_provisioning_log_analytics_agent_vms_on.defender_client", new=defender_client, ): @@ -52,9 +61,9 @@ class Test_defender_auto_provisioning_log_analytics_agent_vms_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Defender Auto Provisioning Log Analytics Agents from subscription {AZURE_SUBSCRIPTION} is set to OFF." + == f"Defender Auto Provisioning Log Analytics Agents from subscription {AZURE_SUBSCRIPTION_ID} is set to OFF." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "default" assert result[0].resource_id == resource_id @@ -62,7 +71,7 @@ class Test_defender_auto_provisioning_log_analytics_agent_vms_on: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.auto_provisioning_settings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "default": AutoProvisioningSetting( resource_id=resource_id, resource_name="default", @@ -73,6 +82,9 @@ class Test_defender_auto_provisioning_log_analytics_agent_vms_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_auto_provisioning_log_analytics_agent_vms_on.defender_auto_provisioning_log_analytics_agent_vms_on.defender_client", new=defender_client, ): @@ -86,9 +98,9 @@ class Test_defender_auto_provisioning_log_analytics_agent_vms_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Defender Auto Provisioning Log Analytics Agents from subscription {AZURE_SUBSCRIPTION} is set to ON." + == f"Defender Auto Provisioning Log Analytics Agents from subscription {AZURE_SUBSCRIPTION_ID} is set to ON." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "default" assert result[0].resource_id == resource_id @@ -96,7 +108,7 @@ class Test_defender_auto_provisioning_log_analytics_agent_vms_on: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.auto_provisioning_settings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "default": AutoProvisioningSetting( resource_id=resource_id, resource_name="default", @@ -113,6 +125,9 @@ class Test_defender_auto_provisioning_log_analytics_agent_vms_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_auto_provisioning_log_analytics_agent_vms_on.defender_auto_provisioning_log_analytics_agent_vms_on.defender_client", new=defender_client, ): @@ -126,17 +141,17 @@ class Test_defender_auto_provisioning_log_analytics_agent_vms_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Defender Auto Provisioning Log Analytics Agents from subscription {AZURE_SUBSCRIPTION} is set to ON." + == f"Defender Auto Provisioning Log Analytics Agents from subscription {AZURE_SUBSCRIPTION_ID} is set to ON." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "default" assert result[0].resource_id == resource_id assert result[1].status == "FAIL" assert ( result[1].status_extended - == f"Defender Auto Provisioning Log Analytics Agents from subscription {AZURE_SUBSCRIPTION} is set to OFF." + == f"Defender Auto Provisioning Log Analytics Agents from subscription {AZURE_SUBSCRIPTION_ID} is set to OFF." ) - assert result[1].subscription == AZURE_SUBSCRIPTION + assert result[1].subscription == AZURE_SUBSCRIPTION_ID assert result[1].resource_name == "default2" assert result[1].resource_id == resource_id diff --git a/tests/providers/azure/services/defender/defender_auto_provisioning_vulnerabilty_assessments_machines_on/defender_auto_provisioning_vulnerabilty_assessments_machines_on_test.py b/tests/providers/azure/services/defender/defender_auto_provisioning_vulnerabilty_assessments_machines_on/defender_auto_provisioning_vulnerabilty_assessments_machines_on_test.py index 0f7306fdcd..bdb3726c57 100644 --- a/tests/providers/azure/services/defender/defender_auto_provisioning_vulnerabilty_assessments_machines_on/defender_auto_provisioning_vulnerabilty_assessments_machines_on_test.py +++ b/tests/providers/azure/services/defender/defender_auto_provisioning_vulnerabilty_assessments_machines_on/defender_auto_provisioning_vulnerabilty_assessments_machines_on_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Assesment -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_defender_auto_provisioning_vulnerabilty_assessments_machines_on: @@ -11,6 +14,9 @@ class Test_defender_auto_provisioning_vulnerabilty_assessments_machines_on: defender_client.assessments = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_auto_provisioning_vulnerabilty_assessments_machines_on.defender_auto_provisioning_vulnerabilty_assessments_machines_on.defender_client", new=defender_client, ): @@ -26,7 +32,7 @@ class Test_defender_auto_provisioning_vulnerabilty_assessments_machines_on: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.assessments = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "Machines should have a vulnerability assessment solution": Assesment( resource_id=resource_id, resource_name="vm1", @@ -36,6 +42,9 @@ class Test_defender_auto_provisioning_vulnerabilty_assessments_machines_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_auto_provisioning_vulnerabilty_assessments_machines_on.defender_auto_provisioning_vulnerabilty_assessments_machines_on.defender_client", new=defender_client, ): @@ -49,9 +58,9 @@ class Test_defender_auto_provisioning_vulnerabilty_assessments_machines_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Vulnerability assessment is not set up in all VMs in subscription {AZURE_SUBSCRIPTION}." + == f"Vulnerability assessment is not set up in all VMs in subscription {AZURE_SUBSCRIPTION_ID}." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "vm1" assert result[0].resource_id == resource_id @@ -59,7 +68,7 @@ class Test_defender_auto_provisioning_vulnerabilty_assessments_machines_on: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.assessments = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "Machines should have a vulnerability assessment solution": Assesment( resource_id=resource_id, resource_name="vm1", @@ -69,6 +78,9 @@ class Test_defender_auto_provisioning_vulnerabilty_assessments_machines_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_auto_provisioning_vulnerabilty_assessments_machines_on.defender_auto_provisioning_vulnerabilty_assessments_machines_on.defender_client", new=defender_client, ): @@ -82,8 +94,8 @@ class Test_defender_auto_provisioning_vulnerabilty_assessments_machines_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Vulnerability assessment is set up in all VMs in subscription {AZURE_SUBSCRIPTION}." + == f"Vulnerability assessment is set up in all VMs in subscription {AZURE_SUBSCRIPTION_ID}." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "vm1" assert result[0].resource_id == resource_id diff --git a/tests/providers/azure/services/defender/defender_container_images_resolved_vulnerabilities/defender_container_images_resolved_vulnerabilities_test.py b/tests/providers/azure/services/defender/defender_container_images_resolved_vulnerabilities/defender_container_images_resolved_vulnerabilities_test.py index c7bf2770a3..a8f89a76cf 100644 --- a/tests/providers/azure/services/defender/defender_container_images_resolved_vulnerabilities/defender_container_images_resolved_vulnerabilities_test.py +++ b/tests/providers/azure/services/defender/defender_container_images_resolved_vulnerabilities/defender_container_images_resolved_vulnerabilities_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Assesment -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_defender_container_images_resolved_vulnerabilities: @@ -11,6 +14,9 @@ class Test_defender_container_images_resolved_vulnerabilities: defender_client.assessments = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_container_images_resolved_vulnerabilities.defender_container_images_resolved_vulnerabilities.defender_client", new=defender_client, ): @@ -24,9 +30,12 @@ class Test_defender_container_images_resolved_vulnerabilities: def test_defender_subscription_empty(self): defender_client = mock.MagicMock - defender_client.assessments = {AZURE_SUBSCRIPTION: {}} + defender_client.assessments = {AZURE_SUBSCRIPTION_ID: {}} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_container_images_resolved_vulnerabilities.defender_container_images_resolved_vulnerabilities.defender_client", new=defender_client, ): @@ -41,7 +50,7 @@ class Test_defender_container_images_resolved_vulnerabilities: def test_defender_subscription_no_assesment(self): defender_client = mock.MagicMock defender_client.assessments = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "": Assesment( resource_id=str(uuid4()), resource_name=str(uuid4()), @@ -51,6 +60,9 @@ class Test_defender_container_images_resolved_vulnerabilities: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_container_images_resolved_vulnerabilities.defender_container_images_resolved_vulnerabilities.defender_client", new=defender_client, ): @@ -65,7 +77,7 @@ class Test_defender_container_images_resolved_vulnerabilities: def test_defender_subscription_assesment_unhealthy(self): defender_client = mock.MagicMock defender_client.assessments = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management)": Assesment( resource_id=str(uuid4()), resource_name=str(uuid4()), @@ -75,6 +87,9 @@ class Test_defender_container_images_resolved_vulnerabilities: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_container_images_resolved_vulnerabilities.defender_container_images_resolved_vulnerabilities.defender_client", new=defender_client, ): @@ -88,26 +103,26 @@ class Test_defender_container_images_resolved_vulnerabilities: assert result[0].status == "FAIL" assert ( result[0].resource_id - == defender_client.assessments[AZURE_SUBSCRIPTION][ + == defender_client.assessments[AZURE_SUBSCRIPTION_ID][ "Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management)" ].resource_id ) assert ( result[0].resource_name - == defender_client.assessments[AZURE_SUBSCRIPTION][ + == defender_client.assessments[AZURE_SUBSCRIPTION_ID][ "Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management)" ].resource_name ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert ( result[0].status_extended - == f"Azure running container images have unresolved vulnerabilities in subscription '{AZURE_SUBSCRIPTION}'." + == f"Azure running container images have unresolved vulnerabilities in subscription '{AZURE_SUBSCRIPTION_ID}'." ) def test_defender_subscription_assesment_healthy(self): defender_client = mock.MagicMock defender_client.assessments = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management)": Assesment( resource_id=str(uuid4()), resource_name=str(uuid4()), @@ -117,6 +132,9 @@ class Test_defender_container_images_resolved_vulnerabilities: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_container_images_resolved_vulnerabilities.defender_container_images_resolved_vulnerabilities.defender_client", new=defender_client, ): @@ -130,26 +148,26 @@ class Test_defender_container_images_resolved_vulnerabilities: assert result[0].status == "PASS" assert ( result[0].resource_id - == defender_client.assessments[AZURE_SUBSCRIPTION][ + == defender_client.assessments[AZURE_SUBSCRIPTION_ID][ "Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management)" ].resource_id ) assert ( result[0].resource_name - == defender_client.assessments[AZURE_SUBSCRIPTION][ + == defender_client.assessments[AZURE_SUBSCRIPTION_ID][ "Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management)" ].resource_name ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert ( result[0].status_extended - == f"Azure running container images do not have unresolved vulnerabilities in subscription '{AZURE_SUBSCRIPTION}'." + == f"Azure running container images do not have unresolved vulnerabilities in subscription '{AZURE_SUBSCRIPTION_ID}'." ) def test_defender_subscription_assesment_not_applicable(self): defender_client = mock.MagicMock defender_client.assessments = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management)": Assesment( resource_id=str(uuid4()), resource_name=str(uuid4()), @@ -159,6 +177,9 @@ class Test_defender_container_images_resolved_vulnerabilities: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_container_images_resolved_vulnerabilities.defender_container_images_resolved_vulnerabilities.defender_client", new=defender_client, ): diff --git a/tests/providers/azure/services/defender/defender_container_images_scan_enabled/defender_container_images_scan_enabled_test.py b/tests/providers/azure/services/defender/defender_container_images_scan_enabled/defender_container_images_scan_enabled_test.py index 8326d3dfdf..7cccc6adce 100644 --- a/tests/providers/azure/services/defender/defender_container_images_scan_enabled/defender_container_images_scan_enabled_test.py +++ b/tests/providers/azure/services/defender/defender_container_images_scan_enabled/defender_container_images_scan_enabled_test.py @@ -3,7 +3,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_defender_container_images_scan_enabled: @@ -12,6 +15,9 @@ class Test_defender_container_images_scan_enabled: defender_client.pricings = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_container_images_scan_enabled.defender_container_images_scan_enabled.defender_client", new=defender_client, ): @@ -25,9 +31,12 @@ class Test_defender_container_images_scan_enabled: def test_defender_subscription_empty(self): defender_client = mock.MagicMock - defender_client.pricings = {AZURE_SUBSCRIPTION: {}} + defender_client.pricings = {AZURE_SUBSCRIPTION_ID: {}} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_container_images_scan_enabled.defender_container_images_scan_enabled.defender_client", new=defender_client, ): @@ -42,7 +51,7 @@ class Test_defender_container_images_scan_enabled: def test_defender_subscription_no_containers(self): defender_client = mock.MagicMock defender_client.pricings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "NotContainers": Pricing( resource_id=str(uuid4()), pricing_tier="Free", @@ -52,6 +61,9 @@ class Test_defender_container_images_scan_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_container_images_scan_enabled.defender_container_images_scan_enabled.defender_client", new=defender_client, ): @@ -66,7 +78,7 @@ class Test_defender_container_images_scan_enabled: def test_defender_subscription_containers_no_extensions(self): defender_client = mock.MagicMock defender_client.pricings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "Containers": Pricing( resource_id=str(uuid4()), pricing_tier="Free", @@ -77,6 +89,9 @@ class Test_defender_container_images_scan_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_container_images_scan_enabled.defender_container_images_scan_enabled.defender_client", new=defender_client, ): @@ -89,21 +104,21 @@ class Test_defender_container_images_scan_enabled: assert len(result) == 1 assert result[0].status == "FAIL" assert result[0].status_extended == ( - f"Container image scan is disabled in subscription {AZURE_SUBSCRIPTION}." + f"Container image scan is disabled in subscription {AZURE_SUBSCRIPTION_ID}." ) assert ( result[0].resource_id - == defender_client.pricings[AZURE_SUBSCRIPTION][ + == defender_client.pricings[AZURE_SUBSCRIPTION_ID][ "Containers" ].resource_id ) assert result[0].resource_name == "Dender plan for Containers" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID def test_defender_subscription_containers_container_images_scan_off(self): defender_client = mock.MagicMock defender_client.pricings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "Containers": Pricing( resource_id=str(uuid4()), pricing_tier="Free", @@ -114,6 +129,9 @@ class Test_defender_container_images_scan_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_container_images_scan_enabled.defender_container_images_scan_enabled.defender_client", new=defender_client, ): @@ -126,21 +144,21 @@ class Test_defender_container_images_scan_enabled: assert len(result) == 1 assert result[0].status == "FAIL" assert result[0].status_extended == ( - f"Container image scan is disabled in subscription {AZURE_SUBSCRIPTION}." + f"Container image scan is disabled in subscription {AZURE_SUBSCRIPTION_ID}." ) assert ( result[0].resource_id - == defender_client.pricings[AZURE_SUBSCRIPTION][ + == defender_client.pricings[AZURE_SUBSCRIPTION_ID][ "Containers" ].resource_id ) assert result[0].resource_name == "Dender plan for Containers" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID def test_defender_subscription_containers_container_images_scan_on(self): defender_client = mock.MagicMock defender_client.pricings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "Containers": Pricing( resource_id=str(uuid4()), pricing_tier="Free", @@ -151,6 +169,9 @@ class Test_defender_container_images_scan_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_container_images_scan_enabled.defender_container_images_scan_enabled.defender_client", new=defender_client, ): @@ -163,13 +184,13 @@ class Test_defender_container_images_scan_enabled: assert len(result) == 1 assert result[0].status == "PASS" assert result[0].status_extended == ( - f"Container image scan is enabled in subscription {AZURE_SUBSCRIPTION}." + f"Container image scan is enabled in subscription {AZURE_SUBSCRIPTION_ID}." ) assert ( result[0].resource_id - == defender_client.pricings[AZURE_SUBSCRIPTION][ + == defender_client.pricings[AZURE_SUBSCRIPTION_ID][ "Containers" ].resource_id ) assert result[0].resource_name == "Dender plan for Containers" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_app_services_is_on/defender_ensure_defender_for_app_services_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_app_services_is_on/defender_ensure_defender_for_app_services_is_on_test.py index fc659680ab..5aee061223 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_app_services_is_on/defender_ensure_defender_for_app_services_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_app_services_is_on/defender_ensure_defender_for_app_services_is_on_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_defender_ensure_defender_for_app_services_is_on: @@ -11,6 +14,9 @@ class Test_defender_ensure_defender_for_app_services_is_on: defender_client.pricings = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_app_services_is_on.defender_ensure_defender_for_app_services_is_on.defender_client", new=defender_client, ): @@ -26,7 +32,7 @@ class Test_defender_ensure_defender_for_app_services_is_on: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.pricings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "AppServices": Pricing( resource_id=resource_id, pricing_tier="Not Standard", @@ -36,6 +42,9 @@ class Test_defender_ensure_defender_for_app_services_is_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_app_services_is_on.defender_ensure_defender_for_app_services_is_on.defender_client", new=defender_client, ): @@ -49,9 +58,9 @@ class Test_defender_ensure_defender_for_app_services_is_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Defender plan Defender for App Services from subscription {AZURE_SUBSCRIPTION} is set to OFF (pricing tier not standard)." + == f"Defender plan Defender for App Services from subscription {AZURE_SUBSCRIPTION_ID} is set to OFF (pricing tier not standard)." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan App Services" assert result[0].resource_id == resource_id @@ -59,7 +68,7 @@ class Test_defender_ensure_defender_for_app_services_is_on: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.pricings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "AppServices": Pricing( resource_id=resource_id, pricing_tier="Standard", @@ -69,6 +78,9 @@ class Test_defender_ensure_defender_for_app_services_is_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_app_services_is_on.defender_ensure_defender_for_app_services_is_on.defender_client", new=defender_client, ): @@ -82,8 +94,8 @@ class Test_defender_ensure_defender_for_app_services_is_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Defender plan Defender for App Services from subscription {AZURE_SUBSCRIPTION} is set to ON (pricing tier standard)." + == f"Defender plan Defender for App Services from subscription {AZURE_SUBSCRIPTION_ID} is set to ON (pricing tier standard)." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan App Services" assert result[0].resource_id == resource_id diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_arm_is_on/defender_ensure_defender_for_arm_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_arm_is_on/defender_ensure_defender_for_arm_is_on_test.py index 648ae41632..51f6cd3df9 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_arm_is_on/defender_ensure_defender_for_arm_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_arm_is_on/defender_ensure_defender_for_arm_is_on_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_defender_ensure_defender_for_arm_is_on: @@ -11,6 +14,9 @@ class Test_defender_ensure_defender_for_arm_is_on: defender_client.pricings = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_arm_is_on.defender_ensure_defender_for_arm_is_on.defender_client", new=defender_client, ): @@ -26,7 +32,7 @@ class Test_defender_ensure_defender_for_arm_is_on: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.pricings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "Arm": Pricing( resource_id=resource_id, pricing_tier="Not Standard", @@ -36,6 +42,9 @@ class Test_defender_ensure_defender_for_arm_is_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_arm_is_on.defender_ensure_defender_for_arm_is_on.defender_client", new=defender_client, ): @@ -49,9 +58,9 @@ class Test_defender_ensure_defender_for_arm_is_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Defender plan Defender for ARM from subscription {AZURE_SUBSCRIPTION} is set to OFF (pricing tier not standard)." + == f"Defender plan Defender for ARM from subscription {AZURE_SUBSCRIPTION_ID} is set to OFF (pricing tier not standard)." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan ARM" assert result[0].resource_id == resource_id @@ -59,7 +68,7 @@ class Test_defender_ensure_defender_for_arm_is_on: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.pricings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "Arm": Pricing( resource_id=resource_id, pricing_tier="Standard", @@ -69,6 +78,9 @@ class Test_defender_ensure_defender_for_arm_is_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_arm_is_on.defender_ensure_defender_for_arm_is_on.defender_client", new=defender_client, ): @@ -82,8 +94,8 @@ class Test_defender_ensure_defender_for_arm_is_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Defender plan Defender for ARM from subscription {AZURE_SUBSCRIPTION} is set to ON (pricing tier standard)." + == f"Defender plan Defender for ARM from subscription {AZURE_SUBSCRIPTION_ID} is set to ON (pricing tier standard)." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan ARM" assert result[0].resource_id == resource_id diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_azure_sql_databases_is_on/defender_ensure_defender_for_azure_sql_databases_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_azure_sql_databases_is_on/defender_ensure_defender_for_azure_sql_databases_is_on_test.py index 3e4a4a5ec6..715010c55d 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_azure_sql_databases_is_on/defender_ensure_defender_for_azure_sql_databases_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_azure_sql_databases_is_on/defender_ensure_defender_for_azure_sql_databases_is_on_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_defender_ensure_defender_for_azure_sql_databases_is_on: @@ -11,6 +14,9 @@ class Test_defender_ensure_defender_for_azure_sql_databases_is_on: defender_client.pricings = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_azure_sql_databases_is_on.defender_ensure_defender_for_azure_sql_databases_is_on.defender_client", new=defender_client, ): @@ -26,7 +32,7 @@ class Test_defender_ensure_defender_for_azure_sql_databases_is_on: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.pricings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "SqlServers": Pricing( resource_id=resource_id, pricing_tier="Not Standard", @@ -36,6 +42,9 @@ class Test_defender_ensure_defender_for_azure_sql_databases_is_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_azure_sql_databases_is_on.defender_ensure_defender_for_azure_sql_databases_is_on.defender_client", new=defender_client, ): @@ -49,9 +58,9 @@ class Test_defender_ensure_defender_for_azure_sql_databases_is_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Defender plan Defender for Azure SQL DB Servers from subscription {AZURE_SUBSCRIPTION} is set to OFF (pricing tier not standard)." + == f"Defender plan Defender for Azure SQL DB Servers from subscription {AZURE_SUBSCRIPTION_ID} is set to OFF (pricing tier not standard)." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan Azure SQL DB Servers" assert result[0].resource_id == resource_id @@ -59,7 +68,7 @@ class Test_defender_ensure_defender_for_azure_sql_databases_is_on: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.pricings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "SqlServers": Pricing( resource_id=resource_id, pricing_tier="Standard", @@ -69,6 +78,9 @@ class Test_defender_ensure_defender_for_azure_sql_databases_is_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_azure_sql_databases_is_on.defender_ensure_defender_for_azure_sql_databases_is_on.defender_client", new=defender_client, ): @@ -82,8 +94,8 @@ class Test_defender_ensure_defender_for_azure_sql_databases_is_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Defender plan Defender for Azure SQL DB Servers from subscription {AZURE_SUBSCRIPTION} is set to ON (pricing tier standard)." + == f"Defender plan Defender for Azure SQL DB Servers from subscription {AZURE_SUBSCRIPTION_ID} is set to ON (pricing tier standard)." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan Azure SQL DB Servers" assert result[0].resource_id == resource_id diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_containers_is_on/defender_ensure_defender_for_containers_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_containers_is_on/defender_ensure_defender_for_containers_is_on_test.py index fae2a50db3..e44ea63d03 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_containers_is_on/defender_ensure_defender_for_containers_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_containers_is_on/defender_ensure_defender_for_containers_is_on_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_defender_ensure_defender_for_containers_is_on: @@ -11,6 +14,9 @@ class Test_defender_ensure_defender_for_containers_is_on: defender_client.pricings = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_containers_is_on.defender_ensure_defender_for_containers_is_on.defender_client", new=defender_client, ): @@ -26,7 +32,7 @@ class Test_defender_ensure_defender_for_containers_is_on: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.pricings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "Containers": Pricing( resource_id=resource_id, pricing_tier="Not Standard", @@ -36,6 +42,9 @@ class Test_defender_ensure_defender_for_containers_is_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_containers_is_on.defender_ensure_defender_for_containers_is_on.defender_client", new=defender_client, ): @@ -49,9 +58,9 @@ class Test_defender_ensure_defender_for_containers_is_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Defender plan Defender for Containers from subscription {AZURE_SUBSCRIPTION} is set to OFF (pricing tier not standard)." + == f"Defender plan Defender for Containers from subscription {AZURE_SUBSCRIPTION_ID} is set to OFF (pricing tier not standard)." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan Container Registries" assert result[0].resource_id == resource_id @@ -59,7 +68,7 @@ class Test_defender_ensure_defender_for_containers_is_on: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.pricings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "Containers": Pricing( resource_id=resource_id, pricing_tier="Standard", @@ -69,6 +78,9 @@ class Test_defender_ensure_defender_for_containers_is_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_containers_is_on.defender_ensure_defender_for_containers_is_on.defender_client", new=defender_client, ): @@ -82,8 +94,8 @@ class Test_defender_ensure_defender_for_containers_is_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Defender plan Defender for Containers from subscription {AZURE_SUBSCRIPTION} is set to ON (pricing tier standard)." + == f"Defender plan Defender for Containers from subscription {AZURE_SUBSCRIPTION_ID} is set to ON (pricing tier standard)." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan Container Registries" assert result[0].resource_id == resource_id diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_cosmosdb_is_on/defender_ensure_defender_for_cosmosdb_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_cosmosdb_is_on/defender_ensure_defender_for_cosmosdb_is_on_test.py index c32631743f..16060830be 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_cosmosdb_is_on/defender_ensure_defender_for_cosmosdb_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_cosmosdb_is_on/defender_ensure_defender_for_cosmosdb_is_on_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_defender_ensure_defender_for_cosmosdb_is_on: @@ -11,6 +14,9 @@ class Test_defender_ensure_defender_for_cosmosdb_is_on: defender_client.pricings = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_cosmosdb_is_on.defender_ensure_defender_for_cosmosdb_is_on.defender_client", new=defender_client, ): @@ -26,7 +32,7 @@ class Test_defender_ensure_defender_for_cosmosdb_is_on: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.pricings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "CosmosDbs": Pricing( resource_id=resource_id, pricing_tier="Not Standard", @@ -36,6 +42,9 @@ class Test_defender_ensure_defender_for_cosmosdb_is_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_cosmosdb_is_on.defender_ensure_defender_for_cosmosdb_is_on.defender_client", new=defender_client, ): @@ -49,9 +58,9 @@ class Test_defender_ensure_defender_for_cosmosdb_is_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Defender plan Defender for Cosmos DB from subscription {AZURE_SUBSCRIPTION} is set to OFF (pricing tier not standard)." + == f"Defender plan Defender for Cosmos DB from subscription {AZURE_SUBSCRIPTION_ID} is set to OFF (pricing tier not standard)." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan Cosmos DB" assert result[0].resource_id == resource_id @@ -59,7 +68,7 @@ class Test_defender_ensure_defender_for_cosmosdb_is_on: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.pricings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "CosmosDbs": Pricing( resource_id=resource_id, pricing_tier="Standard", @@ -69,6 +78,9 @@ class Test_defender_ensure_defender_for_cosmosdb_is_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_cosmosdb_is_on.defender_ensure_defender_for_cosmosdb_is_on.defender_client", new=defender_client, ): @@ -82,8 +94,8 @@ class Test_defender_ensure_defender_for_cosmosdb_is_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Defender plan Defender for Cosmos DB from subscription {AZURE_SUBSCRIPTION} is set to ON (pricing tier standard)." + == f"Defender plan Defender for Cosmos DB from subscription {AZURE_SUBSCRIPTION_ID} is set to ON (pricing tier standard)." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan Cosmos DB" assert result[0].resource_id == resource_id diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_databases_is_on/defender_ensure_defender_for_databases_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_databases_is_on/defender_ensure_defender_for_databases_is_on_test.py index bcc0abb88a..935279f1ab 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_databases_is_on/defender_ensure_defender_for_databases_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_databases_is_on/defender_ensure_defender_for_databases_is_on_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_defender_ensure_defender_for_databases_is_on: @@ -11,6 +14,9 @@ class Test_defender_ensure_defender_for_databases_is_on: defender_client.pricings = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_databases_is_on.defender_ensure_defender_for_databases_is_on.defender_client", new=defender_client, ): @@ -26,7 +32,7 @@ class Test_defender_ensure_defender_for_databases_is_on: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.pricings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "SqlServers": Pricing( resource_id=resource_id, pricing_tier="Standard", @@ -36,6 +42,9 @@ class Test_defender_ensure_defender_for_databases_is_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_databases_is_on.defender_ensure_defender_for_databases_is_on.defender_client", new=defender_client, ): @@ -51,7 +60,7 @@ class Test_defender_ensure_defender_for_databases_is_on: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.pricings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "SqlServerVirtualMachines": Pricing( resource_id=resource_id, pricing_tier="Standard", @@ -61,6 +70,9 @@ class Test_defender_ensure_defender_for_databases_is_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_databases_is_on.defender_ensure_defender_for_databases_is_on.defender_client", new=defender_client, ): @@ -76,7 +88,7 @@ class Test_defender_ensure_defender_for_databases_is_on: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.pricings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "OpenSourceRelationalDatabases": Pricing( resource_id=resource_id, pricing_tier="Standard", @@ -86,6 +98,9 @@ class Test_defender_ensure_defender_for_databases_is_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_databases_is_on.defender_ensure_defender_for_databases_is_on.defender_client", new=defender_client, ): @@ -101,7 +116,7 @@ class Test_defender_ensure_defender_for_databases_is_on: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.pricings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "CosmosDbs": Pricing( resource_id=resource_id, pricing_tier="Standard", @@ -111,6 +126,9 @@ class Test_defender_ensure_defender_for_databases_is_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_databases_is_on.defender_ensure_defender_for_databases_is_on.defender_client", new=defender_client, ): @@ -126,7 +144,7 @@ class Test_defender_ensure_defender_for_databases_is_on: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.pricings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "SqlServers": Pricing( resource_id=resource_id, pricing_tier="Standard", @@ -151,6 +169,9 @@ class Test_defender_ensure_defender_for_databases_is_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_databases_is_on.defender_ensure_defender_for_databases_is_on.defender_client", new=defender_client, ): @@ -164,9 +185,9 @@ class Test_defender_ensure_defender_for_databases_is_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Defender plan Defender for Databases from subscription {AZURE_SUBSCRIPTION} is set to ON (pricing tier standard)." + == f"Defender plan Defender for Databases from subscription {AZURE_SUBSCRIPTION_ID} is set to ON (pricing tier standard)." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan Databases" assert result[0].resource_id == resource_id @@ -174,7 +195,7 @@ class Test_defender_ensure_defender_for_databases_is_on: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.pricings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "SqlServers": Pricing( resource_id=resource_id, pricing_tier="Standard", @@ -199,6 +220,9 @@ class Test_defender_ensure_defender_for_databases_is_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_databases_is_on.defender_ensure_defender_for_databases_is_on.defender_client", new=defender_client, ): @@ -212,8 +236,8 @@ class Test_defender_ensure_defender_for_databases_is_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Defender plan Defender for Databases from subscription {AZURE_SUBSCRIPTION} is set to OFF (pricing tier not standard)." + == f"Defender plan Defender for Databases from subscription {AZURE_SUBSCRIPTION_ID} is set to OFF (pricing tier not standard)." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan Databases" assert result[0].resource_id == resource_id diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_dns_is_on/defender_ensure_defender_for_dns_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_dns_is_on/defender_ensure_defender_for_dns_is_on_test.py index f3335dbc9b..0e237f6da7 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_dns_is_on/defender_ensure_defender_for_dns_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_dns_is_on/defender_ensure_defender_for_dns_is_on_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_defender_ensure_defender_for_dns_is_on: @@ -11,6 +14,9 @@ class Test_defender_ensure_defender_for_dns_is_on: defender_client.pricings = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_dns_is_on.defender_ensure_defender_for_dns_is_on.defender_client", new=defender_client, ): @@ -26,7 +32,7 @@ class Test_defender_ensure_defender_for_dns_is_on: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.pricings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "Dns": Pricing( resource_id=resource_id, pricing_tier="Not Standard", @@ -36,6 +42,9 @@ class Test_defender_ensure_defender_for_dns_is_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_dns_is_on.defender_ensure_defender_for_dns_is_on.defender_client", new=defender_client, ): @@ -49,9 +58,9 @@ class Test_defender_ensure_defender_for_dns_is_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Defender plan Defender for DNS from subscription {AZURE_SUBSCRIPTION} is set to OFF (pricing tier not standard)." + == f"Defender plan Defender for DNS from subscription {AZURE_SUBSCRIPTION_ID} is set to OFF (pricing tier not standard)." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan DNS" assert result[0].resource_id == resource_id @@ -59,7 +68,7 @@ class Test_defender_ensure_defender_for_dns_is_on: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.pricings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "Dns": Pricing( resource_id=resource_id, pricing_tier="Standard", @@ -69,6 +78,9 @@ class Test_defender_ensure_defender_for_dns_is_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_dns_is_on.defender_ensure_defender_for_dns_is_on.defender_client", new=defender_client, ): @@ -82,8 +94,8 @@ class Test_defender_ensure_defender_for_dns_is_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Defender plan Defender for DNS from subscription {AZURE_SUBSCRIPTION} is set to ON (pricing tier standard)." + == f"Defender plan Defender for DNS from subscription {AZURE_SUBSCRIPTION_ID} is set to ON (pricing tier standard)." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan DNS" assert result[0].resource_id == resource_id diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_keyvault_is_on/defender_ensure_defender_for_keyvault_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_keyvault_is_on/defender_ensure_defender_for_keyvault_is_on_test.py index b9d88bc5f3..73a254f022 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_keyvault_is_on/defender_ensure_defender_for_keyvault_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_keyvault_is_on/defender_ensure_defender_for_keyvault_is_on_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_defender_ensure_defender_for_keyvault_is_on: @@ -11,6 +14,9 @@ class Test_defender_ensure_defender_for_keyvault_is_on: defender_client.pricings = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_keyvault_is_on.defender_ensure_defender_for_keyvault_is_on.defender_client", new=defender_client, ): @@ -26,7 +32,7 @@ class Test_defender_ensure_defender_for_keyvault_is_on: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.pricings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "KeyVaults": Pricing( resource_id=resource_id, pricing_tier="Not Standard", @@ -36,6 +42,9 @@ class Test_defender_ensure_defender_for_keyvault_is_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_keyvault_is_on.defender_ensure_defender_for_keyvault_is_on.defender_client", new=defender_client, ): @@ -49,9 +58,9 @@ class Test_defender_ensure_defender_for_keyvault_is_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Defender plan Defender for KeyVaults from subscription {AZURE_SUBSCRIPTION} is set to OFF (pricing tier not standard)." + == f"Defender plan Defender for KeyVaults from subscription {AZURE_SUBSCRIPTION_ID} is set to OFF (pricing tier not standard)." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan KeyVaults" assert result[0].resource_id == resource_id @@ -59,7 +68,7 @@ class Test_defender_ensure_defender_for_keyvault_is_on: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.pricings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "KeyVaults": Pricing( resource_id=resource_id, pricing_tier="Standard", @@ -69,6 +78,9 @@ class Test_defender_ensure_defender_for_keyvault_is_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_keyvault_is_on.defender_ensure_defender_for_keyvault_is_on.defender_client", new=defender_client, ): @@ -82,8 +94,8 @@ class Test_defender_ensure_defender_for_keyvault_is_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Defender plan Defender for KeyVaults from subscription {AZURE_SUBSCRIPTION} is set to ON (pricing tier standard)." + == f"Defender plan Defender for KeyVaults from subscription {AZURE_SUBSCRIPTION_ID} is set to ON (pricing tier standard)." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan KeyVaults" assert result[0].resource_id == resource_id diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_os_relational_databases_is_on/defender_ensure_defender_for_os_relational_databases_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_os_relational_databases_is_on/defender_ensure_defender_for_os_relational_databases_is_on_test.py index 416ac24308..4bfb16de7d 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_os_relational_databases_is_on/defender_ensure_defender_for_os_relational_databases_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_os_relational_databases_is_on/defender_ensure_defender_for_os_relational_databases_is_on_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_defender_ensure_defender_for_os_relational_databases_is_on: @@ -11,6 +14,9 @@ class Test_defender_ensure_defender_for_os_relational_databases_is_on: defender_client.pricings = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_os_relational_databases_is_on.defender_ensure_defender_for_os_relational_databases_is_on.defender_client", new=defender_client, ): @@ -26,7 +32,7 @@ class Test_defender_ensure_defender_for_os_relational_databases_is_on: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.pricings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "OpenSourceRelationalDatabases": Pricing( resource_id=resource_id, pricing_tier="Not Standard", @@ -36,6 +42,9 @@ class Test_defender_ensure_defender_for_os_relational_databases_is_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_os_relational_databases_is_on.defender_ensure_defender_for_os_relational_databases_is_on.defender_client", new=defender_client, ): @@ -49,9 +58,9 @@ class Test_defender_ensure_defender_for_os_relational_databases_is_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Defender plan Defender for Open-Source Relational Databases from subscription {AZURE_SUBSCRIPTION} is set to OFF (pricing tier not standard)." + == f"Defender plan Defender for Open-Source Relational Databases from subscription {AZURE_SUBSCRIPTION_ID} is set to OFF (pricing tier not standard)." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert ( result[0].resource_name == "Defender plan Open-Source Relational Databases" @@ -62,7 +71,7 @@ class Test_defender_ensure_defender_for_os_relational_databases_is_on: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.pricings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "OpenSourceRelationalDatabases": Pricing( resource_id=resource_id, pricing_tier="Standard", @@ -72,6 +81,9 @@ class Test_defender_ensure_defender_for_os_relational_databases_is_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_os_relational_databases_is_on.defender_ensure_defender_for_os_relational_databases_is_on.defender_client", new=defender_client, ): @@ -85,9 +97,9 @@ class Test_defender_ensure_defender_for_os_relational_databases_is_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Defender plan Defender for Open-Source Relational Databases from subscription {AZURE_SUBSCRIPTION} is set to ON (pricing tier standard)." + == f"Defender plan Defender for Open-Source Relational Databases from subscription {AZURE_SUBSCRIPTION_ID} is set to ON (pricing tier standard)." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert ( result[0].resource_name == "Defender plan Open-Source Relational Databases" diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_server_is_on/defender_ensure_defender_for_server_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_server_is_on/defender_ensure_defender_for_server_is_on_test.py index e23c8380ce..20348f4178 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_server_is_on/defender_ensure_defender_for_server_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_server_is_on/defender_ensure_defender_for_server_is_on_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_defender_ensure_defender_for_server_is_on: @@ -11,6 +14,9 @@ class Test_defender_ensure_defender_for_server_is_on: defender_client.pricings = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_server_is_on.defender_ensure_defender_for_server_is_on.defender_client", new=defender_client, ): @@ -26,7 +32,7 @@ class Test_defender_ensure_defender_for_server_is_on: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.pricings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "VirtualMachines": Pricing( resource_id=resource_id, pricing_tier="Not Standard", @@ -36,6 +42,9 @@ class Test_defender_ensure_defender_for_server_is_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_server_is_on.defender_ensure_defender_for_server_is_on.defender_client", new=defender_client, ): @@ -49,9 +58,9 @@ class Test_defender_ensure_defender_for_server_is_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Defender plan Defender for Servers from subscription {AZURE_SUBSCRIPTION} is set to OFF (pricing tier not standard)." + == f"Defender plan Defender for Servers from subscription {AZURE_SUBSCRIPTION_ID} is set to OFF (pricing tier not standard)." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan Servers" assert result[0].resource_id == resource_id @@ -59,7 +68,7 @@ class Test_defender_ensure_defender_for_server_is_on: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.pricings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "VirtualMachines": Pricing( resource_id=resource_id, pricing_tier="Standard", @@ -69,6 +78,9 @@ class Test_defender_ensure_defender_for_server_is_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_server_is_on.defender_ensure_defender_for_server_is_on.defender_client", new=defender_client, ): @@ -82,8 +94,8 @@ class Test_defender_ensure_defender_for_server_is_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Defender plan Defender for Servers from subscription {AZURE_SUBSCRIPTION} is set to ON (pricing tier standard)." + == f"Defender plan Defender for Servers from subscription {AZURE_SUBSCRIPTION_ID} is set to ON (pricing tier standard)." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan Servers" assert result[0].resource_id == resource_id diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_sql_servers_is_on/defender_ensure_defender_for_sql_servers_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_sql_servers_is_on/defender_ensure_defender_for_sql_servers_is_on_test.py index 7e37b8695f..8238554b73 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_sql_servers_is_on/defender_ensure_defender_for_sql_servers_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_sql_servers_is_on/defender_ensure_defender_for_sql_servers_is_on_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_defender_ensure_defender_for_sql_servers_is_on: @@ -11,6 +14,9 @@ class Test_defender_ensure_defender_for_sql_servers_is_on: defender_client.pricings = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_sql_servers_is_on.defender_ensure_defender_for_sql_servers_is_on.defender_client", new=defender_client, ): @@ -26,7 +32,7 @@ class Test_defender_ensure_defender_for_sql_servers_is_on: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.pricings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "SqlServerVirtualMachines": Pricing( resource_id=resource_id, pricing_tier="Not Standard", @@ -36,6 +42,9 @@ class Test_defender_ensure_defender_for_sql_servers_is_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_sql_servers_is_on.defender_ensure_defender_for_sql_servers_is_on.defender_client", new=defender_client, ): @@ -49,9 +58,9 @@ class Test_defender_ensure_defender_for_sql_servers_is_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Defender plan Defender for SQL Server VMs from subscription {AZURE_SUBSCRIPTION} is set to OFF (pricing tier not standard)." + == f"Defender plan Defender for SQL Server VMs from subscription {AZURE_SUBSCRIPTION_ID} is set to OFF (pricing tier not standard)." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan SQL Server VMs" assert result[0].resource_id == resource_id @@ -59,7 +68,7 @@ class Test_defender_ensure_defender_for_sql_servers_is_on: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.pricings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "SqlServerVirtualMachines": Pricing( resource_id=resource_id, pricing_tier="Standard", @@ -69,6 +78,9 @@ class Test_defender_ensure_defender_for_sql_servers_is_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_sql_servers_is_on.defender_ensure_defender_for_sql_servers_is_on.defender_client", new=defender_client, ): @@ -82,8 +94,8 @@ class Test_defender_ensure_defender_for_sql_servers_is_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Defender plan Defender for SQL Server VMs from subscription {AZURE_SUBSCRIPTION} is set to ON (pricing tier standard)." + == f"Defender plan Defender for SQL Server VMs from subscription {AZURE_SUBSCRIPTION_ID} is set to ON (pricing tier standard)." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan SQL Server VMs" assert result[0].resource_id == resource_id diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_storage_is_on/defender_ensure_defender_for_storage_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_storage_is_on/defender_ensure_defender_for_storage_is_on_test.py index 92895271f4..6462c11f40 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_storage_is_on/defender_ensure_defender_for_storage_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_storage_is_on/defender_ensure_defender_for_storage_is_on_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_defender_ensure_defender_for_storage_is_on: @@ -11,6 +14,9 @@ class Test_defender_ensure_defender_for_storage_is_on: defender_client.pricings = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_storage_is_on.defender_ensure_defender_for_storage_is_on.defender_client", new=defender_client, ): @@ -26,7 +32,7 @@ class Test_defender_ensure_defender_for_storage_is_on: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.pricings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "StorageAccounts": Pricing( resource_id=resource_id, pricing_tier="Not Standard", @@ -36,6 +42,9 @@ class Test_defender_ensure_defender_for_storage_is_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_storage_is_on.defender_ensure_defender_for_storage_is_on.defender_client", new=defender_client, ): @@ -49,9 +58,9 @@ class Test_defender_ensure_defender_for_storage_is_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Defender plan Defender for Storage Accounts from subscription {AZURE_SUBSCRIPTION} is set to OFF (pricing tier not standard)." + == f"Defender plan Defender for Storage Accounts from subscription {AZURE_SUBSCRIPTION_ID} is set to OFF (pricing tier not standard)." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan Storage Accounts" assert result[0].resource_id == resource_id @@ -59,7 +68,7 @@ class Test_defender_ensure_defender_for_storage_is_on: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.pricings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "StorageAccounts": Pricing( resource_id=resource_id, pricing_tier="Standard", @@ -69,6 +78,9 @@ class Test_defender_ensure_defender_for_storage_is_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_defender_for_storage_is_on.defender_ensure_defender_for_storage_is_on.defender_client", new=defender_client, ): @@ -82,8 +94,8 @@ class Test_defender_ensure_defender_for_storage_is_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Defender plan Defender for Storage Accounts from subscription {AZURE_SUBSCRIPTION} is set to ON (pricing tier standard)." + == f"Defender plan Defender for Storage Accounts from subscription {AZURE_SUBSCRIPTION_ID} is set to ON (pricing tier standard)." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan Storage Accounts" assert result[0].resource_id == resource_id diff --git a/tests/providers/azure/services/defender/defender_ensure_iot_hub_defender_is_on/defender_ensure_iot_hub_defender_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_iot_hub_defender_is_on/defender_ensure_iot_hub_defender_is_on_test.py index 68d96b5134..4087e00e88 100644 --- a/tests/providers/azure/services/defender/defender_ensure_iot_hub_defender_is_on/defender_ensure_iot_hub_defender_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_iot_hub_defender_is_on/defender_ensure_iot_hub_defender_is_on_test.py @@ -4,7 +4,10 @@ from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import ( IoTSecuritySolution, ) -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_defender_ensure_iot_hub_defender_is_on: @@ -13,6 +16,9 @@ class Test_defender_ensure_iot_hub_defender_is_on: defender_client.iot_security_solutions = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_iot_hub_defender_is_on.defender_ensure_iot_hub_defender_is_on.defender_client", new=defender_client, ): @@ -26,9 +32,12 @@ class Test_defender_ensure_iot_hub_defender_is_on: def test_defender_no_iot_hub_solutions(self): defender_client = mock.MagicMock - defender_client.iot_security_solutions = {AZURE_SUBSCRIPTION: {}} + defender_client.iot_security_solutions = {AZURE_SUBSCRIPTION_ID: {}} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_iot_hub_defender_is_on.defender_ensure_iot_hub_defender_is_on.defender_client", new=defender_client, ): @@ -42,7 +51,7 @@ class Test_defender_ensure_iot_hub_defender_is_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"No IoT Security Solutions found in the subscription {AZURE_SUBSCRIPTION}." + == f"No IoT Security Solutions found in the subscription {AZURE_SUBSCRIPTION_ID}." ) assert result[0].resource_name == "IoT Hub Defender" assert result[0].resource_id == "IoT Hub Defender" @@ -51,7 +60,7 @@ class Test_defender_ensure_iot_hub_defender_is_on: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.iot_security_solutions = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "iot_sec_solution": IoTSecuritySolution( resource_id=resource_id, status="Disabled" ) @@ -59,6 +68,9 @@ class Test_defender_ensure_iot_hub_defender_is_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_iot_hub_defender_is_on.defender_ensure_iot_hub_defender_is_on.defender_client", new=defender_client, ): @@ -72,7 +84,7 @@ class Test_defender_ensure_iot_hub_defender_is_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"The security solution iot_sec_solution is disabled in susbscription {AZURE_SUBSCRIPTION}" + == f"The security solution iot_sec_solution is disabled in susbscription {AZURE_SUBSCRIPTION_ID}" ) assert result[0].resource_name == "iot_sec_solution" assert result[0].resource_id == resource_id @@ -81,7 +93,7 @@ class Test_defender_ensure_iot_hub_defender_is_on: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.iot_security_solutions = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "iot_sec_solution": IoTSecuritySolution( resource_id=resource_id, status="Enabled" ) @@ -89,6 +101,9 @@ class Test_defender_ensure_iot_hub_defender_is_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_iot_hub_defender_is_on.defender_ensure_iot_hub_defender_is_on.defender_client", new=defender_client, ): @@ -102,18 +117,18 @@ class Test_defender_ensure_iot_hub_defender_is_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"The security solution iot_sec_solution is enabled in susbscription {AZURE_SUBSCRIPTION}." + == f"The security solution iot_sec_solution is enabled in susbscription {AZURE_SUBSCRIPTION_ID}." ) assert result[0].resource_name == "iot_sec_solution" assert result[0].resource_id == resource_id - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID def test_defender_multiple_iot_hub_solution_enabled_and_disabled(self): resource_id_enabled = str(uuid4()) resource_id_disabled = str(uuid4()) defender_client = mock.MagicMock defender_client.iot_security_solutions = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "iot_sec_solution_enabled": IoTSecuritySolution( resource_id=resource_id_enabled, status="Enabled" ), @@ -124,6 +139,9 @@ class Test_defender_ensure_iot_hub_defender_is_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_iot_hub_defender_is_on.defender_ensure_iot_hub_defender_is_on.defender_client", new=defender_client, ): @@ -137,17 +155,17 @@ class Test_defender_ensure_iot_hub_defender_is_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"The security solution iot_sec_solution_enabled is enabled in susbscription {AZURE_SUBSCRIPTION}." + == f"The security solution iot_sec_solution_enabled is enabled in susbscription {AZURE_SUBSCRIPTION_ID}." ) assert result[0].resource_name == "iot_sec_solution_enabled" assert result[0].resource_id == resource_id_enabled - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[1].status == "FAIL" assert ( result[1].status_extended - == f"The security solution iot_sec_solution_disabled is disabled in susbscription {AZURE_SUBSCRIPTION}" + == f"The security solution iot_sec_solution_disabled is disabled in susbscription {AZURE_SUBSCRIPTION_ID}" ) assert result[1].resource_name == "iot_sec_solution_disabled" assert result[1].resource_id == resource_id_disabled - assert result[1].subscription == AZURE_SUBSCRIPTION + assert result[1].subscription == AZURE_SUBSCRIPTION_ID diff --git a/tests/providers/azure/services/defender/defender_ensure_mcas_is_enabled/defender_ensure_mcas_is_enabled_test.py b/tests/providers/azure/services/defender/defender_ensure_mcas_is_enabled/defender_ensure_mcas_is_enabled_test.py index 860de799a1..5725d7fc70 100644 --- a/tests/providers/azure/services/defender/defender_ensure_mcas_is_enabled/defender_ensure_mcas_is_enabled_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_mcas_is_enabled/defender_ensure_mcas_is_enabled_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Setting -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_defender_ensure_mcas_is_enabled: @@ -11,6 +14,9 @@ class Test_defender_ensure_mcas_is_enabled: defender_client.settings = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_mcas_is_enabled.defender_ensure_mcas_is_enabled.defender_client", new=defender_client, ): @@ -26,7 +32,7 @@ class Test_defender_ensure_mcas_is_enabled: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.settings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "MCAS": Setting( resource_id=resource_id, resource_type="Microsoft.Security/locations/settings", @@ -37,6 +43,9 @@ class Test_defender_ensure_mcas_is_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_mcas_is_enabled.defender_ensure_mcas_is_enabled.defender_client", new=defender_client, ): @@ -50,9 +59,9 @@ class Test_defender_ensure_mcas_is_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Microsoft Defender for Cloud Apps is disabeld for subscription {AZURE_SUBSCRIPTION}." + == f"Microsoft Defender for Cloud Apps is disabeld for subscription {AZURE_SUBSCRIPTION_ID}." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "MCAS" assert result[0].resource_id == resource_id @@ -60,7 +69,7 @@ class Test_defender_ensure_mcas_is_enabled: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.settings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "MCAS": Setting( resource_id=resource_id, resource_type="Microsoft.Security/locations/settings", @@ -71,6 +80,9 @@ class Test_defender_ensure_mcas_is_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_mcas_is_enabled.defender_ensure_mcas_is_enabled.defender_client", new=defender_client, ): @@ -84,17 +96,20 @@ class Test_defender_ensure_mcas_is_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Microsoft Defender for Cloud Apps is enabled for subscription {AZURE_SUBSCRIPTION}." + == f"Microsoft Defender for Cloud Apps is enabled for subscription {AZURE_SUBSCRIPTION_ID}." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "MCAS" assert result[0].resource_id == resource_id def test_defender_mcas_no_settings(self): defender_client = mock.MagicMock - defender_client.settings = {AZURE_SUBSCRIPTION: {}} + defender_client.settings = {AZURE_SUBSCRIPTION_ID: {}} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_mcas_is_enabled.defender_ensure_mcas_is_enabled.defender_client", new=defender_client, ): @@ -108,8 +123,8 @@ class Test_defender_ensure_mcas_is_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Microsoft Defender for Cloud Apps not exists for subscription {AZURE_SUBSCRIPTION}." + == f"Microsoft Defender for Cloud Apps not exists for subscription {AZURE_SUBSCRIPTION_ID}." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "MCAS" assert result[0].resource_id == "MCAS" diff --git a/tests/providers/azure/services/defender/defender_ensure_notify_alerts_severity_is_high/defender_ensure_notify_alerts_severity_is_high_test.py b/tests/providers/azure/services/defender/defender_ensure_notify_alerts_severity_is_high/defender_ensure_notify_alerts_severity_is_high_test.py index 48b1f1bd08..6c84abf1e7 100644 --- a/tests/providers/azure/services/defender/defender_ensure_notify_alerts_severity_is_high/defender_ensure_notify_alerts_severity_is_high_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_notify_alerts_severity_is_high/defender_ensure_notify_alerts_severity_is_high_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import SecurityContacts -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_defender_ensure_notify_alerts_severity_is_high: @@ -11,6 +14,9 @@ class Test_defender_ensure_notify_alerts_severity_is_high: defender_client.security_contacts = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_notify_alerts_severity_is_high.defender_ensure_notify_alerts_severity_is_high.defender_client", new=defender_client, ): @@ -26,7 +32,7 @@ class Test_defender_ensure_notify_alerts_severity_is_high: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.security_contacts = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "default": SecurityContacts( resource_id=resource_id, emails="", @@ -40,6 +46,9 @@ class Test_defender_ensure_notify_alerts_severity_is_high: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_notify_alerts_severity_is_high.defender_ensure_notify_alerts_severity_is_high.defender_client", new=defender_client, ): @@ -53,9 +62,9 @@ class Test_defender_ensure_notify_alerts_severity_is_high: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Notifiy alerts are not enabled for severity high in susbscription {AZURE_SUBSCRIPTION}." + == f"Notifiy alerts are not enabled for severity high in susbscription {AZURE_SUBSCRIPTION_ID}." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "default" assert result[0].resource_id == resource_id @@ -63,7 +72,7 @@ class Test_defender_ensure_notify_alerts_severity_is_high: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.security_contacts = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "default": SecurityContacts( resource_id=resource_id, emails="", @@ -77,6 +86,9 @@ class Test_defender_ensure_notify_alerts_severity_is_high: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_notify_alerts_severity_is_high.defender_ensure_notify_alerts_severity_is_high.defender_client", new=defender_client, ): @@ -90,18 +102,18 @@ class Test_defender_ensure_notify_alerts_severity_is_high: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Notifiy alerts are enabled for severity high in susbscription {AZURE_SUBSCRIPTION}." + == f"Notifiy alerts are enabled for severity high in susbscription {AZURE_SUBSCRIPTION_ID}." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "default" assert result[0].resource_id == resource_id def test_defender_default_security_contact_not_found(self): defender_client = mock.MagicMock defender_client.security_contacts = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "default": SecurityContacts( - resource_id=f"/subscriptions/{AZURE_SUBSCRIPTION}/providers/Microsoft.Security/securityContacts/default", + resource_id=f"/subscriptions/{AZURE_SUBSCRIPTION_ID}/providers/Microsoft.Security/securityContacts/default", emails="", phone="", alert_notifications_minimal_severity="", @@ -113,6 +125,9 @@ class Test_defender_ensure_notify_alerts_severity_is_high: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_notify_alerts_severity_is_high.defender_ensure_notify_alerts_severity_is_high.defender_client", new=defender_client, ): @@ -126,11 +141,11 @@ class Test_defender_ensure_notify_alerts_severity_is_high: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Notifiy alerts are not enabled for severity high in susbscription {AZURE_SUBSCRIPTION}." + == f"Notifiy alerts are not enabled for severity high in susbscription {AZURE_SUBSCRIPTION_ID}." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "default" assert ( result[0].resource_id - == f"/subscriptions/{AZURE_SUBSCRIPTION}/providers/Microsoft.Security/securityContacts/default" + == f"/subscriptions/{AZURE_SUBSCRIPTION_ID}/providers/Microsoft.Security/securityContacts/default" ) diff --git a/tests/providers/azure/services/defender/defender_ensure_notify_emails_to_owners/defender_ensure_notify_emails_to_owners_test.py b/tests/providers/azure/services/defender/defender_ensure_notify_emails_to_owners/defender_ensure_notify_emails_to_owners_test.py index 4df36a115f..4e60354ea4 100644 --- a/tests/providers/azure/services/defender/defender_ensure_notify_emails_to_owners/defender_ensure_notify_emails_to_owners_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_notify_emails_to_owners/defender_ensure_notify_emails_to_owners_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import SecurityContacts -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_defender_ensure_notify_emails_to_owners: @@ -11,6 +14,9 @@ class Test_defender_ensure_notify_emails_to_owners: defender_client.security_contacts = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_notify_emails_to_owners.defender_ensure_notify_emails_to_owners.defender_client", new=defender_client, ): @@ -26,7 +32,7 @@ class Test_defender_ensure_notify_emails_to_owners: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.security_contacts = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "default": SecurityContacts( resource_id=resource_id, emails="", @@ -40,6 +46,9 @@ class Test_defender_ensure_notify_emails_to_owners: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_notify_emails_to_owners.defender_ensure_notify_emails_to_owners.defender_client", new=defender_client, ): @@ -53,9 +62,9 @@ class Test_defender_ensure_notify_emails_to_owners: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"The Owner role is not notified for subscription {AZURE_SUBSCRIPTION}." + == f"The Owner role is not notified for subscription {AZURE_SUBSCRIPTION_ID}." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "default" assert result[0].resource_id == resource_id @@ -63,7 +72,7 @@ class Test_defender_ensure_notify_emails_to_owners: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.security_contacts = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "default": SecurityContacts( resource_id=resource_id, emails="", @@ -77,6 +86,9 @@ class Test_defender_ensure_notify_emails_to_owners: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_notify_emails_to_owners.defender_ensure_notify_emails_to_owners.defender_client", new=defender_client, ): @@ -90,9 +102,9 @@ class Test_defender_ensure_notify_emails_to_owners: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"The Owner role is not notified for subscription {AZURE_SUBSCRIPTION}." + == f"The Owner role is not notified for subscription {AZURE_SUBSCRIPTION_ID}." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "default" assert result[0].resource_id == resource_id @@ -100,7 +112,7 @@ class Test_defender_ensure_notify_emails_to_owners: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.security_contacts = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "default": SecurityContacts( resource_id=resource_id, emails="test@test.es", @@ -114,6 +126,9 @@ class Test_defender_ensure_notify_emails_to_owners: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_notify_emails_to_owners.defender_ensure_notify_emails_to_owners.defender_client", new=defender_client, ): @@ -127,18 +142,18 @@ class Test_defender_ensure_notify_emails_to_owners: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"The Owner role is notified for subscription {AZURE_SUBSCRIPTION}." + == f"The Owner role is notified for subscription {AZURE_SUBSCRIPTION_ID}." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "default" assert result[0].resource_id == resource_id def test_defender_default_security_contact_not_found(self): defender_client = mock.MagicMock defender_client.security_contacts = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "default": SecurityContacts( - resource_id=f"/subscriptions/{AZURE_SUBSCRIPTION}/providers/Microsoft.Security/securityContacts/default", + resource_id=f"/subscriptions/{AZURE_SUBSCRIPTION_ID}/providers/Microsoft.Security/securityContacts/default", emails="", phone="", alert_notifications_minimal_severity="", @@ -150,6 +165,9 @@ class Test_defender_ensure_notify_emails_to_owners: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_notify_emails_to_owners.defender_ensure_notify_emails_to_owners.defender_client", new=defender_client, ): @@ -163,11 +181,11 @@ class Test_defender_ensure_notify_emails_to_owners: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"The Owner role is not notified for subscription {AZURE_SUBSCRIPTION}." + == f"The Owner role is not notified for subscription {AZURE_SUBSCRIPTION_ID}." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "default" assert ( result[0].resource_id - == f"/subscriptions/{AZURE_SUBSCRIPTION}/providers/Microsoft.Security/securityContacts/default" + == f"/subscriptions/{AZURE_SUBSCRIPTION_ID}/providers/Microsoft.Security/securityContacts/default" ) diff --git a/tests/providers/azure/services/defender/defender_ensure_system_updates_are_applied/defender_ensure_system_updates_are_applied_test.py b/tests/providers/azure/services/defender/defender_ensure_system_updates_are_applied/defender_ensure_system_updates_are_applied_test.py index 176c2634a5..945e6b46c4 100644 --- a/tests/providers/azure/services/defender/defender_ensure_system_updates_are_applied/defender_ensure_system_updates_are_applied_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_system_updates_are_applied/defender_ensure_system_updates_are_applied_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Assesment -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_defender_ensure_system_updates_are_applied: @@ -11,6 +14,9 @@ class Test_defender_ensure_system_updates_are_applied: defender_client.assessments = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_system_updates_are_applied.defender_ensure_system_updates_are_applied.defender_client", new=defender_client, ): @@ -26,7 +32,7 @@ class Test_defender_ensure_system_updates_are_applied: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.assessments = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "Log Analytics agent should be installed on virtual machines": Assesment( resource_id=resource_id, resource_name="vm1", @@ -46,6 +52,9 @@ class Test_defender_ensure_system_updates_are_applied: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_system_updates_are_applied.defender_ensure_system_updates_are_applied.defender_client", new=defender_client, ): @@ -59,9 +68,9 @@ class Test_defender_ensure_system_updates_are_applied: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"System updates are not applied for all the VMs in the subscription {AZURE_SUBSCRIPTION}." + == f"System updates are not applied for all the VMs in the subscription {AZURE_SUBSCRIPTION_ID}." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "vm1" assert result[0].resource_id == resource_id @@ -71,7 +80,7 @@ class Test_defender_ensure_system_updates_are_applied: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.assessments = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "Log Analytics agent should be installed on virtual machines": Assesment( resource_id=resource_id, resource_name="vm1", @@ -91,6 +100,9 @@ class Test_defender_ensure_system_updates_are_applied: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_system_updates_are_applied.defender_ensure_system_updates_are_applied.defender_client", new=defender_client, ): @@ -104,9 +116,9 @@ class Test_defender_ensure_system_updates_are_applied: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"System updates are not applied for all the VMs in the subscription {AZURE_SUBSCRIPTION}." + == f"System updates are not applied for all the VMs in the subscription {AZURE_SUBSCRIPTION_ID}." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "vm1" assert result[0].resource_id == resource_id @@ -114,7 +126,7 @@ class Test_defender_ensure_system_updates_are_applied: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.assessments = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "Log Analytics agent should be installed on virtual machines": Assesment( resource_id=resource_id, resource_name="vm1", @@ -134,6 +146,9 @@ class Test_defender_ensure_system_updates_are_applied: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_system_updates_are_applied.defender_ensure_system_updates_are_applied.defender_client", new=defender_client, ): @@ -147,9 +162,9 @@ class Test_defender_ensure_system_updates_are_applied: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"System updates are not applied for all the VMs in the subscription {AZURE_SUBSCRIPTION}." + == f"System updates are not applied for all the VMs in the subscription {AZURE_SUBSCRIPTION_ID}." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "vm1" assert result[0].resource_id == resource_id @@ -159,7 +174,7 @@ class Test_defender_ensure_system_updates_are_applied: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.assessments = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "Log Analytics agent should be installed on virtual machines": Assesment( resource_id=resource_id, resource_name="vm1", @@ -179,6 +194,9 @@ class Test_defender_ensure_system_updates_are_applied: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_system_updates_are_applied.defender_ensure_system_updates_are_applied.defender_client", new=defender_client, ): @@ -192,8 +210,8 @@ class Test_defender_ensure_system_updates_are_applied: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"System updates are applied for all the VMs in the subscription {AZURE_SUBSCRIPTION}." + == f"System updates are applied for all the VMs in the subscription {AZURE_SUBSCRIPTION_ID}." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "vm1" assert result[0].resource_id == resource_id diff --git a/tests/providers/azure/services/defender/defender_ensure_wdatp_is_enabled/defender_ensure_wdatp_is_enabled_test.py b/tests/providers/azure/services/defender/defender_ensure_wdatp_is_enabled/defender_ensure_wdatp_is_enabled_test.py index 9d5a91d008..97df363859 100644 --- a/tests/providers/azure/services/defender/defender_ensure_wdatp_is_enabled/defender_ensure_wdatp_is_enabled_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_wdatp_is_enabled/defender_ensure_wdatp_is_enabled_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Setting -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_defender_ensure_wdatp_is_enabled: @@ -11,6 +14,9 @@ class Test_defender_ensure_wdatp_is_enabled: defender_client.settings = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_wdatp_is_enabled.defender_ensure_wdatp_is_enabled.defender_client", new=defender_client, ): @@ -26,7 +32,7 @@ class Test_defender_ensure_wdatp_is_enabled: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.settings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "WDATP": Setting( resource_id=resource_id, resource_type="Microsoft.Security/locations/settings", @@ -37,6 +43,9 @@ class Test_defender_ensure_wdatp_is_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_wdatp_is_enabled.defender_ensure_wdatp_is_enabled.defender_client", new=defender_client, ): @@ -50,9 +59,9 @@ class Test_defender_ensure_wdatp_is_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Microsoft Defender for Endpoint integration is disabeld for subscription {AZURE_SUBSCRIPTION}." + == f"Microsoft Defender for Endpoint integration is disabeld for subscription {AZURE_SUBSCRIPTION_ID}." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "WDATP" assert result[0].resource_id == resource_id @@ -60,7 +69,7 @@ class Test_defender_ensure_wdatp_is_enabled: resource_id = str(uuid4()) defender_client = mock.MagicMock defender_client.settings = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "WDATP": Setting( resource_id=resource_id, resource_type="Microsoft.Security/locations/settings", @@ -71,6 +80,9 @@ class Test_defender_ensure_wdatp_is_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_wdatp_is_enabled.defender_ensure_wdatp_is_enabled.defender_client", new=defender_client, ): @@ -84,17 +96,20 @@ class Test_defender_ensure_wdatp_is_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Microsoft Defender for Endpoint integration is enabled for subscription {AZURE_SUBSCRIPTION}." + == f"Microsoft Defender for Endpoint integration is enabled for subscription {AZURE_SUBSCRIPTION_ID}." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "WDATP" assert result[0].resource_id == resource_id def test_defender_wdatp_no_settings(self): defender_client = mock.MagicMock - defender_client.settings = {AZURE_SUBSCRIPTION: {}} + defender_client.settings = {AZURE_SUBSCRIPTION_ID: {}} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.defender.defender_ensure_wdatp_is_enabled.defender_ensure_wdatp_is_enabled.defender_client", new=defender_client, ): @@ -108,8 +123,8 @@ class Test_defender_ensure_wdatp_is_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Microsoft Defender for Endpoint integration not exists for subscription {AZURE_SUBSCRIPTION}." + == f"Microsoft Defender for Endpoint integration not exists for subscription {AZURE_SUBSCRIPTION_ID}." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "WDATP" assert result[0].resource_id == "WDATP" diff --git a/tests/providers/azure/services/defender/defender_service_test.py b/tests/providers/azure/services/defender/defender_service_test.py index bf15796097..1db95f5fe0 100644 --- a/tests/providers/azure/services/defender/defender_service_test.py +++ b/tests/providers/azure/services/defender/defender_service_test.py @@ -11,14 +11,14 @@ from prowler.providers.azure.services.defender.defender_service import ( Setting, ) from tests.providers.azure.azure_fixtures import ( - AZURE_SUBSCRIPTION, - set_mocked_azure_audit_info, + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, ) def mock_defender_get_pricings(_): return { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "Standard": Pricing( resource_id="resource_id", pricing_tier="pricing_tier", @@ -31,7 +31,7 @@ def mock_defender_get_pricings(_): def mock_defender_get_auto_provisioning_settings(_): return { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "default": AutoProvisioningSetting( resource_id="/subscriptions/resource_id", resource_name="default", @@ -44,7 +44,7 @@ def mock_defender_get_auto_provisioning_settings(_): def mock_defender_get_assessments(_): return { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "default": Assesment( resource_id="/subscriptions/resource_id", resource_name="default", @@ -56,7 +56,7 @@ def mock_defender_get_assessments(_): def mock_defender_get_security_contacts(_): return { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "default": SecurityContacts( resource_id="/subscriptions/resource_id", emails="user@user.com, test@test.es", @@ -72,7 +72,7 @@ def mock_defender_get_security_contacts(_): def mock_defender_get_settings(_): return { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "MCAS": Setting( resource_id="/subscriptions/resource_id", resource_type="Microsoft.Security/locations/settings", @@ -85,7 +85,7 @@ def mock_defender_get_settings(_): def mock_defender_get_iot_security_solutions(_): return { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "iot_sec_solution": IoTSecuritySolution( resource_id="/subscriptions/resource_id", status="Enabled", @@ -120,137 +120,141 @@ def mock_defender_get_iot_security_solutions(_): ) class Test_Defender_Service: def test__get_client__(self): - defender = Defender(set_mocked_azure_audit_info()) + defender = Defender(set_mocked_azure_provider()) assert ( - defender.clients[AZURE_SUBSCRIPTION].__class__.__name__ == "SecurityCenter" + defender.clients[AZURE_SUBSCRIPTION_ID].__class__.__name__ + == "SecurityCenter" ) def test__get_subscriptions__(self): - defender = Defender(set_mocked_azure_audit_info()) - defender = Defender(set_mocked_azure_audit_info()) + defender = Defender(set_mocked_azure_provider()) + defender = Defender(set_mocked_azure_provider()) assert defender.subscriptions.__class__.__name__ == "dict" def test__get_pricings__(self): - defender = Defender(set_mocked_azure_audit_info()) + defender = Defender(set_mocked_azure_provider()) assert len(defender.pricings) == 1 assert ( - defender.pricings[AZURE_SUBSCRIPTION]["Standard"].resource_id + defender.pricings[AZURE_SUBSCRIPTION_ID]["Standard"].resource_id == "resource_id" ) assert ( - defender.pricings[AZURE_SUBSCRIPTION]["Standard"].pricing_tier + defender.pricings[AZURE_SUBSCRIPTION_ID]["Standard"].pricing_tier == "pricing_tier" ) - assert defender.pricings[AZURE_SUBSCRIPTION][ + assert defender.pricings[AZURE_SUBSCRIPTION_ID][ "Standard" ].free_trial_remaining_time == timedelta(days=1) - assert defender.pricings[AZURE_SUBSCRIPTION]["Standard"].extensions == {} + assert defender.pricings[AZURE_SUBSCRIPTION_ID]["Standard"].extensions == {} def test__get_auto_provisioning_settings__(self): - defender = Defender(set_mocked_azure_audit_info()) + defender = Defender(set_mocked_azure_provider()) assert len(defender.auto_provisioning_settings) == 1 assert ( - defender.auto_provisioning_settings[AZURE_SUBSCRIPTION][ + defender.auto_provisioning_settings[AZURE_SUBSCRIPTION_ID][ "default" ].resource_id == "/subscriptions/resource_id" ) assert ( - defender.auto_provisioning_settings[AZURE_SUBSCRIPTION][ + defender.auto_provisioning_settings[AZURE_SUBSCRIPTION_ID][ "default" ].resource_name == "default" ) assert ( - defender.auto_provisioning_settings[AZURE_SUBSCRIPTION][ + defender.auto_provisioning_settings[AZURE_SUBSCRIPTION_ID][ "default" ].resource_type == "Microsoft.Security/autoProvisioningSettings" ) assert ( - defender.auto_provisioning_settings[AZURE_SUBSCRIPTION][ + defender.auto_provisioning_settings[AZURE_SUBSCRIPTION_ID][ "default" ].auto_provision == "On" ) def test__get_assessments__(self): - defender = Defender(set_mocked_azure_audit_info()) + defender = Defender(set_mocked_azure_provider()) assert len(defender.assessments) == 1 assert ( - defender.assessments[AZURE_SUBSCRIPTION]["default"].resource_id + defender.assessments[AZURE_SUBSCRIPTION_ID]["default"].resource_id == "/subscriptions/resource_id" ) assert ( - defender.assessments[AZURE_SUBSCRIPTION]["default"].resource_name + defender.assessments[AZURE_SUBSCRIPTION_ID]["default"].resource_name == "default" ) - assert defender.assessments[AZURE_SUBSCRIPTION]["default"].status == "Healthy" + assert ( + defender.assessments[AZURE_SUBSCRIPTION_ID]["default"].status == "Healthy" + ) def test__get_settings__(self): - defender = Defender(set_mocked_azure_audit_info()) + defender = Defender(set_mocked_azure_provider()) assert len(defender.settings) == 1 assert ( - defender.settings[AZURE_SUBSCRIPTION]["MCAS"].resource_id + defender.settings[AZURE_SUBSCRIPTION_ID]["MCAS"].resource_id == "/subscriptions/resource_id" ) assert ( - defender.settings[AZURE_SUBSCRIPTION]["MCAS"].resource_type + defender.settings[AZURE_SUBSCRIPTION_ID]["MCAS"].resource_type == "Microsoft.Security/locations/settings" ) assert ( - defender.settings[AZURE_SUBSCRIPTION]["MCAS"].kind == "DataExportSettings" + defender.settings[AZURE_SUBSCRIPTION_ID]["MCAS"].kind + == "DataExportSettings" ) - assert defender.settings[AZURE_SUBSCRIPTION]["MCAS"].enabled + assert defender.settings[AZURE_SUBSCRIPTION_ID]["MCAS"].enabled def test__get_security_contacts__(self): - defender = Defender(set_mocked_azure_audit_info()) + defender = Defender(set_mocked_azure_provider()) assert len(defender.security_contacts) == 1 assert ( - defender.security_contacts[AZURE_SUBSCRIPTION]["default"].resource_id + defender.security_contacts[AZURE_SUBSCRIPTION_ID]["default"].resource_id == "/subscriptions/resource_id" ) assert ( - defender.security_contacts[AZURE_SUBSCRIPTION]["default"].emails + defender.security_contacts[AZURE_SUBSCRIPTION_ID]["default"].emails == "user@user.com, test@test.es" ) assert ( - defender.security_contacts[AZURE_SUBSCRIPTION]["default"].phone + defender.security_contacts[AZURE_SUBSCRIPTION_ID]["default"].phone == "666666666" ) assert ( - defender.security_contacts[AZURE_SUBSCRIPTION][ + defender.security_contacts[AZURE_SUBSCRIPTION_ID][ "default" ].alert_notifications_minimal_severity == "High" ) assert ( - defender.security_contacts[AZURE_SUBSCRIPTION][ + defender.security_contacts[AZURE_SUBSCRIPTION_ID][ "default" ].alert_notifications_state == "On" ) - assert defender.security_contacts[AZURE_SUBSCRIPTION][ + assert defender.security_contacts[AZURE_SUBSCRIPTION_ID][ "default" ].notified_roles == ["Owner", "Contributor"] assert ( - defender.security_contacts[AZURE_SUBSCRIPTION][ + defender.security_contacts[AZURE_SUBSCRIPTION_ID][ "default" ].notified_roles_state == "On" ) def test__get_iot_security_solutions__(self): - defender = Defender(set_mocked_azure_audit_info()) + defender = Defender(set_mocked_azure_provider()) assert len(defender.iot_security_solutions) == 1 assert ( - defender.iot_security_solutions[AZURE_SUBSCRIPTION][ + defender.iot_security_solutions[AZURE_SUBSCRIPTION_ID][ "iot_sec_solution" ].resource_id == "/subscriptions/resource_id" ) assert ( - defender.iot_security_solutions[AZURE_SUBSCRIPTION][ + defender.iot_security_solutions[AZURE_SUBSCRIPTION_ID][ "iot_sec_solution" ].status == "Enabled" diff --git a/tests/providers/azure/services/iam/iam_custom_role_has_permissions_to_administer_resource_locks/iam_custom_role_has_permissions_to_administer_resource_locks_test.py b/tests/providers/azure/services/iam/iam_custom_role_has_permissions_to_administer_resource_locks/iam_custom_role_has_permissions_to_administer_resource_locks_test.py index e407087c8d..785b9500e4 100644 --- a/tests/providers/azure/services/iam/iam_custom_role_has_permissions_to_administer_resource_locks/iam_custom_role_has_permissions_to_administer_resource_locks_test.py +++ b/tests/providers/azure/services/iam/iam_custom_role_has_permissions_to_administer_resource_locks/iam_custom_role_has_permissions_to_administer_resource_locks_test.py @@ -4,7 +4,10 @@ from uuid import uuid4 from azure.mgmt.authorization.v2022_04_01.models import Permission from prowler.providers.azure.services.iam.iam_service import Role -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_iam_custom_role_has_permissions_to_administer_resource_locks: @@ -13,6 +16,9 @@ class Test_iam_custom_role_has_permissions_to_administer_resource_locks: defender_client.custom_roles = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.iam.iam_custom_role_has_permissions_to_administer_resource_locks.iam_custom_role_has_permissions_to_administer_resource_locks.iam_client", new=defender_client, ): @@ -30,7 +36,7 @@ class Test_iam_custom_role_has_permissions_to_administer_resource_locks: defender_client = mock.MagicMock role_name = "test-role" defender_client.custom_roles = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Role( id=str(uuid4()), name=role_name, @@ -49,6 +55,9 @@ class Test_iam_custom_role_has_permissions_to_administer_resource_locks: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.iam.iam_custom_role_has_permissions_to_administer_resource_locks.iam_custom_role_has_permissions_to_administer_resource_locks.iam_client", new=defender_client, ): @@ -62,12 +71,12 @@ class Test_iam_custom_role_has_permissions_to_administer_resource_locks: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Role {role_name} from subscription {AZURE_SUBSCRIPTION} has permission to administer resource locks." + == f"Role {role_name} from subscription {AZURE_SUBSCRIPTION_ID} has permission to administer resource locks." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert ( result[0].resource_id - == defender_client.custom_roles[AZURE_SUBSCRIPTION][0].id + == defender_client.custom_roles[AZURE_SUBSCRIPTION_ID][0].id ) assert result[0].resource_name == role_name @@ -77,7 +86,7 @@ class Test_iam_custom_role_has_permissions_to_administer_resource_locks: defender_client = mock.MagicMock role_name = "test-role" defender_client.custom_roles = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Role( id=str(uuid4()), name=role_name, @@ -89,6 +98,9 @@ class Test_iam_custom_role_has_permissions_to_administer_resource_locks: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.iam.iam_custom_role_has_permissions_to_administer_resource_locks.iam_custom_role_has_permissions_to_administer_resource_locks.iam_client", new=defender_client, ): @@ -102,11 +114,11 @@ class Test_iam_custom_role_has_permissions_to_administer_resource_locks: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Role {role_name} from subscription {AZURE_SUBSCRIPTION} has no permission to administer resource locks." + == f"Role {role_name} from subscription {AZURE_SUBSCRIPTION_ID} has no permission to administer resource locks." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert ( result[0].resource_id - == defender_client.custom_roles[AZURE_SUBSCRIPTION][0].id + == defender_client.custom_roles[AZURE_SUBSCRIPTION_ID][0].id ) assert result[0].resource_name == role_name diff --git a/tests/providers/azure/services/iam/iam_subscription_roles_owner_custom_not_created/iam_subscription_roles_owner_custom_not_created_test.py b/tests/providers/azure/services/iam/iam_subscription_roles_owner_custom_not_created/iam_subscription_roles_owner_custom_not_created_test.py index a008d3f52a..c3934a1d14 100644 --- a/tests/providers/azure/services/iam/iam_subscription_roles_owner_custom_not_created/iam_subscription_roles_owner_custom_not_created_test.py +++ b/tests/providers/azure/services/iam/iam_subscription_roles_owner_custom_not_created/iam_subscription_roles_owner_custom_not_created_test.py @@ -4,7 +4,10 @@ from uuid import uuid4 from azure.mgmt.authorization.v2022_04_01.models import Permission from prowler.providers.azure.services.iam.iam_service import Role -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_iam_subscription_roles_owner_custom_not_created: @@ -13,6 +16,9 @@ class Test_iam_subscription_roles_owner_custom_not_created: defender_client.custom_roles = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.iam.iam_subscription_roles_owner_custom_not_created.iam_subscription_roles_owner_custom_not_created.iam_client", new=defender_client, ): @@ -28,7 +34,7 @@ class Test_iam_subscription_roles_owner_custom_not_created: defender_client = mock.MagicMock role_name = "test-role" defender_client.custom_roles = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Role( id=str(uuid4()), name=role_name, @@ -40,6 +46,9 @@ class Test_iam_subscription_roles_owner_custom_not_created: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.iam.iam_subscription_roles_owner_custom_not_created.iam_subscription_roles_owner_custom_not_created.iam_client", new=defender_client, ): @@ -53,12 +62,12 @@ class Test_iam_subscription_roles_owner_custom_not_created: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Role {role_name} from subscription {AZURE_SUBSCRIPTION} is a custom owner role." + == f"Role {role_name} from subscription {AZURE_SUBSCRIPTION_ID} is a custom owner role." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert ( result[0].resource_id - == defender_client.custom_roles[AZURE_SUBSCRIPTION][0].id + == defender_client.custom_roles[AZURE_SUBSCRIPTION_ID][0].id ) assert result[0].resource_name == role_name @@ -66,7 +75,7 @@ class Test_iam_subscription_roles_owner_custom_not_created: defender_client = mock.MagicMock role_name = "test-role" defender_client.custom_roles = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Role( id=str(uuid4()), name=role_name, @@ -78,6 +87,9 @@ class Test_iam_subscription_roles_owner_custom_not_created: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.iam.iam_subscription_roles_owner_custom_not_created.iam_subscription_roles_owner_custom_not_created.iam_client", new=defender_client, ): @@ -91,11 +103,11 @@ class Test_iam_subscription_roles_owner_custom_not_created: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Role {role_name} from subscription {AZURE_SUBSCRIPTION} is not a custom owner role." + == f"Role {role_name} from subscription {AZURE_SUBSCRIPTION_ID} is not a custom owner role." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert ( result[0].resource_id - == defender_client.custom_roles[AZURE_SUBSCRIPTION][0].id + == defender_client.custom_roles[AZURE_SUBSCRIPTION_ID][0].id ) assert result[0].resource_name == role_name diff --git a/tests/providers/azure/services/keyvault/keyvault_key_expiration_set_in_non_rbac/keyvault_key_expiration_set_in_non_rbac_test.py b/tests/providers/azure/services/keyvault/keyvault_key_expiration_set_in_non_rbac/keyvault_key_expiration_set_in_non_rbac_test.py index bf47f7b824..1d6064f4ba 100644 --- a/tests/providers/azure/services/keyvault/keyvault_key_expiration_set_in_non_rbac/keyvault_key_expiration_set_in_non_rbac_test.py +++ b/tests/providers/azure/services/keyvault/keyvault_key_expiration_set_in_non_rbac/keyvault_key_expiration_set_in_non_rbac_test.py @@ -4,8 +4,10 @@ from uuid import uuid4 from azure.mgmt.keyvault.v2023_07_01.models import KeyAttributes, VaultProperties from prowler.providers.azure.services.keyvault.keyvault_service import Key, KeyVaultInfo - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_keyvault_key_expiration_set_in_non_rbac: @@ -14,6 +16,9 @@ class Test_keyvault_key_expiration_set_in_non_rbac: keyvault_client.key_vaults = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.keyvault.keyvault_key_expiration_set_in_non_rbac.keyvault_key_expiration_set_in_non_rbac.keyvault_client", new=keyvault_client, ): @@ -28,7 +33,7 @@ class Test_keyvault_key_expiration_set_in_non_rbac: def test_no_keys(self): keyvault_client = mock.MagicMock keyvault_client.key_vaults = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ KeyVaultInfo( id="id", name="name", @@ -44,6 +49,9 @@ class Test_keyvault_key_expiration_set_in_non_rbac: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.keyvault.keyvault_key_expiration_set_in_non_rbac.keyvault_key_expiration_set_in_non_rbac.keyvault_client", new=keyvault_client, ): @@ -68,7 +76,7 @@ class Test_keyvault_key_expiration_set_in_non_rbac: attributes=KeyAttributes(expires=None, enabled=True), ) keyvault_client.key_vaults = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ KeyVaultInfo( id=keyvault_id, name=keyvault_name, @@ -84,6 +92,9 @@ class Test_keyvault_key_expiration_set_in_non_rbac: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.keyvault.keyvault_key_expiration_set_in_non_rbac.keyvault_key_expiration_set_in_non_rbac.keyvault_client", new=keyvault_client, ): @@ -97,9 +108,9 @@ class Test_keyvault_key_expiration_set_in_non_rbac: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION} has the key {key_name} without expiration date set." + == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} has the key {key_name} without expiration date set." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == keyvault_name assert result[0].resource_id == keyvault_id @@ -115,7 +126,7 @@ class Test_keyvault_key_expiration_set_in_non_rbac: attributes=KeyAttributes(expires=49394, enabled=True), ) keyvault_client.key_vaults = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ KeyVaultInfo( id=keyvault_id, name=keyvault_name, @@ -131,6 +142,9 @@ class Test_keyvault_key_expiration_set_in_non_rbac: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.keyvault.keyvault_key_expiration_set_in_non_rbac.keyvault_key_expiration_set_in_non_rbac.keyvault_client", new=keyvault_client, ): @@ -144,8 +158,8 @@ class Test_keyvault_key_expiration_set_in_non_rbac: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION} has all the keys with expiration date set." + == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} has all the keys with expiration date set." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == keyvault_name assert result[0].resource_id == keyvault_id diff --git a/tests/providers/azure/services/keyvault/keyvault_key_rotation_enabled/keyvault_key_rotation_enabled_test.py b/tests/providers/azure/services/keyvault/keyvault_key_rotation_enabled/keyvault_key_rotation_enabled_test.py index 77ab9c6ccb..b46a585775 100644 --- a/tests/providers/azure/services/keyvault/keyvault_key_rotation_enabled/keyvault_key_rotation_enabled_test.py +++ b/tests/providers/azure/services/keyvault/keyvault_key_rotation_enabled/keyvault_key_rotation_enabled_test.py @@ -1,12 +1,13 @@ from unittest import mock -from uuid import uuid4 from azure.keyvault.keys import KeyRotationLifetimeAction, KeyRotationPolicy from azure.mgmt.keyvault.v2023_07_01.models import KeyAttributes, VaultProperties from prowler.providers.azure.services.keyvault.keyvault_service import Key, KeyVaultInfo - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_keyvault_key_rotation_enabled: @@ -15,6 +16,9 @@ class Test_keyvault_key_rotation_enabled: keyvault_client.key_vaults = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.keyvault.keyvault_key_rotation_enabled.keyvault_key_rotation_enabled.keyvault_client", new=keyvault_client, ): @@ -29,7 +33,7 @@ class Test_keyvault_key_rotation_enabled: def test_no_keys(self): keyvault_client = mock.MagicMock keyvault_client.key_vaults = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ KeyVaultInfo( id="id", name="name", @@ -45,6 +49,9 @@ class Test_keyvault_key_rotation_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.keyvault.keyvault_key_rotation_enabled.keyvault_key_rotation_enabled.keyvault_client", new=keyvault_client, ): @@ -61,7 +68,7 @@ class Test_keyvault_key_rotation_enabled: keyvault_name = "keyvault_name" key_name = "key_name" keyvault_client.key_vaults = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ KeyVaultInfo( id="id", name=keyvault_name, @@ -86,6 +93,9 @@ class Test_keyvault_key_rotation_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.keyvault.keyvault_key_rotation_enabled.keyvault_key_rotation_enabled.keyvault_client", new=keyvault_client, ): @@ -99,18 +109,18 @@ class Test_keyvault_key_rotation_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION} has the key {key_name} without rotation policy set." + == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} has the key {key_name} without rotation policy set." ) assert result[0].resource_name == keyvault_name assert result[0].resource_id == "id" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID def test_key_with_rotation_policy(self): keyvault_client = mock.MagicMock keyvault_name = "keyvault_name" key_name = "key_name" keyvault_client.key_vaults = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ KeyVaultInfo( id="id", name=keyvault_name, @@ -143,6 +153,9 @@ class Test_keyvault_key_rotation_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.keyvault.keyvault_key_rotation_enabled.keyvault_key_rotation_enabled.keyvault_client", new=keyvault_client, ): @@ -156,8 +169,8 @@ class Test_keyvault_key_rotation_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION} has the key {key_name} with rotation policy set." + == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} has the key {key_name} with rotation policy set." ) assert result[0].resource_name == keyvault_name assert result[0].resource_id == "id" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID diff --git a/tests/providers/azure/services/keyvault/keyvault_non_rbac_secret_expiration_set/keyvault_non_rbac_secret_expiration_set_test.py b/tests/providers/azure/services/keyvault/keyvault_non_rbac_secret_expiration_set/keyvault_non_rbac_secret_expiration_set_test.py index d13084cd22..8c71da9fe8 100644 --- a/tests/providers/azure/services/keyvault/keyvault_non_rbac_secret_expiration_set/keyvault_non_rbac_secret_expiration_set_test.py +++ b/tests/providers/azure/services/keyvault/keyvault_non_rbac_secret_expiration_set/keyvault_non_rbac_secret_expiration_set_test.py @@ -7,8 +7,10 @@ from prowler.providers.azure.services.keyvault.keyvault_service import ( KeyVaultInfo, Secret, ) - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_keyvault_non_rbac_secret_expiration_set: @@ -17,6 +19,9 @@ class Test_keyvault_non_rbac_secret_expiration_set: keyvault_client.key_vaults = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.keyvault.keyvault_non_rbac_secret_expiration_set.keyvault_non_rbac_secret_expiration_set.keyvault_client", new=keyvault_client, ): @@ -31,7 +36,7 @@ class Test_keyvault_non_rbac_secret_expiration_set: def test_no_secrets(self): keyvault_client = mock.MagicMock keyvault_client.key_vaults = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ KeyVaultInfo( id="id", name="name", @@ -47,6 +52,9 @@ class Test_keyvault_non_rbac_secret_expiration_set: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.keyvault.keyvault_non_rbac_secret_expiration_set.keyvault_non_rbac_secret_expiration_set.keyvault_client", new=keyvault_client, ): @@ -71,7 +79,7 @@ class Test_keyvault_non_rbac_secret_expiration_set: attributes=SecretAttributes(expires=None, enabled=True), ) keyvault_client.key_vaults = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ KeyVaultInfo( id=keyvault_id, name=keyvault_name, @@ -87,6 +95,9 @@ class Test_keyvault_non_rbac_secret_expiration_set: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.keyvault.keyvault_non_rbac_secret_expiration_set.keyvault_non_rbac_secret_expiration_set.keyvault_client", new=keyvault_client, ): @@ -100,9 +111,9 @@ class Test_keyvault_non_rbac_secret_expiration_set: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION} has the secret {secret_name} without expiration date set." + == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} has the secret {secret_name} without expiration date set." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == keyvault_name assert result[0].resource_id == keyvault_id @@ -127,7 +138,7 @@ class Test_keyvault_non_rbac_secret_expiration_set: attributes=SecretAttributes(expires=84934), ) keyvault_client.key_vaults = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ KeyVaultInfo( id=keyvault_id, name=keyvault_name, @@ -143,6 +154,9 @@ class Test_keyvault_non_rbac_secret_expiration_set: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.keyvault.keyvault_non_rbac_secret_expiration_set.keyvault_non_rbac_secret_expiration_set.keyvault_client", new=keyvault_client, ): @@ -156,9 +170,9 @@ class Test_keyvault_non_rbac_secret_expiration_set: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION} has the secret {secret1_name} without expiration date set." + == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} has the secret {secret1_name} without expiration date set." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == keyvault_name assert result[0].resource_id == keyvault_id @@ -174,7 +188,7 @@ class Test_keyvault_non_rbac_secret_expiration_set: attributes=SecretAttributes(expires=None), ) keyvault_client.key_vaults = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ KeyVaultInfo( id=keyvault_id, name=keyvault_name, @@ -190,6 +204,9 @@ class Test_keyvault_non_rbac_secret_expiration_set: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.keyvault.keyvault_non_rbac_secret_expiration_set.keyvault_non_rbac_secret_expiration_set.keyvault_client", new=keyvault_client, ): @@ -203,8 +220,8 @@ class Test_keyvault_non_rbac_secret_expiration_set: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION} has all the secrets with expiration date set." + == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} has all the secrets with expiration date set." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == keyvault_name assert result[0].resource_id == keyvault_id diff --git a/tests/providers/azure/services/keyvault/keyvault_private_endpoints/keyvault_private_endpoints_test.py b/tests/providers/azure/services/keyvault/keyvault_private_endpoints/keyvault_private_endpoints_test.py index fe74b7360e..0f16abde45 100644 --- a/tests/providers/azure/services/keyvault/keyvault_private_endpoints/keyvault_private_endpoints_test.py +++ b/tests/providers/azure/services/keyvault/keyvault_private_endpoints/keyvault_private_endpoints_test.py @@ -7,8 +7,10 @@ from azure.mgmt.keyvault.v2023_07_01.models import ( ) from prowler.providers.azure.services.keyvault.keyvault_service import KeyVaultInfo - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_keyvault_private_endpoints: @@ -17,6 +19,9 @@ class Test_keyvault_private_endpoints: keyvault_client.key_vaults = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.keyvault.keyvault_private_endpoints.keyvault_private_endpoints.keyvault_client", new=keyvault_client, ): @@ -33,7 +38,7 @@ class Test_keyvault_private_endpoints: keyvault_name = "Keyvault Name" keyvault_id = str(uuid4()) keyvault_client.key_vaults = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ KeyVaultInfo( id=keyvault_id, name=keyvault_name, @@ -52,6 +57,9 @@ class Test_keyvault_private_endpoints: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.keyvault.keyvault_private_endpoints.keyvault_private_endpoints.keyvault_client", new=keyvault_client, ): @@ -65,9 +73,9 @@ class Test_keyvault_private_endpoints: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION} is not using private endpoints." + == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} is not using private endpoints." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == keyvault_name assert result[0].resource_id == keyvault_id @@ -79,7 +87,7 @@ class Test_keyvault_private_endpoints: id="id", ) keyvault_client.key_vaults = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ KeyVaultInfo( id=keyvault_id, name=keyvault_name, @@ -97,6 +105,9 @@ class Test_keyvault_private_endpoints: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.keyvault.keyvault_private_endpoints.keyvault_private_endpoints.keyvault_client", new=keyvault_client, ): @@ -104,7 +115,7 @@ class Test_keyvault_private_endpoints: keyvault_private_endpoints, ) - keyvault_client.key_vaults[AZURE_SUBSCRIPTION][ + keyvault_client.key_vaults[AZURE_SUBSCRIPTION_ID][ 0 ].properties.private_endpoint_connections = [private_endpoint] @@ -114,8 +125,8 @@ class Test_keyvault_private_endpoints: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION} is using private endpoints." + == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} is using private endpoints." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == keyvault_name assert result[0].resource_id == keyvault_id diff --git a/tests/providers/azure/services/keyvault/keyvault_rbac_enabled/keyvault_rbac_enabled_test.py b/tests/providers/azure/services/keyvault/keyvault_rbac_enabled/keyvault_rbac_enabled_test.py index ad2817c55e..b928123c97 100644 --- a/tests/providers/azure/services/keyvault/keyvault_rbac_enabled/keyvault_rbac_enabled_test.py +++ b/tests/providers/azure/services/keyvault/keyvault_rbac_enabled/keyvault_rbac_enabled_test.py @@ -4,8 +4,10 @@ from uuid import uuid4 from azure.mgmt.keyvault.v2023_07_01.models import VaultProperties from prowler.providers.azure.services.keyvault.keyvault_service import KeyVaultInfo - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_keyvault_rbac_enabled: @@ -14,6 +16,9 @@ class Test_keyvault_rbac_enabled: keyvault_client.key_vaults = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.keyvault.keyvault_rbac_enabled.keyvault_rbac_enabled.keyvault_client", new=keyvault_client, ): @@ -30,7 +35,7 @@ class Test_keyvault_rbac_enabled: keyvault_name = "Keyvault Name" keyvault_id = str(uuid4()) keyvault_client.key_vaults = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ KeyVaultInfo( id=keyvault_id, name=keyvault_name, @@ -48,6 +53,9 @@ class Test_keyvault_rbac_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.keyvault.keyvault_rbac_enabled.keyvault_rbac_enabled.keyvault_client", new=keyvault_client, ): @@ -61,9 +69,9 @@ class Test_keyvault_rbac_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION} is not using RBAC for access control." + == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} is not using RBAC for access control." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == keyvault_name assert result[0].resource_id == keyvault_id @@ -72,7 +80,7 @@ class Test_keyvault_rbac_enabled: keyvault_name = "Keyvault Name" keyvault_id = str(uuid4()) keyvault_client.key_vaults = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ KeyVaultInfo( id=keyvault_id, name=keyvault_name, @@ -90,6 +98,9 @@ class Test_keyvault_rbac_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.keyvault.keyvault_rbac_enabled.keyvault_rbac_enabled.keyvault_client", new=keyvault_client, ): @@ -103,8 +114,8 @@ class Test_keyvault_rbac_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION} is using RBAC for access control." + == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} is using RBAC for access control." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == keyvault_name assert result[0].resource_id == keyvault_id diff --git a/tests/providers/azure/services/keyvault/keyvault_rbac_key_expiration_set/keyvault_rbac_key_expiration_set_test.py b/tests/providers/azure/services/keyvault/keyvault_rbac_key_expiration_set/keyvault_rbac_key_expiration_set_test.py index 7fc9c59340..08ac504b7c 100644 --- a/tests/providers/azure/services/keyvault/keyvault_rbac_key_expiration_set/keyvault_rbac_key_expiration_set_test.py +++ b/tests/providers/azure/services/keyvault/keyvault_rbac_key_expiration_set/keyvault_rbac_key_expiration_set_test.py @@ -4,8 +4,10 @@ from uuid import uuid4 from azure.mgmt.keyvault.v2023_07_01.models import KeyAttributes, VaultProperties from prowler.providers.azure.services.keyvault.keyvault_service import Key, KeyVaultInfo - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_keyvault_rbac_key_expiration_set: @@ -14,6 +16,9 @@ class Test_keyvault_rbac_key_expiration_set: keyvault_client.key_vaults = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.keyvault.keyvault_rbac_key_expiration_set.keyvault_rbac_key_expiration_set.keyvault_client", new=keyvault_client, ): @@ -28,7 +33,7 @@ class Test_keyvault_rbac_key_expiration_set: def test_no_keys(self): keyvault_client = mock.MagicMock keyvault_client.key_vaults = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ KeyVaultInfo( id="id", name="name", @@ -44,6 +49,9 @@ class Test_keyvault_rbac_key_expiration_set: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.keyvault.keyvault_rbac_key_expiration_set.keyvault_rbac_key_expiration_set.keyvault_client", new=keyvault_client, ): @@ -68,7 +76,7 @@ class Test_keyvault_rbac_key_expiration_set: attributes=KeyAttributes(expires=None, enabled=True), ) keyvault_client.key_vaults = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ KeyVaultInfo( id=keyvault_id, name=keyvault_name, @@ -84,6 +92,9 @@ class Test_keyvault_rbac_key_expiration_set: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.keyvault.keyvault_rbac_key_expiration_set.keyvault_rbac_key_expiration_set.keyvault_client", new=keyvault_client, ): @@ -97,9 +108,9 @@ class Test_keyvault_rbac_key_expiration_set: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION} has the key {key_name} without expiration date set." + == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} has the key {key_name} without expiration date set." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == keyvault_name assert result[0].resource_id == keyvault_id @@ -115,7 +126,7 @@ class Test_keyvault_rbac_key_expiration_set: attributes=KeyAttributes(expires=49394, enabled=True), ) keyvault_client.key_vaults = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ KeyVaultInfo( id=keyvault_id, name=keyvault_name, @@ -131,6 +142,9 @@ class Test_keyvault_rbac_key_expiration_set: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.keyvault.keyvault_rbac_key_expiration_set.keyvault_rbac_key_expiration_set.keyvault_client", new=keyvault_client, ): @@ -144,8 +158,8 @@ class Test_keyvault_rbac_key_expiration_set: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION} has all the keys with expiration date set." + == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} has all the keys with expiration date set." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == keyvault_name assert result[0].resource_id == keyvault_id diff --git a/tests/providers/azure/services/keyvault/keyvault_rbac_secret_expiration_set/keyvault_rbac_secret_expiration_set_test.py b/tests/providers/azure/services/keyvault/keyvault_rbac_secret_expiration_set/keyvault_rbac_secret_expiration_set_test.py index 4a98b0e600..03b7ad4b77 100644 --- a/tests/providers/azure/services/keyvault/keyvault_rbac_secret_expiration_set/keyvault_rbac_secret_expiration_set_test.py +++ b/tests/providers/azure/services/keyvault/keyvault_rbac_secret_expiration_set/keyvault_rbac_secret_expiration_set_test.py @@ -7,8 +7,10 @@ from prowler.providers.azure.services.keyvault.keyvault_service import ( KeyVaultInfo, Secret, ) - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_keyvault_rbac_secret_expiration_set: @@ -17,6 +19,9 @@ class Test_keyvault_rbac_secret_expiration_set: keyvault_client.key_vaults = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.keyvault.keyvault_rbac_secret_expiration_set.keyvault_rbac_secret_expiration_set.keyvault_client", new=keyvault_client, ): @@ -31,7 +36,7 @@ class Test_keyvault_rbac_secret_expiration_set: def test_no_secrets(self): keyvault_client = mock.MagicMock keyvault_client.key_vaults = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ KeyVaultInfo( id="id", name="name", @@ -47,6 +52,9 @@ class Test_keyvault_rbac_secret_expiration_set: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.keyvault.keyvault_rbac_secret_expiration_set.keyvault_rbac_secret_expiration_set.keyvault_client", new=keyvault_client, ): @@ -71,7 +79,7 @@ class Test_keyvault_rbac_secret_expiration_set: attributes=SecretAttributes(expires=None), ) keyvault_client.key_vaults = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ KeyVaultInfo( id=keyvault_id, name=keyvault_name, @@ -87,6 +95,9 @@ class Test_keyvault_rbac_secret_expiration_set: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.keyvault.keyvault_rbac_secret_expiration_set.keyvault_rbac_secret_expiration_set.keyvault_client", new=keyvault_client, ): @@ -100,9 +111,9 @@ class Test_keyvault_rbac_secret_expiration_set: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION} has the secret {secret_name} without expiration date set." + == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} has the secret {secret_name} without expiration date set." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == keyvault_name assert result[0].resource_id == keyvault_id @@ -127,7 +138,7 @@ class Test_keyvault_rbac_secret_expiration_set: attributes=SecretAttributes(expires=84934), ) keyvault_client.key_vaults = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ KeyVaultInfo( id=keyvault_id, name=keyvault_name, @@ -143,6 +154,9 @@ class Test_keyvault_rbac_secret_expiration_set: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.keyvault.keyvault_rbac_secret_expiration_set.keyvault_rbac_secret_expiration_set.keyvault_client", new=keyvault_client, ): @@ -156,9 +170,9 @@ class Test_keyvault_rbac_secret_expiration_set: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION} has the secret {secret1_name} without expiration date set." + == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} has the secret {secret1_name} without expiration date set." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == keyvault_name assert result[0].resource_id == keyvault_id @@ -174,7 +188,7 @@ class Test_keyvault_rbac_secret_expiration_set: attributes=SecretAttributes(expires=None), ) keyvault_client.key_vaults = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ KeyVaultInfo( id=keyvault_id, name=keyvault_name, @@ -190,6 +204,9 @@ class Test_keyvault_rbac_secret_expiration_set: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.keyvault.keyvault_rbac_secret_expiration_set.keyvault_rbac_secret_expiration_set.keyvault_client", new=keyvault_client, ): @@ -203,8 +220,8 @@ class Test_keyvault_rbac_secret_expiration_set: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION} has all the secrets with expiration date set." + == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} has all the secrets with expiration date set." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == keyvault_name assert result[0].resource_id == keyvault_id diff --git a/tests/providers/azure/services/keyvault/keyvault_recoverable/keyvault_recoverable_test.py b/tests/providers/azure/services/keyvault/keyvault_recoverable/keyvault_recoverable_test.py index 3f210d7eb9..23a1a24fb6 100644 --- a/tests/providers/azure/services/keyvault/keyvault_recoverable/keyvault_recoverable_test.py +++ b/tests/providers/azure/services/keyvault/keyvault_recoverable/keyvault_recoverable_test.py @@ -7,16 +7,22 @@ from prowler.providers.azure.services.keyvault.keyvault_service import ( KeyVaultInfo, Secret, ) - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_keyvault_recoverable: + def test_no_key_vaults(self): keyvault_client = mock.MagicMock keyvault_client.key_vaults = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.keyvault.keyvault_recoverable.keyvault_recoverable.keyvault_client", new=keyvault_client, ): @@ -33,7 +39,7 @@ class Test_keyvault_recoverable: keyvault_name = "Keyvault Name" keyvault_id = str(uuid4()) keyvault_client.key_vaults = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ KeyVaultInfo( id=keyvault_id, name=keyvault_name, @@ -53,6 +59,9 @@ class Test_keyvault_recoverable: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.keyvault.keyvault_recoverable.keyvault_recoverable.keyvault_client", new=keyvault_client, ): @@ -66,9 +75,9 @@ class Test_keyvault_recoverable: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION} is not recoverable." + == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} is not recoverable." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == keyvault_name assert result[0].resource_id == keyvault_id @@ -91,7 +100,7 @@ class Test_keyvault_recoverable: attributes=SecretAttributes(expires=84934, enabled=True), ) keyvault_client.key_vaults = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ KeyVaultInfo( id=keyvault_id, name=keyvault_name, @@ -111,6 +120,9 @@ class Test_keyvault_recoverable: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.keyvault.keyvault_recoverable.keyvault_recoverable.keyvault_client", new=keyvault_client, ): @@ -124,9 +136,9 @@ class Test_keyvault_recoverable: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION} is not recoverable." + == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} is not recoverable." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == keyvault_name assert result[0].resource_id == keyvault_id @@ -142,7 +154,7 @@ class Test_keyvault_recoverable: attributes=SecretAttributes(expires=None, enabled=False), ) keyvault_client.key_vaults = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ KeyVaultInfo( id=keyvault_id, name=keyvault_name, @@ -162,6 +174,9 @@ class Test_keyvault_recoverable: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.keyvault.keyvault_recoverable.keyvault_recoverable.keyvault_client", new=keyvault_client, ): @@ -175,8 +190,8 @@ class Test_keyvault_recoverable: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION} is recoverable." + == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} is recoverable." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == keyvault_name assert result[0].resource_id == keyvault_id diff --git a/tests/providers/azure/services/keyvault/keyvault_service_test.py b/tests/providers/azure/services/keyvault/keyvault_service_test.py index 768d43aa7f..3af1c1f63d 100644 --- a/tests/providers/azure/services/keyvault/keyvault_service_test.py +++ b/tests/providers/azure/services/keyvault/keyvault_service_test.py @@ -7,8 +7,8 @@ from prowler.providers.azure.services.keyvault.keyvault_service import ( Secret, ) from tests.providers.azure.azure_fixtures import ( - AZURE_SUBSCRIPTION, - set_mocked_azure_audit_info, + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, ) @@ -39,7 +39,7 @@ def mock_keyvault_get_key_vaults(_, __): ) ], ) - return {AZURE_SUBSCRIPTION: [keyvault_info]} + return {AZURE_SUBSCRIPTION_ID: [keyvault_info]} @patch( @@ -48,52 +48,58 @@ def mock_keyvault_get_key_vaults(_, __): ) class Test_keyvault_service: def test__get_client__(self): - keyvault = KeyVault(set_mocked_azure_audit_info()) + keyvault = KeyVault(set_mocked_azure_provider()) assert ( - keyvault.clients[AZURE_SUBSCRIPTION].__class__.__name__ + keyvault.clients[AZURE_SUBSCRIPTION_ID].__class__.__name__ == "KeyVaultManagementClient" ) def test__get_key_vaults__(self): - keyvault = KeyVault(set_mocked_azure_audit_info()) + keyvault = KeyVault(set_mocked_azure_provider()) assert ( - keyvault.key_vaults[AZURE_SUBSCRIPTION][0].__class__.__name__ + keyvault.key_vaults[AZURE_SUBSCRIPTION_ID][0].__class__.__name__ == "KeyVaultInfo" ) - assert keyvault.key_vaults[AZURE_SUBSCRIPTION][0].id == "id" - assert keyvault.key_vaults[AZURE_SUBSCRIPTION][0].name == "name" - assert keyvault.key_vaults[AZURE_SUBSCRIPTION][0].location == "location" + assert keyvault.key_vaults[AZURE_SUBSCRIPTION_ID][0].id == "id" + assert keyvault.key_vaults[AZURE_SUBSCRIPTION_ID][0].name == "name" + assert keyvault.key_vaults[AZURE_SUBSCRIPTION_ID][0].location == "location" assert ( - keyvault.key_vaults[AZURE_SUBSCRIPTION][0].resource_group + keyvault.key_vaults[AZURE_SUBSCRIPTION_ID][0].resource_group == "resource_group" ) - assert keyvault.key_vaults[AZURE_SUBSCRIPTION][0].properties is None + assert keyvault.key_vaults[AZURE_SUBSCRIPTION_ID][0].properties is None def test__get_keys__(self): - keyvault = KeyVault(set_mocked_azure_audit_info()) + keyvault = KeyVault(set_mocked_azure_provider()) assert ( - keyvault.key_vaults[AZURE_SUBSCRIPTION][0].keys[0].__class__.__name__ + keyvault.key_vaults[AZURE_SUBSCRIPTION_ID][0].keys[0].__class__.__name__ == "Key" ) - assert keyvault.key_vaults[AZURE_SUBSCRIPTION][0].keys[0].id == "id" - assert keyvault.key_vaults[AZURE_SUBSCRIPTION][0].keys[0].name == "name" - assert keyvault.key_vaults[AZURE_SUBSCRIPTION][0].keys[0].enabled is True - assert keyvault.key_vaults[AZURE_SUBSCRIPTION][0].keys[0].location == "location" - assert keyvault.key_vaults[AZURE_SUBSCRIPTION][0].keys[0].attributes is None + assert keyvault.key_vaults[AZURE_SUBSCRIPTION_ID][0].keys[0].id == "id" + assert keyvault.key_vaults[AZURE_SUBSCRIPTION_ID][0].keys[0].name == "name" + assert keyvault.key_vaults[AZURE_SUBSCRIPTION_ID][0].keys[0].enabled is True assert ( - keyvault.key_vaults[AZURE_SUBSCRIPTION][0].keys[0].rotation_policy is None + keyvault.key_vaults[AZURE_SUBSCRIPTION_ID][0].keys[0].location == "location" + ) + assert keyvault.key_vaults[AZURE_SUBSCRIPTION_ID][0].keys[0].attributes is None + assert ( + keyvault.key_vaults[AZURE_SUBSCRIPTION_ID][0].keys[0].rotation_policy + is None ) def test__get_secrets__(self): - keyvault = KeyVault(set_mocked_azure_audit_info()) + keyvault = KeyVault(set_mocked_azure_provider()) assert ( - keyvault.key_vaults[AZURE_SUBSCRIPTION][0].secrets[0].__class__.__name__ + keyvault.key_vaults[AZURE_SUBSCRIPTION_ID][0].secrets[0].__class__.__name__ == "Secret" ) - assert keyvault.key_vaults[AZURE_SUBSCRIPTION][0].secrets[0].id == "id" - assert keyvault.key_vaults[AZURE_SUBSCRIPTION][0].secrets[0].name == "name" - assert keyvault.key_vaults[AZURE_SUBSCRIPTION][0].secrets[0].enabled is True + assert keyvault.key_vaults[AZURE_SUBSCRIPTION_ID][0].secrets[0].id == "id" + assert keyvault.key_vaults[AZURE_SUBSCRIPTION_ID][0].secrets[0].name == "name" + assert keyvault.key_vaults[AZURE_SUBSCRIPTION_ID][0].secrets[0].enabled is True assert ( - keyvault.key_vaults[AZURE_SUBSCRIPTION][0].secrets[0].location == "location" + keyvault.key_vaults[AZURE_SUBSCRIPTION_ID][0].secrets[0].location + == "location" + ) + assert ( + keyvault.key_vaults[AZURE_SUBSCRIPTION_ID][0].secrets[0].attributes is None ) - assert keyvault.key_vaults[AZURE_SUBSCRIPTION][0].secrets[0].attributes is None diff --git a/tests/providers/azure/services/monitor/monitor_diagnostic_setting_with_appropriate_categories/monitor_diagnostic_setting_with_appropriate_categories_test.py b/tests/providers/azure/services/monitor/monitor_diagnostic_setting_with_appropriate_categories/monitor_diagnostic_setting_with_appropriate_categories_test.py index 1458d06d31..af02470fce 100644 --- a/tests/providers/azure/services/monitor/monitor_diagnostic_setting_with_appropriate_categories/monitor_diagnostic_setting_with_appropriate_categories_test.py +++ b/tests/providers/azure/services/monitor/monitor_diagnostic_setting_with_appropriate_categories/monitor_diagnostic_setting_with_appropriate_categories_test.py @@ -1,7 +1,10 @@ from unittest import mock from prowler.providers.azure.services.monitor.monitor_service import DiagnosticSetting -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_monitor_diagnostic_setting_with_appropriate_categories: @@ -12,6 +15,9 @@ class Test_monitor_diagnostic_setting_with_appropriate_categories: monitor_client.diagnostics_settings = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.monitor.monitor_diagnostic_setting_with_appropriate_categories.monitor_diagnostic_setting_with_appropriate_categories.monitor_client", new=monitor_client, ): @@ -26,8 +32,11 @@ class Test_monitor_diagnostic_setting_with_appropriate_categories: def test_no_diagnostic_settings(self): monitor_client = mock.MagicMock - monitor_client.diagnostics_settings = {AZURE_SUBSCRIPTION: []} + monitor_client.diagnostics_settings = {AZURE_SUBSCRIPTION_ID: []} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.monitor.monitor_diagnostic_setting_with_appropriate_categories.monitor_diagnostic_setting_with_appropriate_categories.monitor_client", new=monitor_client, ): @@ -38,19 +47,19 @@ class Test_monitor_diagnostic_setting_with_appropriate_categories: check = monitor_diagnostic_setting_with_appropriate_categories() result = check.execute() assert len(result) == 1 - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].status == "FAIL" assert result[0].resource_id == "Monitor" assert result[0].resource_name == "Monitor" assert ( result[0].status_extended - == f"There are no diagnostic settings capturing appropiate categories in subscription {AZURE_SUBSCRIPTION}." + == f"There are no diagnostic settings capturing appropiate categories in subscription {AZURE_SUBSCRIPTION_ID}." ) def test_diagnostic_settings_configured(self): monitor_client = mock.MagicMock monitor_client.diagnostics_settings = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ DiagnosticSetting( id="id", logs=[ @@ -85,6 +94,9 @@ class Test_monitor_diagnostic_setting_with_appropriate_categories: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.monitor.monitor_diagnostic_setting_with_appropriate_categories.monitor_diagnostic_setting_with_appropriate_categories.monitor_client", new=monitor_client, ): @@ -95,11 +107,11 @@ class Test_monitor_diagnostic_setting_with_appropriate_categories: check = monitor_diagnostic_setting_with_appropriate_categories() result = check.execute() assert len(result) == 1 - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].status == "PASS" assert result[0].resource_id == "Monitor" assert result[0].resource_name == "Monitor" assert ( result[0].status_extended - == f"There is at least one diagnostic setting capturing appropiate categories in subscription {AZURE_SUBSCRIPTION}." + == f"There is at least one diagnostic setting capturing appropiate categories in subscription {AZURE_SUBSCRIPTION_ID}." ) diff --git a/tests/providers/azure/services/monitor/monitor_service_test.py b/tests/providers/azure/services/monitor/monitor_service_test.py index 6339a8a58a..ada7ec8632 100644 --- a/tests/providers/azure/services/monitor/monitor_service_test.py +++ b/tests/providers/azure/services/monitor/monitor_service_test.py @@ -6,14 +6,14 @@ from prowler.providers.azure.services.monitor.monitor_service import ( Monitor, ) from tests.providers.azure.azure_fixtures import ( - AZURE_SUBSCRIPTION, - set_mocked_azure_audit_info, + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, ) def mock_monitor_get_diagnostics_settings(_): return { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ DiagnosticSetting( id="id", logs=[ @@ -39,65 +39,69 @@ def mock_monitor_get_diagnostics_settings(_): ) class Test_Monitor_Service: def test__get_client__(self): - monitor = Monitor(set_mocked_azure_audit_info()) + monitor = Monitor(set_mocked_azure_provider()) assert ( - monitor.clients[AZURE_SUBSCRIPTION].__class__.__name__ + monitor.clients[AZURE_SUBSCRIPTION_ID].__class__.__name__ == "MonitorManagementClient" ) def test__get_subscriptions__(self): - monitor = Monitor(set_mocked_azure_audit_info()) + monitor = Monitor(set_mocked_azure_provider()) assert monitor.subscriptions.__class__.__name__ == "dict" def test__get_diagnostics_settings(self): - monitor = Monitor(set_mocked_azure_audit_info()) + monitor = Monitor(set_mocked_azure_provider()) assert len(monitor.diagnostics_settings) == 1 - assert monitor.diagnostics_settings[AZURE_SUBSCRIPTION][0].id == "id" + assert monitor.diagnostics_settings[AZURE_SUBSCRIPTION_ID][0].id == "id" assert ( - monitor.diagnostics_settings[AZURE_SUBSCRIPTION][0].logs[0].enabled is True + monitor.diagnostics_settings[AZURE_SUBSCRIPTION_ID][0].logs[0].enabled + is True ) assert ( - monitor.diagnostics_settings[AZURE_SUBSCRIPTION][0].logs[0].category + monitor.diagnostics_settings[AZURE_SUBSCRIPTION_ID][0].logs[0].category == "Administrative" ) assert ( - monitor.diagnostics_settings[AZURE_SUBSCRIPTION][0].logs[1].enabled is True + monitor.diagnostics_settings[AZURE_SUBSCRIPTION_ID][0].logs[1].enabled + is True ) assert ( - monitor.diagnostics_settings[AZURE_SUBSCRIPTION][0].logs[1].category + monitor.diagnostics_settings[AZURE_SUBSCRIPTION_ID][0].logs[1].category == "Security" ) assert ( - monitor.diagnostics_settings[AZURE_SUBSCRIPTION][0].logs[2].category + monitor.diagnostics_settings[AZURE_SUBSCRIPTION_ID][0].logs[2].category == "ServiceHealth" ) assert ( - monitor.diagnostics_settings[AZURE_SUBSCRIPTION][0].logs[3].enabled is True + monitor.diagnostics_settings[AZURE_SUBSCRIPTION_ID][0].logs[3].enabled + is True ) assert ( - monitor.diagnostics_settings[AZURE_SUBSCRIPTION][0].logs[3].category + monitor.diagnostics_settings[AZURE_SUBSCRIPTION_ID][0].logs[3].category == "Alert" ) assert ( - monitor.diagnostics_settings[AZURE_SUBSCRIPTION][0].logs[4].category + monitor.diagnostics_settings[AZURE_SUBSCRIPTION_ID][0].logs[4].category == "Recommendation" ) assert ( - monitor.diagnostics_settings[AZURE_SUBSCRIPTION][0].logs[5].enabled is True + monitor.diagnostics_settings[AZURE_SUBSCRIPTION_ID][0].logs[5].enabled + is True ) assert ( - monitor.diagnostics_settings[AZURE_SUBSCRIPTION][0].logs[5].category + monitor.diagnostics_settings[AZURE_SUBSCRIPTION_ID][0].logs[5].category == "Policy" ) assert ( - monitor.diagnostics_settings[AZURE_SUBSCRIPTION][0].logs[6].category + monitor.diagnostics_settings[AZURE_SUBSCRIPTION_ID][0].logs[6].category == "Autoscale" ) assert ( - monitor.diagnostics_settings[AZURE_SUBSCRIPTION][0].logs[7].category + monitor.diagnostics_settings[AZURE_SUBSCRIPTION_ID][0].logs[7].category == "ResourceHealth" ) assert ( - monitor.diagnostics_settings[AZURE_SUBSCRIPTION][0].storage_account_id + monitor.diagnostics_settings[AZURE_SUBSCRIPTION_ID][0].storage_account_id == "/subscriptions/1234a5-123a-123a-123a-1234567890ab/resourceGroups/rg/providers/Microsoft.Storage/storageAccounts/storageaccountname" ) diff --git a/tests/providers/azure/services/monitor/monitor_storage_account_with_activity_logs_cmk_encrypted/monitor_storage_account_with_activity_logs_cmk_encrypted_test.py b/tests/providers/azure/services/monitor/monitor_storage_account_with_activity_logs_cmk_encrypted/monitor_storage_account_with_activity_logs_cmk_encrypted_test.py index ed3f981e67..86b4953fcb 100644 --- a/tests/providers/azure/services/monitor/monitor_storage_account_with_activity_logs_cmk_encrypted/monitor_storage_account_with_activity_logs_cmk_encrypted_test.py +++ b/tests/providers/azure/services/monitor/monitor_storage_account_with_activity_logs_cmk_encrypted/monitor_storage_account_with_activity_logs_cmk_encrypted_test.py @@ -2,7 +2,10 @@ from unittest import mock from prowler.providers.azure.services.monitor.monitor_service import DiagnosticSetting from prowler.providers.azure.services.storage.storage_service import Account -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_monitor_storage_account_with_activity_logs_cmk_encrypted: @@ -13,6 +16,9 @@ class Test_monitor_storage_account_with_activity_logs_cmk_encrypted: monitor_client.diagnostics_settings = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.monitor.monitor_storage_account_with_activity_logs_cmk_encrypted.monitor_storage_account_with_activity_logs_cmk_encrypted.monitor_client", new=monitor_client, ): @@ -26,8 +32,11 @@ class Test_monitor_storage_account_with_activity_logs_cmk_encrypted: def test_no_diagnostic_settings(self): monitor_client = mock.MagicMock - monitor_client.diagnostics_settings = {AZURE_SUBSCRIPTION: []} + monitor_client.diagnostics_settings = {AZURE_SUBSCRIPTION_ID: []} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.monitor.monitor_storage_account_with_activity_logs_cmk_encrypted.monitor_storage_account_with_activity_logs_cmk_encrypted.monitor_client", new=monitor_client, ): @@ -43,7 +52,7 @@ class Test_monitor_storage_account_with_activity_logs_cmk_encrypted: monitor_client = mock.MagicMock storage_client = mock.MagicMock monitor_client.diagnostics_settings = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ DiagnosticSetting( id="id", logs=[ @@ -75,7 +84,7 @@ class Test_monitor_storage_account_with_activity_logs_cmk_encrypted: ] } storage_client.storage_accounts = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Account( id="/subscriptions/1234a5-123a-123a-123a-1234567890ab/resourceGroups/rg/providers/Microsoft.Storage/storageAccounts/storageaccountname1", name="storageaccountname1", @@ -120,6 +129,9 @@ class Test_monitor_storage_account_with_activity_logs_cmk_encrypted: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.monitor.monitor_storage_account_with_activity_logs_cmk_encrypted.monitor_storage_account_with_activity_logs_cmk_encrypted.monitor_client", new=monitor_client, ): @@ -134,7 +146,7 @@ class Test_monitor_storage_account_with_activity_logs_cmk_encrypted: check = monitor_storage_account_with_activity_logs_cmk_encrypted() result = check.execute() assert len(result) == 2 - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].status == "PASS" assert result[0].resource_name == "storageaccountname1" assert ( @@ -143,7 +155,7 @@ class Test_monitor_storage_account_with_activity_logs_cmk_encrypted: ) assert ( result[0].status_extended - == f"Storage account {storage_client.storage_accounts[AZURE_SUBSCRIPTION][0].name} storing activity log in subscription {AZURE_SUBSCRIPTION} is encrypted with Customer Managed Key or not necessary." + == f"Storage account {storage_client.storage_accounts[AZURE_SUBSCRIPTION_ID][0].name} storing activity log in subscription {AZURE_SUBSCRIPTION_ID} is encrypted with Customer Managed Key or not necessary." ) assert result[1].status == "FAIL" assert result[1].resource_name == "storageaccountname2" @@ -153,5 +165,5 @@ class Test_monitor_storage_account_with_activity_logs_cmk_encrypted: ) assert ( result[1].status_extended - == f"Storage account {storage_client.storage_accounts[AZURE_SUBSCRIPTION][1].name} storing activity log in subscription {AZURE_SUBSCRIPTION} is not encrypted with Customer Managed Key." + == f"Storage account {storage_client.storage_accounts[AZURE_SUBSCRIPTION_ID][1].name} storing activity log in subscription {AZURE_SUBSCRIPTION_ID} is not encrypted with Customer Managed Key." ) diff --git a/tests/providers/azure/services/monitor/monitor_storage_account_with_activity_logs_is_private/monitor_storage_account_with_activity_logs_is_private_test.py b/tests/providers/azure/services/monitor/monitor_storage_account_with_activity_logs_is_private/monitor_storage_account_with_activity_logs_is_private_test.py index 366ab87579..ebde685e13 100644 --- a/tests/providers/azure/services/monitor/monitor_storage_account_with_activity_logs_is_private/monitor_storage_account_with_activity_logs_is_private_test.py +++ b/tests/providers/azure/services/monitor/monitor_storage_account_with_activity_logs_is_private/monitor_storage_account_with_activity_logs_is_private_test.py @@ -2,7 +2,10 @@ from unittest import mock from prowler.providers.azure.services.monitor.monitor_service import DiagnosticSetting from prowler.providers.azure.services.storage.storage_service import Account -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_monitor_storage_account_with_activity_logs_is_private: @@ -13,6 +16,9 @@ class Test_monitor_storage_account_with_activity_logs_is_private: monitor_client.diagnostics_settings = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.monitor.monitor_storage_account_with_activity_logs_is_private.monitor_storage_account_with_activity_logs_is_private.monitor_client", new=monitor_client, ): @@ -26,8 +32,11 @@ class Test_monitor_storage_account_with_activity_logs_is_private: def test_no_diagnostic_settings(self): monitor_client = mock.MagicMock - monitor_client.diagnostics_settings = {AZURE_SUBSCRIPTION: []} + monitor_client.diagnostics_settings = {AZURE_SUBSCRIPTION_ID: []} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.monitor.monitor_storage_account_with_activity_logs_is_private.monitor_storage_account_with_activity_logs_is_private.monitor_client", new=monitor_client, ): @@ -43,7 +52,7 @@ class Test_monitor_storage_account_with_activity_logs_is_private: monitor_client = mock.MagicMock storage_client = mock.MagicMock monitor_client.diagnostics_settings = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ DiagnosticSetting( id="id", logs=[ @@ -75,7 +84,7 @@ class Test_monitor_storage_account_with_activity_logs_is_private: ] } storage_client.storage_accounts = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Account( id="/subscriptions/1234a5-123a-123a-123a-1234567890ab/resourceGroups/rg/providers/Microsoft.Storage/storageAccounts/storageaccountname1", name="storageaccountname1", @@ -120,6 +129,9 @@ class Test_monitor_storage_account_with_activity_logs_is_private: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.monitor.monitor_storage_account_with_activity_logs_is_private.monitor_storage_account_with_activity_logs_is_private.monitor_client", new=monitor_client, ): @@ -134,7 +146,7 @@ class Test_monitor_storage_account_with_activity_logs_is_private: check = monitor_storage_account_with_activity_logs_is_private() result = check.execute() assert len(result) == 2 - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].status == "FAIL" assert ( result[0].resource_id @@ -143,9 +155,9 @@ class Test_monitor_storage_account_with_activity_logs_is_private: assert result[0].resource_name == "storageaccountname1" assert ( result[0].status_extended - == f"Blob public access enabled in storage account {storage_client.storage_accounts[AZURE_SUBSCRIPTION][0].name} storing activity logs in subscription {AZURE_SUBSCRIPTION}." + == f"Blob public access enabled in storage account {storage_client.storage_accounts[AZURE_SUBSCRIPTION_ID][0].name} storing activity logs in subscription {AZURE_SUBSCRIPTION_ID}." ) - assert result[1].subscription == AZURE_SUBSCRIPTION + assert result[1].subscription == AZURE_SUBSCRIPTION_ID assert result[1].status == "PASS" assert ( result[1].resource_id @@ -154,5 +166,5 @@ class Test_monitor_storage_account_with_activity_logs_is_private: assert result[1].resource_name == "storageaccountname2" assert ( result[1].status_extended - == f"Blob public access disabled in storage account {storage_client.storage_accounts[AZURE_SUBSCRIPTION][1].name} storing activity logs in subscription {AZURE_SUBSCRIPTION}." + == f"Blob public access disabled in storage account {storage_client.storage_accounts[AZURE_SUBSCRIPTION_ID][1].name} storing activity logs in subscription {AZURE_SUBSCRIPTION_ID}." ) diff --git a/tests/providers/azure/services/mysql/mysql_flexible_server_audit_log_connection_activated/mysql_flexible_server_audit_log_connection_activated_test.py b/tests/providers/azure/services/mysql/mysql_flexible_server_audit_log_connection_activated/mysql_flexible_server_audit_log_connection_activated_test.py index 91b3096f3a..986c19dde2 100644 --- a/tests/providers/azure/services/mysql/mysql_flexible_server_audit_log_connection_activated/mysql_flexible_server_audit_log_connection_activated_test.py +++ b/tests/providers/azure/services/mysql/mysql_flexible_server_audit_log_connection_activated/mysql_flexible_server_audit_log_connection_activated_test.py @@ -5,7 +5,10 @@ from prowler.providers.azure.services.mysql.mysql_service import ( Configuration, FlexibleServer, ) -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_mysql_flexible_server_audit_log_connection_activated: @@ -14,6 +17,9 @@ class Test_mysql_flexible_server_audit_log_connection_activated: mysql_client.flexible_servers = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.mysql.mysql_flexible_server_audit_log_connection_activated.mysql_flexible_server_audit_log_connection_activated.mysql_client", new=mysql_client, ): @@ -27,9 +33,12 @@ class Test_mysql_flexible_server_audit_log_connection_activated: def test_mysql_no_servers(self): mysql_client = mock.MagicMock - mysql_client.flexible_servers = {AZURE_SUBSCRIPTION: {}} + mysql_client.flexible_servers = {AZURE_SUBSCRIPTION_ID: {}} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.mysql.mysql_flexible_server_audit_log_connection_activated.mysql_flexible_server_audit_log_connection_activated.mysql_client", new=mysql_client, ): @@ -45,7 +54,7 @@ class Test_mysql_flexible_server_audit_log_connection_activated: server_name = str(uuid4()) mysql_client = mock.MagicMock mysql_client.flexible_servers = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { server_name: FlexibleServer( resource_id="/subscriptions/resource_id", location="location", @@ -62,6 +71,9 @@ class Test_mysql_flexible_server_audit_log_connection_activated: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.mysql.mysql_flexible_server_audit_log_connection_activated.mysql_flexible_server_audit_log_connection_activated.mysql_client", new=mysql_client, ): @@ -73,7 +85,7 @@ class Test_mysql_flexible_server_audit_log_connection_activated: result = check.execute() assert len(result) == 1 assert result[0].status == "FAIL" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == server_name assert ( result[0].resource_id @@ -81,14 +93,14 @@ class Test_mysql_flexible_server_audit_log_connection_activated: ) assert ( result[0].status_extended - == f"Audit log is disabled for server {server_name} in subscription {AZURE_SUBSCRIPTION}." + == f"Audit log is disabled for server {server_name} in subscription {AZURE_SUBSCRIPTION_ID}." ) def test_mysql_audit_log_connection_activated(self): server_name = str(uuid4()) mysql_client = mock.MagicMock mysql_client.flexible_servers = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { server_name: FlexibleServer( resource_id="/subscriptions/resource_id", location="location", @@ -105,6 +117,9 @@ class Test_mysql_flexible_server_audit_log_connection_activated: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.mysql.mysql_flexible_server_audit_log_connection_activated.mysql_flexible_server_audit_log_connection_activated.mysql_client", new=mysql_client, ): @@ -116,7 +131,7 @@ class Test_mysql_flexible_server_audit_log_connection_activated: result = check.execute() assert len(result) == 1 assert result[0].status == "PASS" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == server_name assert ( result[0].resource_id @@ -124,14 +139,14 @@ class Test_mysql_flexible_server_audit_log_connection_activated: ) assert ( result[0].status_extended - == f"Audit log is enabled for server {server_name} in subscription {AZURE_SUBSCRIPTION}." + == f"Audit log is enabled for server {server_name} in subscription {AZURE_SUBSCRIPTION_ID}." ) def test_mysql_audit_log_connection_activated_with_other_options(self): server_name = str(uuid4()) mysql_client = mock.MagicMock mysql_client.flexible_servers = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { server_name: FlexibleServer( resource_id="/subscriptions/resource_id", location="location", @@ -148,6 +163,9 @@ class Test_mysql_flexible_server_audit_log_connection_activated: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.mysql.mysql_flexible_server_audit_log_connection_activated.mysql_flexible_server_audit_log_connection_activated.mysql_client", new=mysql_client, ): @@ -159,7 +177,7 @@ class Test_mysql_flexible_server_audit_log_connection_activated: result = check.execute() assert len(result) == 1 assert result[0].status == "PASS" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == server_name assert ( result[0].resource_id @@ -167,5 +185,5 @@ class Test_mysql_flexible_server_audit_log_connection_activated: ) assert ( result[0].status_extended - == f"Audit log is enabled for server {server_name} in subscription {AZURE_SUBSCRIPTION}." + == f"Audit log is enabled for server {server_name} in subscription {AZURE_SUBSCRIPTION_ID}." ) diff --git a/tests/providers/azure/services/mysql/mysql_flexible_server_audit_log_enabled/mysql_flexible_server_audit_log_enabled_test.py b/tests/providers/azure/services/mysql/mysql_flexible_server_audit_log_enabled/mysql_flexible_server_audit_log_enabled_test.py index 7ae1992932..57147d03f1 100644 --- a/tests/providers/azure/services/mysql/mysql_flexible_server_audit_log_enabled/mysql_flexible_server_audit_log_enabled_test.py +++ b/tests/providers/azure/services/mysql/mysql_flexible_server_audit_log_enabled/mysql_flexible_server_audit_log_enabled_test.py @@ -5,7 +5,10 @@ from prowler.providers.azure.services.mysql.mysql_service import ( Configuration, FlexibleServer, ) -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_mysql_flexible_server_audit_log_enabled: @@ -14,6 +17,9 @@ class Test_mysql_flexible_server_audit_log_enabled: mysql_client.flexible_servers = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.mysql.mysql_flexible_server_audit_log_enabled.mysql_flexible_server_audit_log_enabled.mysql_client", new=mysql_client, ): @@ -27,9 +33,12 @@ class Test_mysql_flexible_server_audit_log_enabled: def test_mysql_no_servers(self): mysql_client = mock.MagicMock - mysql_client.flexible_servers = {AZURE_SUBSCRIPTION: {}} + mysql_client.flexible_servers = {AZURE_SUBSCRIPTION_ID: {}} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.mysql.mysql_flexible_server_audit_log_enabled.mysql_flexible_server_audit_log_enabled.mysql_client", new=mysql_client, ): @@ -45,7 +54,7 @@ class Test_mysql_flexible_server_audit_log_enabled: server_name = str(uuid4()) mysql_client = mock.MagicMock mysql_client.flexible_servers = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { server_name: FlexibleServer( resource_id="/subscriptions/resource_id", location="location", @@ -62,6 +71,9 @@ class Test_mysql_flexible_server_audit_log_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.mysql.mysql_flexible_server_audit_log_enabled.mysql_flexible_server_audit_log_enabled.mysql_client", new=mysql_client, ): @@ -73,7 +85,7 @@ class Test_mysql_flexible_server_audit_log_enabled: result = check.execute() assert len(result) == 1 assert result[0].status == "FAIL" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == server_name assert ( result[0].resource_id @@ -81,14 +93,14 @@ class Test_mysql_flexible_server_audit_log_enabled: ) assert ( result[0].status_extended - == f"Audit log is disabled for server {server_name} in subscription {AZURE_SUBSCRIPTION}." + == f"Audit log is disabled for server {server_name} in subscription {AZURE_SUBSCRIPTION_ID}." ) def test_mysql_audit_log_enabled(self): server_name = str(uuid4()) mysql_client = mock.MagicMock mysql_client.flexible_servers = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { server_name: FlexibleServer( resource_id="/subscriptions/resource_id", location="location", @@ -105,6 +117,9 @@ class Test_mysql_flexible_server_audit_log_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.mysql.mysql_flexible_server_audit_log_enabled.mysql_flexible_server_audit_log_enabled.mysql_client", new=mysql_client, ): @@ -116,7 +131,7 @@ class Test_mysql_flexible_server_audit_log_enabled: result = check.execute() assert len(result) == 1 assert result[0].status == "PASS" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == server_name assert ( result[0].resource_id @@ -124,5 +139,5 @@ class Test_mysql_flexible_server_audit_log_enabled: ) assert ( result[0].status_extended - == f"Audit log is enabled for server {server_name} in subscription {AZURE_SUBSCRIPTION}." + == f"Audit log is enabled for server {server_name} in subscription {AZURE_SUBSCRIPTION_ID}." ) diff --git a/tests/providers/azure/services/mysql/mysql_flexible_server_minimum_tls_version_12/mysql_flexible_server_minimum_tls_version_12_test.py b/tests/providers/azure/services/mysql/mysql_flexible_server_minimum_tls_version_12/mysql_flexible_server_minimum_tls_version_12_test.py index 1e19595773..5eb26f3fc6 100644 --- a/tests/providers/azure/services/mysql/mysql_flexible_server_minimum_tls_version_12/mysql_flexible_server_minimum_tls_version_12_test.py +++ b/tests/providers/azure/services/mysql/mysql_flexible_server_minimum_tls_version_12/mysql_flexible_server_minimum_tls_version_12_test.py @@ -5,7 +5,10 @@ from prowler.providers.azure.services.mysql.mysql_service import ( Configuration, FlexibleServer, ) -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_mysql_flexible_server_minimum_tls_version_12: @@ -14,6 +17,9 @@ class Test_mysql_flexible_server_minimum_tls_version_12: mysql_client.flexible_servers = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.mysql.mysql_flexible_server_minimum_tls_version_12.mysql_flexible_server_minimum_tls_version_12.mysql_client", new=mysql_client, ): @@ -27,9 +33,12 @@ class Test_mysql_flexible_server_minimum_tls_version_12: def test_mysql_no_servers(self): mysql_client = mock.MagicMock - mysql_client.flexible_servers = {AZURE_SUBSCRIPTION: {}} + mysql_client.flexible_servers = {AZURE_SUBSCRIPTION_ID: {}} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.mysql.mysql_flexible_server_minimum_tls_version_12.mysql_flexible_server_minimum_tls_version_12.mysql_client", new=mysql_client, ): @@ -45,7 +54,7 @@ class Test_mysql_flexible_server_minimum_tls_version_12: server_name = str(uuid4()) mysql_client = mock.MagicMock mysql_client.flexible_servers = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { server_name: FlexibleServer( resource_id="/subscriptions/resource_id", location="location", @@ -55,6 +64,9 @@ class Test_mysql_flexible_server_minimum_tls_version_12: } } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.mysql.mysql_flexible_server_minimum_tls_version_12.mysql_flexible_server_minimum_tls_version_12.mysql_client", new=mysql_client, ): @@ -66,19 +78,19 @@ class Test_mysql_flexible_server_minimum_tls_version_12: result = check.execute() assert len(result) == 1 assert result[0].status == "FAIL" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == server_name assert result[0].resource_id == server_name assert ( result[0].status_extended - == f"TLS version is not configured in server {server_name} in subscription {AZURE_SUBSCRIPTION}." + == f"TLS version is not configured in server {server_name} in subscription {AZURE_SUBSCRIPTION_ID}." ) def test_mysql_flexible_server_minimum_tls_version_12(self): server_name = str(uuid4()) mysql_client = mock.MagicMock mysql_client.flexible_servers = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { server_name: FlexibleServer( resource_id="/subscriptions/resource_id", location="location", @@ -94,6 +106,9 @@ class Test_mysql_flexible_server_minimum_tls_version_12: } } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.mysql.mysql_flexible_server_minimum_tls_version_12.mysql_flexible_server_minimum_tls_version_12.mysql_client", new=mysql_client, ): @@ -105,7 +120,7 @@ class Test_mysql_flexible_server_minimum_tls_version_12: result = check.execute() assert len(result) == 1 assert result[0].status == "PASS" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == server_name assert ( result[0].resource_id @@ -113,14 +128,14 @@ class Test_mysql_flexible_server_minimum_tls_version_12: ) assert ( result[0].status_extended - == f"TLS version is TLSv1.2 in server {server_name} in subscription {AZURE_SUBSCRIPTION}. This version of TLS is considered secure." + == f"TLS version is TLSv1.2 in server {server_name} in subscription {AZURE_SUBSCRIPTION_ID}. This version of TLS is considered secure." ) def test_mysql_tls_version_is_1_3(self): server_name = str(uuid4()) mysql_client = mock.MagicMock mysql_client.flexible_servers = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { server_name: FlexibleServer( resource_id="/subscriptions/resource_id", location="location", @@ -136,6 +151,9 @@ class Test_mysql_flexible_server_minimum_tls_version_12: } } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.mysql.mysql_flexible_server_minimum_tls_version_12.mysql_flexible_server_minimum_tls_version_12.mysql_client", new=mysql_client, ): @@ -147,7 +165,7 @@ class Test_mysql_flexible_server_minimum_tls_version_12: result = check.execute() assert len(result) == 1 assert result[0].status == "PASS" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == server_name assert ( result[0].resource_id @@ -155,14 +173,14 @@ class Test_mysql_flexible_server_minimum_tls_version_12: ) assert ( result[0].status_extended - == f"TLS version is TLSv1.3 in server {server_name} in subscription {AZURE_SUBSCRIPTION}. This version of TLS is considered secure." + == f"TLS version is TLSv1.3 in server {server_name} in subscription {AZURE_SUBSCRIPTION_ID}. This version of TLS is considered secure." ) def test_mysql_tls_version_is_not_1_2(self): server_name = str(uuid4()) mysql_client = mock.MagicMock mysql_client.flexible_servers = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { server_name: FlexibleServer( resource_id="/subscriptions/resource_id", location="location", @@ -178,6 +196,9 @@ class Test_mysql_flexible_server_minimum_tls_version_12: } } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.mysql.mysql_flexible_server_minimum_tls_version_12.mysql_flexible_server_minimum_tls_version_12.mysql_client", new=mysql_client, ): @@ -189,7 +210,7 @@ class Test_mysql_flexible_server_minimum_tls_version_12: result = check.execute() assert len(result) == 1 assert result[0].status == "FAIL" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == server_name assert ( result[0].resource_id @@ -197,14 +218,14 @@ class Test_mysql_flexible_server_minimum_tls_version_12: ) assert ( result[0].status_extended - == f"TLS version is TLSv1.1 in server {server_name} in subscription {AZURE_SUBSCRIPTION}. There is at leat one version of TLS that is considered insecure." + == f"TLS version is TLSv1.1 in server {server_name} in subscription {AZURE_SUBSCRIPTION_ID}. There is at leat one version of TLS that is considered insecure." ) def test_mysql_tls_version_is_1_1_and_1_3(self): server_name = str(uuid4()) mysql_client = mock.MagicMock mysql_client.flexible_servers = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { server_name: FlexibleServer( resource_id="/subscriptions/resource_id", location="location", @@ -220,6 +241,9 @@ class Test_mysql_flexible_server_minimum_tls_version_12: } } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.mysql.mysql_flexible_server_minimum_tls_version_12.mysql_flexible_server_minimum_tls_version_12.mysql_client", new=mysql_client, ): @@ -231,7 +255,7 @@ class Test_mysql_flexible_server_minimum_tls_version_12: result = check.execute() assert len(result) == 1 assert result[0].status == "FAIL" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == server_name assert ( result[0].resource_id @@ -239,5 +263,5 @@ class Test_mysql_flexible_server_minimum_tls_version_12: ) assert ( result[0].status_extended - == f"TLS version is TLSv1.1,TLSv1.3 in server {server_name} in subscription {AZURE_SUBSCRIPTION}. There is at leat one version of TLS that is considered insecure." + == f"TLS version is TLSv1.1,TLSv1.3 in server {server_name} in subscription {AZURE_SUBSCRIPTION_ID}. There is at leat one version of TLS that is considered insecure." ) diff --git a/tests/providers/azure/services/mysql/mysql_flexible_server_ssl_connection_enabled/mysql_flexible_server_ssl_connection_enabled_test.py b/tests/providers/azure/services/mysql/mysql_flexible_server_ssl_connection_enabled/mysql_flexible_server_ssl_connection_enabled_test.py index b91a95d14c..e60d96d4c2 100644 --- a/tests/providers/azure/services/mysql/mysql_flexible_server_ssl_connection_enabled/mysql_flexible_server_ssl_connection_enabled_test.py +++ b/tests/providers/azure/services/mysql/mysql_flexible_server_ssl_connection_enabled/mysql_flexible_server_ssl_connection_enabled_test.py @@ -5,7 +5,10 @@ from prowler.providers.azure.services.mysql.mysql_service import ( Configuration, FlexibleServer, ) -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_mysql_flexible_server_ssl_connection_enabled: @@ -14,6 +17,9 @@ class Test_mysql_flexible_server_ssl_connection_enabled: mysql_client.flexible_servers = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.mysql.mysql_flexible_server_ssl_connection_enabled.mysql_flexible_server_ssl_connection_enabled.mysql_client", new=mysql_client, ): @@ -27,9 +33,12 @@ class Test_mysql_flexible_server_ssl_connection_enabled: def test_mysql_no_servers(self): mysql_client = mock.MagicMock - mysql_client.flexible_servers = {AZURE_SUBSCRIPTION: {}} + mysql_client.flexible_servers = {AZURE_SUBSCRIPTION_ID: {}} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.mysql.mysql_flexible_server_ssl_connection_enabled.mysql_flexible_server_ssl_connection_enabled.mysql_client", new=mysql_client, ): @@ -45,7 +54,7 @@ class Test_mysql_flexible_server_ssl_connection_enabled: server_name = str(uuid4()) mysql_client = mock.MagicMock mysql_client.flexible_servers = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { server_name: FlexibleServer( resource_id="/subscriptions/resource_id", location="location", @@ -62,6 +71,9 @@ class Test_mysql_flexible_server_ssl_connection_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.mysql.mysql_flexible_server_ssl_connection_enabled.mysql_flexible_server_ssl_connection_enabled.mysql_client", new=mysql_client, ): @@ -73,7 +85,7 @@ class Test_mysql_flexible_server_ssl_connection_enabled: result = check.execute() assert len(result) == 1 assert result[0].status == "PASS" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == server_name assert ( result[0].resource_id @@ -81,14 +93,14 @@ class Test_mysql_flexible_server_ssl_connection_enabled: ) assert ( result[0].status_extended - == f"SSL connection is enabled for server {server_name} in subscription {AZURE_SUBSCRIPTION}." + == f"SSL connection is enabled for server {server_name} in subscription {AZURE_SUBSCRIPTION_ID}." ) def test_mysql_ssl_connection_disabled(self): server_name = str(uuid4()) mysql_client = mock.MagicMock mysql_client.flexible_servers = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { server_name: FlexibleServer( resource_id="/subscriptions/resource_id", location="location", @@ -105,6 +117,9 @@ class Test_mysql_flexible_server_ssl_connection_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.mysql.mysql_flexible_server_ssl_connection_enabled.mysql_flexible_server_ssl_connection_enabled.mysql_client", new=mysql_client, ): @@ -116,7 +131,7 @@ class Test_mysql_flexible_server_ssl_connection_enabled: result = check.execute() assert len(result) == 1 assert result[0].status == "FAIL" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == server_name assert ( result[0].resource_id @@ -124,14 +139,14 @@ class Test_mysql_flexible_server_ssl_connection_enabled: ) assert ( result[0].status_extended - == f"SSL connection is disabled for server {server_name} in subscription {AZURE_SUBSCRIPTION}." + == f"SSL connection is disabled for server {server_name} in subscription {AZURE_SUBSCRIPTION_ID}." ) def test_mysql_ssl_connection_no_configuration(self): server_name = str(uuid4()) mysql_client = mock.MagicMock mysql_client.flexible_servers = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { server_name: FlexibleServer( resource_id="/subscriptions/resource_id", location="location", @@ -142,6 +157,9 @@ class Test_mysql_flexible_server_ssl_connection_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.mysql.mysql_flexible_server_ssl_connection_enabled.mysql_flexible_server_ssl_connection_enabled.mysql_client", new=mysql_client, ): @@ -153,12 +171,12 @@ class Test_mysql_flexible_server_ssl_connection_enabled: result = check.execute() assert len(result) == 1 assert result[0].status == "FAIL" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == server_name assert result[0].resource_id == server_name assert ( result[0].status_extended - == f"SSL connection is disabled for server {server_name} in subscription {AZURE_SUBSCRIPTION}." + == f"SSL connection is disabled for server {server_name} in subscription {AZURE_SUBSCRIPTION_ID}." ) def test_mysql_ssl_connection_enabled_and_disabled(self): @@ -166,7 +184,7 @@ class Test_mysql_flexible_server_ssl_connection_enabled: server_name_2 = str(uuid4()) mysql_client = mock.MagicMock mysql_client.flexible_servers = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { server_name_1: FlexibleServer( resource_id="/subscriptions/resource_id", location="location", @@ -195,6 +213,9 @@ class Test_mysql_flexible_server_ssl_connection_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.mysql.mysql_flexible_server_ssl_connection_enabled.mysql_flexible_server_ssl_connection_enabled.mysql_client", new=mysql_client, ): @@ -206,7 +227,7 @@ class Test_mysql_flexible_server_ssl_connection_enabled: result = check.execute() assert len(result) == 2 assert result[0].status == "PASS" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == server_name_1 assert ( result[0].resource_id @@ -214,10 +235,10 @@ class Test_mysql_flexible_server_ssl_connection_enabled: ) assert ( result[0].status_extended - == f"SSL connection is enabled for server {server_name_1} in subscription {AZURE_SUBSCRIPTION}." + == f"SSL connection is enabled for server {server_name_1} in subscription {AZURE_SUBSCRIPTION_ID}." ) assert result[1].status == "FAIL" - assert result[1].subscription == AZURE_SUBSCRIPTION + assert result[1].subscription == AZURE_SUBSCRIPTION_ID assert result[1].resource_name == server_name_2 assert ( result[1].resource_id @@ -225,5 +246,5 @@ class Test_mysql_flexible_server_ssl_connection_enabled: ) assert ( result[1].status_extended - == f"SSL connection is disabled for server {server_name_2} in subscription {AZURE_SUBSCRIPTION}." + == f"SSL connection is disabled for server {server_name_2} in subscription {AZURE_SUBSCRIPTION_ID}." ) diff --git a/tests/providers/azure/services/mysql/mysql_service_test.py b/tests/providers/azure/services/mysql/mysql_service_test.py index e5c9883067..704cff66e6 100644 --- a/tests/providers/azure/services/mysql/mysql_service_test.py +++ b/tests/providers/azure/services/mysql/mysql_service_test.py @@ -6,14 +6,14 @@ from prowler.providers.azure.services.mysql.mysql_service import ( MySQL, ) from tests.providers.azure.azure_fixtures import ( - AZURE_SUBSCRIPTION, - set_mocked_azure_audit_info, + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, ) def mock_mysql_get_servers(_): return { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "test": FlexibleServer( resource_id="/subscriptions/resource_id", location="location", @@ -50,49 +50,54 @@ def mock_mysql_get_configurations(_): ) class Test_MySQL_Service: def test__get_client__(self): - mysql = MySQL(set_mocked_azure_audit_info()) + mysql = MySQL(set_mocked_azure_provider()) assert ( - mysql.clients[AZURE_SUBSCRIPTION].__class__.__name__ + mysql.clients[AZURE_SUBSCRIPTION_ID].__class__.__name__ == "MySQLManagementClient" ) def test__get_subscriptions__(self): - mysql = MySQL(set_mocked_azure_audit_info()) + mysql = MySQL(set_mocked_azure_provider()) assert mysql.subscriptions.__class__.__name__ == "dict" def test__get_flexible_servers__(self): - mysql = MySQL(set_mocked_azure_audit_info()) + mysql = MySQL(set_mocked_azure_provider()) assert len(mysql.flexible_servers) == 1 assert ( - mysql.flexible_servers[AZURE_SUBSCRIPTION]["test"].resource_id + mysql.flexible_servers[AZURE_SUBSCRIPTION_ID]["test"].resource_id == "/subscriptions/resource_id" ) - assert mysql.flexible_servers[AZURE_SUBSCRIPTION]["test"].location == "location" - assert mysql.flexible_servers[AZURE_SUBSCRIPTION]["test"].version == "version" assert ( - len(mysql.flexible_servers[AZURE_SUBSCRIPTION]["test"].configurations) == 1 + mysql.flexible_servers[AZURE_SUBSCRIPTION_ID]["test"].location == "location" ) assert ( - mysql.flexible_servers[AZURE_SUBSCRIPTION]["test"] + mysql.flexible_servers[AZURE_SUBSCRIPTION_ID]["test"].version == "version" + ) + assert ( + len(mysql.flexible_servers[AZURE_SUBSCRIPTION_ID]["test"].configurations) + == 1 + ) + assert ( + mysql.flexible_servers[AZURE_SUBSCRIPTION_ID]["test"] .configurations["test"] .resource_id == "/subscriptions/test/resource_id" ) assert ( - mysql.flexible_servers[AZURE_SUBSCRIPTION]["test"] + mysql.flexible_servers[AZURE_SUBSCRIPTION_ID]["test"] .configurations["test"] .description == "description" ) assert ( - mysql.flexible_servers[AZURE_SUBSCRIPTION]["test"] + mysql.flexible_servers[AZURE_SUBSCRIPTION_ID]["test"] .configurations["test"] .value == "value" ) def test__get_configurations__(self): - mysql = MySQL(set_mocked_azure_audit_info()) + mysql = MySQL(set_mocked_azure_provider()) configurations = mysql.__get_configurations__() assert len(configurations) == 1 diff --git a/tests/providers/azure/services/network/network_bastion_host_exists/network_bastion_host_exists_test.py b/tests/providers/azure/services/network/network_bastion_host_exists/network_bastion_host_exists_test.py index bf4fce59d8..d1574bc4b0 100644 --- a/tests/providers/azure/services/network/network_bastion_host_exists/network_bastion_host_exists_test.py +++ b/tests/providers/azure/services/network/network_bastion_host_exists/network_bastion_host_exists_test.py @@ -2,15 +2,21 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.network.network_service import BastionHost -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_network_bastion_host_exists: def test_no_bastion_hosts(self): network_client = mock.MagicMock - network_client.bastion_hosts = {AZURE_SUBSCRIPTION: []} + network_client.bastion_hosts = {AZURE_SUBSCRIPTION_ID: []} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.network.network_service.Network", new=network_client, ) as service_client, mock.patch( @@ -27,9 +33,9 @@ class Test_network_bastion_host_exists: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Bastion Host from subscription {AZURE_SUBSCRIPTION} does not exist" + == f"Bastion Host from subscription {AZURE_SUBSCRIPTION_ID} does not exist" ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Bastion Host" assert result[0].resource_id == "N/A" @@ -39,7 +45,7 @@ class Test_network_bastion_host_exists: bastion_host_id = str(uuid4()) network_client.bastion_hosts = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ BastionHost( id=bastion_host_id, name=bastion_host_name, @@ -49,6 +55,9 @@ class Test_network_bastion_host_exists: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.network.network_service.Network", new=network_client, ) as service_client, mock.patch( @@ -65,8 +74,8 @@ class Test_network_bastion_host_exists: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Bastion Host from subscription {AZURE_SUBSCRIPTION} available are: {bastion_host_name}" + == f"Bastion Host from subscription {AZURE_SUBSCRIPTION_ID} available are: {bastion_host_name}" ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Bastion Host" assert result[0].resource_id == bastion_host_id diff --git a/tests/providers/azure/services/network/network_flow_log_more_than_90_days/network_flow_log_more_than_90_days_test.py b/tests/providers/azure/services/network/network_flow_log_more_than_90_days/network_flow_log_more_than_90_days_test.py index d2f79c9784..94ad63ecfa 100644 --- a/tests/providers/azure/services/network/network_flow_log_more_than_90_days/network_flow_log_more_than_90_days_test.py +++ b/tests/providers/azure/services/network/network_flow_log_more_than_90_days/network_flow_log_more_than_90_days_test.py @@ -4,7 +4,10 @@ from uuid import uuid4 from azure.mgmt.network.models._models import FlowLog, RetentionPolicyParameters from prowler.providers.azure.services.network.network_service import NetworkWatcher -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_network_flow_log_more_than_90_days: @@ -13,6 +16,9 @@ class Test_network_flow_log_more_than_90_days: network_client.network_watchers = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.network.network_service.Network", new=network_client, ) as service_client, mock.patch( @@ -33,7 +39,7 @@ class Test_network_flow_log_more_than_90_days: network_watcher_id = str(uuid4()) network_client.network_watchers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ NetworkWatcher( id=network_watcher_id, name=network_watcher_name, @@ -44,6 +50,9 @@ class Test_network_flow_log_more_than_90_days: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.network.network_service.Network", new=network_client, ) as service_client, mock.patch( @@ -60,9 +69,9 @@ class Test_network_flow_log_more_than_90_days: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Network Watcher {network_watcher_name} from subscription {AZURE_SUBSCRIPTION} has no flow logs" + == f"Network Watcher {network_watcher_name} from subscription {AZURE_SUBSCRIPTION_ID} has no flow logs" ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == network_watcher_name assert result[0].resource_id == network_watcher_id @@ -72,7 +81,7 @@ class Test_network_flow_log_more_than_90_days: network_watcher_id = str(uuid4()) network_client.network_watchers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ NetworkWatcher( id=network_watcher_id, name=network_watcher_name, @@ -88,6 +97,9 @@ class Test_network_flow_log_more_than_90_days: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.network.network_service.Network", new=network_client, ) as service_client, mock.patch( @@ -104,9 +116,9 @@ class Test_network_flow_log_more_than_90_days: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Network Watcher {network_watcher_name} from subscription {AZURE_SUBSCRIPTION} has flow logs disabled" + == f"Network Watcher {network_watcher_name} from subscription {AZURE_SUBSCRIPTION_ID} has flow logs disabled" ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == network_watcher_name assert result[0].resource_id == network_watcher_id @@ -116,7 +128,7 @@ class Test_network_flow_log_more_than_90_days: network_watcher_id = str(uuid4()) network_client.network_watchers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ NetworkWatcher( id=network_watcher_id, name=network_watcher_name, @@ -132,6 +144,9 @@ class Test_network_flow_log_more_than_90_days: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.network.network_service.Network", new=network_client, ) as service_client, mock.patch( @@ -148,9 +163,9 @@ class Test_network_flow_log_more_than_90_days: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Network Watcher {network_watcher_name} from subscription {AZURE_SUBSCRIPTION} flow logs retention policy is less than 90 days" + == f"Network Watcher {network_watcher_name} from subscription {AZURE_SUBSCRIPTION_ID} flow logs retention policy is less than 90 days" ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == network_watcher_name assert result[0].resource_id == network_watcher_id @@ -160,7 +175,7 @@ class Test_network_flow_log_more_than_90_days: network_watcher_id = str(uuid4()) network_client.network_watchers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ NetworkWatcher( id=network_watcher_id, name=network_watcher_name, @@ -176,6 +191,9 @@ class Test_network_flow_log_more_than_90_days: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.network.network_service.Network", new=network_client, ) as service_client, mock.patch( @@ -192,8 +210,8 @@ class Test_network_flow_log_more_than_90_days: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Network Watcher {network_watcher_name} from subscription {AZURE_SUBSCRIPTION} has flow logs enabled for more than 90 days" + == f"Network Watcher {network_watcher_name} from subscription {AZURE_SUBSCRIPTION_ID} has flow logs enabled for more than 90 days" ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == network_watcher_name assert result[0].resource_id == network_watcher_id diff --git a/tests/providers/azure/services/network/network_http_internet_access_restricted/network_http_internet_access_restricted_test.py b/tests/providers/azure/services/network/network_http_internet_access_restricted/network_http_internet_access_restricted_test.py index 6f19e37619..a58642f0f2 100644 --- a/tests/providers/azure/services/network/network_http_internet_access_restricted/network_http_internet_access_restricted_test.py +++ b/tests/providers/azure/services/network/network_http_internet_access_restricted/network_http_internet_access_restricted_test.py @@ -4,7 +4,10 @@ from uuid import uuid4 from azure.mgmt.network.models._models import SecurityRule from prowler.providers.azure.services.network.network_service import SecurityGroup -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_network_http_internet_access_restricted: @@ -13,6 +16,9 @@ class Test_network_http_internet_access_restricted: network_client.security_groups = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.network.network_service.Network", new=network_client, ) as service_client, mock.patch( @@ -33,7 +39,7 @@ class Test_network_http_internet_access_restricted: security_group_id = str(uuid4()) network_client.security_groups = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ SecurityGroup( id=security_group_id, name=security_group_name, @@ -44,6 +50,9 @@ class Test_network_http_internet_access_restricted: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.network.network_service.Network", new=network_client, ) as service_client, mock.patch( @@ -60,9 +69,9 @@ class Test_network_http_internet_access_restricted: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION} has HTTP internet access restricted." + == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_ID} has HTTP internet access restricted." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == security_group_name assert result[0].resource_id == security_group_id @@ -72,7 +81,7 @@ class Test_network_http_internet_access_restricted: security_group_id = str(uuid4()) network_client.security_groups = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ SecurityGroup( id=security_group_id, name=security_group_name, @@ -91,6 +100,9 @@ class Test_network_http_internet_access_restricted: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.network.network_service.Network", new=network_client, ) as service_client, mock.patch( @@ -107,9 +119,9 @@ class Test_network_http_internet_access_restricted: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION} has HTTP internet access allowed." + == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_ID} has HTTP internet access allowed." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == security_group_name assert result[0].resource_id == security_group_id @@ -119,7 +131,7 @@ class Test_network_http_internet_access_restricted: security_group_id = str(uuid4()) network_client.security_groups = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ SecurityGroup( id=security_group_id, name=security_group_name, @@ -138,6 +150,9 @@ class Test_network_http_internet_access_restricted: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.network.network_service.Network", new=network_client, ) as service_client, mock.patch( @@ -154,9 +169,9 @@ class Test_network_http_internet_access_restricted: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION} has HTTP internet access allowed." + == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_ID} has HTTP internet access allowed." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == security_group_name assert result[0].resource_id == security_group_id @@ -166,7 +181,7 @@ class Test_network_http_internet_access_restricted: security_group_id = str(uuid4()) network_client.security_groups = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ SecurityGroup( id=security_group_id, name=security_group_name, @@ -185,6 +200,9 @@ class Test_network_http_internet_access_restricted: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.network.network_service.Network", new=network_client, ) as service_client, mock.patch( @@ -201,8 +219,8 @@ class Test_network_http_internet_access_restricted: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION} has HTTP internet access restricted." + == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_ID} has HTTP internet access restricted." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == security_group_name assert result[0].resource_id == security_group_id diff --git a/tests/providers/azure/services/network/network_public_ip_shodan/network_public_ip_shodan_test.py b/tests/providers/azure/services/network/network_public_ip_shodan/network_public_ip_shodan_test.py index 128aba5421..e550734178 100644 --- a/tests/providers/azure/services/network/network_public_ip_shodan/network_public_ip_shodan_test.py +++ b/tests/providers/azure/services/network/network_public_ip_shodan/network_public_ip_shodan_test.py @@ -1,16 +1,21 @@ from unittest import mock from prowler.providers.azure.services.network.network_service import PublicIp -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_network_public_ip_shodan: def test_no_public_ip_addresses(self): network_client = mock.MagicMock network_client.public_ip_addresses = {} - network_client.audit_info = mock.MagicMock with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.network.network_service.Network", new=network_client, ) as service_client, mock.patch( @@ -37,10 +42,9 @@ class Test_network_public_ip_shodan: "isp": "Microsoft Corporation", "country_name": "country_name", } - network_client.audit_info = mock.MagicMock network_client.public_ip_addresses = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ PublicIp( id=public_ip_id, name=public_ip_name, @@ -51,6 +55,9 @@ class Test_network_public_ip_shodan: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.network.network_service.Network", new=network_client, ) as service_client, mock.patch( @@ -73,6 +80,6 @@ class Test_network_public_ip_shodan: result[0].status_extended == f"Public IP {ip_address} listed in Shodan with open ports {str(shodan_info['ports'])} and ISP {shodan_info['isp']} in {shodan_info['country_name']}. More info at https://www.shodan.io/host/{ip_address}." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == public_ip_name assert result[0].resource_id == public_ip_id diff --git a/tests/providers/azure/services/network/network_rdp_internet_access_restricted/network_rdp_internet_access_restricted_test.py b/tests/providers/azure/services/network/network_rdp_internet_access_restricted/network_rdp_internet_access_restricted_test.py index e44342792b..70fefae20f 100644 --- a/tests/providers/azure/services/network/network_rdp_internet_access_restricted/network_rdp_internet_access_restricted_test.py +++ b/tests/providers/azure/services/network/network_rdp_internet_access_restricted/network_rdp_internet_access_restricted_test.py @@ -4,7 +4,10 @@ from uuid import uuid4 from azure.mgmt.network.models._models import SecurityRule from prowler.providers.azure.services.network.network_service import SecurityGroup -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_network_rdp_internet_access_restricted: @@ -13,6 +16,9 @@ class Test_network_rdp_internet_access_restricted: network_client.security_groups = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.network.network_service.Network", new=network_client, ) as service_client, mock.patch( @@ -33,7 +39,7 @@ class Test_network_rdp_internet_access_restricted: security_group_id = str(uuid4()) network_client.security_groups = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ SecurityGroup( id=security_group_id, name=security_group_name, @@ -44,6 +50,9 @@ class Test_network_rdp_internet_access_restricted: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.network.network_service.Network", new=network_client, ) as service_client, mock.patch( @@ -60,9 +69,9 @@ class Test_network_rdp_internet_access_restricted: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION} has RDP internet access restricted." + == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_ID} has RDP internet access restricted." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == security_group_name assert result[0].resource_id == security_group_id @@ -72,7 +81,7 @@ class Test_network_rdp_internet_access_restricted: security_group_id = str(uuid4()) network_client.security_groups = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ SecurityGroup( id=security_group_id, name=security_group_name, @@ -91,6 +100,9 @@ class Test_network_rdp_internet_access_restricted: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.network.network_service.Network", new=network_client, ) as service_client, mock.patch( @@ -107,9 +119,9 @@ class Test_network_rdp_internet_access_restricted: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION} has RDP internet access restricted." + == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_ID} has RDP internet access restricted." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == security_group_name assert result[0].resource_id == security_group_id @@ -119,7 +131,7 @@ class Test_network_rdp_internet_access_restricted: security_group_id = str(uuid4()) network_client.security_groups = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ SecurityGroup( id=security_group_id, name=security_group_name, @@ -138,6 +150,9 @@ class Test_network_rdp_internet_access_restricted: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.network.network_service.Network", new=network_client, ) as service_client, mock.patch( @@ -154,8 +169,8 @@ class Test_network_rdp_internet_access_restricted: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION} has RDP internet access allowed." + == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_ID} has RDP internet access allowed." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == security_group_name assert result[0].resource_id == security_group_id diff --git a/tests/providers/azure/services/network/network_service_test.py b/tests/providers/azure/services/network/network_service_test.py index 6d6fb17680..a467b77f6c 100644 --- a/tests/providers/azure/services/network/network_service_test.py +++ b/tests/providers/azure/services/network/network_service_test.py @@ -10,14 +10,14 @@ from prowler.providers.azure.services.network.network_service import ( SecurityGroup, ) from tests.providers.azure.azure_fixtures import ( - AZURE_SUBSCRIPTION, - set_mocked_azure_audit_info, + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, ) def mock_network_get_security_groups(_): return { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ SecurityGroup( id="id", name="name", @@ -30,7 +30,7 @@ def mock_network_get_security_groups(_): def mock_network_get_bastion_hosts(_): return { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ BastionHost( id="id", name="name", @@ -42,7 +42,7 @@ def mock_network_get_bastion_hosts(_): def mock_network_get_network_watchers(_): return { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ NetworkWatcher( id="id", name="name", @@ -55,7 +55,7 @@ def mock_network_get_network_watchers(_): def mock_network_get_public_ip_addresses(_): return { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ PublicIp( id="id", name="name", @@ -84,78 +84,81 @@ def mock_network_get_public_ip_addresses(_): ) class Test_Network_Service: def test__get_client__(self): - network = Network(set_mocked_azure_audit_info()) + network = Network(set_mocked_azure_provider()) assert ( - network.clients[AZURE_SUBSCRIPTION].__class__.__name__ + network.clients[AZURE_SUBSCRIPTION_ID].__class__.__name__ == "NetworkManagementClient" ) def test__get_security_groups__(self): - network = Network(set_mocked_azure_audit_info()) + network = Network(set_mocked_azure_provider()) assert ( - network.security_groups[AZURE_SUBSCRIPTION][0].__class__.__name__ + network.security_groups[AZURE_SUBSCRIPTION_ID][0].__class__.__name__ == "SecurityGroup" ) - assert network.security_groups[AZURE_SUBSCRIPTION][0].id == "id" - assert network.security_groups[AZURE_SUBSCRIPTION][0].name == "name" - assert network.security_groups[AZURE_SUBSCRIPTION][0].location == "location" - assert network.security_groups[AZURE_SUBSCRIPTION][0].security_rules == [] + assert network.security_groups[AZURE_SUBSCRIPTION_ID][0].id == "id" + assert network.security_groups[AZURE_SUBSCRIPTION_ID][0].name == "name" + assert network.security_groups[AZURE_SUBSCRIPTION_ID][0].location == "location" + assert network.security_groups[AZURE_SUBSCRIPTION_ID][0].security_rules == [] def test__get_network_watchers__(self): - network = Network(set_mocked_azure_audit_info()) + network = Network(set_mocked_azure_provider()) assert ( - network.network_watchers[AZURE_SUBSCRIPTION][0].__class__.__name__ + network.network_watchers[AZURE_SUBSCRIPTION_ID][0].__class__.__name__ == "NetworkWatcher" ) - assert network.network_watchers[AZURE_SUBSCRIPTION][0].id == "id" - assert network.network_watchers[AZURE_SUBSCRIPTION][0].name == "name" - assert network.network_watchers[AZURE_SUBSCRIPTION][0].location == "location" - assert network.network_watchers[AZURE_SUBSCRIPTION][0].flow_logs == [ + assert network.network_watchers[AZURE_SUBSCRIPTION_ID][0].id == "id" + assert network.network_watchers[AZURE_SUBSCRIPTION_ID][0].name == "name" + assert network.network_watchers[AZURE_SUBSCRIPTION_ID][0].location == "location" + assert network.network_watchers[AZURE_SUBSCRIPTION_ID][0].flow_logs == [ FlowLog(enabled=True, retention_policy=90) ] def __get_flow_logs__(self): - network = Network(set_mocked_azure_audit_info()) + network = Network(set_mocked_azure_provider()) nw_name = "name" assert ( - network.network_watchers[AZURE_SUBSCRIPTION][0] + network.network_watchers[AZURE_SUBSCRIPTION_ID][0] .flow_logs[nw_name][0] .__class__.__name__ == "FlowLog" ) - assert network.network_watchers[AZURE_SUBSCRIPTION][0].flow_logs == [ + assert network.network_watchers[AZURE_SUBSCRIPTION_ID][0].flow_logs == [ FlowLog(enabled=True, retention_policy=90) ] assert ( - network.network_watchers[AZURE_SUBSCRIPTION][0].flow_logs[0].enabled is True + network.network_watchers[AZURE_SUBSCRIPTION_ID][0].flow_logs[0].enabled + is True ) assert ( - network.network_watchers[AZURE_SUBSCRIPTION][0] + network.network_watchers[AZURE_SUBSCRIPTION_ID][0] .flow_logs[0] .retention_policy == 90 ) def __get_bastion_hosts__(self): - network = Network(set_mocked_azure_audit_info()) + network = Network(set_mocked_azure_provider()) assert ( - network.bastion_hosts[AZURE_SUBSCRIPTION][0].__class__.__name__ + network.bastion_hosts[AZURE_SUBSCRIPTION_ID][0].__class__.__name__ == "BastionHost" ) - assert network.bastion_hosts[AZURE_SUBSCRIPTION][0].id == "id" - assert network.bastion_hosts[AZURE_SUBSCRIPTION][0].name == "name" - assert network.bastion_hosts[AZURE_SUBSCRIPTION][0].location == "location" + assert network.bastion_hosts[AZURE_SUBSCRIPTION_ID][0].id == "id" + assert network.bastion_hosts[AZURE_SUBSCRIPTION_ID][0].name == "name" + assert network.bastion_hosts[AZURE_SUBSCRIPTION_ID][0].location == "location" def __get_public_ip_addresses__(self): - network = Network(set_mocked_azure_audit_info()) + network = Network(set_mocked_azure_provider()) assert ( - network.public_ip_addresses[AZURE_SUBSCRIPTION][0].__class__.__name__ + network.public_ip_addresses[AZURE_SUBSCRIPTION_ID][0].__class__.__name__ == "PublicIp" ) - assert network.public_ip_addresses[AZURE_SUBSCRIPTION][0].id == "id" - assert network.public_ip_addresses[AZURE_SUBSCRIPTION][0].name == "name" - assert network.public_ip_addresses[AZURE_SUBSCRIPTION][0].location == "location" + assert network.public_ip_addresses[AZURE_SUBSCRIPTION_ID][0].id == "id" + assert network.public_ip_addresses[AZURE_SUBSCRIPTION_ID][0].name == "name" assert ( - network.public_ip_addresses[AZURE_SUBSCRIPTION][0].ip_address + network.public_ip_addresses[AZURE_SUBSCRIPTION_ID][0].location == "location" + ) + assert ( + network.public_ip_addresses[AZURE_SUBSCRIPTION_ID][0].ip_address == "ip_address" ) diff --git a/tests/providers/azure/services/network/network_ssh_internet_access_restricted/network_ssh_internet_access_restricted_test.py b/tests/providers/azure/services/network/network_ssh_internet_access_restricted/network_ssh_internet_access_restricted_test.py index 8d001d82ce..debecb423c 100644 --- a/tests/providers/azure/services/network/network_ssh_internet_access_restricted/network_ssh_internet_access_restricted_test.py +++ b/tests/providers/azure/services/network/network_ssh_internet_access_restricted/network_ssh_internet_access_restricted_test.py @@ -4,7 +4,10 @@ from uuid import uuid4 from azure.mgmt.network.models._models import SecurityRule from prowler.providers.azure.services.network.network_service import SecurityGroup -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_network_ssh_internet_access_restricted: @@ -13,6 +16,9 @@ class Test_network_ssh_internet_access_restricted: network_client.security_groups = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.network.network_service.Network", new=network_client, ) as service_client, mock.patch( @@ -33,7 +39,7 @@ class Test_network_ssh_internet_access_restricted: security_group_id = str(uuid4()) network_client.security_groups = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ SecurityGroup( id=security_group_id, name=security_group_name, @@ -44,6 +50,9 @@ class Test_network_ssh_internet_access_restricted: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.network.network_service.Network", new=network_client, ) as service_client, mock.patch( @@ -60,9 +69,9 @@ class Test_network_ssh_internet_access_restricted: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION} has SSH internet access restricted." + == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_ID} has SSH internet access restricted." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == security_group_name assert result[0].resource_id == security_group_id @@ -72,7 +81,7 @@ class Test_network_ssh_internet_access_restricted: security_group_id = str(uuid4()) network_client.security_groups = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ SecurityGroup( id=security_group_id, name=security_group_name, @@ -91,6 +100,9 @@ class Test_network_ssh_internet_access_restricted: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.network.network_service.Network", new=network_client, ) as service_client, mock.patch( @@ -107,9 +119,9 @@ class Test_network_ssh_internet_access_restricted: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION} has SSH internet access allowed." + == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_ID} has SSH internet access allowed." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == security_group_name assert result[0].resource_id == security_group_id @@ -119,7 +131,7 @@ class Test_network_ssh_internet_access_restricted: security_group_id = str(uuid4()) network_client.security_groups = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ SecurityGroup( id=security_group_id, name=security_group_name, @@ -138,6 +150,9 @@ class Test_network_ssh_internet_access_restricted: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.network.network_service.Network", new=network_client, ) as service_client, mock.patch( @@ -154,9 +169,9 @@ class Test_network_ssh_internet_access_restricted: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION} has SSH internet access allowed." + == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_ID} has SSH internet access allowed." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == security_group_name assert result[0].resource_id == security_group_id @@ -166,7 +181,7 @@ class Test_network_ssh_internet_access_restricted: security_group_id = str(uuid4()) network_client.security_groups = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ SecurityGroup( id=security_group_id, name=security_group_name, @@ -185,6 +200,9 @@ class Test_network_ssh_internet_access_restricted: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.network.network_service.Network", new=network_client, ) as service_client, mock.patch( @@ -201,8 +219,8 @@ class Test_network_ssh_internet_access_restricted: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION} has SSH internet access restricted." + == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_ID} has SSH internet access restricted." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == security_group_name assert result[0].resource_id == security_group_id diff --git a/tests/providers/azure/services/network/network_udp_internet_access_restricted/network_udp_internet_access_restricted_test.py b/tests/providers/azure/services/network/network_udp_internet_access_restricted/network_udp_internet_access_restricted_test.py index f94001100b..d8a99dc9bf 100644 --- a/tests/providers/azure/services/network/network_udp_internet_access_restricted/network_udp_internet_access_restricted_test.py +++ b/tests/providers/azure/services/network/network_udp_internet_access_restricted/network_udp_internet_access_restricted_test.py @@ -4,7 +4,10 @@ from uuid import uuid4 from azure.mgmt.network.models._models import SecurityRule from prowler.providers.azure.services.network.network_service import SecurityGroup -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_network_udp_internet_access_restricted: @@ -13,6 +16,9 @@ class Test_network_udp_internet_access_restricted: network_client.security_groups = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.network.network_service.Network", new=network_client, ) as service_client, mock.patch( @@ -33,7 +39,7 @@ class Test_network_udp_internet_access_restricted: security_group_id = str(uuid4()) network_client.security_groups = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ SecurityGroup( id=security_group_id, name=security_group_name, @@ -44,6 +50,9 @@ class Test_network_udp_internet_access_restricted: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.network.network_service.Network", new=network_client, ) as service_client, mock.patch( @@ -60,9 +69,9 @@ class Test_network_udp_internet_access_restricted: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION} has UDP internet access restricted." + == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_ID} has UDP internet access restricted." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == security_group_name assert result[0].resource_id == security_group_id @@ -72,7 +81,7 @@ class Test_network_udp_internet_access_restricted: security_group_id = str(uuid4()) network_client.security_groups = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ SecurityGroup( id=security_group_id, name=security_group_name, @@ -90,6 +99,9 @@ class Test_network_udp_internet_access_restricted: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.network.network_service.Network", new=network_client, ) as service_client, mock.patch( @@ -106,9 +118,9 @@ class Test_network_udp_internet_access_restricted: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION} has UDP internet access allowed." + == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_ID} has UDP internet access allowed." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == security_group_name assert result[0].resource_id == security_group_id @@ -118,7 +130,7 @@ class Test_network_udp_internet_access_restricted: security_group_id = str(uuid4()) network_client.security_groups = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ SecurityGroup( id=security_group_id, name=security_group_name, @@ -136,6 +148,9 @@ class Test_network_udp_internet_access_restricted: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.network.network_service.Network", new=network_client, ) as service_client, mock.patch( @@ -152,8 +167,8 @@ class Test_network_udp_internet_access_restricted: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION} has UDP internet access restricted." + == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_ID} has UDP internet access restricted." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == security_group_name assert result[0].resource_id == security_group_id diff --git a/tests/providers/azure/services/network/network_watcher_enabled/network_watcher_enabled_test.py b/tests/providers/azure/services/network/network_watcher_enabled/network_watcher_enabled_test.py index d4bef4046a..3e7c4afb10 100644 --- a/tests/providers/azure/services/network/network_watcher_enabled/network_watcher_enabled_test.py +++ b/tests/providers/azure/services/network/network_watcher_enabled/network_watcher_enabled_test.py @@ -1,18 +1,24 @@ from unittest import mock from prowler.providers.azure.services.network.network_service import NetworkWatcher -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_network_watcher_enabled: def test_no_network_watchers(self): network_client = mock.MagicMock locations = [] - network_client.locations = {AZURE_SUBSCRIPTION: locations} + network_client.locations = {AZURE_SUBSCRIPTION_ID: locations} network_client.security_groups = {} network_client.network_watchers = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.network.network_service.Network", new=network_client, ) as service_client, mock.patch( @@ -30,12 +36,12 @@ class Test_network_watcher_enabled: def test_network_invalid_network_watchers(self): network_client = mock.MagicMock locations = ["location"] - network_client.locations = {AZURE_SUBSCRIPTION: locations} + network_client.locations = {AZURE_SUBSCRIPTION_ID: locations} network_watcher_name = "Network Watcher" - network_watcher_id = f"/subscriptions/{AZURE_SUBSCRIPTION}/providers/Microsoft.Network/networkWatchers/{locations[0]}" + network_watcher_id = f"/subscriptions/{AZURE_SUBSCRIPTION_ID}/providers/Microsoft.Network/networkWatchers/{locations[0]}" network_client.network_watchers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ NetworkWatcher( id=network_watcher_id, name=network_watcher_name, @@ -46,6 +52,9 @@ class Test_network_watcher_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.network.network_service.Network", new=network_client, ) as service_client, mock.patch( @@ -62,21 +71,21 @@ class Test_network_watcher_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Network Watcher is not enabled for the location {locations[0]} in subscription {AZURE_SUBSCRIPTION}." + == f"Network Watcher is not enabled for the location {locations[0]} in subscription {AZURE_SUBSCRIPTION_ID}." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == network_watcher_name assert result[0].resource_id == network_watcher_id def test_network_valid_network_watchers(self): network_client = mock.MagicMock locations = ["location"] - network_client.locations = {AZURE_SUBSCRIPTION: locations} + network_client.locations = {AZURE_SUBSCRIPTION_ID: locations} network_watcher_name = "Network Watcher" - network_watcher_id = f"/subscriptions/{AZURE_SUBSCRIPTION}/providers/Microsoft.Network/networkWatchers/{locations[0]}" + network_watcher_id = f"/subscriptions/{AZURE_SUBSCRIPTION_ID}/providers/Microsoft.Network/networkWatchers/{locations[0]}" network_client.network_watchers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ NetworkWatcher( id=network_watcher_id, name=network_watcher_name, @@ -87,6 +96,9 @@ class Test_network_watcher_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.network.network_service.Network", new=network_client, ) as service_client, mock.patch( @@ -103,8 +115,8 @@ class Test_network_watcher_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Network Watcher is enabled for the location {locations[0]} in subscription {AZURE_SUBSCRIPTION}." + == f"Network Watcher is enabled for the location {locations[0]} in subscription {AZURE_SUBSCRIPTION_ID}." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == network_watcher_name assert result[0].resource_id == network_watcher_id diff --git a/tests/providers/azure/services/policy/policy_ensure_asc_enforcement_enabled/policy_ensure_asc_enforcement_enabled_test.py b/tests/providers/azure/services/policy/policy_ensure_asc_enforcement_enabled/policy_ensure_asc_enforcement_enabled_test.py index 398ff8b499..e9702a209e 100644 --- a/tests/providers/azure/services/policy/policy_ensure_asc_enforcement_enabled/policy_ensure_asc_enforcement_enabled_test.py +++ b/tests/providers/azure/services/policy/policy_ensure_asc_enforcement_enabled/policy_ensure_asc_enforcement_enabled_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.policy.policy_service import PolicyAssigment -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_policy_ensure_asc_enforcement_enabled: @@ -11,6 +14,9 @@ class Test_policy_ensure_asc_enforcement_enabled: policy_client.policy_assigments = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.policy.policy_ensure_asc_enforcement_enabled.policy_ensure_asc_enforcement_enabled.policy_client", new=policy_client, ): @@ -24,9 +30,12 @@ class Test_policy_ensure_asc_enforcement_enabled: def test_policy_subscription_empty(self): policy_client = mock.MagicMock - policy_client.policy_assigments = {AZURE_SUBSCRIPTION: {}} + policy_client.policy_assigments = {AZURE_SUBSCRIPTION_ID: {}} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.policy.policy_ensure_asc_enforcement_enabled.policy_ensure_asc_enforcement_enabled.policy_client", new=policy_client, ): @@ -42,12 +51,15 @@ class Test_policy_ensure_asc_enforcement_enabled: policy_client = mock.MagicMock resource_id = uuid4() policy_client.policy_assigments = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "policy-1": PolicyAssigment(id=resource_id, enforcement_mode="Default") } } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.policy.policy_ensure_asc_enforcement_enabled.policy_ensure_asc_enforcement_enabled.policy_client", new=policy_client, ): @@ -63,7 +75,7 @@ class Test_policy_ensure_asc_enforcement_enabled: policy_client = mock.MagicMock resource_id = uuid4() policy_client.policy_assigments = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "SecurityCenterBuiltIn": PolicyAssigment( id=resource_id, enforcement_mode="Default" ) @@ -71,6 +83,9 @@ class Test_policy_ensure_asc_enforcement_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.policy.policy_ensure_asc_enforcement_enabled.policy_ensure_asc_enforcement_enabled.policy_client", new=policy_client, ): @@ -88,13 +103,13 @@ class Test_policy_ensure_asc_enforcement_enabled: ) assert result[0].resource_id == resource_id assert result[0].resource_name == "SecurityCenterBuiltIn" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID def test_policy_subscription_asc_not_default(self): policy_client = mock.MagicMock resource_id = uuid4() policy_client.policy_assigments = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "SecurityCenterBuiltIn": PolicyAssigment( id=resource_id, enforcement_mode="DoNotEnforce" ) @@ -102,6 +117,9 @@ class Test_policy_ensure_asc_enforcement_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.policy.policy_ensure_asc_enforcement_enabled.policy_ensure_asc_enforcement_enabled.policy_client", new=policy_client, ): @@ -119,4 +137,4 @@ class Test_policy_ensure_asc_enforcement_enabled: ) assert result[0].resource_id == resource_id assert result[0].resource_name == "SecurityCenterBuiltIn" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID diff --git a/tests/providers/azure/services/policy/policy_service_test.py b/tests/providers/azure/services/policy/policy_service_test.py index 35266af466..fbd91e7f02 100644 --- a/tests/providers/azure/services/policy/policy_service_test.py +++ b/tests/providers/azure/services/policy/policy_service_test.py @@ -5,14 +5,14 @@ from prowler.providers.azure.services.policy.policy_service import ( PolicyAssigment, ) from tests.providers.azure.azure_fixtures import ( - AZURE_SUBSCRIPTION, - set_mocked_azure_audit_info, + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, ) def mock_policy_assigments(_): return { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "policy-1": PolicyAssigment(id="id-1", enforcement_mode="Default") } } @@ -24,23 +24,29 @@ def mock_policy_assigments(_): ) class Test_AppInsights_Service: def test__get_client__(self): - policy = Policy(set_mocked_azure_audit_info()) - assert policy.clients[AZURE_SUBSCRIPTION].__class__.__name__ == "PolicyClient" + policy = Policy(set_mocked_azure_provider()) + assert ( + policy.clients[AZURE_SUBSCRIPTION_ID].__class__.__name__ == "PolicyClient" + ) def test__get_subscriptions__(self): - policy = Policy(set_mocked_azure_audit_info()) + policy = Policy(set_mocked_azure_provider()) assert policy.subscriptions.__class__.__name__ == "dict" def test__get_policy_assigments__(self): - policy = Policy(set_mocked_azure_audit_info()) + policy = Policy(set_mocked_azure_provider()) assert policy.policy_assigments.__class__.__name__ == "dict" - assert policy.policy_assigments[AZURE_SUBSCRIPTION].__class__.__name__ == "dict" assert ( - policy.policy_assigments[AZURE_SUBSCRIPTION]["policy-1"].__class__.__name__ + policy.policy_assigments[AZURE_SUBSCRIPTION_ID].__class__.__name__ == "dict" + ) + assert ( + policy.policy_assigments[AZURE_SUBSCRIPTION_ID][ + "policy-1" + ].__class__.__name__ == "PolicyAssigment" ) - assert policy.policy_assigments[AZURE_SUBSCRIPTION]["policy-1"].id == "id-1" + assert policy.policy_assigments[AZURE_SUBSCRIPTION_ID]["policy-1"].id == "id-1" assert ( - policy.policy_assigments[AZURE_SUBSCRIPTION]["policy-1"].enforcement_mode + policy.policy_assigments[AZURE_SUBSCRIPTION_ID]["policy-1"].enforcement_mode == "Default" ) diff --git a/tests/providers/azure/services/postgresql/postgresql_flexible_server_allow_access_services_disabled/postgresql_flexible_server_allow_access_services_disabled_test.py b/tests/providers/azure/services/postgresql/postgresql_flexible_server_allow_access_services_disabled/postgresql_flexible_server_allow_access_services_disabled_test.py index 87ca80a6ff..8a5dd2ccfb 100644 --- a/tests/providers/azure/services/postgresql/postgresql_flexible_server_allow_access_services_disabled/postgresql_flexible_server_allow_access_services_disabled_test.py +++ b/tests/providers/azure/services/postgresql/postgresql_flexible_server_allow_access_services_disabled/postgresql_flexible_server_allow_access_services_disabled_test.py @@ -5,7 +5,10 @@ from prowler.providers.azure.services.postgresql.postgresql_service import ( Firewall, Server, ) -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_postgresql_flexible_server_allow_access_services_disabled: @@ -14,6 +17,9 @@ class Test_postgresql_flexible_server_allow_access_services_disabled: postgresql_client.flexible_servers = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.postgresql.postgresql_flexible_server_allow_access_services_disabled.postgresql_flexible_server_allow_access_services_disabled.postgresql_client", new=postgresql_client, ): @@ -36,7 +42,7 @@ class Test_postgresql_flexible_server_allow_access_services_disabled: end_ip="0.0.0.0", ) postgresql_client.flexible_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=postgresql_server_id, name=postgresql_server_name, @@ -53,6 +59,9 @@ class Test_postgresql_flexible_server_allow_access_services_disabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.postgresql.postgresql_flexible_server_allow_access_services_disabled.postgresql_flexible_server_allow_access_services_disabled.postgresql_client", new=postgresql_client, ): @@ -66,9 +75,9 @@ class Test_postgresql_flexible_server_allow_access_services_disabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION} has allow public access from any Azure service enabled" + == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has allow public access from any Azure service enabled" ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == postgresql_server_name assert result[0].resource_id == postgresql_server_id @@ -83,7 +92,7 @@ class Test_postgresql_flexible_server_allow_access_services_disabled: end_ip="1.1.1.1", ) postgresql_client.flexible_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=postgresql_server_id, name=postgresql_server_name, @@ -100,6 +109,9 @@ class Test_postgresql_flexible_server_allow_access_services_disabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.postgresql.postgresql_flexible_server_allow_access_services_disabled.postgresql_flexible_server_allow_access_services_disabled.postgresql_client", new=postgresql_client, ): @@ -113,8 +125,8 @@ class Test_postgresql_flexible_server_allow_access_services_disabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION} has allow public access from any Azure service disabled" + == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has allow public access from any Azure service disabled" ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == postgresql_server_name assert result[0].resource_id == postgresql_server_id diff --git a/tests/providers/azure/services/postgresql/postgresql_flexible_server_connection_throttling_on/postgresql_flexible_server_connection_throttling_on_test.py b/tests/providers/azure/services/postgresql/postgresql_flexible_server_connection_throttling_on/postgresql_flexible_server_connection_throttling_on_test.py index 59efcbf52a..7170d60b0a 100644 --- a/tests/providers/azure/services/postgresql/postgresql_flexible_server_connection_throttling_on/postgresql_flexible_server_connection_throttling_on_test.py +++ b/tests/providers/azure/services/postgresql/postgresql_flexible_server_connection_throttling_on/postgresql_flexible_server_connection_throttling_on_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.postgresql.postgresql_service import Server -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_postgresql_flexible_server_connection_throttling_on: @@ -11,6 +14,9 @@ class Test_postgresql_flexible_server_connection_throttling_on: postgresql_client.flexible_servers = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.postgresql.postgresql_flexible_server_connection_throttling_on.postgresql_flexible_server_connection_throttling_on.postgresql_client", new=postgresql_client, ): @@ -27,7 +33,7 @@ class Test_postgresql_flexible_server_connection_throttling_on: postgresql_server_name = "Postgres Flexible Server Name" postgresql_server_id = str(uuid4()) postgresql_client.flexible_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=postgresql_server_id, name=postgresql_server_name, @@ -44,6 +50,9 @@ class Test_postgresql_flexible_server_connection_throttling_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.postgresql.postgresql_flexible_server_connection_throttling_on.postgresql_flexible_server_connection_throttling_on.postgresql_client", new=postgresql_client, ): @@ -57,9 +66,9 @@ class Test_postgresql_flexible_server_connection_throttling_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION} has connection_throttling disabled" + == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has connection_throttling disabled" ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == postgresql_server_name assert result[0].resource_id == postgresql_server_id @@ -68,7 +77,7 @@ class Test_postgresql_flexible_server_connection_throttling_on: postgresql_server_name = "Postgres Flexible Server Name" postgresql_server_id = str(uuid4()) postgresql_client.flexible_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=postgresql_server_id, name=postgresql_server_name, @@ -85,6 +94,9 @@ class Test_postgresql_flexible_server_connection_throttling_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.postgresql.postgresql_flexible_server_connection_throttling_on.postgresql_flexible_server_connection_throttling_on.postgresql_client", new=postgresql_client, ): @@ -98,8 +110,8 @@ class Test_postgresql_flexible_server_connection_throttling_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION} has connection_throttling enabled" + == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has connection_throttling enabled" ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == postgresql_server_name assert result[0].resource_id == postgresql_server_id diff --git a/tests/providers/azure/services/postgresql/postgresql_flexible_server_enforce_ssl_enabled/postgresql_flexible_server_enforce_ssl_enabled_test.py b/tests/providers/azure/services/postgresql/postgresql_flexible_server_enforce_ssl_enabled/postgresql_flexible_server_enforce_ssl_enabled_test.py index 0544c412db..da5a4a19c4 100644 --- a/tests/providers/azure/services/postgresql/postgresql_flexible_server_enforce_ssl_enabled/postgresql_flexible_server_enforce_ssl_enabled_test.py +++ b/tests/providers/azure/services/postgresql/postgresql_flexible_server_enforce_ssl_enabled/postgresql_flexible_server_enforce_ssl_enabled_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.postgresql.postgresql_service import Server -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_postgresql_flexible_server_enforce_ssl_enabled: @@ -11,6 +14,9 @@ class Test_postgresql_flexible_server_enforce_ssl_enabled: postgresql_client.flexible_servers = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.postgresql.postgresql_flexible_server_enforce_ssl_enabled.postgresql_flexible_server_enforce_ssl_enabled.postgresql_client", new=postgresql_client, ): @@ -27,7 +33,7 @@ class Test_postgresql_flexible_server_enforce_ssl_enabled: postgresql_server_name = "Postgres Flexible Server Name" postgresql_server_id = str(uuid4()) postgresql_client.flexible_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=postgresql_server_id, name=postgresql_server_name, @@ -44,6 +50,9 @@ class Test_postgresql_flexible_server_enforce_ssl_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.postgresql.postgresql_flexible_server_enforce_ssl_enabled.postgresql_flexible_server_enforce_ssl_enabled.postgresql_client", new=postgresql_client, ): @@ -57,9 +66,9 @@ class Test_postgresql_flexible_server_enforce_ssl_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION} has enforce ssl disabled" + == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has enforce ssl disabled" ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == postgresql_server_name assert result[0].resource_id == postgresql_server_id @@ -68,7 +77,7 @@ class Test_postgresql_flexible_server_enforce_ssl_enabled: postgresql_server_name = "Postgres Flexible Server Name" postgresql_server_id = str(uuid4()) postgresql_client.flexible_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=postgresql_server_id, name=postgresql_server_name, @@ -85,6 +94,9 @@ class Test_postgresql_flexible_server_enforce_ssl_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.postgresql.postgresql_flexible_server_enforce_ssl_enabled.postgresql_flexible_server_enforce_ssl_enabled.postgresql_client", new=postgresql_client, ): @@ -98,8 +110,8 @@ class Test_postgresql_flexible_server_enforce_ssl_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION} has enforce ssl enabled" + == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has enforce ssl enabled" ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == postgresql_server_name assert result[0].resource_id == postgresql_server_id diff --git a/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_checkpoints_on/postgresql_flexible_server_log_checkpoints_on_test.py b/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_checkpoints_on/postgresql_flexible_server_log_checkpoints_on_test.py index 2d2960cb1c..2851a88df7 100644 --- a/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_checkpoints_on/postgresql_flexible_server_log_checkpoints_on_test.py +++ b/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_checkpoints_on/postgresql_flexible_server_log_checkpoints_on_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.postgresql.postgresql_service import Server -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_postgresql_flexible_server_log_checkpoints_on: @@ -11,6 +14,9 @@ class Test_postgresql_flexible_server_log_checkpoints_on: postgresql_client.flexible_servers = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_checkpoints_on.postgresql_flexible_server_log_checkpoints_on.postgresql_client", new=postgresql_client, ): @@ -27,7 +33,7 @@ class Test_postgresql_flexible_server_log_checkpoints_on: postgresql_server_name = "Postgres Flexible Server Name" postgresql_server_id = str(uuid4()) postgresql_client.flexible_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=postgresql_server_id, name=postgresql_server_name, @@ -44,6 +50,9 @@ class Test_postgresql_flexible_server_log_checkpoints_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_checkpoints_on.postgresql_flexible_server_log_checkpoints_on.postgresql_client", new=postgresql_client, ): @@ -57,9 +66,9 @@ class Test_postgresql_flexible_server_log_checkpoints_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION} has log_checkpoints disabled" + == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has log_checkpoints disabled" ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == postgresql_server_name assert result[0].resource_id == postgresql_server_id @@ -68,7 +77,7 @@ class Test_postgresql_flexible_server_log_checkpoints_on: postgresql_server_name = "Postgres Flexible Server Name" postgresql_server_id = str(uuid4()) postgresql_client.flexible_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=postgresql_server_id, name=postgresql_server_name, @@ -85,6 +94,9 @@ class Test_postgresql_flexible_server_log_checkpoints_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_checkpoints_on.postgresql_flexible_server_log_checkpoints_on.postgresql_client", new=postgresql_client, ): @@ -98,8 +110,8 @@ class Test_postgresql_flexible_server_log_checkpoints_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION} has log_checkpoints enabled" + == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has log_checkpoints enabled" ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == postgresql_server_name assert result[0].resource_id == postgresql_server_id diff --git a/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_connections_on/postgresql_flexible_server_log_connections_on_test.py b/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_connections_on/postgresql_flexible_server_log_connections_on_test.py index 98e7724b3c..e2032a76e2 100644 --- a/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_connections_on/postgresql_flexible_server_log_connections_on_test.py +++ b/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_connections_on/postgresql_flexible_server_log_connections_on_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.postgresql.postgresql_service import Server -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_postgresql_flexible_server_log_connections_on: @@ -11,6 +14,9 @@ class Test_postgresql_flexible_server_log_connections_on: postgresql_client.flexible_servers = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_connections_on.postgresql_flexible_server_log_connections_on.postgresql_client", new=postgresql_client, ): @@ -27,7 +33,7 @@ class Test_postgresql_flexible_server_log_connections_on: postgresql_server_name = "Postgres Flexible Server Name" postgresql_server_id = str(uuid4()) postgresql_client.flexible_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=postgresql_server_id, name=postgresql_server_name, @@ -44,6 +50,9 @@ class Test_postgresql_flexible_server_log_connections_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_connections_on.postgresql_flexible_server_log_connections_on.postgresql_client", new=postgresql_client, ): @@ -57,9 +66,9 @@ class Test_postgresql_flexible_server_log_connections_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION} has log_connections disabled" + == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has log_connections disabled" ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == postgresql_server_name assert result[0].resource_id == postgresql_server_id @@ -68,7 +77,7 @@ class Test_postgresql_flexible_server_log_connections_on: postgresql_server_name = "Postgres Flexible Server Name" postgresql_server_id = str(uuid4()) postgresql_client.flexible_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=postgresql_server_id, name=postgresql_server_name, @@ -85,6 +94,9 @@ class Test_postgresql_flexible_server_log_connections_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_connections_on.postgresql_flexible_server_log_connections_on.postgresql_client", new=postgresql_client, ): @@ -98,8 +110,8 @@ class Test_postgresql_flexible_server_log_connections_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION} has log_connections enabled" + == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has log_connections enabled" ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == postgresql_server_name assert result[0].resource_id == postgresql_server_id diff --git a/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_disconnections_on/postgresql_flexible_server_log_disconnections_on_test.py b/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_disconnections_on/postgresql_flexible_server_log_disconnections_on_test.py index fff5d27b08..acb5a93c0b 100644 --- a/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_disconnections_on/postgresql_flexible_server_log_disconnections_on_test.py +++ b/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_disconnections_on/postgresql_flexible_server_log_disconnections_on_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.postgresql.postgresql_service import Server -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_postgresql_flexible_server_log_disconnections_on: @@ -11,6 +14,9 @@ class Test_postgresql_flexible_server_log_disconnections_on: postgresql_client.flexible_servers = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_disconnections_on.postgresql_flexible_server_log_disconnections_on.postgresql_client", new=postgresql_client, ): @@ -27,7 +33,7 @@ class Test_postgresql_flexible_server_log_disconnections_on: postgresql_server_name = "Postgres Flexible Server Name" postgresql_server_id = str(uuid4()) postgresql_client.flexible_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=postgresql_server_id, name=postgresql_server_name, @@ -44,6 +50,9 @@ class Test_postgresql_flexible_server_log_disconnections_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_disconnections_on.postgresql_flexible_server_log_disconnections_on.postgresql_client", new=postgresql_client, ): @@ -57,9 +66,9 @@ class Test_postgresql_flexible_server_log_disconnections_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION} has log_disconnections disabled" + == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has log_disconnections disabled" ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == postgresql_server_name assert result[0].resource_id == postgresql_server_id @@ -68,7 +77,7 @@ class Test_postgresql_flexible_server_log_disconnections_on: postgresql_server_name = "Postgres Flexible Server Name" postgresql_server_id = str(uuid4()) postgresql_client.flexible_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=postgresql_server_id, name=postgresql_server_name, @@ -85,6 +94,9 @@ class Test_postgresql_flexible_server_log_disconnections_on: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_disconnections_on.postgresql_flexible_server_log_disconnections_on.postgresql_client", new=postgresql_client, ): @@ -98,8 +110,8 @@ class Test_postgresql_flexible_server_log_disconnections_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION} has log_disconnections enabled" + == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has log_disconnections enabled" ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == postgresql_server_name assert result[0].resource_id == postgresql_server_id diff --git a/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_retention_days_greater_3/postgresql_flexible_server_log_retention_days_greater_3_test.py b/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_retention_days_greater_3/postgresql_flexible_server_log_retention_days_greater_3_test.py index fdc476277d..3163753dfe 100644 --- a/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_retention_days_greater_3/postgresql_flexible_server_log_retention_days_greater_3_test.py +++ b/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_retention_days_greater_3/postgresql_flexible_server_log_retention_days_greater_3_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.postgresql.postgresql_service import Server -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_postgresql_flexible_server_log_retention_days_greater_3: @@ -11,6 +14,9 @@ class Test_postgresql_flexible_server_log_retention_days_greater_3: postgresql_client.flexible_servers = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_retention_days_greater_3.postgresql_flexible_server_log_retention_days_greater_3.postgresql_client", new=postgresql_client, ): @@ -27,7 +33,7 @@ class Test_postgresql_flexible_server_log_retention_days_greater_3: postgresql_server_name = "Postgres Flexible Server Name" postgresql_server_id = str(uuid4()) postgresql_client.flexible_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=postgresql_server_id, name=postgresql_server_name, @@ -44,6 +50,9 @@ class Test_postgresql_flexible_server_log_retention_days_greater_3: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_retention_days_greater_3.postgresql_flexible_server_log_retention_days_greater_3.postgresql_client", new=postgresql_client, ): @@ -57,9 +66,9 @@ class Test_postgresql_flexible_server_log_retention_days_greater_3: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION} has log_retention disabled" + == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has log_retention disabled" ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == postgresql_server_name assert result[0].resource_id == postgresql_server_id @@ -69,7 +78,7 @@ class Test_postgresql_flexible_server_log_retention_days_greater_3: postgresql_server_id = str(uuid4()) log_retention_days = "3" postgresql_client.flexible_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=postgresql_server_id, name=postgresql_server_name, @@ -86,6 +95,9 @@ class Test_postgresql_flexible_server_log_retention_days_greater_3: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_retention_days_greater_3.postgresql_flexible_server_log_retention_days_greater_3.postgresql_client", new=postgresql_client, ): @@ -99,9 +111,9 @@ class Test_postgresql_flexible_server_log_retention_days_greater_3: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION} has log_retention set to {log_retention_days}" + == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has log_retention set to {log_retention_days}" ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == postgresql_server_name assert result[0].resource_id == postgresql_server_id @@ -111,7 +123,7 @@ class Test_postgresql_flexible_server_log_retention_days_greater_3: postgresql_server_id = str(uuid4()) log_retention_days = "4" postgresql_client.flexible_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=postgresql_server_id, name=postgresql_server_name, @@ -128,6 +140,9 @@ class Test_postgresql_flexible_server_log_retention_days_greater_3: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_retention_days_greater_3.postgresql_flexible_server_log_retention_days_greater_3.postgresql_client", new=postgresql_client, ): @@ -141,9 +156,9 @@ class Test_postgresql_flexible_server_log_retention_days_greater_3: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION} has log_retention set to {log_retention_days}" + == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has log_retention set to {log_retention_days}" ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == postgresql_server_name assert result[0].resource_id == postgresql_server_id @@ -153,7 +168,7 @@ class Test_postgresql_flexible_server_log_retention_days_greater_3: postgresql_server_id = str(uuid4()) log_retention_days = "8" postgresql_client.flexible_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=postgresql_server_id, name=postgresql_server_name, @@ -170,6 +185,9 @@ class Test_postgresql_flexible_server_log_retention_days_greater_3: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_retention_days_greater_3.postgresql_flexible_server_log_retention_days_greater_3.postgresql_client", new=postgresql_client, ): @@ -183,8 +201,8 @@ class Test_postgresql_flexible_server_log_retention_days_greater_3: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION} has log_retention set to {log_retention_days}" + == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has log_retention set to {log_retention_days}" ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == postgresql_server_name assert result[0].resource_id == postgresql_server_id diff --git a/tests/providers/azure/services/postgresql/postgresql_service_test.py b/tests/providers/azure/services/postgresql/postgresql_service_test.py index cdc479c6c8..43922818ce 100644 --- a/tests/providers/azure/services/postgresql/postgresql_service_test.py +++ b/tests/providers/azure/services/postgresql/postgresql_service_test.py @@ -6,8 +6,8 @@ from prowler.providers.azure.services.postgresql.postgresql_service import ( Server, ) from tests.providers.azure.azure_fixtures import ( - AZURE_SUBSCRIPTION, - set_mocked_azure_audit_info, + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, ) @@ -19,7 +19,7 @@ def mock_sqlserver_get_postgresql_flexible_servers(_): end_ip="end_ip", ) return { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id="id", name="name", @@ -42,81 +42,92 @@ def mock_sqlserver_get_postgresql_flexible_servers(_): ) class Test_SqlServer_Service: def test__get_client__(self): - postgresql = PostgreSQL(set_mocked_azure_audit_info()) + postgresql = PostgreSQL(set_mocked_azure_provider()) assert ( - postgresql.clients[AZURE_SUBSCRIPTION].__class__.__name__ + postgresql.clients[AZURE_SUBSCRIPTION_ID].__class__.__name__ == "PostgreSQLManagementClient" ) def test__get_sql_servers__(self): - postgesql = PostgreSQL(set_mocked_azure_audit_info()) + postgesql = PostgreSQL(set_mocked_azure_provider()) assert ( - postgesql.flexible_servers[AZURE_SUBSCRIPTION][0].__class__.__name__ + postgesql.flexible_servers[AZURE_SUBSCRIPTION_ID][0].__class__.__name__ == "Server" ) - assert postgesql.flexible_servers[AZURE_SUBSCRIPTION][0].id == "id" - assert postgesql.flexible_servers[AZURE_SUBSCRIPTION][0].name == "name" + assert postgesql.flexible_servers[AZURE_SUBSCRIPTION_ID][0].id == "id" + assert postgesql.flexible_servers[AZURE_SUBSCRIPTION_ID][0].name == "name" assert ( - postgesql.flexible_servers[AZURE_SUBSCRIPTION][0].resource_group + postgesql.flexible_servers[AZURE_SUBSCRIPTION_ID][0].resource_group == "resource_group" ) def test__get_resource_group__(self): id = "/subscriptions/subscription/resourceGroups/resource_group/providers/Microsoft.DBforPostgreSQL/flexibleServers/server" - postgresql = PostgreSQL(set_mocked_azure_audit_info()) + postgresql = PostgreSQL(set_mocked_azure_provider()) assert postgresql.__get_resource_group__(id) == "resource_group" def test__get_require_secure_transport__(self): - postgesql = PostgreSQL(set_mocked_azure_audit_info()) + postgesql = PostgreSQL(set_mocked_azure_provider()) assert ( - postgesql.flexible_servers[AZURE_SUBSCRIPTION][0].require_secure_transport + postgesql.flexible_servers[AZURE_SUBSCRIPTION_ID][ + 0 + ].require_secure_transport == "ON" ) def test__get_log_checkpoints__(self): - postgesql = PostgreSQL(set_mocked_azure_audit_info()) - assert postgesql.flexible_servers[AZURE_SUBSCRIPTION][0].log_checkpoints == "ON" + postgesql = PostgreSQL(set_mocked_azure_provider()) + assert ( + postgesql.flexible_servers[AZURE_SUBSCRIPTION_ID][0].log_checkpoints == "ON" + ) def test__get_log_connections__(self): - postgesql = PostgreSQL(set_mocked_azure_audit_info()) - assert postgesql.flexible_servers[AZURE_SUBSCRIPTION][0].log_connections == "ON" + postgesql = PostgreSQL(set_mocked_azure_provider()) + assert ( + postgesql.flexible_servers[AZURE_SUBSCRIPTION_ID][0].log_connections == "ON" + ) def test__get_log_disconnections__(self): - postgesql = PostgreSQL(set_mocked_azure_audit_info()) + postgesql = PostgreSQL(set_mocked_azure_provider()) assert ( - postgesql.flexible_servers[AZURE_SUBSCRIPTION][0].log_disconnections == "ON" + postgesql.flexible_servers[AZURE_SUBSCRIPTION_ID][0].log_disconnections + == "ON" ) def test__get_connection_throttling__(self): - postgesql = PostgreSQL(set_mocked_azure_audit_info()) + postgesql = PostgreSQL(set_mocked_azure_provider()) assert ( - postgesql.flexible_servers[AZURE_SUBSCRIPTION][0].connection_throttling + postgesql.flexible_servers[AZURE_SUBSCRIPTION_ID][0].connection_throttling == "ON" ) def test__get_log_retention_days__(self): - postgesql = PostgreSQL(set_mocked_azure_audit_info()) + postgesql = PostgreSQL(set_mocked_azure_provider()) assert ( - postgesql.flexible_servers[AZURE_SUBSCRIPTION][0].log_retention_days == "3" + postgesql.flexible_servers[AZURE_SUBSCRIPTION_ID][0].log_retention_days + == "3" ) def test__get_firewall__(self): - postgesql = PostgreSQL(set_mocked_azure_audit_info()) + postgesql = PostgreSQL(set_mocked_azure_provider()) assert ( - postgesql.flexible_servers[AZURE_SUBSCRIPTION][0] + postgesql.flexible_servers[AZURE_SUBSCRIPTION_ID][0] .firewall[0] .__class__.__name__ == "Firewall" ) - assert postgesql.flexible_servers[AZURE_SUBSCRIPTION][0].firewall[0].id == "id" assert ( - postgesql.flexible_servers[AZURE_SUBSCRIPTION][0].firewall[0].name == "name" + postgesql.flexible_servers[AZURE_SUBSCRIPTION_ID][0].firewall[0].id == "id" ) assert ( - postgesql.flexible_servers[AZURE_SUBSCRIPTION][0].firewall[0].start_ip + postgesql.flexible_servers[AZURE_SUBSCRIPTION_ID][0].firewall[0].name + == "name" + ) + assert ( + postgesql.flexible_servers[AZURE_SUBSCRIPTION_ID][0].firewall[0].start_ip == "start_ip" ) assert ( - postgesql.flexible_servers[AZURE_SUBSCRIPTION][0].firewall[0].end_ip + postgesql.flexible_servers[AZURE_SUBSCRIPTION_ID][0].firewall[0].end_ip == "end_ip" ) diff --git a/tests/providers/azure/services/sqlserver/sqlserver_auditing_enabled/sqlserver_auditing_enabled_test.py b/tests/providers/azure/services/sqlserver/sqlserver_auditing_enabled/sqlserver_auditing_enabled_test.py index 0c43204a07..312251c1af 100644 --- a/tests/providers/azure/services/sqlserver/sqlserver_auditing_enabled/sqlserver_auditing_enabled_test.py +++ b/tests/providers/azure/services/sqlserver/sqlserver_auditing_enabled/sqlserver_auditing_enabled_test.py @@ -8,7 +8,10 @@ from azure.mgmt.sql.models import ( ) from prowler.providers.azure.services.sqlserver.sqlserver_service import Server -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_sqlserver_auditing_enabled: @@ -17,6 +20,9 @@ class Test_sqlserver_auditing_enabled: sqlserver_client.sql_servers = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_auditing_enabled.sqlserver_auditing_enabled.sqlserver_client", new=sqlserver_client, ): @@ -33,7 +39,7 @@ class Test_sqlserver_auditing_enabled: sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -47,6 +53,9 @@ class Test_sqlserver_auditing_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_auditing_enabled.sqlserver_auditing_enabled.sqlserver_client", new=sqlserver_client, ): @@ -60,9 +69,9 @@ class Test_sqlserver_auditing_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} does not have any auditing policy configured." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} does not have any auditing policy configured." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name assert result[0].resource_id == sql_server_id @@ -71,7 +80,7 @@ class Test_sqlserver_auditing_enabled: sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -85,6 +94,9 @@ class Test_sqlserver_auditing_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_auditing_enabled.sqlserver_auditing_enabled.sqlserver_client", new=sqlserver_client, ): @@ -98,8 +110,8 @@ class Test_sqlserver_auditing_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has a auditing policy configured." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has a auditing policy configured." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name assert result[0].resource_id == sql_server_id diff --git a/tests/providers/azure/services/sqlserver/sqlserver_auditing_retention_90_days/sqlserver_auditing_retention_90_days_test.py b/tests/providers/azure/services/sqlserver/sqlserver_auditing_retention_90_days/sqlserver_auditing_retention_90_days_test.py index cbe5505cb9..4edbb621b1 100644 --- a/tests/providers/azure/services/sqlserver/sqlserver_auditing_retention_90_days/sqlserver_auditing_retention_90_days_test.py +++ b/tests/providers/azure/services/sqlserver/sqlserver_auditing_retention_90_days/sqlserver_auditing_retention_90_days_test.py @@ -4,7 +4,10 @@ from uuid import uuid4 from azure.mgmt.sql.models import ServerBlobAuditingPolicy from prowler.providers.azure.services.sqlserver.sqlserver_service import Server -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_sqlserver_auditing_retention_90_days: @@ -13,6 +16,9 @@ class Test_sqlserver_auditing_retention_90_days: sqlserver_client.sql_servers = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_auditing_retention_90_days.sqlserver_auditing_retention_90_days.sqlserver_client", new=sqlserver_client, ): @@ -29,7 +35,7 @@ class Test_sqlserver_auditing_retention_90_days: sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -45,6 +51,9 @@ class Test_sqlserver_auditing_retention_90_days: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_auditing_retention_90_days.sqlserver_auditing_retention_90_days.sqlserver_client", new=sqlserver_client, ): @@ -58,9 +67,9 @@ class Test_sqlserver_auditing_retention_90_days: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has auditing disabled." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has auditing disabled." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name assert result[0].resource_id == sql_server_id @@ -69,7 +78,7 @@ class Test_sqlserver_auditing_retention_90_days: sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -87,6 +96,9 @@ class Test_sqlserver_auditing_retention_90_days: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_auditing_retention_90_days.sqlserver_auditing_retention_90_days.sqlserver_client", new=sqlserver_client, ): @@ -100,9 +112,9 @@ class Test_sqlserver_auditing_retention_90_days: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has auditing retention less than 91 days." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has auditing retention less than 91 days." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name assert result[0].resource_id == sql_server_id @@ -111,7 +123,7 @@ class Test_sqlserver_auditing_retention_90_days: sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -129,6 +141,9 @@ class Test_sqlserver_auditing_retention_90_days: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_auditing_retention_90_days.sqlserver_auditing_retention_90_days.sqlserver_client", new=sqlserver_client, ): @@ -142,9 +157,9 @@ class Test_sqlserver_auditing_retention_90_days: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has auditing retention greater than 90 days." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has auditing retention greater than 90 days." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name assert result[0].resource_id == sql_server_id @@ -155,7 +170,7 @@ class Test_sqlserver_auditing_retention_90_days: sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -174,6 +189,9 @@ class Test_sqlserver_auditing_retention_90_days: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_auditing_retention_90_days.sqlserver_auditing_retention_90_days.sqlserver_client", new=sqlserver_client, ): @@ -187,9 +205,9 @@ class Test_sqlserver_auditing_retention_90_days: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has auditing retention greater than 90 days." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has auditing retention greater than 90 days." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name assert result[0].resource_id == sql_server_id @@ -200,7 +218,7 @@ class Test_sqlserver_auditing_retention_90_days: sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -219,6 +237,9 @@ class Test_sqlserver_auditing_retention_90_days: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_auditing_retention_90_days.sqlserver_auditing_retention_90_days.sqlserver_client", new=sqlserver_client, ): @@ -232,8 +253,8 @@ class Test_sqlserver_auditing_retention_90_days: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has auditing retention less than 91 days." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has auditing retention less than 91 days." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name assert result[0].resource_id == sql_server_id diff --git a/tests/providers/azure/services/sqlserver/sqlserver_azuread_administrator_enabled/sqlserver_azuread_administrator_enabled_test.py b/tests/providers/azure/services/sqlserver/sqlserver_azuread_administrator_enabled/sqlserver_azuread_administrator_enabled_test.py index 4bda9d24ee..ac3a38f5ef 100644 --- a/tests/providers/azure/services/sqlserver/sqlserver_azuread_administrator_enabled/sqlserver_azuread_administrator_enabled_test.py +++ b/tests/providers/azure/services/sqlserver/sqlserver_azuread_administrator_enabled/sqlserver_azuread_administrator_enabled_test.py @@ -4,7 +4,10 @@ from uuid import uuid4 from azure.mgmt.sql.models import ServerExternalAdministrator from prowler.providers.azure.services.sqlserver.sqlserver_service import Server -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_sqlserver_azuread_administrator_enabled: @@ -13,6 +16,9 @@ class Test_sqlserver_azuread_administrator_enabled: sqlserver_client.sql_servers = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_azuread_administrator_enabled.sqlserver_azuread_administrator_enabled.sqlserver_client", new=sqlserver_client, ): @@ -29,7 +35,7 @@ class Test_sqlserver_azuread_administrator_enabled: sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -43,6 +49,9 @@ class Test_sqlserver_azuread_administrator_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_azuread_administrator_enabled.sqlserver_azuread_administrator_enabled.sqlserver_client", new=sqlserver_client, ): @@ -56,9 +65,9 @@ class Test_sqlserver_azuread_administrator_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} does not have an Active Directory administrator." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} does not have an Active Directory administrator." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name assert result[0].resource_id == sql_server_id @@ -67,7 +76,7 @@ class Test_sqlserver_azuread_administrator_enabled: sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -83,6 +92,9 @@ class Test_sqlserver_azuread_administrator_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_azuread_administrator_enabled.sqlserver_azuread_administrator_enabled.sqlserver_client", new=sqlserver_client, ): @@ -96,9 +108,9 @@ class Test_sqlserver_azuread_administrator_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} does not have an Active Directory administrator." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} does not have an Active Directory administrator." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name assert result[0].resource_id == sql_server_id @@ -107,7 +119,7 @@ class Test_sqlserver_azuread_administrator_enabled: sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -123,6 +135,9 @@ class Test_sqlserver_azuread_administrator_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_azuread_administrator_enabled.sqlserver_azuread_administrator_enabled.sqlserver_client", new=sqlserver_client, ): @@ -136,8 +151,8 @@ class Test_sqlserver_azuread_administrator_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has an Active Directory administrator." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has an Active Directory administrator." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name assert result[0].resource_id == sql_server_id diff --git a/tests/providers/azure/services/sqlserver/sqlserver_microsoft_defender_enabled/sqlserver_microsoft_defender_enabled_test.py b/tests/providers/azure/services/sqlserver/sqlserver_microsoft_defender_enabled/sqlserver_microsoft_defender_enabled_test.py index f4bb81d68f..c31853a11d 100644 --- a/tests/providers/azure/services/sqlserver/sqlserver_microsoft_defender_enabled/sqlserver_microsoft_defender_enabled_test.py +++ b/tests/providers/azure/services/sqlserver/sqlserver_microsoft_defender_enabled/sqlserver_microsoft_defender_enabled_test.py @@ -4,7 +4,10 @@ from uuid import uuid4 from azure.mgmt.sql.models import ServerSecurityAlertPolicy from prowler.providers.azure.services.sqlserver.sqlserver_service import Server -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_sqlserver_microsoft_defender_enabled: @@ -13,6 +16,9 @@ class Test_sqlserver_microsoft_defender_enabled: sqlserver_client.sql_servers = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_microsoft_defender_enabled.sqlserver_microsoft_defender_enabled.sqlserver_client", new=sqlserver_client, ): @@ -29,7 +35,7 @@ class Test_sqlserver_microsoft_defender_enabled: sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -44,6 +50,9 @@ class Test_sqlserver_microsoft_defender_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_microsoft_defender_enabled.sqlserver_microsoft_defender_enabled.sqlserver_client", new=sqlserver_client, ): @@ -60,7 +69,7 @@ class Test_sqlserver_microsoft_defender_enabled: sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -75,6 +84,9 @@ class Test_sqlserver_microsoft_defender_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_microsoft_defender_enabled.sqlserver_microsoft_defender_enabled.sqlserver_client", new=sqlserver_client, ): @@ -88,9 +100,9 @@ class Test_sqlserver_microsoft_defender_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has microsoft defender disabled." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has microsoft defender disabled." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name assert result[0].resource_id == sql_server_id @@ -99,7 +111,7 @@ class Test_sqlserver_microsoft_defender_enabled: sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -114,6 +126,9 @@ class Test_sqlserver_microsoft_defender_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_microsoft_defender_enabled.sqlserver_microsoft_defender_enabled.sqlserver_client", new=sqlserver_client, ): @@ -127,8 +142,8 @@ class Test_sqlserver_microsoft_defender_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has microsoft defender enabled." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has microsoft defender enabled." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name assert result[0].resource_id == sql_server_id diff --git a/tests/providers/azure/services/sqlserver/sqlserver_service_test.py b/tests/providers/azure/services/sqlserver/sqlserver_service_test.py index 6cee6fd4f6..061ef8c77a 100644 --- a/tests/providers/azure/services/sqlserver/sqlserver_service_test.py +++ b/tests/providers/azure/services/sqlserver/sqlserver_service_test.py @@ -15,8 +15,8 @@ from prowler.providers.azure.services.sqlserver.sqlserver_service import ( SQLServer, ) from tests.providers.azure.azure_fixtures import ( - AZURE_SUBSCRIPTION, - set_mocked_azure_audit_info, + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, ) @@ -30,7 +30,7 @@ def mock_sqlserver_get_sql_servers(_): tde_encryption=TransparentDataEncryption(status="Disabled"), ) return { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id="id", name="name", @@ -58,9 +58,9 @@ def mock_sqlserver_get_sql_servers(_): ) class Test_SqlServer_Service: def test__get_client__(self): - sql_server = SQLServer(set_mocked_azure_audit_info()) + sql_server = SQLServer(set_mocked_azure_provider()) assert ( - sql_server.clients[AZURE_SUBSCRIPTION].__class__.__name__ + sql_server.clients[AZURE_SUBSCRIPTION_ID].__class__.__name__ == "SqlManagementClient" ) @@ -73,98 +73,103 @@ class Test_SqlServer_Service: managed_by="managed_by", tde_encryption=TransparentDataEncryption(status="Disabled"), ) - sql_server = SQLServer(set_mocked_azure_audit_info()) + sql_server = SQLServer(set_mocked_azure_provider()) assert ( - sql_server.sql_servers[AZURE_SUBSCRIPTION][0].__class__.__name__ == "Server" + sql_server.sql_servers[AZURE_SUBSCRIPTION_ID][0].__class__.__name__ + == "Server" ) - assert sql_server.sql_servers[AZURE_SUBSCRIPTION][0].id == "id" - assert sql_server.sql_servers[AZURE_SUBSCRIPTION][0].name == "name" + assert sql_server.sql_servers[AZURE_SUBSCRIPTION_ID][0].id == "id" + assert sql_server.sql_servers[AZURE_SUBSCRIPTION_ID][0].name == "name" assert ( - sql_server.sql_servers[AZURE_SUBSCRIPTION][0].public_network_access + sql_server.sql_servers[AZURE_SUBSCRIPTION_ID][0].public_network_access == "public_network_access" ) assert ( - sql_server.sql_servers[AZURE_SUBSCRIPTION][0].minimal_tls_version + sql_server.sql_servers[AZURE_SUBSCRIPTION_ID][0].minimal_tls_version == "minimal_tls_version" ) - assert sql_server.sql_servers[AZURE_SUBSCRIPTION][0].administrators is None + assert sql_server.sql_servers[AZURE_SUBSCRIPTION_ID][0].administrators is None assert ( - sql_server.sql_servers[AZURE_SUBSCRIPTION][ + sql_server.sql_servers[AZURE_SUBSCRIPTION_ID][ 0 ].auditing_policies.__class__.__name__ == "ServerBlobAuditingPolicy" ) assert ( - sql_server.sql_servers[AZURE_SUBSCRIPTION][ + sql_server.sql_servers[AZURE_SUBSCRIPTION_ID][ 0 ].firewall_rules.__class__.__name__ == "FirewallRule" ) assert ( - sql_server.sql_servers[AZURE_SUBSCRIPTION][ + sql_server.sql_servers[AZURE_SUBSCRIPTION_ID][ 0 ].encryption_protector.__class__.__name__ == "EncryptionProtector" ) - assert sql_server.sql_servers[AZURE_SUBSCRIPTION][0].databases == [database] + assert sql_server.sql_servers[AZURE_SUBSCRIPTION_ID][0].databases == [database] assert ( - sql_server.sql_servers[AZURE_SUBSCRIPTION][ + sql_server.sql_servers[AZURE_SUBSCRIPTION_ID][ 0 ].vulnerability_assessment.__class__.__name__ == "ServerVulnerabilityAssessment" ) def test__get_databases__(self): - sql_server = SQLServer(set_mocked_azure_audit_info()) + sql_server = SQLServer(set_mocked_azure_provider()) assert ( - sql_server.sql_servers[AZURE_SUBSCRIPTION][0] + sql_server.sql_servers[AZURE_SUBSCRIPTION_ID][0] .databases[0] .__class__.__name__ == "Database" ) - assert sql_server.sql_servers[AZURE_SUBSCRIPTION][0].databases[0].id == "id" - assert sql_server.sql_servers[AZURE_SUBSCRIPTION][0].databases[0].name == "name" - assert sql_server.sql_servers[AZURE_SUBSCRIPTION][0].databases[0].type == "type" + assert sql_server.sql_servers[AZURE_SUBSCRIPTION_ID][0].databases[0].id == "id" assert ( - sql_server.sql_servers[AZURE_SUBSCRIPTION][0].databases[0].location + sql_server.sql_servers[AZURE_SUBSCRIPTION_ID][0].databases[0].name == "name" + ) + assert ( + sql_server.sql_servers[AZURE_SUBSCRIPTION_ID][0].databases[0].type == "type" + ) + assert ( + sql_server.sql_servers[AZURE_SUBSCRIPTION_ID][0].databases[0].location == "location" ) assert ( - sql_server.sql_servers[AZURE_SUBSCRIPTION][0].databases[0].managed_by + sql_server.sql_servers[AZURE_SUBSCRIPTION_ID][0].databases[0].managed_by == "managed_by" ) assert ( - sql_server.sql_servers[AZURE_SUBSCRIPTION][0] + sql_server.sql_servers[AZURE_SUBSCRIPTION_ID][0] .databases[0] .tde_encryption.__class__.__name__ == "TransparentDataEncryption" ) def test__get_transparent_data_encryption__(self): - sql_server = SQLServer(set_mocked_azure_audit_info()) + sql_server = SQLServer(set_mocked_azure_provider()) assert ( - sql_server.sql_servers[AZURE_SUBSCRIPTION][0] + sql_server.sql_servers[AZURE_SUBSCRIPTION_ID][0] .databases[0] .tde_encryption.__class__.__name__ == "TransparentDataEncryption" ) assert ( - sql_server.sql_servers[AZURE_SUBSCRIPTION][0] + sql_server.sql_servers[AZURE_SUBSCRIPTION_ID][0] .databases[0] .tde_encryption.status == "Disabled" ) def test__get_encryption_protectors__(self): - sql_server = SQLServer(set_mocked_azure_audit_info()) + sql_server = SQLServer(set_mocked_azure_provider()) assert ( - sql_server.sql_servers[AZURE_SUBSCRIPTION][ + sql_server.sql_servers[AZURE_SUBSCRIPTION_ID][ 0 ].encryption_protector.__class__.__name__ == "EncryptionProtector" ) assert ( - sql_server.sql_servers[AZURE_SUBSCRIPTION][ + sql_server.sql_servers[AZURE_SUBSCRIPTION_ID][ 0 ].encryption_protector.server_key_type == "AzureKeyVault" @@ -172,67 +177,69 @@ class Test_SqlServer_Service: def test__get_resource_group__(self): id = "/subscriptions/subscription_id/resourceGroups/resource_group/providers/Microsoft.Sql/servers/sql_server" - sql_server = SQLServer(set_mocked_azure_audit_info()) + sql_server = SQLServer(set_mocked_azure_provider()) assert sql_server.__get_resource_group__(id) == "resource_group" def test__get_vulnerability_assessment__(self): - sql_server = SQLServer(set_mocked_azure_audit_info()) + sql_server = SQLServer(set_mocked_azure_provider()) storage_container_path = "/subcription_id/resource_group/sql_server" assert ( - sql_server.sql_servers[AZURE_SUBSCRIPTION][ + sql_server.sql_servers[AZURE_SUBSCRIPTION_ID][ 0 ].vulnerability_assessment.__class__.__name__ == "ServerVulnerabilityAssessment" ) assert ( - sql_server.sql_servers[AZURE_SUBSCRIPTION][ + sql_server.sql_servers[AZURE_SUBSCRIPTION_ID][ 0 ].vulnerability_assessment.storage_container_path == storage_container_path ) def test__get_server_blob_auditing_policies__(self): - sql_server = SQLServer(set_mocked_azure_audit_info()) + sql_server = SQLServer(set_mocked_azure_provider()) auditing_policies = ServerBlobAuditingPolicy(state="Disabled") assert ( - sql_server.sql_servers[AZURE_SUBSCRIPTION][ + sql_server.sql_servers[AZURE_SUBSCRIPTION_ID][ 0 ].auditing_policies.__class__.__name__ == "ServerBlobAuditingPolicy" ) assert ( - sql_server.sql_servers[AZURE_SUBSCRIPTION][0].auditing_policies + sql_server.sql_servers[AZURE_SUBSCRIPTION_ID][0].auditing_policies == auditing_policies ) def test__get_firewall_rules__(self): - sql_server = SQLServer(set_mocked_azure_audit_info()) + sql_server = SQLServer(set_mocked_azure_provider()) firewall_rules = FirewallRule(name="name") assert ( - sql_server.sql_servers[AZURE_SUBSCRIPTION][ + sql_server.sql_servers[AZURE_SUBSCRIPTION_ID][ 0 ].firewall_rules.__class__.__name__ == "FirewallRule" ) assert ( - sql_server.sql_servers[AZURE_SUBSCRIPTION][0].firewall_rules + sql_server.sql_servers[AZURE_SUBSCRIPTION_ID][0].firewall_rules == firewall_rules ) def test__get_server_security_alert_policies__(self): - sql_server = SQLServer(set_mocked_azure_audit_info()) + sql_server = SQLServer(set_mocked_azure_provider()) security_alert_policies = ServerSecurityAlertPolicy(state="Disabled") assert ( - sql_server.sql_servers[AZURE_SUBSCRIPTION][ + sql_server.sql_servers[AZURE_SUBSCRIPTION_ID][ 0 ].security_alert_policies.__class__.__name__ == "ServerSecurityAlertPolicy" ) assert ( - sql_server.sql_servers[AZURE_SUBSCRIPTION][0].security_alert_policies + sql_server.sql_servers[AZURE_SUBSCRIPTION_ID][0].security_alert_policies == security_alert_policies ) assert ( - sql_server.sql_servers[AZURE_SUBSCRIPTION][0].security_alert_policies.state + sql_server.sql_servers[AZURE_SUBSCRIPTION_ID][ + 0 + ].security_alert_policies.state == "Disabled" ) diff --git a/tests/providers/azure/services/sqlserver/sqlserver_tde_encrypted_with_cmk/sqlserver_tde_encrypted_with_cmk_test.py b/tests/providers/azure/services/sqlserver/sqlserver_tde_encrypted_with_cmk/sqlserver_tde_encrypted_with_cmk_test.py index a2f3be2b8b..cff24f9bc9 100644 --- a/tests/providers/azure/services/sqlserver/sqlserver_tde_encrypted_with_cmk/sqlserver_tde_encrypted_with_cmk_test.py +++ b/tests/providers/azure/services/sqlserver/sqlserver_tde_encrypted_with_cmk/sqlserver_tde_encrypted_with_cmk_test.py @@ -7,7 +7,10 @@ from prowler.providers.azure.services.sqlserver.sqlserver_service import ( Database, Server, ) -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_sqlserver_tde_encrypted_with_cmk: @@ -16,6 +19,9 @@ class Test_sqlserver_tde_encrypted_with_cmk: sqlserver_client.sql_servers = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_tde_encrypted_with_cmk.sqlserver_tde_encrypted_with_cmk.sqlserver_client", new=sqlserver_client, ): @@ -32,7 +38,7 @@ class Test_sqlserver_tde_encrypted_with_cmk: sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -47,6 +53,9 @@ class Test_sqlserver_tde_encrypted_with_cmk: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_tde_encrypted_with_cmk.sqlserver_tde_encrypted_with_cmk.sqlserver_client", new=sqlserver_client, ): @@ -71,7 +80,7 @@ class Test_sqlserver_tde_encrypted_with_cmk: tde_encryption=None, ) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -89,6 +98,9 @@ class Test_sqlserver_tde_encrypted_with_cmk: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_tde_encrypted_with_cmk.sqlserver_tde_encrypted_with_cmk.sqlserver_client", new=sqlserver_client, ): @@ -102,9 +114,9 @@ class Test_sqlserver_tde_encrypted_with_cmk: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has TDE disabled without CMK." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has TDE disabled without CMK." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name assert result[0].resource_id == sql_server_id @@ -121,7 +133,7 @@ class Test_sqlserver_tde_encrypted_with_cmk: tde_encryption=TransparentDataEncryption(status="Disabled"), ) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -139,6 +151,9 @@ class Test_sqlserver_tde_encrypted_with_cmk: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_tde_encrypted_with_cmk.sqlserver_tde_encrypted_with_cmk.sqlserver_client", new=sqlserver_client, ): @@ -152,9 +167,9 @@ class Test_sqlserver_tde_encrypted_with_cmk: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has TDE disabled with CMK." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has TDE disabled with CMK." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name assert result[0].resource_id == sql_server_id @@ -171,7 +186,7 @@ class Test_sqlserver_tde_encrypted_with_cmk: tde_encryption=TransparentDataEncryption(status="Enabled"), ) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -189,6 +204,9 @@ class Test_sqlserver_tde_encrypted_with_cmk: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_tde_encrypted_with_cmk.sqlserver_tde_encrypted_with_cmk.sqlserver_client", new=sqlserver_client, ): @@ -202,8 +220,8 @@ class Test_sqlserver_tde_encrypted_with_cmk: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has TDE enabled with CMK." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has TDE enabled with CMK." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name assert result[0].resource_id == sql_server_id diff --git a/tests/providers/azure/services/sqlserver/sqlserver_tde_encryption_enabled/sqlserver_tde_encryption_enabled_test.py b/tests/providers/azure/services/sqlserver/sqlserver_tde_encryption_enabled/sqlserver_tde_encryption_enabled_test.py index 05308a8fc5..9a21a83486 100644 --- a/tests/providers/azure/services/sqlserver/sqlserver_tde_encryption_enabled/sqlserver_tde_encryption_enabled_test.py +++ b/tests/providers/azure/services/sqlserver/sqlserver_tde_encryption_enabled/sqlserver_tde_encryption_enabled_test.py @@ -7,7 +7,10 @@ from prowler.providers.azure.services.sqlserver.sqlserver_service import ( Database, Server, ) -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_sqlserver_tde_encryption_enabled: @@ -16,6 +19,9 @@ class Test_sqlserver_tde_encryption_enabled: sqlserver_client.sql_servers = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_tde_encryption_enabled.sqlserver_tde_encryption_enabled.sqlserver_client", new=sqlserver_client, ): @@ -32,7 +38,7 @@ class Test_sqlserver_tde_encryption_enabled: sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -47,6 +53,9 @@ class Test_sqlserver_tde_encryption_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_tde_encryption_enabled.sqlserver_tde_encryption_enabled.sqlserver_client", new=sqlserver_client, ): @@ -73,7 +82,7 @@ class Test_sqlserver_tde_encryption_enabled: tde_encryption=TransparentDataEncryption(status="Disabled"), ) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -89,6 +98,9 @@ class Test_sqlserver_tde_encryption_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_tde_encryption_enabled.sqlserver_tde_encryption_enabled.sqlserver_client", new=sqlserver_client, ): @@ -102,9 +114,9 @@ class Test_sqlserver_tde_encryption_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Database {database_name} from SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has TDE disabled" + == f"Database {database_name} from SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has TDE disabled" ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == database_name assert result[0].resource_id == database_id @@ -123,7 +135,7 @@ class Test_sqlserver_tde_encryption_enabled: tde_encryption=TransparentDataEncryption(status="Enabled"), ) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -139,6 +151,9 @@ class Test_sqlserver_tde_encryption_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_tde_encryption_enabled.sqlserver_tde_encryption_enabled.sqlserver_client", new=sqlserver_client, ): @@ -152,8 +167,8 @@ class Test_sqlserver_tde_encryption_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Database {database_name} from SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has TDE enabled" + == f"Database {database_name} from SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has TDE enabled" ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == database_name assert result[0].resource_id == database_id diff --git a/tests/providers/azure/services/sqlserver/sqlserver_unrestricted_inbound_access/sqlserver_unrestricted_inbound_access_test.py b/tests/providers/azure/services/sqlserver/sqlserver_unrestricted_inbound_access/sqlserver_unrestricted_inbound_access_test.py index 74056f6820..d322e3b07d 100644 --- a/tests/providers/azure/services/sqlserver/sqlserver_unrestricted_inbound_access/sqlserver_unrestricted_inbound_access_test.py +++ b/tests/providers/azure/services/sqlserver/sqlserver_unrestricted_inbound_access/sqlserver_unrestricted_inbound_access_test.py @@ -4,7 +4,10 @@ from uuid import uuid4 from azure.mgmt.sql.models import FirewallRule from prowler.providers.azure.services.sqlserver.sqlserver_service import Server -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_sqlserver_unrestricted_inbound_access: @@ -13,6 +16,9 @@ class Test_sqlserver_unrestricted_inbound_access: sqlserver_client.sql_servers = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_unrestricted_inbound_access.sqlserver_unrestricted_inbound_access.sqlserver_client", new=sqlserver_client, ): @@ -29,7 +35,7 @@ class Test_sqlserver_unrestricted_inbound_access: sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -47,6 +53,9 @@ class Test_sqlserver_unrestricted_inbound_access: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_unrestricted_inbound_access.sqlserver_unrestricted_inbound_access.sqlserver_client", new=sqlserver_client, ): @@ -60,9 +69,9 @@ class Test_sqlserver_unrestricted_inbound_access: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has firewall rules allowing 0.0.0.0-255.255.255.255." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has firewall rules allowing 0.0.0.0-255.255.255.255." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name assert result[0].resource_id == sql_server_id @@ -71,7 +80,7 @@ class Test_sqlserver_unrestricted_inbound_access: sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -89,6 +98,9 @@ class Test_sqlserver_unrestricted_inbound_access: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_unrestricted_inbound_access.sqlserver_unrestricted_inbound_access.sqlserver_client", new=sqlserver_client, ): @@ -102,8 +114,8 @@ class Test_sqlserver_unrestricted_inbound_access: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} does not have firewall rules allowing 0.0.0.0-255.255.255.255." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} does not have firewall rules allowing 0.0.0.0-255.255.255.255." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name assert result[0].resource_id == sql_server_id diff --git a/tests/providers/azure/services/sqlserver/sqlserver_va_emails_notifications_admins_enabled/sqlserver_va_emails_notifications_admins_enabled_test.py b/tests/providers/azure/services/sqlserver/sqlserver_va_emails_notifications_admins_enabled/sqlserver_va_emails_notifications_admins_enabled_test.py index bff8a005d7..5baaa84061 100644 --- a/tests/providers/azure/services/sqlserver/sqlserver_va_emails_notifications_admins_enabled/sqlserver_va_emails_notifications_admins_enabled_test.py +++ b/tests/providers/azure/services/sqlserver/sqlserver_va_emails_notifications_admins_enabled/sqlserver_va_emails_notifications_admins_enabled_test.py @@ -7,7 +7,10 @@ from azure.mgmt.sql.models import ( ) from prowler.providers.azure.services.sqlserver.sqlserver_service import Server -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_sqlserver_va_emails_notifications_admins_enabled: @@ -16,6 +19,9 @@ class Test_sqlserver_va_emails_notifications_admins_enabled: sqlserver_client.sql_servers = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_va_emails_notifications_admins_enabled.sqlserver_va_emails_notifications_admins_enabled.sqlserver_client", new=sqlserver_client, ): @@ -32,7 +38,7 @@ class Test_sqlserver_va_emails_notifications_admins_enabled: sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -49,6 +55,9 @@ class Test_sqlserver_va_emails_notifications_admins_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_va_emails_notifications_admins_enabled.sqlserver_va_emails_notifications_admins_enabled.sqlserver_client", new=sqlserver_client, ): @@ -62,9 +71,9 @@ class Test_sqlserver_va_emails_notifications_admins_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has vulnerability assessment disabled." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has vulnerability assessment disabled." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name assert result[0].resource_id == sql_server_id @@ -73,7 +82,7 @@ class Test_sqlserver_va_emails_notifications_admins_enabled: sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -95,6 +104,9 @@ class Test_sqlserver_va_emails_notifications_admins_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_va_emails_notifications_admins_enabled.sqlserver_va_emails_notifications_admins_enabled.sqlserver_client", new=sqlserver_client, ): @@ -108,9 +120,9 @@ class Test_sqlserver_va_emails_notifications_admins_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has vulnerability assessment enabled but no scan reports configured for subscription admins." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has vulnerability assessment enabled but no scan reports configured for subscription admins." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name assert result[0].resource_id == sql_server_id @@ -119,7 +131,7 @@ class Test_sqlserver_va_emails_notifications_admins_enabled: sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -141,6 +153,9 @@ class Test_sqlserver_va_emails_notifications_admins_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_va_emails_notifications_admins_enabled.sqlserver_va_emails_notifications_admins_enabled.sqlserver_client", new=sqlserver_client, ): @@ -154,9 +169,9 @@ class Test_sqlserver_va_emails_notifications_admins_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has vulnerability assessment enabled but no scan reports configured for subscription admins." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has vulnerability assessment enabled but no scan reports configured for subscription admins." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name assert result[0].resource_id == sql_server_id @@ -165,7 +180,7 @@ class Test_sqlserver_va_emails_notifications_admins_enabled: sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -187,6 +202,9 @@ class Test_sqlserver_va_emails_notifications_admins_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_va_emails_notifications_admins_enabled.sqlserver_va_emails_notifications_admins_enabled.sqlserver_client", new=sqlserver_client, ): @@ -200,8 +218,8 @@ class Test_sqlserver_va_emails_notifications_admins_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has vulnerability assessment enabled and scan reports configured for subscription admins." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has vulnerability assessment enabled and scan reports configured for subscription admins." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name assert result[0].resource_id == sql_server_id diff --git a/tests/providers/azure/services/sqlserver/sqlserver_va_periodic_recurring_scans_enabled/sqlserver_va_periodic_recurring_scans_enabled_test.py b/tests/providers/azure/services/sqlserver/sqlserver_va_periodic_recurring_scans_enabled/sqlserver_va_periodic_recurring_scans_enabled_test.py index fa1a43d3c9..f7cb64840c 100644 --- a/tests/providers/azure/services/sqlserver/sqlserver_va_periodic_recurring_scans_enabled/sqlserver_va_periodic_recurring_scans_enabled_test.py +++ b/tests/providers/azure/services/sqlserver/sqlserver_va_periodic_recurring_scans_enabled/sqlserver_va_periodic_recurring_scans_enabled_test.py @@ -7,7 +7,10 @@ from azure.mgmt.sql.models import ( ) from prowler.providers.azure.services.sqlserver.sqlserver_service import Server -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_sqlserver_va_periodic_recurring_scans_enabled: @@ -16,6 +19,9 @@ class Test_sqlserver_va_periodic_recurring_scans_enabled: sqlserver_client.sql_servers = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_va_periodic_recurring_scans_enabled.sqlserver_va_periodic_recurring_scans_enabled.sqlserver_client", new=sqlserver_client, ): @@ -32,7 +38,7 @@ class Test_sqlserver_va_periodic_recurring_scans_enabled: sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -49,6 +55,9 @@ class Test_sqlserver_va_periodic_recurring_scans_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_va_periodic_recurring_scans_enabled.sqlserver_va_periodic_recurring_scans_enabled.sqlserver_client", new=sqlserver_client, ): @@ -62,9 +71,9 @@ class Test_sqlserver_va_periodic_recurring_scans_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has vulnerability assessment disabled." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has vulnerability assessment disabled." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name assert result[0].resource_id == sql_server_id @@ -73,7 +82,7 @@ class Test_sqlserver_va_periodic_recurring_scans_enabled: sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -92,6 +101,9 @@ class Test_sqlserver_va_periodic_recurring_scans_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_va_periodic_recurring_scans_enabled.sqlserver_va_periodic_recurring_scans_enabled.sqlserver_client", new=sqlserver_client, ): @@ -105,9 +117,9 @@ class Test_sqlserver_va_periodic_recurring_scans_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has vulnerability assessment disabled." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has vulnerability assessment disabled." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name assert result[0].resource_id == sql_server_id @@ -116,7 +128,7 @@ class Test_sqlserver_va_periodic_recurring_scans_enabled: sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -138,6 +150,9 @@ class Test_sqlserver_va_periodic_recurring_scans_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_va_periodic_recurring_scans_enabled.sqlserver_va_periodic_recurring_scans_enabled.sqlserver_client", new=sqlserver_client, ): @@ -151,9 +166,9 @@ class Test_sqlserver_va_periodic_recurring_scans_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has vulnerability assessment enabled but no recurring scans." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has vulnerability assessment enabled but no recurring scans." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name assert result[0].resource_id == sql_server_id @@ -162,7 +177,7 @@ class Test_sqlserver_va_periodic_recurring_scans_enabled: sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -184,6 +199,9 @@ class Test_sqlserver_va_periodic_recurring_scans_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_va_periodic_recurring_scans_enabled.sqlserver_va_periodic_recurring_scans_enabled.sqlserver_client", new=sqlserver_client, ): @@ -197,8 +215,8 @@ class Test_sqlserver_va_periodic_recurring_scans_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has periodic recurring scans enabled." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has periodic recurring scans enabled." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name assert result[0].resource_id == sql_server_id diff --git a/tests/providers/azure/services/sqlserver/sqlserver_va_scan_reports_configured/sqlserver_va_scan_reports_configured_test.py b/tests/providers/azure/services/sqlserver/sqlserver_va_scan_reports_configured/sqlserver_va_scan_reports_configured_test.py index 5bff4f6153..741cc0733a 100644 --- a/tests/providers/azure/services/sqlserver/sqlserver_va_scan_reports_configured/sqlserver_va_scan_reports_configured_test.py +++ b/tests/providers/azure/services/sqlserver/sqlserver_va_scan_reports_configured/sqlserver_va_scan_reports_configured_test.py @@ -7,7 +7,10 @@ from azure.mgmt.sql.models import ( ) from prowler.providers.azure.services.sqlserver.sqlserver_service import Server -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_sqlserver_va_scan_reports_configured: @@ -16,6 +19,9 @@ class Test_sqlserver_va_scan_reports_configured: sqlserver_client.sql_servers = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_va_scan_reports_configured.sqlserver_va_scan_reports_configured.sqlserver_client", new=sqlserver_client, ): @@ -32,7 +38,7 @@ class Test_sqlserver_va_scan_reports_configured: sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -49,6 +55,9 @@ class Test_sqlserver_va_scan_reports_configured: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_va_scan_reports_configured.sqlserver_va_scan_reports_configured.sqlserver_client", new=sqlserver_client, ): @@ -62,9 +71,9 @@ class Test_sqlserver_va_scan_reports_configured: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has vulnerability assessment disabled." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has vulnerability assessment disabled." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name assert result[0].resource_id == sql_server_id @@ -73,7 +82,7 @@ class Test_sqlserver_va_scan_reports_configured: sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -95,6 +104,9 @@ class Test_sqlserver_va_scan_reports_configured: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_va_scan_reports_configured.sqlserver_va_scan_reports_configured.sqlserver_client", new=sqlserver_client, ): @@ -108,9 +120,9 @@ class Test_sqlserver_va_scan_reports_configured: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has vulnerability assessment enabled but no scan reports configured." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has vulnerability assessment enabled but no scan reports configured." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name assert result[0].resource_id == sql_server_id @@ -119,7 +131,7 @@ class Test_sqlserver_va_scan_reports_configured: sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -141,6 +153,9 @@ class Test_sqlserver_va_scan_reports_configured: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_va_scan_reports_configured.sqlserver_va_scan_reports_configured.sqlserver_client", new=sqlserver_client, ): @@ -154,9 +169,9 @@ class Test_sqlserver_va_scan_reports_configured: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has vulnerability assessment enabled and scan reports configured." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has vulnerability assessment enabled and scan reports configured." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name assert result[0].resource_id == sql_server_id @@ -165,7 +180,7 @@ class Test_sqlserver_va_scan_reports_configured: sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -187,6 +202,9 @@ class Test_sqlserver_va_scan_reports_configured: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_va_scan_reports_configured.sqlserver_va_scan_reports_configured.sqlserver_client", new=sqlserver_client, ): @@ -200,9 +218,9 @@ class Test_sqlserver_va_scan_reports_configured: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has vulnerability assessment enabled and scan reports configured." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has vulnerability assessment enabled and scan reports configured." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name assert result[0].resource_id == sql_server_id @@ -211,7 +229,7 @@ class Test_sqlserver_va_scan_reports_configured: sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -233,6 +251,9 @@ class Test_sqlserver_va_scan_reports_configured: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_va_scan_reports_configured.sqlserver_va_scan_reports_configured.sqlserver_client", new=sqlserver_client, ): @@ -246,8 +267,8 @@ class Test_sqlserver_va_scan_reports_configured: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has vulnerability assessment enabled and scan reports configured." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has vulnerability assessment enabled and scan reports configured." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name assert result[0].resource_id == sql_server_id diff --git a/tests/providers/azure/services/sqlserver/sqlserver_vulnerability_assessment_enabled/sqlserver_vulnerability_assessment_enabled_test.py b/tests/providers/azure/services/sqlserver/sqlserver_vulnerability_assessment_enabled/sqlserver_vulnerability_assessment_enabled_test.py index ed1abbc1cf..7720edb242 100644 --- a/tests/providers/azure/services/sqlserver/sqlserver_vulnerability_assessment_enabled/sqlserver_vulnerability_assessment_enabled_test.py +++ b/tests/providers/azure/services/sqlserver/sqlserver_vulnerability_assessment_enabled/sqlserver_vulnerability_assessment_enabled_test.py @@ -11,7 +11,10 @@ from prowler.providers.azure.services.sqlserver.sqlserver_service import ( Database, Server, ) -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_sqlserver_vulnerability_assessment_enabled: @@ -20,6 +23,9 @@ class Test_sqlserver_vulnerability_assessment_enabled: sqlserver_client.sql_servers = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_vulnerability_assessment_enabled.sqlserver_vulnerability_assessment_enabled.sqlserver_client", new=sqlserver_client, ): @@ -44,7 +50,7 @@ class Test_sqlserver_vulnerability_assessment_enabled: tde_encryption=None, ) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -63,6 +69,9 @@ class Test_sqlserver_vulnerability_assessment_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_vulnerability_assessment_enabled.sqlserver_vulnerability_assessment_enabled.sqlserver_client", new=sqlserver_client, ): @@ -76,9 +85,9 @@ class Test_sqlserver_vulnerability_assessment_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has vulnerability assessment disabled." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has vulnerability assessment disabled." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name assert result[0].resource_id == sql_server_id @@ -95,7 +104,7 @@ class Test_sqlserver_vulnerability_assessment_enabled: tde_encryption=TransparentDataEncryption(status="Disabled"), ) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -116,6 +125,9 @@ class Test_sqlserver_vulnerability_assessment_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_vulnerability_assessment_enabled.sqlserver_vulnerability_assessment_enabled.sqlserver_client", new=sqlserver_client, ): @@ -129,9 +141,9 @@ class Test_sqlserver_vulnerability_assessment_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has vulnerability assessment disabled." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has vulnerability assessment disabled." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name assert result[0].resource_id == sql_server_id @@ -148,7 +160,7 @@ class Test_sqlserver_vulnerability_assessment_enabled: tde_encryption=TransparentDataEncryption(status="Enabled"), ) sqlserver_client.sql_servers = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Server( id=sql_server_id, name=sql_server_name, @@ -169,6 +181,9 @@ class Test_sqlserver_vulnerability_assessment_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.sqlserver.sqlserver_vulnerability_assessment_enabled.sqlserver_vulnerability_assessment_enabled.sqlserver_client", new=sqlserver_client, ): @@ -182,8 +197,8 @@ class Test_sqlserver_vulnerability_assessment_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has vulnerability assessment enabled." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has vulnerability assessment enabled." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name assert result[0].resource_id == sql_server_id diff --git a/tests/providers/azure/services/storage/storage_blob_public_access_level_is_disabled/storage_blob_public_access_level_is_disabled_test.py b/tests/providers/azure/services/storage/storage_blob_public_access_level_is_disabled/storage_blob_public_access_level_is_disabled_test.py index ce91bd55d6..f27a15c0eb 100644 --- a/tests/providers/azure/services/storage/storage_blob_public_access_level_is_disabled/storage_blob_public_access_level_is_disabled_test.py +++ b/tests/providers/azure/services/storage/storage_blob_public_access_level_is_disabled/storage_blob_public_access_level_is_disabled_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.storage.storage_service import Account -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_storage_blob_public_access_level_is_disabled: @@ -11,6 +14,9 @@ class Test_storage_blob_public_access_level_is_disabled: storage_client.storage_accounts = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.storage.storage_blob_public_access_level_is_disabled.storage_blob_public_access_level_is_disabled.storage_client", new=storage_client, ): @@ -27,7 +33,7 @@ class Test_storage_blob_public_access_level_is_disabled: storage_account_name = "Test Storage Account" storage_client = mock.MagicMock storage_client.storage_accounts = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Account( id=storage_account_id, name=storage_account_name, @@ -45,6 +51,9 @@ class Test_storage_blob_public_access_level_is_disabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.storage.storage_blob_public_access_level_is_disabled.storage_blob_public_access_level_is_disabled.storage_client", new=storage_client, ): @@ -58,9 +67,9 @@ class Test_storage_blob_public_access_level_is_disabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION} has allow blob public access enabled." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has allow blob public access enabled." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name assert result[0].resource_id == storage_account_id @@ -69,7 +78,7 @@ class Test_storage_blob_public_access_level_is_disabled: storage_account_name = "Test Storage Account" storage_client = mock.MagicMock storage_client.storage_accounts = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Account( id=storage_account_id, name=storage_account_name, @@ -87,6 +96,9 @@ class Test_storage_blob_public_access_level_is_disabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.storage.storage_blob_public_access_level_is_disabled.storage_blob_public_access_level_is_disabled.storage_client", new=storage_client, ): @@ -100,8 +112,8 @@ class Test_storage_blob_public_access_level_is_disabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION} has allow blob public access disabled." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has allow blob public access disabled." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name assert result[0].resource_id == storage_account_id diff --git a/tests/providers/azure/services/storage/storage_default_network_access_rule_is_denied/storage_default_network_access_rule_is_denied_test.py b/tests/providers/azure/services/storage/storage_default_network_access_rule_is_denied/storage_default_network_access_rule_is_denied_test.py index 57f5e2528d..1b0a48c3a4 100644 --- a/tests/providers/azure/services/storage/storage_default_network_access_rule_is_denied/storage_default_network_access_rule_is_denied_test.py +++ b/tests/providers/azure/services/storage/storage_default_network_access_rule_is_denied/storage_default_network_access_rule_is_denied_test.py @@ -4,7 +4,10 @@ from uuid import uuid4 from azure.mgmt.storage.v2022_09_01.models import NetworkRuleSet from prowler.providers.azure.services.storage.storage_service import Account -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_storage_default_network_access_rule_is_denied: @@ -13,6 +16,9 @@ class Test_storage_default_network_access_rule_is_denied: storage_client.storage_accounts = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.storage.storage_default_network_access_rule_is_denied.storage_default_network_access_rule_is_denied.storage_client", new=storage_client, ): @@ -29,7 +35,7 @@ class Test_storage_default_network_access_rule_is_denied: storage_account_name = "Test Storage Account" storage_client = mock.MagicMock storage_client.storage_accounts = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Account( id=storage_account_id, name=storage_account_name, @@ -47,6 +53,9 @@ class Test_storage_default_network_access_rule_is_denied: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.storage.storage_default_network_access_rule_is_denied.storage_default_network_access_rule_is_denied.storage_client", new=storage_client, ): @@ -60,9 +69,9 @@ class Test_storage_default_network_access_rule_is_denied: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION} has network access rule set to Allow." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has network access rule set to Allow." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name assert result[0].resource_id == storage_account_id @@ -71,7 +80,7 @@ class Test_storage_default_network_access_rule_is_denied: storage_account_name = "Test Storage Account" storage_client = mock.MagicMock storage_client.storage_accounts = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Account( id=storage_account_id, name=storage_account_name, @@ -89,6 +98,9 @@ class Test_storage_default_network_access_rule_is_denied: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.storage.storage_default_network_access_rule_is_denied.storage_default_network_access_rule_is_denied.storage_client", new=storage_client, ): @@ -102,8 +114,8 @@ class Test_storage_default_network_access_rule_is_denied: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION} has network access rule set to Deny." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has network access rule set to Deny." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name assert result[0].resource_id == storage_account_id diff --git a/tests/providers/azure/services/storage/storage_ensure_azure_services_are_trusted_to_access_is_enabled/storage_ensure_azure_services_are_trusted_to_access_is_enabled_test.py b/tests/providers/azure/services/storage/storage_ensure_azure_services_are_trusted_to_access_is_enabled/storage_ensure_azure_services_are_trusted_to_access_is_enabled_test.py index 6ba9b24893..bdc3d6d406 100644 --- a/tests/providers/azure/services/storage/storage_ensure_azure_services_are_trusted_to_access_is_enabled/storage_ensure_azure_services_are_trusted_to_access_is_enabled_test.py +++ b/tests/providers/azure/services/storage/storage_ensure_azure_services_are_trusted_to_access_is_enabled/storage_ensure_azure_services_are_trusted_to_access_is_enabled_test.py @@ -4,7 +4,10 @@ from uuid import uuid4 from azure.mgmt.storage.v2022_09_01.models import NetworkRuleSet from prowler.providers.azure.services.storage.storage_service import Account -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_storage_ensure_azure_services_are_trusted_to_access_is_enabled: @@ -13,6 +16,9 @@ class Test_storage_ensure_azure_services_are_trusted_to_access_is_enabled: storage_client.storage_accounts = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.storage.storage_ensure_azure_services_are_trusted_to_access_is_enabled.storage_ensure_azure_services_are_trusted_to_access_is_enabled.storage_client", new=storage_client, ): @@ -29,7 +35,7 @@ class Test_storage_ensure_azure_services_are_trusted_to_access_is_enabled: storage_account_name = "Test Storage Account" storage_client = mock.MagicMock storage_client.storage_accounts = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Account( id=storage_account_id, name=storage_account_name, @@ -47,6 +53,9 @@ class Test_storage_ensure_azure_services_are_trusted_to_access_is_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.storage.storage_ensure_azure_services_are_trusted_to_access_is_enabled.storage_ensure_azure_services_are_trusted_to_access_is_enabled.storage_client", new=storage_client, ): @@ -60,9 +69,9 @@ class Test_storage_ensure_azure_services_are_trusted_to_access_is_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION} does not allow trusted Microsoft services to access this storage account." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} does not allow trusted Microsoft services to access this storage account." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name assert result[0].resource_id == storage_account_id @@ -71,7 +80,7 @@ class Test_storage_ensure_azure_services_are_trusted_to_access_is_enabled: storage_account_name = "Test Storage Account" storage_client = mock.MagicMock storage_client.storage_accounts = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Account( id=storage_account_id, name=storage_account_name, @@ -89,6 +98,9 @@ class Test_storage_ensure_azure_services_are_trusted_to_access_is_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.storage.storage_ensure_azure_services_are_trusted_to_access_is_enabled.storage_ensure_azure_services_are_trusted_to_access_is_enabled.storage_client", new=storage_client, ): @@ -102,8 +114,8 @@ class Test_storage_ensure_azure_services_are_trusted_to_access_is_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION} allows trusted Microsoft services to access this storage account." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} allows trusted Microsoft services to access this storage account." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name assert result[0].resource_id == storage_account_id diff --git a/tests/providers/azure/services/storage/storage_ensure_encryption_with_customer_managed_keys/storage_ensure_encryption_with_customer_managed_keys_test.py b/tests/providers/azure/services/storage/storage_ensure_encryption_with_customer_managed_keys/storage_ensure_encryption_with_customer_managed_keys_test.py index 550ed3d6e6..513ba06374 100644 --- a/tests/providers/azure/services/storage/storage_ensure_encryption_with_customer_managed_keys/storage_ensure_encryption_with_customer_managed_keys_test.py +++ b/tests/providers/azure/services/storage/storage_ensure_encryption_with_customer_managed_keys/storage_ensure_encryption_with_customer_managed_keys_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.storage.storage_service import Account -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_storage_ensure_encryption_with_customer_managed_keys: @@ -11,6 +14,9 @@ class Test_storage_ensure_encryption_with_customer_managed_keys: storage_client.storage_accounts = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.storage.storage_ensure_encryption_with_customer_managed_keys.storage_ensure_encryption_with_customer_managed_keys.storage_client", new=storage_client, ): @@ -27,7 +33,7 @@ class Test_storage_ensure_encryption_with_customer_managed_keys: storage_account_name = "Test Storage Account" storage_client = mock.MagicMock storage_client.storage_accounts = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Account( id=storage_account_id, name=storage_account_name, @@ -45,6 +51,9 @@ class Test_storage_ensure_encryption_with_customer_managed_keys: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.storage.storage_ensure_encryption_with_customer_managed_keys.storage_ensure_encryption_with_customer_managed_keys.storage_client", new=storage_client, ): @@ -58,9 +67,9 @@ class Test_storage_ensure_encryption_with_customer_managed_keys: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION} does not encrypt with CMKs." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} does not encrypt with CMKs." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name assert result[0].resource_id == storage_account_id @@ -69,7 +78,7 @@ class Test_storage_ensure_encryption_with_customer_managed_keys: storage_account_name = "Test Storage Account" storage_client = mock.MagicMock storage_client.storage_accounts = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Account( id=storage_account_id, name=storage_account_name, @@ -87,6 +96,9 @@ class Test_storage_ensure_encryption_with_customer_managed_keys: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.storage.storage_ensure_encryption_with_customer_managed_keys.storage_ensure_encryption_with_customer_managed_keys.storage_client", new=storage_client, ): @@ -100,8 +112,8 @@ class Test_storage_ensure_encryption_with_customer_managed_keys: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION} encrypts with CMKs." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} encrypts with CMKs." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name assert result[0].resource_id == storage_account_id diff --git a/tests/providers/azure/services/storage/storage_ensure_minimum_tls_version_12/storage_ensure_minimum_tls_version_12_test.py b/tests/providers/azure/services/storage/storage_ensure_minimum_tls_version_12/storage_ensure_minimum_tls_version_12_test.py index b0174c0989..e16535f99f 100644 --- a/tests/providers/azure/services/storage/storage_ensure_minimum_tls_version_12/storage_ensure_minimum_tls_version_12_test.py +++ b/tests/providers/azure/services/storage/storage_ensure_minimum_tls_version_12/storage_ensure_minimum_tls_version_12_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.storage.storage_service import Account -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_storage_ensure_minimum_tls_version_12: @@ -11,6 +14,9 @@ class Test_storage_ensure_minimum_tls_version_12: storage_client.storage_accounts = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.storage.storage_ensure_minimum_tls_version_12.storage_ensure_minimum_tls_version_12.storage_client", new=storage_client, ): @@ -27,7 +33,7 @@ class Test_storage_ensure_minimum_tls_version_12: storage_account_name = "Test Storage Account" storage_client = mock.MagicMock storage_client.storage_accounts = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Account( id=storage_account_id, name=storage_account_name, @@ -45,6 +51,9 @@ class Test_storage_ensure_minimum_tls_version_12: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.storage.storage_ensure_minimum_tls_version_12.storage_ensure_minimum_tls_version_12.storage_client", new=storage_client, ): @@ -58,9 +67,9 @@ class Test_storage_ensure_minimum_tls_version_12: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION} does not have TLS version set to 1.2." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} does not have TLS version set to 1.2." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name assert result[0].resource_id == storage_account_id @@ -69,7 +78,7 @@ class Test_storage_ensure_minimum_tls_version_12: storage_account_name = "Test Storage Account" storage_client = mock.MagicMock storage_client.storage_accounts = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Account( id=storage_account_id, name=storage_account_name, @@ -87,6 +96,9 @@ class Test_storage_ensure_minimum_tls_version_12: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.storage.storage_ensure_minimum_tls_version_12.storage_ensure_minimum_tls_version_12.storage_client", new=storage_client, ): @@ -100,8 +112,8 @@ class Test_storage_ensure_minimum_tls_version_12: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION} has TLS version set to 1.2." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has TLS version set to 1.2." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name assert result[0].resource_id == storage_account_id diff --git a/tests/providers/azure/services/storage/storage_ensure_private_endpoints_in_storage_accounts/storage_ensure_private_endpoints_in_storage_accounts_test.py b/tests/providers/azure/services/storage/storage_ensure_private_endpoints_in_storage_accounts/storage_ensure_private_endpoints_in_storage_accounts_test.py index 5ba451a531..55ac56e42d 100644 --- a/tests/providers/azure/services/storage/storage_ensure_private_endpoints_in_storage_accounts/storage_ensure_private_endpoints_in_storage_accounts_test.py +++ b/tests/providers/azure/services/storage/storage_ensure_private_endpoints_in_storage_accounts/storage_ensure_private_endpoints_in_storage_accounts_test.py @@ -4,7 +4,10 @@ from uuid import uuid4 from azure.mgmt.storage.v2023_01_01.models import PrivateEndpointConnection from prowler.providers.azure.services.storage.storage_service import Account -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_storage_ensure_private_endpoints_in_storage_accounts: @@ -13,6 +16,9 @@ class Test_storage_ensure_private_endpoints_in_storage_accounts: storage_client.storage_accounts = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.storage.storage_ensure_private_endpoints_in_storage_accounts.storage_ensure_private_endpoints_in_storage_accounts.storage_client", new=storage_client, ): @@ -31,7 +37,7 @@ class Test_storage_ensure_private_endpoints_in_storage_accounts: storage_account_name = "Test Storage Account" storage_client = mock.MagicMock storage_client.storage_accounts = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Account( id=storage_account_id, name=storage_account_name, @@ -49,6 +55,9 @@ class Test_storage_ensure_private_endpoints_in_storage_accounts: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.storage.storage_ensure_private_endpoints_in_storage_accounts.storage_ensure_private_endpoints_in_storage_accounts.storage_client", new=storage_client, ): @@ -62,9 +71,9 @@ class Test_storage_ensure_private_endpoints_in_storage_accounts: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION} does not have private endpoint connections." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} does not have private endpoint connections." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name assert result[0].resource_id == storage_account_id @@ -75,7 +84,7 @@ class Test_storage_ensure_private_endpoints_in_storage_accounts: storage_account_name = "Test Storage Account" storage_client = mock.MagicMock storage_client.storage_accounts = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Account( id=storage_account_id, name=storage_account_name, @@ -93,6 +102,9 @@ class Test_storage_ensure_private_endpoints_in_storage_accounts: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.storage.storage_ensure_private_endpoints_in_storage_accounts.storage_ensure_private_endpoints_in_storage_accounts.storage_client", new=storage_client, ): @@ -106,8 +118,8 @@ class Test_storage_ensure_private_endpoints_in_storage_accounts: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION} has private endpoint connections." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has private endpoint connections." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name assert result[0].resource_id == storage_account_id diff --git a/tests/providers/azure/services/storage/storage_ensure_soft_delete_is_enabled/storage_ensure_soft_delete_is_enabled_test.py b/tests/providers/azure/services/storage/storage_ensure_soft_delete_is_enabled/storage_ensure_soft_delete_is_enabled_test.py index c7d1d624d0..e1af12c3aa 100644 --- a/tests/providers/azure/services/storage/storage_ensure_soft_delete_is_enabled/storage_ensure_soft_delete_is_enabled_test.py +++ b/tests/providers/azure/services/storage/storage_ensure_soft_delete_is_enabled/storage_ensure_soft_delete_is_enabled_test.py @@ -7,7 +7,10 @@ from prowler.providers.azure.services.storage.storage_service import ( Account, BlobProperties, ) -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_storage_ensure_soft_delete_is_enabled: @@ -16,6 +19,9 @@ class Test_storage_ensure_soft_delete_is_enabled: storage_client.storage_accounts = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.storage.storage_ensure_soft_delete_is_enabled.storage_ensure_soft_delete_is_enabled.storage_client", new=storage_client, ): @@ -33,7 +39,7 @@ class Test_storage_ensure_soft_delete_is_enabled: storage_client = mock.MagicMock storage_account_blob_properties = None storage_client.storage_accounts = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Account( id=storage_account_id, name=storage_account_name, @@ -52,6 +58,9 @@ class Test_storage_ensure_soft_delete_is_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.storage.storage_ensure_soft_delete_is_enabled.storage_ensure_soft_delete_is_enabled.storage_client", new=storage_client, ): @@ -77,7 +86,7 @@ class Test_storage_ensure_soft_delete_is_enabled: container_delete_retention_policy=DeleteRetentionPolicy(enabled=False), ) storage_client.storage_accounts = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Account( id=storage_account_id, name=storage_account_name, @@ -96,6 +105,9 @@ class Test_storage_ensure_soft_delete_is_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.storage.storage_ensure_soft_delete_is_enabled.storage_ensure_soft_delete_is_enabled.storage_client", new=storage_client, ): @@ -109,9 +121,9 @@ class Test_storage_ensure_soft_delete_is_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION} has soft delete disabled." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has soft delete disabled." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name assert result[0].resource_id == storage_account_id @@ -129,7 +141,7 @@ class Test_storage_ensure_soft_delete_is_enabled: container_delete_retention_policy=DeleteRetentionPolicy(enabled=True), ) storage_client.storage_accounts = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Account( id=storage_account_id, name=storage_account_name, @@ -148,6 +160,9 @@ class Test_storage_ensure_soft_delete_is_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.storage.storage_ensure_soft_delete_is_enabled.storage_ensure_soft_delete_is_enabled.storage_client", new=storage_client, ): @@ -161,8 +176,8 @@ class Test_storage_ensure_soft_delete_is_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION} has soft delete enabled." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has soft delete enabled." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name assert result[0].resource_id == storage_account_id diff --git a/tests/providers/azure/services/storage/storage_infrastructure_encryption_is_enabled/storage_infrastructure_encryption_is_enabled_test.py b/tests/providers/azure/services/storage/storage_infrastructure_encryption_is_enabled/storage_infrastructure_encryption_is_enabled_test.py index 5815229f39..eb473d95b5 100644 --- a/tests/providers/azure/services/storage/storage_infrastructure_encryption_is_enabled/storage_infrastructure_encryption_is_enabled_test.py +++ b/tests/providers/azure/services/storage/storage_infrastructure_encryption_is_enabled/storage_infrastructure_encryption_is_enabled_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.storage.storage_service import Account -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_storage_infrastructure_encryption_is_enabled: @@ -11,6 +14,9 @@ class Test_storage_infrastructure_encryption_is_enabled: storage_client.storage_accounts = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.storage.storage_infrastructure_encryption_is_enabled.storage_infrastructure_encryption_is_enabled.storage_client", new=storage_client, ): @@ -27,7 +33,7 @@ class Test_storage_infrastructure_encryption_is_enabled: storage_account_name = "Test Storage Account" storage_client = mock.MagicMock storage_client.storage_accounts = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Account( id=storage_account_id, name=storage_account_name, @@ -45,6 +51,9 @@ class Test_storage_infrastructure_encryption_is_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.storage.storage_infrastructure_encryption_is_enabled.storage_infrastructure_encryption_is_enabled.storage_client", new=storage_client, ): @@ -58,9 +67,9 @@ class Test_storage_infrastructure_encryption_is_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION} has infrastructure encryption disabled." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has infrastructure encryption disabled." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name assert result[0].resource_id == storage_account_id @@ -69,7 +78,7 @@ class Test_storage_infrastructure_encryption_is_enabled: storage_account_name = "Test Storage Account" storage_client = mock.MagicMock storage_client.storage_accounts = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Account( id=storage_account_id, name=storage_account_name, @@ -87,6 +96,9 @@ class Test_storage_infrastructure_encryption_is_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.storage.storage_infrastructure_encryption_is_enabled.storage_infrastructure_encryption_is_enabled.storage_client", new=storage_client, ): @@ -100,8 +112,8 @@ class Test_storage_infrastructure_encryption_is_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION} has infrastructure encryption enabled." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has infrastructure encryption enabled." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name assert result[0].resource_id == storage_account_id diff --git a/tests/providers/azure/services/storage/storage_key_rotation_90_days/storage_key_rotation_90_days_test.py b/tests/providers/azure/services/storage/storage_key_rotation_90_days/storage_key_rotation_90_days_test.py index 1a27a1de22..8dd6775c74 100644 --- a/tests/providers/azure/services/storage/storage_key_rotation_90_days/storage_key_rotation_90_days_test.py +++ b/tests/providers/azure/services/storage/storage_key_rotation_90_days/storage_key_rotation_90_days_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.storage.storage_service import Account -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_storage_key_rotation_90_dayss: @@ -11,6 +14,9 @@ class Test_storage_key_rotation_90_dayss: storage_client.storage_accounts = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.storage.storage_key_rotation_90_days.storage_key_rotation_90_days.storage_client", new=storage_client, ): @@ -28,7 +34,7 @@ class Test_storage_key_rotation_90_dayss: expiration_days = 91 storage_client = mock.MagicMock storage_client.storage_accounts = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Account( id=storage_account_id, name=storage_account_name, @@ -46,6 +52,9 @@ class Test_storage_key_rotation_90_dayss: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.storage.storage_key_rotation_90_days.storage_key_rotation_90_days.storage_client", new=storage_client, ): @@ -59,9 +68,9 @@ class Test_storage_key_rotation_90_dayss: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION} has an invalid key expiration period of {expiration_days} days." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has an invalid key expiration period of {expiration_days} days." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name assert result[0].resource_id == storage_account_id @@ -71,7 +80,7 @@ class Test_storage_key_rotation_90_dayss: expiration_days = 90 storage_client = mock.MagicMock storage_client.storage_accounts = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Account( id=storage_account_id, name=storage_account_name, @@ -89,6 +98,9 @@ class Test_storage_key_rotation_90_dayss: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.storage.storage_key_rotation_90_days.storage_key_rotation_90_days.storage_client", new=storage_client, ): @@ -102,9 +114,9 @@ class Test_storage_key_rotation_90_dayss: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION} has a key expiration period of {expiration_days} days." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has a key expiration period of {expiration_days} days." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name assert result[0].resource_id == storage_account_id @@ -113,7 +125,7 @@ class Test_storage_key_rotation_90_dayss: storage_account_name = "Test Storage Account" storage_client = mock.MagicMock storage_client.storage_accounts = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Account( id=storage_account_id, name=storage_account_name, @@ -131,6 +143,9 @@ class Test_storage_key_rotation_90_dayss: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.storage.storage_key_rotation_90_days.storage_key_rotation_90_days.storage_client", new=storage_client, ): @@ -144,8 +159,8 @@ class Test_storage_key_rotation_90_dayss: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION} has no key expiration period set." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has no key expiration period set." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name assert result[0].resource_id == storage_account_id diff --git a/tests/providers/azure/services/storage/storage_secure_transfer_required_is_enabled/storage_secure_transfer_required_is_enabled_test.py b/tests/providers/azure/services/storage/storage_secure_transfer_required_is_enabled/storage_secure_transfer_required_is_enabled_test.py index 4ada6b2985..90fb2f061a 100644 --- a/tests/providers/azure/services/storage/storage_secure_transfer_required_is_enabled/storage_secure_transfer_required_is_enabled_test.py +++ b/tests/providers/azure/services/storage/storage_secure_transfer_required_is_enabled/storage_secure_transfer_required_is_enabled_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.storage.storage_service import Account -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_storage_secure_transfer_required_is_enabled: @@ -11,6 +14,9 @@ class Test_storage_secure_transfer_required_is_enabled: storage_client.storage_accounts = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.storage.storage_secure_transfer_required_is_enabled.storage_secure_transfer_required_is_enabled.storage_client", new=storage_client, ): @@ -27,7 +33,7 @@ class Test_storage_secure_transfer_required_is_enabled: storage_account_name = "Test Storage Account" storage_client = mock.MagicMock storage_client.storage_accounts = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Account( id=storage_account_id, name=storage_account_name, @@ -45,6 +51,9 @@ class Test_storage_secure_transfer_required_is_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.storage.storage_secure_transfer_required_is_enabled.storage_secure_transfer_required_is_enabled.storage_client", new=storage_client, ): @@ -58,9 +67,9 @@ class Test_storage_secure_transfer_required_is_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION} has secure transfer required disabled." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has secure transfer required disabled." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name assert result[0].resource_id == storage_account_id @@ -69,7 +78,7 @@ class Test_storage_secure_transfer_required_is_enabled: storage_account_name = "Test Storage Account" storage_client = mock.MagicMock storage_client.storage_accounts = { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Account( id=storage_account_id, name=storage_account_name, @@ -87,6 +96,9 @@ class Test_storage_secure_transfer_required_is_enabled: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.storage.storage_secure_transfer_required_is_enabled.storage_secure_transfer_required_is_enabled.storage_client", new=storage_client, ): @@ -100,8 +112,8 @@ class Test_storage_secure_transfer_required_is_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION} has secure transfer required enabled." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has secure transfer required enabled." ) - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name assert result[0].resource_id == storage_account_id diff --git a/tests/providers/azure/services/storage/storage_service_test.py b/tests/providers/azure/services/storage/storage_service_test.py index 21eb1a5387..ed7d4ba113 100644 --- a/tests/providers/azure/services/storage/storage_service_test.py +++ b/tests/providers/azure/services/storage/storage_service_test.py @@ -6,8 +6,8 @@ from prowler.providers.azure.services.storage.storage_service import ( Storage, ) from tests.providers.azure.azure_fixtures import ( - AZURE_SUBSCRIPTION, - set_mocked_azure_audit_info, + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, ) @@ -20,7 +20,7 @@ def mock_storage_get_storage_accounts(_): container_delete_retention_policy=None, ) return { - AZURE_SUBSCRIPTION: [ + AZURE_SUBSCRIPTION_ID: [ Account( id="id", name="name", @@ -45,51 +45,59 @@ def mock_storage_get_storage_accounts(_): ) class Test_Storage_Service: def test__get_client__(self): - storage = Storage(set_mocked_azure_audit_info()) + storage = Storage(set_mocked_azure_provider()) assert ( - storage.clients[AZURE_SUBSCRIPTION].__class__.__name__ + storage.clients[AZURE_SUBSCRIPTION_ID].__class__.__name__ == "StorageManagementClient" ) def test__get_storage_accounts__(self): - storage = Storage(set_mocked_azure_audit_info()) + storage = Storage(set_mocked_azure_provider()) assert ( - storage.storage_accounts[AZURE_SUBSCRIPTION][0].__class__.__name__ + storage.storage_accounts[AZURE_SUBSCRIPTION_ID][0].__class__.__name__ == "Account" ) - assert storage.storage_accounts[AZURE_SUBSCRIPTION][0].id == "id" - assert storage.storage_accounts[AZURE_SUBSCRIPTION][0].name == "name" + assert storage.storage_accounts[AZURE_SUBSCRIPTION_ID][0].id == "id" + assert storage.storage_accounts[AZURE_SUBSCRIPTION_ID][0].name == "name" assert ( - storage.storage_accounts[AZURE_SUBSCRIPTION][0].resouce_group_name is None - ) - assert ( - storage.storage_accounts[AZURE_SUBSCRIPTION][0].enable_https_traffic_only - is False - ) - assert ( - storage.storage_accounts[AZURE_SUBSCRIPTION][0].infrastructure_encryption - is False - ) - assert ( - storage.storage_accounts[AZURE_SUBSCRIPTION][0].allow_blob_public_access + storage.storage_accounts[AZURE_SUBSCRIPTION_ID][0].resouce_group_name is None ) - assert storage.storage_accounts[AZURE_SUBSCRIPTION][0].network_rule_set is None - assert storage.storage_accounts[AZURE_SUBSCRIPTION][0].encryption_type == "None" assert ( - storage.storage_accounts[AZURE_SUBSCRIPTION][0].minimum_tls_version is None + storage.storage_accounts[AZURE_SUBSCRIPTION_ID][0].enable_https_traffic_only + is False ) assert ( - storage.storage_accounts[AZURE_SUBSCRIPTION][ + storage.storage_accounts[AZURE_SUBSCRIPTION_ID][0].infrastructure_encryption + is False + ) + assert ( + storage.storage_accounts[AZURE_SUBSCRIPTION_ID][0].allow_blob_public_access + is None + ) + assert ( + storage.storage_accounts[AZURE_SUBSCRIPTION_ID][0].network_rule_set is None + ) + assert ( + storage.storage_accounts[AZURE_SUBSCRIPTION_ID][0].encryption_type == "None" + ) + assert ( + storage.storage_accounts[AZURE_SUBSCRIPTION_ID][0].minimum_tls_version + is None + ) + assert ( + storage.storage_accounts[AZURE_SUBSCRIPTION_ID][ 0 ].key_expiration_period_in_days is None ) assert ( - storage.storage_accounts[AZURE_SUBSCRIPTION][0].private_endpoint_connections + storage.storage_accounts[AZURE_SUBSCRIPTION_ID][ + 0 + ].private_endpoint_connections is None ) - assert storage.storage_accounts[AZURE_SUBSCRIPTION][ + assert storage.storage_accounts[AZURE_SUBSCRIPTION_ID][ 0 ].blob_properties == BlobProperties( id="id", @@ -100,32 +108,33 @@ class Test_Storage_Service: ) def test__get_blob_properties__(self): - storage = Storage(set_mocked_azure_audit_info()) + storage = Storage(set_mocked_azure_provider()) assert ( - storage.storage_accounts[AZURE_SUBSCRIPTION][ + storage.storage_accounts[AZURE_SUBSCRIPTION_ID][ 0 ].blob_properties.__class__.__name__ == "BlobProperties" ) assert ( - storage.storage_accounts[AZURE_SUBSCRIPTION][0].blob_properties.id == "id" + storage.storage_accounts[AZURE_SUBSCRIPTION_ID][0].blob_properties.id + == "id" ) assert ( - storage.storage_accounts[AZURE_SUBSCRIPTION][0].blob_properties.name + storage.storage_accounts[AZURE_SUBSCRIPTION_ID][0].blob_properties.name == "name" ) assert ( - storage.storage_accounts[AZURE_SUBSCRIPTION][0].blob_properties.type + storage.storage_accounts[AZURE_SUBSCRIPTION_ID][0].blob_properties.type == "type" ) assert ( - storage.storage_accounts[AZURE_SUBSCRIPTION][ + storage.storage_accounts[AZURE_SUBSCRIPTION_ID][ 0 ].blob_properties.default_service_version is None ) assert ( - storage.storage_accounts[AZURE_SUBSCRIPTION][ + storage.storage_accounts[AZURE_SUBSCRIPTION_ID][ 0 ].blob_properties.container_delete_retention_policy is None diff --git a/tests/providers/azure/services/vm/vm_ensure_attached_disks_encrypted_with_cmk/vm_ensure_attached_disks_encrypted_with_cmk_test.py b/tests/providers/azure/services/vm/vm_ensure_attached_disks_encrypted_with_cmk/vm_ensure_attached_disks_encrypted_with_cmk_test.py index dc13bb03cc..2bdbe526df 100644 --- a/tests/providers/azure/services/vm/vm_ensure_attached_disks_encrypted_with_cmk/vm_ensure_attached_disks_encrypted_with_cmk_test.py +++ b/tests/providers/azure/services/vm/vm_ensure_attached_disks_encrypted_with_cmk/vm_ensure_attached_disks_encrypted_with_cmk_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.vm.vm_service import Disk -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_vm_ensure_attached_disks_encrypted_with_cmk: @@ -11,6 +14,9 @@ class Test_vm_ensure_attached_disks_encrypted_with_cmk: vm_client.disks = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.vm.vm_ensure_attached_disks_encrypted_with_cmk.vm_ensure_attached_disks_encrypted_with_cmk.vm_client", new=vm_client, ): @@ -24,9 +30,12 @@ class Test_vm_ensure_attached_disks_encrypted_with_cmk: def test_vm_subscription_empty(self): vm_client = mock.MagicMock - vm_client.disks = {AZURE_SUBSCRIPTION: {}} + vm_client.disks = {AZURE_SUBSCRIPTION_ID: {}} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.vm.vm_ensure_attached_disks_encrypted_with_cmk.vm_ensure_attached_disks_encrypted_with_cmk.vm_client", new=vm_client, ): @@ -43,7 +52,7 @@ class Test_vm_ensure_attached_disks_encrypted_with_cmk: resource_id = uuid4() vm_client = mock.MagicMock vm_client.disks = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { disk_id: Disk( resource_id=resource_id, resource_name="test-disk", @@ -54,6 +63,9 @@ class Test_vm_ensure_attached_disks_encrypted_with_cmk: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.vm.vm_ensure_attached_disks_encrypted_with_cmk.vm_ensure_attached_disks_encrypted_with_cmk.vm_client", new=vm_client, ): @@ -64,13 +76,13 @@ class Test_vm_ensure_attached_disks_encrypted_with_cmk: check = vm_ensure_attached_disks_encrypted_with_cmk() result = check.execute() assert len(result) == 1 - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].status == "FAIL" assert result[0].resource_id == resource_id assert result[0].resource_name == "test-disk" assert ( result[0].status_extended - == f"Disk '{disk_id}' is not encrypted with a customer-managed key in subscription {AZURE_SUBSCRIPTION}." + == f"Disk '{disk_id}' is not encrypted with a customer-managed key in subscription {AZURE_SUBSCRIPTION_ID}." ) def test_vm_subscription_one_disk_attached_encrypt_cmk(self): @@ -78,7 +90,7 @@ class Test_vm_ensure_attached_disks_encrypted_with_cmk: resource_id = uuid4() vm_client = mock.MagicMock vm_client.disks = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { disk_id: Disk( resource_id=resource_id, resource_name="test-disk", @@ -89,6 +101,9 @@ class Test_vm_ensure_attached_disks_encrypted_with_cmk: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.vm.vm_ensure_attached_disks_encrypted_with_cmk.vm_ensure_attached_disks_encrypted_with_cmk.vm_client", new=vm_client, ): @@ -99,13 +114,13 @@ class Test_vm_ensure_attached_disks_encrypted_with_cmk: check = vm_ensure_attached_disks_encrypted_with_cmk() result = check.execute() assert len(result) == 1 - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].status == "PASS" assert result[0].resource_id == resource_id assert result[0].resource_name == "test-disk" assert ( result[0].status_extended - == f"Disk '{disk_id}' is encrypted with a customer-managed key in subscription {AZURE_SUBSCRIPTION}." + == f"Disk '{disk_id}' is encrypted with a customer-managed key in subscription {AZURE_SUBSCRIPTION_ID}." ) def test_vm_subscription_two_disk_attached_encrypt_cmk_and_pk(self): @@ -115,7 +130,7 @@ class Test_vm_ensure_attached_disks_encrypted_with_cmk: resource_id_2 = uuid4() vm_client = mock.MagicMock vm_client.disks = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { disk_id_1: Disk( resource_id=resource_id_1, resource_name="test-disk", @@ -132,6 +147,9 @@ class Test_vm_ensure_attached_disks_encrypted_with_cmk: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.vm.vm_ensure_attached_disks_encrypted_with_cmk.vm_ensure_attached_disks_encrypted_with_cmk.vm_client", new=vm_client, ): @@ -142,20 +160,20 @@ class Test_vm_ensure_attached_disks_encrypted_with_cmk: check = vm_ensure_attached_disks_encrypted_with_cmk() result = check.execute() assert len(result) == 2 - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].status == "FAIL" assert result[0].resource_id == resource_id_1 assert result[0].resource_name == "test-disk" assert ( result[0].status_extended - == f"Disk '{disk_id_1}' is not encrypted with a customer-managed key in subscription {AZURE_SUBSCRIPTION}." + == f"Disk '{disk_id_1}' is not encrypted with a customer-managed key in subscription {AZURE_SUBSCRIPTION_ID}." ) assert result[1].status == "PASS" assert result[1].resource_id == resource_id_2 assert result[1].resource_name == "test-disk-2" assert ( result[1].status_extended - == f"Disk '{disk_id_2}' is encrypted with a customer-managed key in subscription {AZURE_SUBSCRIPTION}." + == f"Disk '{disk_id_2}' is encrypted with a customer-managed key in subscription {AZURE_SUBSCRIPTION_ID}." ) def test_vm_unattached_disk_encrypt_cmk(self): @@ -163,7 +181,7 @@ class Test_vm_ensure_attached_disks_encrypted_with_cmk: resource_id = uuid4() vm_client = mock.MagicMock vm_client.disks = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { disk_id: Disk( resource_id=resource_id, resource_name="test-disk", @@ -174,6 +192,9 @@ class Test_vm_ensure_attached_disks_encrypted_with_cmk: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.vm.vm_ensure_attached_disks_encrypted_with_cmk.vm_ensure_attached_disks_encrypted_with_cmk.vm_client", new=vm_client, ): diff --git a/tests/providers/azure/services/vm/vm_ensure_unattached_disks_encrypted_with_cmk/vm_ensure_unattached_disks_encrypted_with_cmk_test.py b/tests/providers/azure/services/vm/vm_ensure_unattached_disks_encrypted_with_cmk/vm_ensure_unattached_disks_encrypted_with_cmk_test.py index b07ba8eedc..8022d0dee5 100644 --- a/tests/providers/azure/services/vm/vm_ensure_unattached_disks_encrypted_with_cmk/vm_ensure_unattached_disks_encrypted_with_cmk_test.py +++ b/tests/providers/azure/services/vm/vm_ensure_unattached_disks_encrypted_with_cmk/vm_ensure_unattached_disks_encrypted_with_cmk_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.vm.vm_service import Disk -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_vm_ensure_unattached_disks_encrypted_with_cmk: @@ -11,6 +14,9 @@ class Test_vm_ensure_unattached_disks_encrypted_with_cmk: vm_client.disks = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.vm.vm_ensure_unattached_disks_encrypted_with_cmk.vm_ensure_unattached_disks_encrypted_with_cmk.vm_client", new=vm_client, ): @@ -24,9 +30,12 @@ class Test_vm_ensure_unattached_disks_encrypted_with_cmk: def test_vm_subscription_empty(self): vm_client = mock.MagicMock - vm_client.disks = {AZURE_SUBSCRIPTION: {}} + vm_client.disks = {AZURE_SUBSCRIPTION_ID: {}} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.vm.vm_ensure_unattached_disks_encrypted_with_cmk.vm_ensure_unattached_disks_encrypted_with_cmk.vm_client", new=vm_client, ): @@ -43,7 +52,7 @@ class Test_vm_ensure_unattached_disks_encrypted_with_cmk: resource_id = uuid4() vm_client = mock.MagicMock vm_client.disks = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { disk_id: Disk( resource_id=resource_id, resource_name="test-disk", @@ -54,6 +63,9 @@ class Test_vm_ensure_unattached_disks_encrypted_with_cmk: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.vm.vm_ensure_unattached_disks_encrypted_with_cmk.vm_ensure_unattached_disks_encrypted_with_cmk.vm_client", new=vm_client, ): @@ -64,13 +76,13 @@ class Test_vm_ensure_unattached_disks_encrypted_with_cmk: check = vm_ensure_unattached_disks_encrypted_with_cmk() result = check.execute() assert len(result) == 1 - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].status == "FAIL" assert result[0].resource_id == resource_id assert result[0].resource_name == "test-disk" assert ( result[0].status_extended - == f"Disk '{disk_id}' is not encrypted with a customer-managed key in subscription {AZURE_SUBSCRIPTION}." + == f"Disk '{disk_id}' is not encrypted with a customer-managed key in subscription {AZURE_SUBSCRIPTION_ID}." ) def test_vm_one_unattached_disk_encrypt_cmk(self): @@ -78,7 +90,7 @@ class Test_vm_ensure_unattached_disks_encrypted_with_cmk: resource_id = uuid4() vm_client = mock.MagicMock vm_client.disks = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { disk_id: Disk( resource_id=resource_id, resource_name="test-disk", @@ -89,6 +101,9 @@ class Test_vm_ensure_unattached_disks_encrypted_with_cmk: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.vm.vm_ensure_unattached_disks_encrypted_with_cmk.vm_ensure_unattached_disks_encrypted_with_cmk.vm_client", new=vm_client, ): @@ -99,13 +114,13 @@ class Test_vm_ensure_unattached_disks_encrypted_with_cmk: check = vm_ensure_unattached_disks_encrypted_with_cmk() result = check.execute() assert len(result) == 1 - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].status == "PASS" assert result[0].resource_id == resource_id assert result[0].resource_name == "test-disk" assert ( result[0].status_extended - == f"Disk '{disk_id}' is encrypted with a customer-managed key in subscription {AZURE_SUBSCRIPTION}." + == f"Disk '{disk_id}' is encrypted with a customer-managed key in subscription {AZURE_SUBSCRIPTION_ID}." ) def test_vm_subscription_two_unattached_disk_encrypt_cmk_and_pk(self): @@ -115,7 +130,7 @@ class Test_vm_ensure_unattached_disks_encrypted_with_cmk: resource_id_2 = uuid4() vm_client = mock.MagicMock vm_client.disks = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { disk_id_1: Disk( resource_id=resource_id_1, resource_name="test-disk", @@ -132,6 +147,9 @@ class Test_vm_ensure_unattached_disks_encrypted_with_cmk: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.vm.vm_ensure_unattached_disks_encrypted_with_cmk.vm_ensure_unattached_disks_encrypted_with_cmk.vm_client", new=vm_client, ): @@ -142,20 +160,20 @@ class Test_vm_ensure_unattached_disks_encrypted_with_cmk: check = vm_ensure_unattached_disks_encrypted_with_cmk() result = check.execute() assert len(result) == 2 - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].status == "FAIL" assert result[0].resource_id == resource_id_1 assert result[0].resource_name == "test-disk" assert ( result[0].status_extended - == f"Disk '{disk_id_1}' is not encrypted with a customer-managed key in subscription {AZURE_SUBSCRIPTION}." + == f"Disk '{disk_id_1}' is not encrypted with a customer-managed key in subscription {AZURE_SUBSCRIPTION_ID}." ) assert result[1].status == "PASS" assert result[1].resource_id == resource_id_2 assert result[1].resource_name == "test-disk-2" assert ( result[1].status_extended - == f"Disk '{disk_id_2}' is encrypted with a customer-managed key in subscription {AZURE_SUBSCRIPTION}." + == f"Disk '{disk_id_2}' is encrypted with a customer-managed key in subscription {AZURE_SUBSCRIPTION_ID}." ) def test_vm_attached_disk_encrypt_cmk(self): @@ -163,7 +181,7 @@ class Test_vm_ensure_unattached_disks_encrypted_with_cmk: resource_id = uuid4() vm_client = mock.MagicMock vm_client.disks = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { disk_id: Disk( resource_id=resource_id, resource_name="test-disk", @@ -174,6 +192,9 @@ class Test_vm_ensure_unattached_disks_encrypted_with_cmk: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.vm.vm_ensure_unattached_disks_encrypted_with_cmk.vm_ensure_unattached_disks_encrypted_with_cmk.vm_client", new=vm_client, ): diff --git a/tests/providers/azure/services/vm/vm_ensure_using_managed_disks/vm_ensure_using_managed_disks_test.py b/tests/providers/azure/services/vm/vm_ensure_using_managed_disks/vm_ensure_using_managed_disks_test.py index 4c0c51b6b4..cdad2bc129 100644 --- a/tests/providers/azure/services/vm/vm_ensure_using_managed_disks/vm_ensure_using_managed_disks_test.py +++ b/tests/providers/azure/services/vm/vm_ensure_using_managed_disks/vm_ensure_using_managed_disks_test.py @@ -2,7 +2,10 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.vm.vm_service import VirtualMachine -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, +) class Test_vm_ensure_using_managed_disks: @@ -11,6 +14,9 @@ class Test_vm_ensure_using_managed_disks: vm_client.virtual_machines = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.vm.vm_ensure_using_managed_disks.vm_ensure_using_managed_disks.vm_client", new=vm_client, ): @@ -24,9 +30,12 @@ class Test_vm_ensure_using_managed_disks: def test_vm_subscriptions(self): vm_client = mock.MagicMock - vm_client.virtual_machines = {AZURE_SUBSCRIPTION: {}} + vm_client.virtual_machines = {AZURE_SUBSCRIPTION_ID: {}} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.vm.vm_ensure_using_managed_disks.vm_ensure_using_managed_disks.vm_client", new=vm_client, ): @@ -42,7 +51,7 @@ class Test_vm_ensure_using_managed_disks: vm_id = str(uuid4()) vm_client = mock.MagicMock vm_client.virtual_machines = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { vm_id: VirtualMachine( resource_id="/subscriptions/resource_id", resource_name="VMTest", @@ -58,6 +67,9 @@ class Test_vm_ensure_using_managed_disks: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.vm.vm_ensure_using_managed_disks.vm_ensure_using_managed_disks.vm_client", new=vm_client, ): @@ -69,19 +81,19 @@ class Test_vm_ensure_using_managed_disks: result = check.execute() assert len(result) == 1 assert result[0].status == "PASS" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "VMTest" assert result[0].resource_id == vm_id assert ( result[0].status_extended - == f"VM VMTest is using managed disks in subscription {AZURE_SUBSCRIPTION}" + == f"VM VMTest is using managed disks in subscription {AZURE_SUBSCRIPTION_ID}" ) def test_vm_using_not_managed_os_disk(self): vm_id = str(uuid4()) vm_client = mock.MagicMock vm_client.virtual_machines = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { vm_id: VirtualMachine( resource_id="/subscriptions/resource_id", resource_name="VMTest", @@ -97,6 +109,9 @@ class Test_vm_ensure_using_managed_disks: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.vm.vm_ensure_using_managed_disks.vm_ensure_using_managed_disks.vm_client", new=vm_client, ): @@ -108,19 +123,19 @@ class Test_vm_ensure_using_managed_disks: result = check.execute() assert len(result) == 1 assert result[0].status == "FAIL" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "VMTest" assert result[0].resource_id == vm_id assert ( result[0].status_extended - == f"VM VMTest is not using managed disks in subscription {AZURE_SUBSCRIPTION}" + == f"VM VMTest is not using managed disks in subscription {AZURE_SUBSCRIPTION_ID}" ) def test_vm_using_not_managed_data_disks(self): vm_id = str(uuid4()) vm_client = mock.MagicMock vm_client.virtual_machines = { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { vm_id: VirtualMachine( resource_id="/subscriptions/resource_id", resource_name="VMTest", @@ -136,6 +151,9 @@ class Test_vm_ensure_using_managed_disks: } with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.vm.vm_ensure_using_managed_disks.vm_ensure_using_managed_disks.vm_client", new=vm_client, ): @@ -147,10 +165,10 @@ class Test_vm_ensure_using_managed_disks: result = check.execute() assert len(result) == 1 assert result[0].status == "FAIL" - assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "VMTest" assert result[0].resource_id == vm_id assert ( result[0].status_extended - == f"VM VMTest is not using managed disks in subscription {AZURE_SUBSCRIPTION}" + == f"VM VMTest is not using managed disks in subscription {AZURE_SUBSCRIPTION_ID}" ) diff --git a/tests/providers/azure/services/vm/vm_service_test.py b/tests/providers/azure/services/vm/vm_service_test.py index d5d07e8775..dff745ed0e 100644 --- a/tests/providers/azure/services/vm/vm_service_test.py +++ b/tests/providers/azure/services/vm/vm_service_test.py @@ -8,14 +8,14 @@ from prowler.providers.azure.services.vm.vm_service import ( VirtualMachines, ) from tests.providers.azure.azure_fixtures import ( - AZURE_SUBSCRIPTION, - set_mocked_azure_audit_info, + AZURE_SUBSCRIPTION_ID, + set_mocked_azure_provider, ) def mock_vm_get_virtual_machines(_): return { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "vm_id-1": VirtualMachine( resource_id="/subscriptions/resource_id", resource_name="VMTest", @@ -33,7 +33,7 @@ def mock_vm_get_virtual_machines(_): def mock_vm_get_disks(_): return { - AZURE_SUBSCRIPTION: { + AZURE_SUBSCRIPTION_ID: { "disk_id-1": Disk( resource_id="disk_id-1", resource_name="DiskTest", @@ -54,38 +54,40 @@ def mock_vm_get_disks(_): ) class Test_AppInsights_Service: def test__get_client__(self): - app_insights = VirtualMachines(set_mocked_azure_audit_info()) + app_insights = VirtualMachines(set_mocked_azure_provider()) assert ( - app_insights.clients[AZURE_SUBSCRIPTION].__class__.__name__ + app_insights.clients[AZURE_SUBSCRIPTION_ID].__class__.__name__ == "ComputeManagementClient" ) def test__get_subscriptions__(self): - app_insights = VirtualMachines(set_mocked_azure_audit_info()) + app_insights = VirtualMachines(set_mocked_azure_provider()) assert app_insights.subscriptions.__class__.__name__ == "dict" def test__get_virtual_machines(self): - virtual_machines = VirtualMachines(set_mocked_azure_audit_info()) + virtual_machines = VirtualMachines(set_mocked_azure_provider()) assert len(virtual_machines.virtual_machines) == 1 assert ( - virtual_machines.virtual_machines[AZURE_SUBSCRIPTION]["vm_id-1"].resource_id + virtual_machines.virtual_machines[AZURE_SUBSCRIPTION_ID][ + "vm_id-1" + ].resource_id == "/subscriptions/resource_id" ) assert ( - virtual_machines.virtual_machines[AZURE_SUBSCRIPTION][ + virtual_machines.virtual_machines[AZURE_SUBSCRIPTION_ID][ "vm_id-1" ].resource_name == "VMTest" ) assert ( - virtual_machines.virtual_machines[AZURE_SUBSCRIPTION][ + virtual_machines.virtual_machines[AZURE_SUBSCRIPTION_ID][ "vm_id-1" ].storage_profile.os_disk.managed_disk.id == "managed_disk_id" ) assert ( len( - virtual_machines.virtual_machines[AZURE_SUBSCRIPTION][ + virtual_machines.virtual_machines[AZURE_SUBSCRIPTION_ID][ "vm_id-1" ].storage_profile.data_disks ) @@ -93,12 +95,12 @@ class Test_AppInsights_Service: ) def test__get_disks(self): - disks = VirtualMachines(set_mocked_azure_audit_info()).disks + disks = VirtualMachines(set_mocked_azure_provider()).disks assert len(disks) == 1 - assert disks[AZURE_SUBSCRIPTION]["disk_id-1"].resource_id == "disk_id-1" - assert disks[AZURE_SUBSCRIPTION]["disk_id-1"].resource_name == "DiskTest" - assert disks[AZURE_SUBSCRIPTION]["disk_id-1"].vms_attached == ["managed_by"] + assert disks[AZURE_SUBSCRIPTION_ID]["disk_id-1"].resource_id == "disk_id-1" + assert disks[AZURE_SUBSCRIPTION_ID]["disk_id-1"].resource_name == "DiskTest" + assert disks[AZURE_SUBSCRIPTION_ID]["disk_id-1"].vms_attached == ["managed_by"] assert ( - disks[AZURE_SUBSCRIPTION]["disk_id-1"].encryption_type + disks[AZURE_SUBSCRIPTION_ID]["disk_id-1"].encryption_type == "EncryptionAtRestWithPlatformKey" ) diff --git a/tests/providers/common/audit_info_test.py b/tests/providers/common/audit_info_test.py deleted file mode 100644 index bfbcbb2953..0000000000 --- a/tests/providers/common/audit_info_test.py +++ /dev/null @@ -1,452 +0,0 @@ -import boto3 -import botocore -import pytest -from boto3 import session -from mock import patch -from moto import mock_aws - -from prowler.config.config import default_config_file_path -from prowler.providers.azure.azure_provider import Azure_Provider -from prowler.providers.azure.lib.audit_info.models import ( - Azure_Audit_Info, - AzureIdentityInfo, - AzureRegionConfig, -) -from prowler.providers.azure.lib.exception.exception import AzureException -from prowler.providers.common.audit_info import ( - Audit_Info, - get_tagged_resources, - set_provider_audit_info, -) -from prowler.providers.common.models import Audit_Metadata -from prowler.providers.gcp.gcp_provider import GCP_Provider -from prowler.providers.gcp.lib.audit_info.models import GCP_Audit_Info -from prowler.providers.kubernetes.kubernetes_provider import Kubernetes_Provider -from prowler.providers.kubernetes.lib.audit_info.models import Kubernetes_Audit_Info - -EXAMPLE_AMI_ID = "ami-12c6146b" -AWS_ACCOUNT_NUMBER = "123456789012" - - -mock_azure_audit_info = Azure_Audit_Info( - credentials=None, - identity=AzureIdentityInfo(), - audit_metadata=None, - audit_resources=None, - audit_config=None, - azure_region_config=AzureRegionConfig(), - locations=None, -) - -mock_set_audit_info = Audit_Info() - -# Mocking GetCallerIdentity for China and GovCloud -make_api_call = botocore.client.BaseClient._make_api_call - - -def mock_get_caller_identity_china(self, operation_name, kwarg): - if operation_name == "GetCallerIdentity": - return { - "UserId": "XXXXXXXXXXXXXXXXXXXXX", - "Account": AWS_ACCOUNT_NUMBER, - "Arn": f"arn:aws-cn:iam::{AWS_ACCOUNT_NUMBER}:user/test-user", - } - - return make_api_call(self, operation_name, kwarg) - - -def mock_get_caller_identity_gov_cloud(self, operation_name, kwarg): - if operation_name == "GetCallerIdentity": - return { - "UserId": "XXXXXXXXXXXXXXXXXXXXX", - "Account": AWS_ACCOUNT_NUMBER, - "Arn": f"arn:aws-us-gov:iam::{AWS_ACCOUNT_NUMBER}:user/test-user", - } - - return make_api_call(self, operation_name, kwarg) - - -def mock_validate_credentials(*_): - caller_identity = { - "Arn": "arn:aws:iam::123456789012:user/test", - "Account": "123456789012", - "UserId": "test", - } - return caller_identity - - -def mock_print_audit_credentials(*_): - pass - - -def mock_set_identity_info(*_): - return AzureIdentityInfo() - - -def mock_set_azure_credentials(*_): - return {} - - -def mock_set_gcp_credentials(*_): - return (None, "project") - - -def mock_get_project_ids(*_): - return ["project"] - - -def mock_set_kubernetes_credentials(*_): - return ("apiclient", "context") - - -def mock_get_context_user_roles(*_): - return [] - - -class Test_Set_Audit_Info: - # Mocked Audit Info - def set_mocked_audit_info(self): - # TODO(Audit_Info): use provider here, and common helper from utils - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - ), - audited_account=AWS_ACCOUNT_NUMBER, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", - audited_user_id=None, - audited_partition="aws", - audited_identity_arn="arn:aws:iam::123456789012:user/test", - profile=None, - profile_region="eu-west-1", - credentials=None, - assumed_role_info=AWS_Assume_Role( - role_arn=None, - session_duration=None, - external_id=None, - mfa_enabled=None, - role_session_name="ProwlerAssessmentSession", - ), - audited_regions=["eu-west-2", "eu-west-1"], - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - - return audit_info - - @patch( - "prowler.providers.common.audit_info.azure_audit_info", - new=mock_azure_audit_info, - ) - @patch.object(Azure_Provider, "__get_credentials__", new=mock_set_azure_credentials) - @patch.object(Azure_Provider, "__get_identity_info__", new=mock_set_identity_info) - def test_set_audit_info_azure(self): - provider = "azure" - arguments = { - "profile": None, - "role": None, - "session_duration": None, - "external_id": None, - "regions": None, - "organizations_role": None, - "subscriptions": None, - # We need to set exactly one auth method - "az_cli_auth": True, - "sp_env_auth": None, - "browser_auth": None, - "managed_entity_auth": None, - "config_file": default_config_file_path, - "azure_region": "AzureCloud", - } - - audit_info = set_provider_audit_info(provider, arguments) - assert isinstance(audit_info, Azure_Audit_Info) - - @patch( - "prowler.providers.common.audit_info.azure_audit_info", - new=mock_azure_audit_info, - ) - @patch.object(Azure_Provider, "__get_credentials__", new=mock_set_azure_credentials) - @patch.object(Azure_Provider, "__get_identity_info__", new=mock_set_identity_info) - def test_set_azure_audit_info_not_auth_methods(self): - arguments = { - "profile": None, - "role": None, - "session_duration": None, - "external_id": None, - "regions": None, - "organizations_role": None, - "subscriptions": None, - # We need to set exactly one auth method - "az_cli_auth": None, - "sp_env_auth": None, - "browser_auth": None, - "managed_entity_auth": None, - "config_file": default_config_file_path, - "azure_region": "AzureCloud", - } - - with pytest.raises(AzureException) as exception: - _ = Audit_Info().set_azure_audit_info(arguments) - assert exception.type == AzureException - assert ( - exception.value.args[0] - == "Azure provider requires at least one authentication method set: [--az-cli-auth | --sp-env-auth | --browser-auth | --managed-identity-auth]" - ) - - @patch( - "prowler.providers.common.audit_info.azure_audit_info", - new=mock_azure_audit_info, - ) - @patch.object(Azure_Provider, "__get_credentials__", new=mock_set_azure_credentials) - @patch.object(Azure_Provider, "__get_identity_info__", new=mock_set_identity_info) - def test_set_azure_audit_info_browser_auth_but_not_tenant_id(self): - arguments = { - "profile": None, - "role": None, - "session_duration": None, - "external_id": None, - "regions": None, - "organizations_role": None, - "subscriptions": None, - # We need to set exactly one auth method - "az_cli_auth": None, - "sp_env_auth": None, - "browser_auth": True, - "managed_entity_auth": None, - "config_file": default_config_file_path, - "azure_region": "AzureCloud", - } - - with pytest.raises(AzureException) as exception: - _ = Audit_Info().set_azure_audit_info(arguments) - assert exception.type == AzureException - assert ( - exception.value.args[0] - == "Azure Tenant ID (--tenant-id) is required only for browser authentication mode" - ) - - @patch( - "prowler.providers.common.audit_info.azure_audit_info", - new=mock_azure_audit_info, - ) - @patch.object(Azure_Provider, "__get_credentials__", new=mock_set_azure_credentials) - @patch.object(Azure_Provider, "__get_identity_info__", new=mock_set_identity_info) - def test_set_azure_audit_info_tenant_id_but_no_browser_auth(self): - arguments = { - "profile": None, - "role": None, - "session_duration": None, - "external_id": None, - "regions": None, - "organizations_role": None, - "subscriptions": None, - # We need to set exactly one auth method - "az_cli_auth": True, - "sp_env_auth": None, - "browser_auth": None, - "managed_entity_auth": None, - "config_file": default_config_file_path, - "azure_region": "AzureCloud", - "tenant_id": "test-tenant-id", - } - - with pytest.raises(AzureException) as exception: - _ = Audit_Info().set_azure_audit_info(arguments) - assert exception.type == AzureException - assert ( - exception.value.args[0] - == "Azure Tenant ID (--tenant-id) is required only for browser authentication mode" - ) - - @patch.object(GCP_Provider, "__set_credentials__", new=mock_set_gcp_credentials) - @patch.object(GCP_Provider, "get_project_ids", new=mock_get_project_ids) - @patch.object(Audit_Info, "print_gcp_credentials", new=mock_print_audit_credentials) - def test_set_audit_info_gcp(self): - provider = "gcp" - arguments = { - "profile": None, - "role": None, - "session_duration": None, - "external_id": None, - "regions": None, - "organizations_role": None, - "subscriptions": None, - # We need to set exactly one auth method - "credentials_file": None, - "project_ids": ["project"], - "config_file": default_config_file_path, - } - - audit_info = set_provider_audit_info(provider, arguments) - assert isinstance(audit_info, GCP_Audit_Info) - - @patch.object( - Kubernetes_Provider, "__set_credentials__", new=mock_set_kubernetes_credentials - ) - @patch.object( - Kubernetes_Provider, "get_context_user_roles", new=mock_get_context_user_roles - ) - def test_set_audit_info_kubernetes(self): - provider = "kubernetes" - arguments = { - "profile": None, - "role": None, - "session_duration": None, - "external_id": None, - "regions": None, - "organizations_role": None, - "subscriptions": None, - "context": "default", - "kubeconfig_file": "config", - "config_file": default_config_file_path, - } - - audit_info = set_provider_audit_info(provider, arguments) - assert isinstance(audit_info, Kubernetes_Audit_Info) - - @mock_aws - def test_get_tagged_resources(self): - with patch( - "prowler.providers.common.audit_info.current_audit_info", - new=self.set_mocked_audit_info(), - ) as mock_audit_info: - client = boto3.client("ec2", region_name="eu-central-1") - instances = client.run_instances( - ImageId=EXAMPLE_AMI_ID, - MinCount=1, - MaxCount=1, - InstanceType="t2.micro", - TagSpecifications=[ - { - "ResourceType": "instance", - "Tags": [ - {"Key": "MY_TAG1", "Value": "MY_VALUE1"}, - {"Key": "MY_TAG2", "Value": "MY_VALUE2"}, - ], - }, - { - "ResourceType": "instance", - "Tags": [{"Key": "ami", "Value": "test"}], - }, - ], - ) - instance_id = instances["Instances"][0]["InstanceId"] - image_id = client.create_image(Name="testami", InstanceId=instance_id)[ - "ImageId" - ] - client.create_tags( - Resources=[image_id], Tags=[{"Key": "ami", "Value": "test"}] - ) - - mock_audit_info.audited_regions = ["eu-central-1"] - mock_audit_info.audit_session = boto3.session.Session() - assert len(get_tagged_resources(["ami=test"], mock_audit_info)) == 2 - assert image_id in str(get_tagged_resources(["ami=test"], mock_audit_info)) - assert instance_id in str( - get_tagged_resources(["ami=test"], mock_audit_info) - ) - assert ( - len(get_tagged_resources(["MY_TAG1=MY_VALUE1"], mock_audit_info)) == 1 - ) - assert instance_id in str( - get_tagged_resources(["MY_TAG1=MY_VALUE1"], mock_audit_info) - ) - - @mock_aws - @patch( - "prowler.providers.common.audit_info.validate_aws_credentials", - new=mock_validate_credentials, - ) - @patch( - "prowler.providers.common.audit_info.print_aws_credentials", - new=mock_print_audit_credentials, - ) - def test_set_audit_info_aws(self): - with patch( - "prowler.providers.common.audit_info.current_audit_info", - new=self.set_mocked_audit_info(), - ): - provider = "aws" - arguments = { - "profile": None, - "role": None, - "session_duration": None, - "external_id": None, - "regions": None, - "organizations_role": None, - "config_file": default_config_file_path, - } - - audit_info = set_provider_audit_info(provider, arguments) - # TODO(Audit_Info): use provider here - assert isinstance(audit_info, AWS_Audit_Info) - - def test_set_audit_info_aws_bad_session_duration(self): - with patch( - "prowler.providers.common.audit_info.current_audit_info", - new=self.set_mocked_audit_info(), - ): - provider = "aws" - arguments = { - "profile": None, - "role": None, - "session_duration": 100, - "external_id": None, - "regions": None, - "organizations_role": None, - } - - with pytest.raises(SystemExit) as exception: - _ = set_provider_audit_info(provider, arguments) - # assert exception == "Value for -T option must be between 900 and 43200" - assert isinstance(exception, pytest.ExceptionInfo) - - def test_set_audit_info_aws_session_duration_without_role(self): - with patch( - "prowler.providers.common.audit_info.current_audit_info", - new=self.set_mocked_audit_info(), - ): - provider = "aws" - arguments = { - "profile": None, - "role": None, - "session_duration": 1000, - "external_id": None, - "regions": None, - "organizations_role": None, - } - - with pytest.raises(SystemExit) as exception: - _ = set_provider_audit_info(provider, arguments) - # assert exception == "To use -I/--external-id, -T/--session-duration or --role-session-name options -R/--role option is needed" - assert isinstance(exception, pytest.ExceptionInfo) - - def test_set_audit_info_external_id_without_role(self): - with patch( - "prowler.providers.common.audit_info.current_audit_info", - new=self.set_mocked_audit_info(), - ): - provider = "aws" - arguments = { - "profile": None, - "role": None, - "session_duration": 3600, - "external_id": "test-external-id", - "regions": None, - "organizations_role": None, - } - - with pytest.raises(SystemExit) as exception: - _ = set_provider_audit_info(provider, arguments) - # assert exception == "To use -I/--external-id, -T/--session-duration or --role-session-name options -R/--role option is needed" - assert isinstance(exception, pytest.ExceptionInfo) diff --git a/tests/providers/common/common_outputs_test.py b/tests/providers/common/common_outputs_test.py deleted file mode 100644 index 8893ca209d..0000000000 --- a/tests/providers/common/common_outputs_test.py +++ /dev/null @@ -1,281 +0,0 @@ -from argparse import Namespace -from os import rmdir - -from mock import patch - -from prowler.providers.azure.lib.audit_info.audit_info import ( - Azure_Audit_Info, - AzureIdentityInfo, - AzureRegionConfig, -) -from prowler.providers.common.outputs import ( - Aws_Output_Options, - Azure_Output_Options, - Gcp_Output_Options, - Kubernetes_Output_Options, - set_provider_output_options, -) -from prowler.providers.gcp.lib.audit_info.models import GCP_Audit_Info -from prowler.providers.kubernetes.lib.audit_info.models import Kubernetes_Audit_Info - -AWS_ACCOUNT_NUMBER = "012345678912" -DATETIME = "20230101120000" - - -@patch("prowler.providers.common.outputs.output_file_timestamp", new=DATETIME) -class Test_Common_Output_Options: - # Mocked Azure Audit Info - def set_mocked_azure_audit_info(self): - audit_info = Azure_Audit_Info( - credentials=None, - identity=AzureIdentityInfo(), - audit_metadata=None, - audit_resources=None, - audit_config=None, - azure_region_config=AzureRegionConfig(), - locations=None, - ) - return audit_info - - # Mocked GCP Audit Info - def set_mocked_gcp_audit_info(self): - audit_info = GCP_Audit_Info( - credentials=None, - default_project_id="test-project1", - project_ids=["test-project1", "test-project2"], - audit_resources=None, - audit_metadata=None, - audit_config=None, - ) - return audit_info - - # Mocked Kusbernete Audit Info - def set_mocked_kubernetes_audit_info(self): - audit_info = Kubernetes_Audit_Info( - api_client=None, - context={ - "name": "test-context", - "context": {"cluster": "test-cluster", "user": "XXXXXXXXX"}, - }, - audit_resources=None, - audit_metadata=None, - audit_config=None, - ) - return audit_info - - def test_set_provider_output_options_aws(self): - # Set the cloud provider - provider = "aws" - # Set the arguments passed - arguments = Namespace() - arguments.quiet = True - arguments.output_modes = ["csv"] - arguments.output_directory = "output_test_directory" - arguments.verbose = True - arguments.output_filename = "output_test_filename" - arguments.security_hub = True - arguments.shodan = "test-api-key" - arguments.only_logs = False - arguments.unix_timestamp = False - arguments.send_sh_only_fails = True - - audit_info = self.set_mocked_aws_audit_info() - mutelist_file = "" - bulk_checks_metadata = {} - output_options = set_provider_output_options( - provider, arguments, audit_info, mutelist_file, bulk_checks_metadata - ) - assert isinstance(output_options, Aws_Output_Options) - assert output_options.security_hub_enabled - assert output_options.send_sh_only_fails - assert output_options.is_quiet - assert output_options.output_modes == ["csv", "json-asff"] - assert output_options.output_directory == arguments.output_directory - assert output_options.mutelist_file == "" - assert output_options.bulk_checks_metadata == {} - assert output_options.verbose - assert output_options.output_filename == arguments.output_filename - - # Delete testing directory - rmdir(arguments.output_directory) - - def test_set_provider_output_options_gcp(self): - # Set the cloud provider - provider = "gcp" - # Set the arguments passed - arguments = Namespace() - arguments.quiet = True - arguments.output_modes = ["csv"] - arguments.output_directory = "output_test_directory" - arguments.verbose = True - arguments.output_filename = "output_test_filename" - arguments.only_logs = False - arguments.unix_timestamp = False - - audit_info = self.set_mocked_gcp_audit_info() - mutelist_file = "" - bulk_checks_metadata = {} - output_options = set_provider_output_options( - provider, arguments, audit_info, mutelist_file, bulk_checks_metadata - ) - assert isinstance(output_options, Gcp_Output_Options) - assert output_options.is_quiet - assert output_options.output_modes == ["csv"] - assert output_options.output_directory == arguments.output_directory - assert output_options.mutelist_file == "" - assert output_options.bulk_checks_metadata == {} - assert output_options.verbose - assert output_options.output_filename == arguments.output_filename - - # Delete testing directory - rmdir(arguments.output_directory) - - def test_set_provider_output_options_kubernetes(self): - # Set the cloud provider - provider = "kubernetes" - # Set the arguments passed - arguments = Namespace() - arguments.quiet = True - arguments.output_modes = ["csv"] - arguments.output_directory = "output_test_directory" - arguments.verbose = True - arguments.output_filename = "output_test_filename" - arguments.only_logs = False - arguments.unix_timestamp = False - - audit_info = self.set_mocked_kubernetes_audit_info() - mutelist_file = "" - bulk_checks_metadata = {} - output_options = set_provider_output_options( - provider, arguments, audit_info, mutelist_file, bulk_checks_metadata - ) - assert isinstance(output_options, Kubernetes_Output_Options) - assert output_options.is_quiet - assert output_options.output_modes == ["csv"] - assert output_options.output_directory == arguments.output_directory - assert output_options.mutelist_file == "" - assert output_options.bulk_checks_metadata == {} - assert output_options.verbose - assert output_options.output_filename == arguments.output_filename - - # Delete testing directory - rmdir(arguments.output_directory) - - def test_set_provider_output_options_aws_no_output_filename(self): - # Set the cloud provider - provider = "aws" - # Set the arguments passed - arguments = Namespace() - arguments.quiet = True - arguments.output_modes = ["csv"] - arguments.output_directory = "output_test_directory" - arguments.verbose = True - arguments.security_hub = True - arguments.shodan = "test-api-key" - arguments.only_logs = False - arguments.unix_timestamp = False - arguments.send_sh_only_fails = True - - # Mock AWS Audit Info - audit_info = self.set_mocked_aws_audit_info() - - mutelist_file = "" - bulk_checks_metadata = {} - output_options = set_provider_output_options( - provider, arguments, audit_info, mutelist_file, bulk_checks_metadata - ) - assert isinstance(output_options, Aws_Output_Options) - assert output_options.security_hub_enabled - assert output_options.send_sh_only_fails - assert output_options.is_quiet - assert output_options.output_modes == ["csv", "json-asff"] - assert output_options.output_directory == arguments.output_directory - assert output_options.mutelist_file == "" - assert output_options.bulk_checks_metadata == {} - assert output_options.verbose - assert ( - output_options.output_filename - == f"prowler-output-{AWS_ACCOUNT_NUMBER}-{DATETIME}" - ) - - # Delete testing directory - rmdir(arguments.output_directory) - - def test_set_provider_output_options_azure_domain(self): - # Set the cloud provider - provider = "azure" - # Set the arguments passed - arguments = Namespace() - arguments.quiet = True - arguments.output_modes = ["csv"] - arguments.output_directory = "output_test_directory" - arguments.verbose = True - arguments.only_logs = False - arguments.unix_timestamp = False - arguments.shodan = "test-api-key" - - # Mock Azure Audit Info - audit_info = self.set_mocked_azure_audit_info() - audit_info.identity.tenant_domain = "test-domain" - - mutelist_file = "" - bulk_checks_metadata = {} - output_options = set_provider_output_options( - provider, arguments, audit_info, mutelist_file, bulk_checks_metadata - ) - assert isinstance(output_options, Azure_Output_Options) - assert output_options.is_quiet - assert output_options.output_modes == [ - "csv", - ] - assert output_options.output_directory == arguments.output_directory - assert output_options.mutelist_file == "" - assert output_options.bulk_checks_metadata == {} - assert output_options.verbose - assert ( - output_options.output_filename - == f"prowler-output-{audit_info.identity.tenant_domain}-{DATETIME}" - ) - - # Delete testing directory - rmdir(arguments.output_directory) - - def test_set_provider_output_options_azure_tenant_ids(self): - # Set the cloud provider - provider = "azure" - # Set the arguments passed - arguments = Namespace() - arguments.quiet = True - arguments.output_modes = ["csv"] - arguments.output_directory = "output_test_directory" - arguments.verbose = True - arguments.only_logs = False - arguments.unix_timestamp = False - arguments.shodan = "test-api-key" - - # Mock Azure Audit Info - audit_info = self.set_mocked_azure_audit_info() - tenants = ["tenant-1", "tenant-2"] - audit_info.identity.tenant_ids = tenants - - mutelist_file = "" - bulk_checks_metadata = {} - output_options = set_provider_output_options( - provider, arguments, audit_info, mutelist_file, bulk_checks_metadata - ) - assert isinstance(output_options, Azure_Output_Options) - assert output_options.is_quiet - assert output_options.output_modes == [ - "csv", - ] - assert output_options.output_directory == arguments.output_directory - assert output_options.mutelist_file == "" - assert output_options.bulk_checks_metadata == {} - assert output_options.verbose - assert ( - output_options.output_filename - == f"prowler-output-{'-'.join(tenants)}-{DATETIME}" - ) - - # Delete testing directory - rmdir(arguments.output_directory) diff --git a/tests/providers/gcp/gcp_fixtures.py b/tests/providers/gcp/gcp_fixtures.py new file mode 100644 index 0000000000..f514c2d37a --- /dev/null +++ b/tests/providers/gcp/gcp_fixtures.py @@ -0,0 +1,21 @@ +from mock import MagicMock + +from prowler.providers.gcp.gcp_provider import GcpProvider +from prowler.providers.gcp.models import GCPIdentityInfo + +GCP_PROJECT_ID = "123456789012" + + +def set_mocked_gcp_provider( + project_ids: list[str] = [], default_project_id: str = "", profile: str = "" +) -> GcpProvider: + provider = MagicMock() + provider.type = "gcp" + provider.session = None + provider.project_ids = project_ids + provider.identity = GCPIdentityInfo( + profile=profile, + default_project_id=default_project_id, + ) + + return provider diff --git a/tests/providers/gcp/gcp_provider_test.py b/tests/providers/gcp/gcp_provider_test.py new file mode 100644 index 0000000000..c495a1ad00 --- /dev/null +++ b/tests/providers/gcp/gcp_provider_test.py @@ -0,0 +1,110 @@ +from argparse import Namespace +from datetime import datetime +from os import rmdir + +from freezegun import freeze_time +from mock import patch + +from prowler.config.config import default_config_file_path +from prowler.providers.gcp.gcp_provider import GcpProvider +from prowler.providers.gcp.models import GCPIdentityInfo, GCPOutputOptions, GCPProject + + +class TestGCPProvider: + def test_gcp_provider(self): + arguments = Namespace() + arguments.project_ids = [] + arguments.credentials_file = "" + arguments.config_file = default_config_file_path + + projects = { + "test-project": GCPProject( + number="55555555", + id="project/55555555", + name="test-project", + labels="", + lifecycle_state="", + ) + } + with patch( + "prowler.providers.gcp.gcp_provider.GcpProvider.setup_session", + return_value=(None, ""), + ), patch( + "prowler.providers.gcp.gcp_provider.GcpProvider.get_projects", + return_value=projects, + ), patch( + "prowler.providers.gcp.gcp_provider.GcpProvider.update_projects_with_organizations", + return_value=None, + ): + gcp_provider = GcpProvider(arguments) + assert gcp_provider.session is None + assert gcp_provider.project_ids == ["test-project"] + assert gcp_provider.projects == projects + assert gcp_provider.identity == GCPIdentityInfo( + profile="default", default_project_id="" + ) + assert gcp_provider.audit_config is None + + @freeze_time(datetime.today()) + def test_gcp_provider_output_options(self): + arguments = Namespace() + arguments.project_ids = [] + arguments.credentials_file = "" + arguments.config_file = default_config_file_path + + # Output options + arguments.status = [] + arguments.output_modes = ["csv"] + arguments.output_directory = "output_test_directory" + arguments.verbose = True + arguments.only_logs = False + arguments.unix_timestamp = False + arguments.shodan = "test-api-key" + + projects = { + "test-project": GCPProject( + number="55555555", + id="project/55555555", + name="test-project", + labels="", + lifecycle_state="", + ) + } + with patch( + "prowler.providers.gcp.gcp_provider.GcpProvider.setup_session", + return_value=(None, ""), + ), patch( + "prowler.providers.gcp.gcp_provider.GcpProvider.get_projects", + return_value=projects, + ), patch( + "prowler.providers.gcp.gcp_provider.GcpProvider.update_projects_with_organizations", + return_value=None, + ): + gcp_provider = GcpProvider(arguments) + gcp_provider.output_options = arguments, {} + + assert isinstance(gcp_provider.output_options, GCPOutputOptions) + assert gcp_provider.output_options.status == [] + assert gcp_provider.output_options.output_modes == [ + "csv", + ] + assert ( + gcp_provider.output_options.output_directory + == arguments.output_directory + ) + assert gcp_provider.output_options.bulk_checks_metadata == {} + assert gcp_provider.output_options.verbose + assert ( + f"prowler-output-{gcp_provider.identity.profile}" + in gcp_provider.output_options.output_filename + ) + # Flaky due to the millisecond part of the timestamp + # assert ( + # gcp_provider.output_options.output_filename + # == f"prowler-output-{gcp_provider.identity.profile}-{datetime.today().strftime('%Y%m%d%H%M%S')}" + # ) + + # Delete testing directory + # TODO: move this to a fixtures file + rmdir(f"{arguments.output_directory}/compliance") + rmdir(arguments.output_directory) diff --git a/tests/providers/gcp/lib/audit_info_utils.py b/tests/providers/gcp/lib/audit_info_utils.py deleted file mode 100644 index 60a900cd63..0000000000 --- a/tests/providers/gcp/lib/audit_info_utils.py +++ /dev/null @@ -1 +0,0 @@ -GCP_PROJECT_ID = "123456789012" diff --git a/tests/providers/gcp/services/apikeys/apikeys_api_restrictions_configured/apikeys_api_restrictions_configured_test.py b/tests/providers/gcp/services/apikeys/apikeys_api_restrictions_configured/apikeys_api_restrictions_configured_test.py index 45cca513c1..82b55b9da2 100644 --- a/tests/providers/gcp/services/apikeys/apikeys_api_restrictions_configured/apikeys_api_restrictions_configured_test.py +++ b/tests/providers/gcp/services/apikeys/apikeys_api_restrictions_configured/apikeys_api_restrictions_configured_test.py @@ -1,7 +1,7 @@ from re import search from unittest import mock -from tests.providers.gcp.lib.audit_info_utils import GCP_PROJECT_ID +from tests.providers.gcp.gcp_fixtures import GCP_PROJECT_ID, set_mocked_gcp_provider class Test_apikeys_api_restrictions_configured: @@ -10,6 +10,9 @@ class Test_apikeys_api_restrictions_configured: apikeys_client.keys = [] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.apikeys.apikeys_api_restrictions_configured.apikeys_api_restrictions_configured.apikeys_client", new=apikeys_client, ): @@ -43,6 +46,9 @@ class Test_apikeys_api_restrictions_configured: apikeys_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.apikeys.apikeys_api_restrictions_configured.apikeys_api_restrictions_configured.apikeys_client", new=apikeys_client, ): @@ -78,6 +84,9 @@ class Test_apikeys_api_restrictions_configured: apikeys_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.apikeys.apikeys_api_restrictions_configured.apikeys_api_restrictions_configured.apikeys_client", new=apikeys_client, ): @@ -119,6 +128,9 @@ class Test_apikeys_api_restrictions_configured: apikeys_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.apikeys.apikeys_api_restrictions_configured.apikeys_api_restrictions_configured.apikeys_client", new=apikeys_client, ): diff --git a/tests/providers/gcp/services/apikeys/apikeys_key_exists/apikeys_key_exists_test.py b/tests/providers/gcp/services/apikeys/apikeys_key_exists/apikeys_key_exists_test.py index b6449c99bf..05dc89e15e 100644 --- a/tests/providers/gcp/services/apikeys/apikeys_key_exists/apikeys_key_exists_test.py +++ b/tests/providers/gcp/services/apikeys/apikeys_key_exists/apikeys_key_exists_test.py @@ -1,7 +1,7 @@ from re import search from unittest import mock -from tests.providers.gcp.lib.audit_info_utils import GCP_PROJECT_ID +from tests.providers.gcp.gcp_fixtures import GCP_PROJECT_ID, set_mocked_gcp_provider class Test_apikeys_key_exists: @@ -12,6 +12,9 @@ class Test_apikeys_key_exists: apikeys_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.apikeys.apikeys_key_exists.apikeys_key_exists.apikeys_client", new=apikeys_client, ): @@ -46,6 +49,9 @@ class Test_apikeys_key_exists: apikeys_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.apikeys.apikeys_key_exists.apikeys_key_exists.apikeys_client", new=apikeys_client, ): diff --git a/tests/providers/gcp/services/apikeys/apikeys_key_rotated_in_90_days/apikeys_key_rotated_in_90_days_test.py b/tests/providers/gcp/services/apikeys/apikeys_key_rotated_in_90_days/apikeys_key_rotated_in_90_days_test.py index e531c00ebc..cb055e6dfe 100644 --- a/tests/providers/gcp/services/apikeys/apikeys_key_rotated_in_90_days/apikeys_key_rotated_in_90_days_test.py +++ b/tests/providers/gcp/services/apikeys/apikeys_key_rotated_in_90_days/apikeys_key_rotated_in_90_days_test.py @@ -2,7 +2,7 @@ from datetime import datetime, timedelta, timezone from re import search from unittest import mock -from tests.providers.gcp.lib.audit_info_utils import GCP_PROJECT_ID +from tests.providers.gcp.gcp_fixtures import GCP_PROJECT_ID, set_mocked_gcp_provider class Test_apikeys_key_rotated_in_90_days: @@ -11,6 +11,9 @@ class Test_apikeys_key_rotated_in_90_days: apikeys_client.keys = [] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.apikeys.apikeys_key_rotated_in_90_days.apikeys_key_rotated_in_90_days.apikeys_client", new=apikeys_client, ): @@ -41,6 +44,9 @@ class Test_apikeys_key_rotated_in_90_days: apikeys_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.apikeys.apikeys_key_rotated_in_90_days.apikeys_key_rotated_in_90_days.apikeys_client", new=apikeys_client, ): @@ -78,6 +84,9 @@ class Test_apikeys_key_rotated_in_90_days: apikeys_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.apikeys.apikeys_key_rotated_in_90_days.apikeys_key_rotated_in_90_days.apikeys_client", new=apikeys_client, ): diff --git a/tests/providers/gcp/services/artifacts/artifacts_container_analysis_enabled/artifacts_container_analysis_enabled_test.py b/tests/providers/gcp/services/artifacts/artifacts_container_analysis_enabled/artifacts_container_analysis_enabled_test.py index 92d4b94141..694373546e 100644 --- a/tests/providers/gcp/services/artifacts/artifacts_container_analysis_enabled/artifacts_container_analysis_enabled_test.py +++ b/tests/providers/gcp/services/artifacts/artifacts_container_analysis_enabled/artifacts_container_analysis_enabled_test.py @@ -1,7 +1,7 @@ from unittest import mock from prowler.providers.gcp.services.serviceusage.serviceusage_service import Service -from tests.providers.gcp.lib.audit_info_utils import GCP_PROJECT_ID +from tests.providers.gcp.gcp_fixtures import GCP_PROJECT_ID, set_mocked_gcp_provider class Test_artifacts_container_analysis_enabled: @@ -12,6 +12,9 @@ class Test_artifacts_container_analysis_enabled: serviceusage_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.artifacts.artifacts_container_analysis_enabled.artifacts_container_analysis_enabled.serviceusage_client", new=serviceusage_client, ): @@ -47,6 +50,9 @@ class Test_artifacts_container_analysis_enabled: serviceusage_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.artifacts.artifacts_container_analysis_enabled.artifacts_container_analysis_enabled.serviceusage_client", new=serviceusage_client, ): diff --git a/tests/providers/gcp/services/bigquery/bigquery_dataset_public_access/bigquery_dataset_public_access_test.py b/tests/providers/gcp/services/bigquery/bigquery_dataset_public_access/bigquery_dataset_public_access_test.py index b4a5929267..6fb0d7fe0e 100644 --- a/tests/providers/gcp/services/bigquery/bigquery_dataset_public_access/bigquery_dataset_public_access_test.py +++ b/tests/providers/gcp/services/bigquery/bigquery_dataset_public_access/bigquery_dataset_public_access_test.py @@ -1,6 +1,6 @@ from unittest import mock -from tests.providers.gcp.lib.audit_info_utils import GCP_PROJECT_ID +from tests.providers.gcp.gcp_fixtures import GCP_PROJECT_ID, set_mocked_gcp_provider class Test_bigquery_dataset_public_access: @@ -9,6 +9,9 @@ class Test_bigquery_dataset_public_access: bigquery_client.datasets = [] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.bigquery.bigquery_dataset_public_access.bigquery_dataset_public_access.bigquery_client", new=bigquery_client, ): @@ -37,6 +40,9 @@ class Test_bigquery_dataset_public_access: bigquery_client.datasets = [dataset] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.bigquery.bigquery_dataset_public_access.bigquery_dataset_public_access.bigquery_client", new=bigquery_client, ): @@ -75,6 +81,9 @@ class Test_bigquery_dataset_public_access: bigquery_client.datasets = [dataset] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.bigquery.bigquery_dataset_public_access.bigquery_dataset_public_access.bigquery_client", new=bigquery_client, ): diff --git a/tests/providers/gcp/services/compute/compute_block_project_wide_ssh_keys_disabled/compute_block_project_wide_ssh_keys_disabled_test.py b/tests/providers/gcp/services/compute/compute_block_project_wide_ssh_keys_disabled/compute_block_project_wide_ssh_keys_disabled_test.py index a7556b6e8d..2e8d3a864f 100644 --- a/tests/providers/gcp/services/compute/compute_block_project_wide_ssh_keys_disabled/compute_block_project_wide_ssh_keys_disabled_test.py +++ b/tests/providers/gcp/services/compute/compute_block_project_wide_ssh_keys_disabled/compute_block_project_wide_ssh_keys_disabled_test.py @@ -1,7 +1,7 @@ from re import search from unittest import mock -from tests.providers.gcp.lib.audit_info_utils import GCP_PROJECT_ID +from tests.providers.gcp.gcp_fixtures import GCP_PROJECT_ID, set_mocked_gcp_provider class Test_compute_instance_block_project_wide_ssh_keys_disabled: @@ -11,6 +11,9 @@ class Test_compute_instance_block_project_wide_ssh_keys_disabled: compute_client.instances = [] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_instance_block_project_wide_ssh_keys_disabled.compute_instance_block_project_wide_ssh_keys_disabled.compute_client", new=compute_client, ): @@ -45,6 +48,9 @@ class Test_compute_instance_block_project_wide_ssh_keys_disabled: compute_client.instances = [instance] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_instance_block_project_wide_ssh_keys_disabled.compute_instance_block_project_wide_ssh_keys_disabled.compute_client", new=compute_client, ): @@ -86,6 +92,9 @@ class Test_compute_instance_block_project_wide_ssh_keys_disabled: compute_client.instances = [instance] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_instance_block_project_wide_ssh_keys_disabled.compute_instance_block_project_wide_ssh_keys_disabled.compute_client", new=compute_client, ): @@ -127,6 +136,9 @@ class Test_compute_instance_block_project_wide_ssh_keys_disabled: compute_client.instances = [instance] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_instance_block_project_wide_ssh_keys_disabled.compute_instance_block_project_wide_ssh_keys_disabled.compute_client", new=compute_client, ): diff --git a/tests/providers/gcp/services/compute/compute_default_service_account_in_use/compute_default_service_account_in_use_test.py b/tests/providers/gcp/services/compute/compute_default_service_account_in_use/compute_default_service_account_in_use_test.py index 8a70974a24..b4c106cd91 100644 --- a/tests/providers/gcp/services/compute/compute_default_service_account_in_use/compute_default_service_account_in_use_test.py +++ b/tests/providers/gcp/services/compute/compute_default_service_account_in_use/compute_default_service_account_in_use_test.py @@ -1,7 +1,7 @@ from re import search from unittest import mock -from tests.providers.gcp.lib.audit_info_utils import GCP_PROJECT_ID +from tests.providers.gcp.gcp_fixtures import GCP_PROJECT_ID, set_mocked_gcp_provider class Test_compute_instance_default_service_account_in_use: @@ -10,6 +10,9 @@ class Test_compute_instance_default_service_account_in_use: compute_client.instances = [] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_instance_default_service_account_in_use.compute_instance_default_service_account_in_use.compute_client", new=compute_client, ): @@ -44,6 +47,9 @@ class Test_compute_instance_default_service_account_in_use: compute_client.instances = [instance] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_instance_default_service_account_in_use.compute_instance_default_service_account_in_use.compute_client", new=compute_client, ): @@ -87,6 +93,9 @@ class Test_compute_instance_default_service_account_in_use: compute_client.instances = [instance] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_instance_default_service_account_in_use.compute_instance_default_service_account_in_use.compute_client", new=compute_client, ): @@ -130,6 +139,9 @@ class Test_compute_instance_default_service_account_in_use: compute_client.instances = [instance] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_instance_default_service_account_in_use.compute_instance_default_service_account_in_use.compute_client", new=compute_client, ): diff --git a/tests/providers/gcp/services/compute/compute_default_service_account_in_use_with_full_api_access/compute_default_service_account_in_use_with_full_api_access_test.py b/tests/providers/gcp/services/compute/compute_default_service_account_in_use_with_full_api_access/compute_default_service_account_in_use_with_full_api_access_test.py index 85048c06d1..83ec4a6b9d 100644 --- a/tests/providers/gcp/services/compute/compute_default_service_account_in_use_with_full_api_access/compute_default_service_account_in_use_with_full_api_access_test.py +++ b/tests/providers/gcp/services/compute/compute_default_service_account_in_use_with_full_api_access/compute_default_service_account_in_use_with_full_api_access_test.py @@ -1,6 +1,6 @@ from unittest import mock -from tests.providers.gcp.lib.audit_info_utils import GCP_PROJECT_ID +from tests.providers.gcp.gcp_fixtures import GCP_PROJECT_ID, set_mocked_gcp_provider class Test_compute_instance_default_service_account_in_use_with_full_api_access: @@ -9,6 +9,9 @@ class Test_compute_instance_default_service_account_in_use_with_full_api_access: compute_client.instances = [] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_instance_default_service_account_in_use_with_full_api_access.compute_instance_default_service_account_in_use_with_full_api_access.compute_client", new=compute_client, ): @@ -47,6 +50,9 @@ class Test_compute_instance_default_service_account_in_use_with_full_api_access: compute_client.instances = [instance] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_instance_default_service_account_in_use_with_full_api_access.compute_instance_default_service_account_in_use_with_full_api_access.compute_client", new=compute_client, ): @@ -95,6 +101,9 @@ class Test_compute_instance_default_service_account_in_use_with_full_api_access: compute_client.instances = [instance] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_instance_default_service_account_in_use_with_full_api_access.compute_instance_default_service_account_in_use_with_full_api_access.compute_client", new=compute_client, ): @@ -143,6 +152,9 @@ class Test_compute_instance_default_service_account_in_use_with_full_api_access: compute_client.instances = [instance] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_instance_default_service_account_in_use_with_full_api_access.compute_instance_default_service_account_in_use_with_full_api_access.compute_client", new=compute_client, ): diff --git a/tests/providers/gcp/services/compute/compute_encryption_with_csek_is_disabled/compute_encryption_with_csek_is_disabled_test.py b/tests/providers/gcp/services/compute/compute_encryption_with_csek_is_disabled/compute_encryption_with_csek_is_disabled_test.py index 56914fd117..f443f4a071 100644 --- a/tests/providers/gcp/services/compute/compute_encryption_with_csek_is_disabled/compute_encryption_with_csek_is_disabled_test.py +++ b/tests/providers/gcp/services/compute/compute_encryption_with_csek_is_disabled/compute_encryption_with_csek_is_disabled_test.py @@ -1,7 +1,7 @@ from re import search from unittest import mock -from tests.providers.gcp.lib.audit_info_utils import GCP_PROJECT_ID +from tests.providers.gcp.gcp_fixtures import GCP_PROJECT_ID, set_mocked_gcp_provider class Test_compute_instance_encryption_with_csek_enabled: @@ -11,6 +11,9 @@ class Test_compute_instance_encryption_with_csek_enabled: compute_client.instances = [] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_instance_encryption_with_csek_enabled.compute_instance_encryption_with_csek_enabled.compute_client", new=compute_client, ): @@ -45,6 +48,9 @@ class Test_compute_instance_encryption_with_csek_enabled: compute_client.instances = [instance] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_instance_encryption_with_csek_enabled.compute_instance_encryption_with_csek_enabled.compute_client", new=compute_client, ): @@ -86,6 +92,9 @@ class Test_compute_instance_encryption_with_csek_enabled: compute_client.instances = [instance] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_instance_encryption_with_csek_enabled.compute_instance_encryption_with_csek_enabled.compute_client", new=compute_client, ): @@ -127,6 +136,9 @@ class Test_compute_instance_encryption_with_csek_enabled: compute_client.instances = [instance] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_instance_encryption_with_csek_enabled.compute_instance_encryption_with_csek_enabled.compute_client", new=compute_client, ): diff --git a/tests/providers/gcp/services/compute/compute_instance_confidential_computing_enabled/compute_instance_confidential_computing_enabled_test.py b/tests/providers/gcp/services/compute/compute_instance_confidential_computing_enabled/compute_instance_confidential_computing_enabled_test.py index b750378e77..5df16c6293 100644 --- a/tests/providers/gcp/services/compute/compute_instance_confidential_computing_enabled/compute_instance_confidential_computing_enabled_test.py +++ b/tests/providers/gcp/services/compute/compute_instance_confidential_computing_enabled/compute_instance_confidential_computing_enabled_test.py @@ -1,7 +1,7 @@ from re import search from unittest import mock -from tests.providers.gcp.lib.audit_info_utils import GCP_PROJECT_ID +from tests.providers.gcp.gcp_fixtures import GCP_PROJECT_ID, set_mocked_gcp_provider class Test_compute_instance_confidential_computing_enabled: @@ -11,6 +11,9 @@ class Test_compute_instance_confidential_computing_enabled: compute_client.instances = [] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_instance_confidential_computing_enabled.compute_instance_confidential_computing_enabled.compute_client", new=compute_client, ): @@ -45,6 +48,9 @@ class Test_compute_instance_confidential_computing_enabled: compute_client.instances = [instance] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_instance_confidential_computing_enabled.compute_instance_confidential_computing_enabled.compute_client", new=compute_client, ): @@ -89,6 +95,9 @@ class Test_compute_instance_confidential_computing_enabled: compute_client.instances = [instance] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_instance_confidential_computing_enabled.compute_instance_confidential_computing_enabled.compute_client", new=compute_client, ): diff --git a/tests/providers/gcp/services/compute/compute_ip_forwarding_is_enabled/compute_ip_forwarding_is_enabled_test.py b/tests/providers/gcp/services/compute/compute_ip_forwarding_is_enabled/compute_ip_forwarding_is_enabled_test.py index 2eb604f0f7..e9a21d4c4e 100644 --- a/tests/providers/gcp/services/compute/compute_ip_forwarding_is_enabled/compute_ip_forwarding_is_enabled_test.py +++ b/tests/providers/gcp/services/compute/compute_ip_forwarding_is_enabled/compute_ip_forwarding_is_enabled_test.py @@ -1,7 +1,7 @@ from re import search from unittest import mock -from tests.providers.gcp.lib.audit_info_utils import GCP_PROJECT_ID +from tests.providers.gcp.gcp_fixtures import GCP_PROJECT_ID, set_mocked_gcp_provider class Test_compute_instance_ip_forwarding_is_enabled: @@ -10,6 +10,9 @@ class Test_compute_instance_ip_forwarding_is_enabled: compute_client.instances = [] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_instance_ip_forwarding_is_enabled.compute_instance_ip_forwarding_is_enabled.compute_client", new=compute_client, ): @@ -44,6 +47,9 @@ class Test_compute_instance_ip_forwarding_is_enabled: compute_client.instances = [instance] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_instance_ip_forwarding_is_enabled.compute_instance_ip_forwarding_is_enabled.compute_client", new=compute_client, ): @@ -87,6 +93,9 @@ class Test_compute_instance_ip_forwarding_is_enabled: compute_client.instances = [instance] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_instance_ip_forwarding_is_enabled.compute_instance_ip_forwarding_is_enabled.compute_client", new=compute_client, ): @@ -130,6 +139,9 @@ class Test_compute_instance_ip_forwarding_is_enabled: compute_client.instances = [instance] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_instance_ip_forwarding_is_enabled.compute_instance_ip_forwarding_is_enabled.compute_client", new=compute_client, ): diff --git a/tests/providers/gcp/services/compute/compute_loadbalancer_logging_enabled/compute_loadbalancer_logging_enabled_test.py b/tests/providers/gcp/services/compute/compute_loadbalancer_logging_enabled/compute_loadbalancer_logging_enabled_test.py index a2c6d8c446..7f0669ad2f 100644 --- a/tests/providers/gcp/services/compute/compute_loadbalancer_logging_enabled/compute_loadbalancer_logging_enabled_test.py +++ b/tests/providers/gcp/services/compute/compute_loadbalancer_logging_enabled/compute_loadbalancer_logging_enabled_test.py @@ -1,7 +1,7 @@ from re import search from unittest import mock -from tests.providers.gcp.lib.audit_info_utils import GCP_PROJECT_ID +from tests.providers.gcp.gcp_fixtures import GCP_PROJECT_ID, set_mocked_gcp_provider class Test_compute_loadbalancer_logging_enabled: @@ -11,6 +11,9 @@ class Test_compute_loadbalancer_logging_enabled: compute_client.load_balancers = [] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_loadbalancer_logging_enabled.compute_loadbalancer_logging_enabled.compute_client", new=compute_client, ): @@ -39,6 +42,9 @@ class Test_compute_loadbalancer_logging_enabled: compute_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_loadbalancer_logging_enabled.compute_loadbalancer_logging_enabled.compute_client", new=compute_client, ): @@ -77,6 +83,9 @@ class Test_compute_loadbalancer_logging_enabled: compute_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_loadbalancer_logging_enabled.compute_loadbalancer_logging_enabled.compute_client", new=compute_client, ): diff --git a/tests/providers/gcp/services/compute/compute_network_dns_logging_enabled/compute_network_dns_logging_enabled_test.py b/tests/providers/gcp/services/compute/compute_network_dns_logging_enabled/compute_network_dns_logging_enabled_test.py index 67e62eee46..27b1278489 100644 --- a/tests/providers/gcp/services/compute/compute_network_dns_logging_enabled/compute_network_dns_logging_enabled_test.py +++ b/tests/providers/gcp/services/compute/compute_network_dns_logging_enabled/compute_network_dns_logging_enabled_test.py @@ -2,7 +2,7 @@ from re import search from unittest import mock from prowler.providers.gcp.services.dns.dns_service import Policy -from tests.providers.gcp.lib.audit_info_utils import GCP_PROJECT_ID +from tests.providers.gcp.gcp_fixtures import GCP_PROJECT_ID, set_mocked_gcp_provider class Test_compute_network_dns_logging_enabled: @@ -13,6 +13,9 @@ class Test_compute_network_dns_logging_enabled: compute_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_network_dns_logging_enabled.compute_network_dns_logging_enabled.compute_client", new=compute_client, ): @@ -49,6 +52,9 @@ class Test_compute_network_dns_logging_enabled: dns_client.policies = [policy] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_network_dns_logging_enabled.compute_network_dns_logging_enabled.compute_client", new=compute_client, ): @@ -99,6 +105,9 @@ class Test_compute_network_dns_logging_enabled: dns_client.policies = [policy] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_network_dns_logging_enabled.compute_network_dns_logging_enabled.compute_client", new=compute_client, ): diff --git a/tests/providers/gcp/services/compute/compute_network_not_legacy/compute_network_not_legacy_test.py b/tests/providers/gcp/services/compute/compute_network_not_legacy/compute_network_not_legacy_test.py index dfcbeb2b91..1afcfda321 100644 --- a/tests/providers/gcp/services/compute/compute_network_not_legacy/compute_network_not_legacy_test.py +++ b/tests/providers/gcp/services/compute/compute_network_not_legacy/compute_network_not_legacy_test.py @@ -1,7 +1,7 @@ from re import search from unittest import mock -from tests.providers.gcp.lib.audit_info_utils import GCP_PROJECT_ID +from tests.providers.gcp.gcp_fixtures import GCP_PROJECT_ID, set_mocked_gcp_provider class Test_compute_network_not_legacy: @@ -12,6 +12,9 @@ class Test_compute_network_not_legacy: compute_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_network_not_legacy.compute_network_not_legacy.compute_client", new=compute_client, ): @@ -39,6 +42,9 @@ class Test_compute_network_not_legacy: compute_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_network_not_legacy.compute_network_not_legacy.compute_client", new=compute_client, ): @@ -76,6 +82,9 @@ class Test_compute_network_not_legacy: compute_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_network_not_legacy.compute_network_not_legacy.compute_client", new=compute_client, ): diff --git a/tests/providers/gcp/services/compute/compute_project_os_login_enabled/compute_project_os_login_enabled_test.py b/tests/providers/gcp/services/compute/compute_project_os_login_enabled/compute_project_os_login_enabled_test.py index 116cc738b3..e79ed865cf 100644 --- a/tests/providers/gcp/services/compute/compute_project_os_login_enabled/compute_project_os_login_enabled_test.py +++ b/tests/providers/gcp/services/compute/compute_project_os_login_enabled/compute_project_os_login_enabled_test.py @@ -1,7 +1,7 @@ from re import search from unittest import mock -from tests.providers.gcp.lib.audit_info_utils import GCP_PROJECT_ID +from tests.providers.gcp.gcp_fixtures import GCP_PROJECT_ID, set_mocked_gcp_provider class Test_compute_project_os_login_enabled: @@ -11,6 +11,9 @@ class Test_compute_project_os_login_enabled: compute_client.projects = [] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_project_os_login_enabled.compute_project_os_login_enabled.compute_client", new=compute_client, ): @@ -35,6 +38,9 @@ class Test_compute_project_os_login_enabled: compute_client.projects = [project] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_project_os_login_enabled.compute_project_os_login_enabled.compute_client", new=compute_client, ): @@ -68,6 +74,9 @@ class Test_compute_project_os_login_enabled: compute_client.projects = [project] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_project_os_login_enabled.compute_project_os_login_enabled.compute_client", new=compute_client, ): diff --git a/tests/providers/gcp/services/compute/compute_rdp_access_from_the_internet_allowed/compute_rdp_access_from_the_internet_allowed_test.py b/tests/providers/gcp/services/compute/compute_rdp_access_from_the_internet_allowed/compute_rdp_access_from_the_internet_allowed_test.py index 85d599a21b..979700823c 100644 --- a/tests/providers/gcp/services/compute/compute_rdp_access_from_the_internet_allowed/compute_rdp_access_from_the_internet_allowed_test.py +++ b/tests/providers/gcp/services/compute/compute_rdp_access_from_the_internet_allowed/compute_rdp_access_from_the_internet_allowed_test.py @@ -1,7 +1,7 @@ from re import search from unittest import mock -from tests.providers.gcp.lib.audit_info_utils import GCP_PROJECT_ID +from tests.providers.gcp.gcp_fixtures import GCP_PROJECT_ID, set_mocked_gcp_provider class Test_compute_firewall_rdp_access_from_the_internet_allowed: @@ -10,6 +10,9 @@ class Test_compute_firewall_rdp_access_from_the_internet_allowed: compute_client.firewalls = [] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_firewall_rdp_access_from_the_internet_allowed.compute_firewall_rdp_access_from_the_internet_allowed.compute_client", new=compute_client, ): @@ -39,6 +42,9 @@ class Test_compute_firewall_rdp_access_from_the_internet_allowed: compute_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_firewall_rdp_access_from_the_internet_allowed.compute_firewall_rdp_access_from_the_internet_allowed.compute_client", new=compute_client, ): @@ -75,6 +81,9 @@ class Test_compute_firewall_rdp_access_from_the_internet_allowed: compute_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_firewall_rdp_access_from_the_internet_allowed.compute_firewall_rdp_access_from_the_internet_allowed.compute_client", new=compute_client, ): @@ -111,6 +120,9 @@ class Test_compute_firewall_rdp_access_from_the_internet_allowed: compute_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_firewall_rdp_access_from_the_internet_allowed.compute_firewall_rdp_access_from_the_internet_allowed.compute_client", new=compute_client, ): @@ -147,6 +159,9 @@ class Test_compute_firewall_rdp_access_from_the_internet_allowed: compute_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_firewall_rdp_access_from_the_internet_allowed.compute_firewall_rdp_access_from_the_internet_allowed.compute_client", new=compute_client, ): @@ -183,6 +198,9 @@ class Test_compute_firewall_rdp_access_from_the_internet_allowed: compute_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_firewall_rdp_access_from_the_internet_allowed.compute_firewall_rdp_access_from_the_internet_allowed.compute_client", new=compute_client, ): @@ -219,6 +237,9 @@ class Test_compute_firewall_rdp_access_from_the_internet_allowed: compute_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_firewall_rdp_access_from_the_internet_allowed.compute_firewall_rdp_access_from_the_internet_allowed.compute_client", new=compute_client, ): @@ -255,6 +276,9 @@ class Test_compute_firewall_rdp_access_from_the_internet_allowed: compute_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_firewall_rdp_access_from_the_internet_allowed.compute_firewall_rdp_access_from_the_internet_allowed.compute_client", new=compute_client, ): @@ -291,6 +315,9 @@ class Test_compute_firewall_rdp_access_from_the_internet_allowed: compute_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_firewall_rdp_access_from_the_internet_allowed.compute_firewall_rdp_access_from_the_internet_allowed.compute_client", new=compute_client, ): @@ -327,6 +354,9 @@ class Test_compute_firewall_rdp_access_from_the_internet_allowed: compute_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_firewall_rdp_access_from_the_internet_allowed.compute_firewall_rdp_access_from_the_internet_allowed.compute_client", new=compute_client, ): @@ -366,6 +396,9 @@ class Test_compute_firewall_rdp_access_from_the_internet_allowed: compute_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_firewall_rdp_access_from_the_internet_allowed.compute_firewall_rdp_access_from_the_internet_allowed.compute_client", new=compute_client, ): @@ -406,6 +439,9 @@ class Test_compute_firewall_rdp_access_from_the_internet_allowed: compute_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_firewall_rdp_access_from_the_internet_allowed.compute_firewall_rdp_access_from_the_internet_allowed.compute_client", new=compute_client, ): diff --git a/tests/providers/gcp/services/compute/compute_serial_ports_in_use/compute_serial_ports_in_use_test.py b/tests/providers/gcp/services/compute/compute_serial_ports_in_use/compute_serial_ports_in_use_test.py index 49e4f051d9..6654d16104 100644 --- a/tests/providers/gcp/services/compute/compute_serial_ports_in_use/compute_serial_ports_in_use_test.py +++ b/tests/providers/gcp/services/compute/compute_serial_ports_in_use/compute_serial_ports_in_use_test.py @@ -1,7 +1,7 @@ from re import search from unittest import mock -from tests.providers.gcp.lib.audit_info_utils import GCP_PROJECT_ID +from tests.providers.gcp.gcp_fixtures import GCP_PROJECT_ID, set_mocked_gcp_provider class Test_compute_instance_serial_ports_in_use: @@ -11,6 +11,9 @@ class Test_compute_instance_serial_ports_in_use: compute_client.instances = [] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_instance_serial_ports_in_use.compute_instance_serial_ports_in_use.compute_client", new=compute_client, ): @@ -45,6 +48,9 @@ class Test_compute_instance_serial_ports_in_use: compute_client.instances = [instance] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_instance_serial_ports_in_use.compute_instance_serial_ports_in_use.compute_client", new=compute_client, ): @@ -86,6 +92,9 @@ class Test_compute_instance_serial_ports_in_use: compute_client.instances = [instance] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_instance_serial_ports_in_use.compute_instance_serial_ports_in_use.compute_client", new=compute_client, ): @@ -127,6 +136,9 @@ class Test_compute_instance_serial_ports_in_use: compute_client.instances = [instance] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_instance_serial_ports_in_use.compute_instance_serial_ports_in_use.compute_client", new=compute_client, ): @@ -168,6 +180,9 @@ class Test_compute_instance_serial_ports_in_use: compute_client.instances = [instance] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_instance_serial_ports_in_use.compute_instance_serial_ports_in_use.compute_client", new=compute_client, ): @@ -209,6 +224,9 @@ class Test_compute_instance_serial_ports_in_use: compute_client.instances = [instance] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_instance_serial_ports_in_use.compute_instance_serial_ports_in_use.compute_client", new=compute_client, ): diff --git a/tests/providers/gcp/services/compute/compute_shielded_vm_enabled/compute_shielded_vm_enabled_test.py b/tests/providers/gcp/services/compute/compute_shielded_vm_enabled/compute_shielded_vm_enabled_test.py index 6e8ace8202..b29a24d9b9 100644 --- a/tests/providers/gcp/services/compute/compute_shielded_vm_enabled/compute_shielded_vm_enabled_test.py +++ b/tests/providers/gcp/services/compute/compute_shielded_vm_enabled/compute_shielded_vm_enabled_test.py @@ -1,7 +1,7 @@ from re import search from unittest import mock -from tests.providers.gcp.lib.audit_info_utils import GCP_PROJECT_ID +from tests.providers.gcp.gcp_fixtures import GCP_PROJECT_ID, set_mocked_gcp_provider class Test_compute_instance_shielded_vm_enabled: @@ -11,6 +11,9 @@ class Test_compute_instance_shielded_vm_enabled: compute_client.instances = [] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_instance_shielded_vm_enabled.compute_instance_shielded_vm_enabled.compute_client", new=compute_client, ): @@ -45,6 +48,9 @@ class Test_compute_instance_shielded_vm_enabled: compute_client.instances = [instance] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_instance_shielded_vm_enabled.compute_instance_shielded_vm_enabled.compute_client", new=compute_client, ): @@ -86,6 +92,9 @@ class Test_compute_instance_shielded_vm_enabled: compute_client.instances = [instance] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_instance_shielded_vm_enabled.compute_instance_shielded_vm_enabled.compute_client", new=compute_client, ): @@ -127,6 +136,9 @@ class Test_compute_instance_shielded_vm_enabled: compute_client.instances = [instance] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_instance_shielded_vm_enabled.compute_instance_shielded_vm_enabled.compute_client", new=compute_client, ): diff --git a/tests/providers/gcp/services/compute/compute_ssh_access_from_the_internet_allowed/compute_ssh_access_from_the_internet_allowed_test.py b/tests/providers/gcp/services/compute/compute_ssh_access_from_the_internet_allowed/compute_ssh_access_from_the_internet_allowed_test.py index 482d24d3c2..e1ce2a97f3 100644 --- a/tests/providers/gcp/services/compute/compute_ssh_access_from_the_internet_allowed/compute_ssh_access_from_the_internet_allowed_test.py +++ b/tests/providers/gcp/services/compute/compute_ssh_access_from_the_internet_allowed/compute_ssh_access_from_the_internet_allowed_test.py @@ -1,7 +1,7 @@ from re import search from unittest import mock -from tests.providers.gcp.lib.audit_info_utils import GCP_PROJECT_ID +from tests.providers.gcp.gcp_fixtures import GCP_PROJECT_ID, set_mocked_gcp_provider class Test_compute_firewall_ssh_access_from_the_internet_allowed: @@ -10,6 +10,9 @@ class Test_compute_firewall_ssh_access_from_the_internet_allowed: compute_client.firewalls = [] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_firewall_ssh_access_from_the_internet_allowed.compute_firewall_ssh_access_from_the_internet_allowed.compute_client", new=compute_client, ): @@ -39,6 +42,9 @@ class Test_compute_firewall_ssh_access_from_the_internet_allowed: compute_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_firewall_ssh_access_from_the_internet_allowed.compute_firewall_ssh_access_from_the_internet_allowed.compute_client", new=compute_client, ): @@ -75,6 +81,9 @@ class Test_compute_firewall_ssh_access_from_the_internet_allowed: compute_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_firewall_ssh_access_from_the_internet_allowed.compute_firewall_ssh_access_from_the_internet_allowed.compute_client", new=compute_client, ): @@ -111,6 +120,9 @@ class Test_compute_firewall_ssh_access_from_the_internet_allowed: compute_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_firewall_ssh_access_from_the_internet_allowed.compute_firewall_ssh_access_from_the_internet_allowed.compute_client", new=compute_client, ): @@ -147,6 +159,9 @@ class Test_compute_firewall_ssh_access_from_the_internet_allowed: compute_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_firewall_ssh_access_from_the_internet_allowed.compute_firewall_ssh_access_from_the_internet_allowed.compute_client", new=compute_client, ): @@ -183,6 +198,9 @@ class Test_compute_firewall_ssh_access_from_the_internet_allowed: compute_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_firewall_ssh_access_from_the_internet_allowed.compute_firewall_ssh_access_from_the_internet_allowed.compute_client", new=compute_client, ): @@ -219,6 +237,9 @@ class Test_compute_firewall_ssh_access_from_the_internet_allowed: compute_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_firewall_ssh_access_from_the_internet_allowed.compute_firewall_ssh_access_from_the_internet_allowed.compute_client", new=compute_client, ): @@ -255,6 +276,9 @@ class Test_compute_firewall_ssh_access_from_the_internet_allowed: compute_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_firewall_ssh_access_from_the_internet_allowed.compute_firewall_ssh_access_from_the_internet_allowed.compute_client", new=compute_client, ): @@ -291,6 +315,9 @@ class Test_compute_firewall_ssh_access_from_the_internet_allowed: compute_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_firewall_ssh_access_from_the_internet_allowed.compute_firewall_ssh_access_from_the_internet_allowed.compute_client", new=compute_client, ): @@ -327,6 +354,9 @@ class Test_compute_firewall_ssh_access_from_the_internet_allowed: compute_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_firewall_ssh_access_from_the_internet_allowed.compute_firewall_ssh_access_from_the_internet_allowed.compute_client", new=compute_client, ): @@ -366,6 +396,9 @@ class Test_compute_firewall_ssh_access_from_the_internet_allowed: compute_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_firewall_ssh_access_from_the_internet_allowed.compute_firewall_ssh_access_from_the_internet_allowed.compute_client", new=compute_client, ): @@ -406,6 +439,9 @@ class Test_compute_firewall_ssh_access_from_the_internet_allowed: compute_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_firewall_ssh_access_from_the_internet_allowed.compute_firewall_ssh_access_from_the_internet_allowed.compute_client", new=compute_client, ): diff --git a/tests/providers/gcp/services/compute/compute_subnet_flow_logs_enabled/compute_subnet_flow_logs_enabled_test.py b/tests/providers/gcp/services/compute/compute_subnet_flow_logs_enabled/compute_subnet_flow_logs_enabled_test.py index ca8a9b0a2b..fa28ce563c 100644 --- a/tests/providers/gcp/services/compute/compute_subnet_flow_logs_enabled/compute_subnet_flow_logs_enabled_test.py +++ b/tests/providers/gcp/services/compute/compute_subnet_flow_logs_enabled/compute_subnet_flow_logs_enabled_test.py @@ -1,7 +1,7 @@ from re import search from unittest import mock -from tests.providers.gcp.lib.audit_info_utils import GCP_PROJECT_ID +from tests.providers.gcp.gcp_fixtures import GCP_PROJECT_ID, set_mocked_gcp_provider class Test_compute_subnet_flow_logs_enabled: @@ -11,6 +11,9 @@ class Test_compute_subnet_flow_logs_enabled: compute_client.subnets = [] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_subnet_flow_logs_enabled.compute_subnet_flow_logs_enabled.compute_client", new=compute_client, ): @@ -39,6 +42,9 @@ class Test_compute_subnet_flow_logs_enabled: compute_client.subnets = [subnet] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_subnet_flow_logs_enabled.compute_subnet_flow_logs_enabled.compute_client", new=compute_client, ): @@ -77,6 +83,9 @@ class Test_compute_subnet_flow_logs_enabled: compute_client.subnets = [subnet] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.compute.compute_subnet_flow_logs_enabled.compute_subnet_flow_logs_enabled.compute_client", new=compute_client, ): diff --git a/tests/providers/gcp/services/dataproc/dataproc_encrypted_with_cmks_disabled/dataproc_encrypted_with_cmks_disabled_test.py b/tests/providers/gcp/services/dataproc/dataproc_encrypted_with_cmks_disabled/dataproc_encrypted_with_cmks_disabled_test.py index cf2190c36b..a001b098b8 100644 --- a/tests/providers/gcp/services/dataproc/dataproc_encrypted_with_cmks_disabled/dataproc_encrypted_with_cmks_disabled_test.py +++ b/tests/providers/gcp/services/dataproc/dataproc_encrypted_with_cmks_disabled/dataproc_encrypted_with_cmks_disabled_test.py @@ -1,7 +1,7 @@ from re import search from unittest import mock -from tests.providers.gcp.lib.audit_info_utils import GCP_PROJECT_ID +from tests.providers.gcp.gcp_fixtures import GCP_PROJECT_ID, set_mocked_gcp_provider class Test_dataproc_encrypted_with_cmks_disabled: @@ -10,6 +10,9 @@ class Test_dataproc_encrypted_with_cmks_disabled: dataproc_client.clusters = [] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.dataproc.dataproc_encrypted_with_cmks_disabled.dataproc_encrypted_with_cmks_disabled.dataproc_client", new=dataproc_client, ): @@ -22,23 +25,26 @@ class Test_dataproc_encrypted_with_cmks_disabled: assert len(result) == 0 def test_one_compliant_cluster(self): - from prowler.providers.gcp.services.dataproc.dataproc_service import Cluster - - cluster = Cluster( - name="test", - id="1234567890", - encryption_config={"gcePdKmsKeyName": "test"}, - project_id=GCP_PROJECT_ID, - ) - dataproc_client = mock.MagicMock dataproc_client.project_ids = [GCP_PROJECT_ID] - dataproc_client.clusters = [cluster] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.dataproc.dataproc_encrypted_with_cmks_disabled.dataproc_encrypted_with_cmks_disabled.dataproc_client", new=dataproc_client, ): + from prowler.providers.gcp.services.dataproc.dataproc_service import Cluster + + cluster = Cluster( + name="test", + id="1234567890", + encryption_config={"gcePdKmsKeyName": "test"}, + project_id=GCP_PROJECT_ID, + ) + dataproc_client.clusters = [cluster] + from prowler.providers.gcp.services.dataproc.dataproc_encrypted_with_cmks_disabled.dataproc_encrypted_with_cmks_disabled import ( dataproc_encrypted_with_cmks_disabled, ) @@ -55,23 +61,27 @@ class Test_dataproc_encrypted_with_cmks_disabled: assert result[0].resource_id == cluster.id def test_cluster_without_encryption(self): - from prowler.providers.gcp.services.dataproc.dataproc_service import Cluster - - cluster = Cluster( - name="test", - id="1234567890", - encryption_config={}, - project_id=GCP_PROJECT_ID, - ) - dataproc_client = mock.MagicMock dataproc_client.project_ids = [GCP_PROJECT_ID] - dataproc_client.clusters = [cluster] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.dataproc.dataproc_encrypted_with_cmks_disabled.dataproc_encrypted_with_cmks_disabled.dataproc_client", new=dataproc_client, ): + + from prowler.providers.gcp.services.dataproc.dataproc_service import Cluster + + cluster = Cluster( + name="test", + id="1234567890", + encryption_config={}, + project_id=GCP_PROJECT_ID, + ) + dataproc_client.clusters = [cluster] + from prowler.providers.gcp.services.dataproc.dataproc_encrypted_with_cmks_disabled.dataproc_encrypted_with_cmks_disabled import ( dataproc_encrypted_with_cmks_disabled, ) diff --git a/tests/providers/gcp/services/dns/dns_dnssec_disabled/dns_dnssec_disabled_test.py b/tests/providers/gcp/services/dns/dns_dnssec_disabled/dns_dnssec_disabled_test.py index d0f59413e2..0336495e9e 100644 --- a/tests/providers/gcp/services/dns/dns_dnssec_disabled/dns_dnssec_disabled_test.py +++ b/tests/providers/gcp/services/dns/dns_dnssec_disabled/dns_dnssec_disabled_test.py @@ -1,7 +1,7 @@ from re import search from unittest import mock -from tests.providers.gcp.lib.audit_info_utils import GCP_PROJECT_ID +from tests.providers.gcp.gcp_fixtures import GCP_PROJECT_ID, set_mocked_gcp_provider class Test_dns_dnssec_disabled: @@ -10,6 +10,9 @@ class Test_dns_dnssec_disabled: dns_client.managed_zones = [] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.dns.dns_dnssec_disabled.dns_dnssec_disabled.dns_client", new=dns_client, ): @@ -50,6 +53,9 @@ class Test_dns_dnssec_disabled: dns_client.managed_zones = [managed_zone] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.dns.dns_dnssec_disabled.dns_dnssec_disabled.dns_client", new=dns_client, ): @@ -97,6 +103,9 @@ class Test_dns_dnssec_disabled: dns_client.managed_zones = [managed_zone] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.dns.dns_dnssec_disabled.dns_dnssec_disabled.dns_client", new=dns_client, ): diff --git a/tests/providers/gcp/services/dns/dns_rsasha1_in_use_to_key_sign_in_dnssec/dns_rsasha1_in_use_to_key_sign_in_dnssec_test.py b/tests/providers/gcp/services/dns/dns_rsasha1_in_use_to_key_sign_in_dnssec/dns_rsasha1_in_use_to_key_sign_in_dnssec_test.py index 0ca8f39a0a..fd174c6132 100644 --- a/tests/providers/gcp/services/dns/dns_rsasha1_in_use_to_key_sign_in_dnssec/dns_rsasha1_in_use_to_key_sign_in_dnssec_test.py +++ b/tests/providers/gcp/services/dns/dns_rsasha1_in_use_to_key_sign_in_dnssec/dns_rsasha1_in_use_to_key_sign_in_dnssec_test.py @@ -1,7 +1,7 @@ from re import search from unittest import mock -from tests.providers.gcp.lib.audit_info_utils import GCP_PROJECT_ID +from tests.providers.gcp.gcp_fixtures import GCP_PROJECT_ID, set_mocked_gcp_provider class Test_dns_rsasha1_in_use_to_key_sign_in_dnssec: @@ -10,6 +10,9 @@ class Test_dns_rsasha1_in_use_to_key_sign_in_dnssec: dns_client.managed_zones = [] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.dns.dns_rsasha1_in_use_to_key_sign_in_dnssec.dns_rsasha1_in_use_to_key_sign_in_dnssec.dns_client", new=dns_client, ): @@ -50,6 +53,9 @@ class Test_dns_rsasha1_in_use_to_key_sign_in_dnssec: dns_client.managed_zones = [managed_zone] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.dns.dns_rsasha1_in_use_to_key_sign_in_dnssec.dns_rsasha1_in_use_to_key_sign_in_dnssec.dns_client", new=dns_client, ): @@ -97,6 +103,9 @@ class Test_dns_rsasha1_in_use_to_key_sign_in_dnssec: dns_client.managed_zones = [managed_zone] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.dns.dns_rsasha1_in_use_to_key_sign_in_dnssec.dns_rsasha1_in_use_to_key_sign_in_dnssec.dns_client", new=dns_client, ): diff --git a/tests/providers/gcp/services/dns/dns_rsasha1_in_use_to_zone_sign_in_dnssec/dns_rsasha1_in_use_to_zone_sign_in_dnssec_test.py b/tests/providers/gcp/services/dns/dns_rsasha1_in_use_to_zone_sign_in_dnssec/dns_rsasha1_in_use_to_zone_sign_in_dnssec_test.py index 638017b37e..ba6ea29e8d 100644 --- a/tests/providers/gcp/services/dns/dns_rsasha1_in_use_to_zone_sign_in_dnssec/dns_rsasha1_in_use_to_zone_sign_in_dnssec_test.py +++ b/tests/providers/gcp/services/dns/dns_rsasha1_in_use_to_zone_sign_in_dnssec/dns_rsasha1_in_use_to_zone_sign_in_dnssec_test.py @@ -1,7 +1,7 @@ from re import search from unittest import mock -from tests.providers.gcp.lib.audit_info_utils import GCP_PROJECT_ID +from tests.providers.gcp.gcp_fixtures import GCP_PROJECT_ID, set_mocked_gcp_provider class Test_dns_rsasha1_in_use_to_zone_sign_in_dnssec: @@ -10,6 +10,9 @@ class Test_dns_rsasha1_in_use_to_zone_sign_in_dnssec: dns_client.managed_zones = [] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.dns.dns_rsasha1_in_use_to_zone_sign_in_dnssec.dns_rsasha1_in_use_to_zone_sign_in_dnssec.dns_client", new=dns_client, ): @@ -50,6 +53,9 @@ class Test_dns_rsasha1_in_use_to_zone_sign_in_dnssec: dns_client.managed_zones = [managed_zone] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.dns.dns_rsasha1_in_use_to_zone_sign_in_dnssec.dns_rsasha1_in_use_to_zone_sign_in_dnssec.dns_client", new=dns_client, ): @@ -97,6 +103,9 @@ class Test_dns_rsasha1_in_use_to_zone_sign_in_dnssec: dns_client.managed_zones = [managed_zone] with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.dns.dns_rsasha1_in_use_to_zone_sign_in_dnssec.dns_rsasha1_in_use_to_zone_sign_in_dnssec.dns_client", new=dns_client, ): diff --git a/tests/providers/gcp/services/gcr/gcr_container_scanning_enabled/gcr_container_scanning_enabled_test.py b/tests/providers/gcp/services/gcr/gcr_container_scanning_enabled/gcr_container_scanning_enabled_test.py index da28d67e23..3f9881b1d3 100644 --- a/tests/providers/gcp/services/gcr/gcr_container_scanning_enabled/gcr_container_scanning_enabled_test.py +++ b/tests/providers/gcp/services/gcr/gcr_container_scanning_enabled/gcr_container_scanning_enabled_test.py @@ -1,7 +1,7 @@ from unittest import mock from prowler.providers.gcp.services.serviceusage.serviceusage_service import Service -from tests.providers.gcp.lib.audit_info_utils import GCP_PROJECT_ID +from tests.providers.gcp.gcp_fixtures import GCP_PROJECT_ID, set_mocked_gcp_provider class Test_gcr_container_scanning_enabled: @@ -12,6 +12,9 @@ class Test_gcr_container_scanning_enabled: serviceusage_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.gcr.gcr_container_scanning_enabled.gcr_container_scanning_enabled.serviceusage_client", new=serviceusage_client, ): @@ -47,6 +50,9 @@ class Test_gcr_container_scanning_enabled: serviceusage_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.gcr.gcr_container_scanning_enabled.gcr_container_scanning_enabled.serviceusage_client", new=serviceusage_client, ): diff --git a/tests/providers/gcp/services/gke/gke_cluster_no_default_service_account/gke_cluster_no_default_service_account_test.py b/tests/providers/gcp/services/gke/gke_cluster_no_default_service_account/gke_cluster_no_default_service_account_test.py index 68f1c68f58..f8ca3b8663 100644 --- a/tests/providers/gcp/services/gke/gke_cluster_no_default_service_account/gke_cluster_no_default_service_account_test.py +++ b/tests/providers/gcp/services/gke/gke_cluster_no_default_service_account/gke_cluster_no_default_service_account_test.py @@ -1,7 +1,7 @@ from unittest import mock from prowler.providers.gcp.services.gke.gke_service import Cluster, NodePool -from tests.providers.gcp.lib.audit_info_utils import GCP_PROJECT_ID +from tests.providers.gcp.gcp_fixtures import GCP_PROJECT_ID, set_mocked_gcp_provider class Test_gke_cluster_no_default_service_account: @@ -10,6 +10,9 @@ class Test_gke_cluster_no_default_service_account: gke_client.clusters = {} with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.gke.gke_cluster_no_default_service_account.gke_cluster_no_default_service_account.gke_client", new=gke_client, ): @@ -40,6 +43,9 @@ class Test_gke_cluster_no_default_service_account: gke_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.gke.gke_cluster_no_default_service_account.gke_cluster_no_default_service_account.gke_client", new=gke_client, ): @@ -80,6 +86,9 @@ class Test_gke_cluster_no_default_service_account: gke_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.gke.gke_cluster_no_default_service_account.gke_cluster_no_default_service_account.gke_client", new=gke_client, ): @@ -127,6 +136,9 @@ class Test_gke_cluster_no_default_service_account: gke_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.gke.gke_cluster_no_default_service_account.gke_cluster_no_default_service_account.gke_client", new=gke_client, ): @@ -174,6 +186,9 @@ class Test_gke_cluster_no_default_service_account: gke_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.gke.gke_cluster_no_default_service_account.gke_cluster_no_default_service_account.gke_client", new=gke_client, ): diff --git a/tests/providers/gcp/services/iam/iam_account_access_approval_enabled/iam_account_access_approval_enabled_test.py b/tests/providers/gcp/services/iam/iam_account_access_approval_enabled/iam_account_access_approval_enabled_test.py index 1d02832226..ac3d085e76 100644 --- a/tests/providers/gcp/services/iam/iam_account_access_approval_enabled/iam_account_access_approval_enabled_test.py +++ b/tests/providers/gcp/services/iam/iam_account_access_approval_enabled/iam_account_access_approval_enabled_test.py @@ -1,8 +1,7 @@ from re import search from unittest import mock -from prowler.providers.gcp.services.iam.iam_service import Setting -from tests.providers.gcp.lib.audit_info_utils import GCP_PROJECT_ID +from tests.providers.gcp.gcp_fixtures import GCP_PROJECT_ID, set_mocked_gcp_provider class Test_iam_account_access_approval_enabled: @@ -13,6 +12,9 @@ class Test_iam_account_access_approval_enabled: accessapproval_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.iam.iam_account_access_approval_enabled.iam_account_access_approval_enabled.accessapproval_client", new=accessapproval_client, ): @@ -33,17 +35,27 @@ class Test_iam_account_access_approval_enabled: assert result[0].location == "global" def test_iam_project_with_settings(self): + cloudresourcemanager_client = mock.MagicMock accessapproval_client = mock.MagicMock - accessapproval_client.settings = { - GCP_PROJECT_ID: Setting(name="test", project_id=GCP_PROJECT_ID) - } accessapproval_client.project_ids = [GCP_PROJECT_ID] accessapproval_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.iam.iam_account_access_approval_enabled.iam_account_access_approval_enabled.accessapproval_client", new=accessapproval_client, + ), mock.patch( + "prowler.providers.gcp.services.iam.iam_service.cloudresourcemanager_client", + new=cloudresourcemanager_client, ): + from prowler.providers.gcp.services.iam.iam_service import Setting + + accessapproval_client.settings = { + GCP_PROJECT_ID: Setting(name="test", project_id=GCP_PROJECT_ID) + } + from prowler.providers.gcp.services.iam.iam_account_access_approval_enabled.iam_account_access_approval_enabled import ( iam_account_access_approval_enabled, ) diff --git a/tests/providers/gcp/services/iam/iam_audit_logs_enabled/iam_audit_logs_enabled_test.py b/tests/providers/gcp/services/iam/iam_audit_logs_enabled/iam_audit_logs_enabled_test.py index 446acebd3c..bbd3e0e30e 100644 --- a/tests/providers/gcp/services/iam/iam_audit_logs_enabled/iam_audit_logs_enabled_test.py +++ b/tests/providers/gcp/services/iam/iam_audit_logs_enabled/iam_audit_logs_enabled_test.py @@ -1,7 +1,7 @@ from re import search from unittest import mock -from tests.providers.gcp.lib.audit_info_utils import GCP_PROJECT_ID +from tests.providers.gcp.gcp_fixtures import GCP_PROJECT_ID, set_mocked_gcp_provider class Test_iam_audit_logs_enabled: @@ -12,6 +12,9 @@ class Test_iam_audit_logs_enabled: cloudresourcemanager_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.iam.iam_audit_logs_enabled.iam_audit_logs_enabled.cloudresourcemanager_client", new=cloudresourcemanager_client, ): @@ -36,6 +39,9 @@ class Test_iam_audit_logs_enabled: cloudresourcemanager_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.iam.iam_audit_logs_enabled.iam_audit_logs_enabled.cloudresourcemanager_client", new=cloudresourcemanager_client, ): @@ -70,6 +76,9 @@ class Test_iam_audit_logs_enabled: cloudresourcemanager_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.iam.iam_audit_logs_enabled.iam_audit_logs_enabled.cloudresourcemanager_client", new=cloudresourcemanager_client, ): diff --git a/tests/providers/gcp/services/iam/iam_cloud_asset_inventory_enabled/iam_cloud_asset_inventory_enabled_test.py b/tests/providers/gcp/services/iam/iam_cloud_asset_inventory_enabled/iam_cloud_asset_inventory_enabled_test.py index f4876f3d11..f80fdf6b79 100644 --- a/tests/providers/gcp/services/iam/iam_cloud_asset_inventory_enabled/iam_cloud_asset_inventory_enabled_test.py +++ b/tests/providers/gcp/services/iam/iam_cloud_asset_inventory_enabled/iam_cloud_asset_inventory_enabled_test.py @@ -1,8 +1,7 @@ from unittest import mock from prowler.providers.gcp.services.serviceusage.serviceusage_service import Service - -GCP_PROJECT_ID = "123456789012" +from tests.providers.gcp.gcp_fixtures import GCP_PROJECT_ID, set_mocked_gcp_provider class Test_iam_cloud_asset_inventory_enabled: @@ -13,6 +12,9 @@ class Test_iam_cloud_asset_inventory_enabled: serviceusage_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.iam.iam_cloud_asset_inventory_enabled.iam_cloud_asset_inventory_enabled.serviceusage_client", new=serviceusage_client, ): @@ -48,6 +50,9 @@ class Test_iam_cloud_asset_inventory_enabled: serviceusage_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.iam.iam_cloud_asset_inventory_enabled.iam_cloud_asset_inventory_enabled.serviceusage_client", new=serviceusage_client, ): diff --git a/tests/providers/gcp/services/iam/iam_no_service_roles_at_project_level/iam_no_service_roles_at_project_level_test.py b/tests/providers/gcp/services/iam/iam_no_service_roles_at_project_level/iam_no_service_roles_at_project_level_test.py index ec9cb71663..9a42bf42b8 100644 --- a/tests/providers/gcp/services/iam/iam_no_service_roles_at_project_level/iam_no_service_roles_at_project_level_test.py +++ b/tests/providers/gcp/services/iam/iam_no_service_roles_at_project_level/iam_no_service_roles_at_project_level_test.py @@ -1,7 +1,7 @@ from re import search from unittest import mock -from tests.providers.gcp.lib.audit_info_utils import GCP_PROJECT_ID +from tests.providers.gcp.gcp_fixtures import GCP_PROJECT_ID, set_mocked_gcp_provider class Test_iam_no_service_roles_at_project_level: @@ -12,6 +12,9 @@ class Test_iam_no_service_roles_at_project_level: cloudresourcemanager_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.cloudresourcemanager.cloudresourcemanager_service.CloudResourceManager", new=cloudresourcemanager_client, ), mock.patch( @@ -59,6 +62,9 @@ class Test_iam_no_service_roles_at_project_level: cloudresourcemanager_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.cloudresourcemanager.cloudresourcemanager_service.CloudResourceManager", new=cloudresourcemanager_client, ), mock.patch( @@ -80,7 +86,7 @@ class Test_iam_no_service_roles_at_project_level: result[0].status_extended, ) assert result[0].resource_id == GCP_PROJECT_ID - assert result[0].resource_name == "" + assert result[0].resource_name == GCP_PROJECT_ID assert result[0].project_id == GCP_PROJECT_ID assert result[0].location == cloudresourcemanager_client.region @@ -101,6 +107,9 @@ class Test_iam_no_service_roles_at_project_level: cloudresourcemanager_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.cloudresourcemanager.cloudresourcemanager_service.CloudResourceManager", new=cloudresourcemanager_client, ), mock.patch( @@ -142,6 +151,9 @@ class Test_iam_no_service_roles_at_project_level: cloudresourcemanager_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.cloudresourcemanager.cloudresourcemanager_service.CloudResourceManager", new=cloudresourcemanager_client, ), mock.patch( diff --git a/tests/providers/gcp/services/iam/iam_organization_essential_contacts_configured/iam_organization_essential_contacts_configured_test.py b/tests/providers/gcp/services/iam/iam_organization_essential_contacts_configured/iam_organization_essential_contacts_configured_test.py index e7c8377db5..d7356d428e 100644 --- a/tests/providers/gcp/services/iam/iam_organization_essential_contacts_configured/iam_organization_essential_contacts_configured_test.py +++ b/tests/providers/gcp/services/iam/iam_organization_essential_contacts_configured/iam_organization_essential_contacts_configured_test.py @@ -1,7 +1,7 @@ from re import search from unittest import mock -from prowler.providers.gcp.services.iam.iam_service import Organization +from tests.providers.gcp.gcp_fixtures import set_mocked_gcp_provider class Test_iam_organization_essential_contacts_configured: @@ -11,6 +11,9 @@ class Test_iam_organization_essential_contacts_configured: essentialcontacts_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.iam.iam_organization_essential_contacts_configured.iam_organization_essential_contacts_configured.essentialcontacts_client", new=essentialcontacts_client, ): @@ -23,16 +26,26 @@ class Test_iam_organization_essential_contacts_configured: assert len(result) == 0 def test_iam_org_with_contacts(self): + cloudresourcemanager_client = mock.MagicMock essentialcontacts_client = mock.MagicMock - essentialcontacts_client.organizations = [ - Organization(id="test_id", name="test", contacts=True) - ] essentialcontacts_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.iam.iam_organization_essential_contacts_configured.iam_organization_essential_contacts_configured.essentialcontacts_client", new=essentialcontacts_client, + ), mock.patch( + "prowler.providers.gcp.services.iam.iam_service.cloudresourcemanager_client", + new=cloudresourcemanager_client, ): + from prowler.providers.gcp.services.iam.iam_service import Organization + + essentialcontacts_client.organizations = [ + Organization(id="test_id", name="test", contacts=True) + ] + from prowler.providers.gcp.services.iam.iam_organization_essential_contacts_configured.iam_organization_essential_contacts_configured import ( iam_organization_essential_contacts_configured, ) @@ -51,16 +64,26 @@ class Test_iam_organization_essential_contacts_configured: assert result[0].location == "global" def test_iam_org_without_contacts(self): + cloudresourcemanager_client = mock.MagicMock essentialcontacts_client = mock.MagicMock - essentialcontacts_client.organizations = [ - Organization(id="test_id", name="test", contacts=False) - ] essentialcontacts_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.iam.iam_organization_essential_contacts_configured.iam_organization_essential_contacts_configured.essentialcontacts_client", new=essentialcontacts_client, + ), mock.patch( + "prowler.providers.gcp.services.iam.iam_service.cloudresourcemanager_client", + new=cloudresourcemanager_client, ): + from prowler.providers.gcp.services.iam.iam_service import Organization + + essentialcontacts_client.organizations = [ + Organization(id="test_id", name="test", contacts=False) + ] + from prowler.providers.gcp.services.iam.iam_organization_essential_contacts_configured.iam_organization_essential_contacts_configured import ( iam_organization_essential_contacts_configured, ) diff --git a/tests/providers/gcp/services/iam/iam_role_kms_enforce_separation_of_duties/iam_role_kms_enforce_separation_of_duties_test.py b/tests/providers/gcp/services/iam/iam_role_kms_enforce_separation_of_duties/iam_role_kms_enforce_separation_of_duties_test.py index 60551a1483..79d62df89c 100644 --- a/tests/providers/gcp/services/iam/iam_role_kms_enforce_separation_of_duties/iam_role_kms_enforce_separation_of_duties_test.py +++ b/tests/providers/gcp/services/iam/iam_role_kms_enforce_separation_of_duties/iam_role_kms_enforce_separation_of_duties_test.py @@ -1,7 +1,7 @@ from re import search from unittest import mock -from tests.providers.gcp.lib.audit_info_utils import GCP_PROJECT_ID +from tests.providers.gcp.gcp_fixtures import GCP_PROJECT_ID, set_mocked_gcp_provider class Test_iam_role_kms_enforce_separation_of_duties: @@ -12,6 +12,9 @@ class Test_iam_role_kms_enforce_separation_of_duties: cloudresourcemanager_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.iam.iam_role_kms_enforce_separation_of_duties.iam_role_kms_enforce_separation_of_duties.cloudresourcemanager_client", new=cloudresourcemanager_client, ): @@ -59,6 +62,9 @@ class Test_iam_role_kms_enforce_separation_of_duties: cloudresourcemanager_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.iam.iam_role_kms_enforce_separation_of_duties.iam_role_kms_enforce_separation_of_duties.cloudresourcemanager_client", new=cloudresourcemanager_client, ): @@ -107,6 +113,9 @@ class Test_iam_role_kms_enforce_separation_of_duties: cloudresourcemanager_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.iam.iam_role_kms_enforce_separation_of_duties.iam_role_kms_enforce_separation_of_duties.cloudresourcemanager_client", new=cloudresourcemanager_client, ): diff --git a/tests/providers/gcp/services/iam/iam_role_sa_enforce_separation_of_duties/iam_role_sa_enforce_separation_of_duties_test.py b/tests/providers/gcp/services/iam/iam_role_sa_enforce_separation_of_duties/iam_role_sa_enforce_separation_of_duties_test.py index 29c6eadce7..bfb6f58662 100644 --- a/tests/providers/gcp/services/iam/iam_role_sa_enforce_separation_of_duties/iam_role_sa_enforce_separation_of_duties_test.py +++ b/tests/providers/gcp/services/iam/iam_role_sa_enforce_separation_of_duties/iam_role_sa_enforce_separation_of_duties_test.py @@ -1,7 +1,7 @@ from re import search from unittest import mock -from tests.providers.gcp.lib.audit_info_utils import GCP_PROJECT_ID +from tests.providers.gcp.gcp_fixtures import GCP_PROJECT_ID, set_mocked_gcp_provider class Test_iam_role_sa_enforce_separation_of_duties: @@ -12,6 +12,9 @@ class Test_iam_role_sa_enforce_separation_of_duties: cloudresourcemanager_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.iam.iam_role_sa_enforce_separation_of_duties.iam_role_sa_enforce_separation_of_duties.cloudresourcemanager_client", new=cloudresourcemanager_client, ): @@ -59,6 +62,9 @@ class Test_iam_role_sa_enforce_separation_of_duties: cloudresourcemanager_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.iam.iam_role_sa_enforce_separation_of_duties.iam_role_sa_enforce_separation_of_duties.cloudresourcemanager_client", new=cloudresourcemanager_client, ): @@ -107,6 +113,9 @@ class Test_iam_role_sa_enforce_separation_of_duties: cloudresourcemanager_client.region = "global" with mock.patch( + "prowler.providers.common.common.get_global_provider", + return_value=set_mocked_gcp_provider(), + ), mock.patch( "prowler.providers.gcp.services.iam.iam_role_sa_enforce_separation_of_duties.iam_role_sa_enforce_separation_of_duties.cloudresourcemanager_client", new=cloudresourcemanager_client, ): diff --git a/tests/providers/kubernetes/audit_info_utils.py b/tests/providers/kubernetes/audit_info_utils.py deleted file mode 100644 index 20175516b5..0000000000 --- a/tests/providers/kubernetes/audit_info_utils.py +++ /dev/null @@ -1,21 +0,0 @@ -from kubernetes import client - -from prowler.providers.common.models import Audit_Metadata -from prowler.providers.kubernetes.lib.audit_info.models import Kubernetes_Audit_Info - - -# Mocked Kubernetes Audit Info -def set_mocked_audit_info(): - audit_info = Kubernetes_Audit_Info( - api_client=client.ApiClient, - context=None, - audit_config=None, - audit_resources=[], - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - return audit_info diff --git a/tests/providers/kubernetes/kubernetes_fixtures.py b/tests/providers/kubernetes/kubernetes_fixtures.py new file mode 100644 index 0000000000..7dc065353c --- /dev/null +++ b/tests/providers/kubernetes/kubernetes_fixtures.py @@ -0,0 +1,40 @@ +from kubernetes import client +from mock import MagicMock + +from prowler.providers.kubernetes.kubernetes_provider import KubernetesProvider +from prowler.providers.kubernetes.models import ( + KubernetesIdentityInfo, + KubernetesSession, +) + +KUBERNETES_CONFIG = { + "audit_log_maxbackup": 10, + "audit_log_maxsize": 100, + "audit_log_maxage": 30, + "apiserver_strong_ciphers": [ + "TLS_AES_128_GCM_SHA256", + "TLS_AES_256_GCM_SHA384", + "TLS_CHACHA20_POLY1305_SHA256", + ], + "kubelet_strong_ciphers": [ + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", + "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", + "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", + "TLS_RSA_WITH_AES_256_GCM_SHA384", + "TLS_RSA_WITH_AES_128_GCM_SHA256", + ], +} + + +def set_mocked_kubernetes_provider() -> KubernetesProvider: + provider = MagicMock() + + provider.type = "kubernetes" + provider.identity = KubernetesIdentityInfo(context=None, cluster=None, user=None) + provider.identity.context = None + provider.session = KubernetesSession(api_client=client.ApiClient, context=None) + + return provider diff --git a/tests/providers/kubernetes/kubernetes_provider_test.py b/tests/providers/kubernetes/kubernetes_provider_test.py index 39caeaed24..15484a883b 100644 --- a/tests/providers/kubernetes/kubernetes_provider_test.py +++ b/tests/providers/kubernetes/kubernetes_provider_test.py @@ -1,159 +1,242 @@ -import io -import sys from argparse import Namespace -from unittest.mock import MagicMock, patch +from os import rmdir +from unittest.mock import patch -from prowler.providers.kubernetes.kubernetes_provider_new import KubernetesProvider +from kubernetes import client + +from prowler.config.config import default_config_file_path +from prowler.providers.kubernetes.kubernetes_provider import KubernetesProvider +from prowler.providers.kubernetes.models import ( + KubernetesIdentityInfo, + KubernetesOutputOptions, + KubernetesSession, +) +from tests.providers.kubernetes.kubernetes_fixtures import KUBERNETES_CONFIG + + +def mock_set_kubernetes_credentials(*_): + return ("apiclient", "context") + + +def mock_get_context_user_roles(*_): + return [] class TestKubernetesProvider: - @patch("kubernetes.client.RbacAuthorizationV1Api") - @patch("kubernetes.client.ApiClient") - @patch("kubernetes.config.load_kube_config") - @patch("kubernetes.config.load_incluster_config") - @patch("kubernetes.config.list_kube_config_contexts") - def test_setup_session( + def test_kubernetes_provider_no_namespaces( self, - mock_list_kube_config_contexts, ): - # Mocking the return value of list_kube_config_contexts - mock_list_kube_config_contexts.return_value = ( - [ - { - "name": "context_name", - "context": {"cluster": "test-cluster", "user": "test-user"}, - } - ], - 0, - ) - - # Create a Namespace object for arguments - args = Namespace(kubeconfig_file="dummy_path", context=None, only_logs=False) - - # Instantiate the KubernetesProvider with mocked arguments - provider = KubernetesProvider(args) - - # Assert that an ApiClient has been created - assert provider.api_client is not None - - # Assert that the context has been correctly set - assert provider.context == { - "name": "context_name", - "context": {"cluster": "test-cluster", "user": "test-user"}, + context = { + "name": "test-context", + "context": { + "user": "test-user", + "cluster": "test-cluster", + }, } + with patch( + "prowler.providers.kubernetes.kubernetes_provider.KubernetesProvider.setup_session", + return_value=KubernetesSession( + api_client=client.ApiClient, + context=context, + ), + ), patch( + "prowler.providers.kubernetes.kubernetes_provider.KubernetesProvider.get_all_namespaces", + return_value=["namespace-1"], + ): + arguments = Namespace() + arguments.kubeconfig_file = "dummy_path" + arguments.context = None + arguments.only_logs = False + arguments.namespaces = None + arguments.config_file = default_config_file_path - @patch("kubernetes.client.RbacAuthorizationV1Api") - @patch("kubernetes.config.list_kube_config_contexts") - @patch("kubernetes.config.load_incluster_config") - @patch("kubernetes.config.load_kube_config") - def test_get_context_user_roles( - self, - mock_list_kube_config_contexts, - mock_rbac_api, - ): - mock_list_kube_config_contexts.return_value = ( - [ - { - "name": "context_name", - "context": {"cluster": "test-cluster", "user": "test-user"}, - } - ], - 0, - ) + # Instantiate the KubernetesProvider with mocked arguments + kubernetes_provider = KubernetesProvider(arguments) + print(kubernetes_provider.__dict__) + assert isinstance(kubernetes_provider.session, KubernetesSession) + assert kubernetes_provider.session.api_client is not None + assert kubernetes_provider.session.context == { + "name": "test-context", + "context": {"cluster": "test-cluster", "user": "test-user"}, + } + assert kubernetes_provider.namespaces == ["namespace-1"] + assert isinstance(kubernetes_provider.identity, KubernetesIdentityInfo) + assert kubernetes_provider.identity.context == "test-context" + assert kubernetes_provider.identity.cluster == "test-cluster" + assert kubernetes_provider.identity.user == "test-user" - # Mock the RbacAuthorizationV1Api methods - cluster_role_binding = MagicMock() - role_binding = MagicMock() - cluster_role_binding.list_cluster_role_binding.return_value = MagicMock( - items=[] - ) - role_binding.list_role_binding_for_all_namespaces.return_value = MagicMock( - items=[] - ) + assert kubernetes_provider.audit_config == KUBERNETES_CONFIG - mock_rbac_api.return_value = MagicMock( - list_cluster_role_binding=cluster_role_binding.list_cluster_role_binding, - list_role_binding_for_all_namespaces=role_binding.list_role_binding_for_all_namespaces, - ) + def test_set_provider_output_options_kubernetes(self): + arguments = Namespace() + arguments.kubeconfig_file = "dummy_path" + arguments.context = None + arguments.only_logs = False + arguments.namespaces = None + arguments.config_file = default_config_file_path + arguments.status = [] + arguments.output_modes = ["csv"] + arguments.output_directory = "output_test_directory" + arguments.verbose = True + arguments.output_filename = "output_test_filename" + arguments.only_logs = False + arguments.unix_timestamp = False + arguments.shodan = "test-api-key" - args = Namespace(kubeconfig_file=None, context=None, only_logs=False) - provider = KubernetesProvider(args) - - roles = provider.get_context_user_roles() - - assert isinstance(roles, list) - - @patch("kubernetes.client.RbacAuthorizationV1Api") - @patch("kubernetes.client.ApiClient") - @patch("kubernetes.config.load_kube_config") - @patch("kubernetes.config.load_incluster_config") - @patch("kubernetes.config.list_kube_config_contexts") - @patch("sys.stdout", new_callable=MagicMock) - def test_print_credentials( - self, - mock_list_kube_config_contexts, - ): - mock_list_kube_config_contexts.return_value = ( - [ - { - "name": "context_name", - "context": {"cluster": "test-cluster", "user": "test-user"}, - } - ], - 0, - ) - - args = Namespace(kubeconfig_file=None, context=None, only_logs=False) - provider = KubernetesProvider(args) - provider.context = { - "context": {"cluster": "test-cluster", "user": "test-user"}, - "namespace": "default", + context = { + "name": "test-context", + "context": { + "user": "test-user", + "cluster": "test-cluster", + }, } - provider.get_context_user_roles = MagicMock(return_value=["ClusterRole: admin"]) + with patch( + "prowler.providers.kubernetes.kubernetes_provider.KubernetesProvider.setup_session", + return_value=KubernetesSession( + api_client=client.ApiClient, + context=context, + ), + ), patch( + "prowler.providers.kubernetes.kubernetes_provider.KubernetesProvider.get_all_namespaces", + return_value=["namespace-1"], + ): - # Capture print output - captured_output = io.StringIO() - sys.stdout = captured_output + kubernetes_provider = KubernetesProvider(arguments) - provider.print_credentials() + kubernetes_provider.output_options = arguments, {} - # Reset standard output - sys.stdout = sys.__stdout__ + assert isinstance( + kubernetes_provider.output_options, KubernetesOutputOptions + ) + assert kubernetes_provider.output_options.status == [] + assert kubernetes_provider.output_options.output_modes == ["csv"] + assert ( + kubernetes_provider.output_options.output_directory + == arguments.output_directory + ) + assert kubernetes_provider.output_options.bulk_checks_metadata == {} + assert kubernetes_provider.output_options.verbose + assert ( + kubernetes_provider.output_options.output_filename + == arguments.output_filename + ) - output = captured_output.getvalue() - assert "[test-cluster]" in output - assert "[test-user]" in output - assert "[default]" in output - assert "[ClusterRole: admin]" in output + # Delete testing directory + rmdir(f"{arguments.output_directory}/compliance") + rmdir(arguments.output_directory) - @patch("kubernetes.client.RbacAuthorizationV1Api") - @patch("kubernetes.config.list_kube_config_contexts") - @patch("kubernetes.config.load_incluster_config") - @patch("kubernetes.config.load_kube_config") - def test_search_and_save_roles( - self, - mock_list_kube_config_contexts, - mock_rbac_api, - ): - mock_list_kube_config_contexts.return_value = ( - [ - { - "name": "context_name", - "context": {"cluster": "test-cluster", "user": "test-user"}, - } - ], - 0, - ) - mock_rbac_api.return_value.list_cluster_role_binding.return_value = MagicMock( - items=[] - ) - mock_rbac_api.return_value.list_role_binding_for_all_namespaces.return_value = ( - MagicMock(items=[]) - ) + # @patch("kubernetes.client.RbacAuthorizationV1Api") + # @patch("kubernetes.config.list_kube_config_contexts") + # @patch("kubernetes.config.load_incluster_config") + # @patch("kubernetes.config.load_kube_config") + # def test_get_context_user_roles( + # self, + # mock_list_kube_config_contexts, + # mock_rbac_api, + # ): + # mock_list_kube_config_contexts.return_value = ( + # [ + # { + # "name": "context_name", + # "context": {"cluster": "test-cluster", "user": "test-user"}, + # } + # ], + # 0, + # ) - args = Namespace(kubeconfig_file=None, context=None, only_logs=False) - provider = KubernetesProvider(args) - provider.context = {"context": {"user": "test-user"}} + # # Mock the RbacAuthorizationV1Api methods + # cluster_role_binding = MagicMock() + # role_binding = MagicMock() + # cluster_role_binding.list_cluster_role_binding.return_value = MagicMock( + # items=[] + # ) + # role_binding.list_role_binding_for_all_namespaces.return_value = MagicMock( + # items=[] + # ) - roles = provider.search_and_save_roles([], [], "test-user", "ClusterRole") - assert isinstance(roles, list) + # mock_rbac_api.return_value = MagicMock( + # list_cluster_role_binding=cluster_role_binding.list_cluster_role_binding, + # list_role_binding_for_all_namespaces=role_binding.list_role_binding_for_all_namespaces, + # ) + + # args = Namespace(kubeconfig_file=None, context=None, only_logs=False) + # provider = KubernetesProvider(args) + + # roles = provider.get_context_user_roles() + + # assert isinstance(roles, list) + + # @patch("kubernetes.client.RbacAuthorizationV1Api") + # @patch("kubernetes.client.ApiClient") + # @patch("kubernetes.config.load_kube_config") + # @patch("kubernetes.config.load_incluster_config") + # @patch("kubernetes.config.list_kube_config_contexts") + # @patch("sys.stdout", new_callable=MagicMock) + # def test_print_credentials( + # self, + # mock_list_kube_config_contexts, + # ): + # mock_list_kube_config_contexts.return_value = ( + # [ + # { + # "name": "context_name", + # "context": {"cluster": "test-cluster", "user": "test-user"}, + # } + # ], + # 0, + # ) + + # args = Namespace(kubeconfig_file=None, context=None, only_logs=False) + # provider = KubernetesProvider(args) + # provider.context = { + # "context": {"cluster": "test-cluster", "user": "test-user"}, + # "namespace": "default", + # } + # provider.get_context_user_roles = MagicMock(return_value=["ClusterRole: admin"]) + + # # Capture print output + # captured_output = io.StringIO() + # sys.stdout = captured_output + + # provider.print_credentials() + + # # Reset standard output + # sys.stdout = sys.__stdout__ + + # output = captured_output.getvalue() + # assert "[test-cluster]" in output + # assert "[test-user]" in output + # assert "[default]" in output + # assert "[ClusterRole: admin]" in output + + # @patch("kubernetes.client.RbacAuthorizationV1Api") + # @patch("kubernetes.config.list_kube_config_contexts") + # @patch("kubernetes.config.load_incluster_config") + # @patch("kubernetes.config.load_kube_config") + # def test_search_and_save_roles( + # self, + # mock_list_kube_config_contexts, + # mock_rbac_api, + # ): + # mock_list_kube_config_contexts.return_value = ( + # [ + # { + # "name": "context_name", + # "context": {"cluster": "test-cluster", "user": "test-user"}, + # } + # ], + # 0, + # ) + # mock_rbac_api.return_value.list_cluster_role_binding.return_value = MagicMock( + # items=[] + # ) + # mock_rbac_api.return_value.list_role_binding_for_all_namespaces.return_value = ( + # MagicMock(items=[]) + # ) + + # args = Namespace(kubeconfig_file=None, context=None, only_logs=False) + # provider = KubernetesProvider(args) + # provider.context = {"context": {"user": "test-user"}} + + # roles = provider.search_and_save_roles([], [], "test-user", "ClusterRole") + # assert isinstance(roles, list) diff --git a/tests/providers/kubernetes/lib/service/kubernetes_service_test.py b/tests/providers/kubernetes/lib/service/kubernetes_service_test.py new file mode 100644 index 0000000000..7a6af7fed1 --- /dev/null +++ b/tests/providers/kubernetes/lib/service/kubernetes_service_test.py @@ -0,0 +1,17 @@ +# This file needs to be named with the provider at the beginning since there is a limitation in pytest and two tests files cannot have the same name +# https://github.com/pytest-dev/pytest/issues/774#issuecomment-112343498 +from kubernetes import client + +from prowler.providers.kubernetes.lib.service.service import KubernetesService +from tests.providers.kubernetes.kubernetes_fixtures import ( + set_mocked_kubernetes_provider, +) + + +class TestKubernetesService: + def test_KubernetesService_init(self): + kubernetes_provider = set_mocked_kubernetes_provider() + service = KubernetesService(kubernetes_provider) + + assert service.context is None + assert service.api_client == client.ApiClient diff --git a/tests/providers/kubernetes/lib/service/service_test.py b/tests/providers/kubernetes/lib/service/service_test.py deleted file mode 100644 index f3552c5dc4..0000000000 --- a/tests/providers/kubernetes/lib/service/service_test.py +++ /dev/null @@ -1,13 +0,0 @@ -from kubernetes import client - -from prowler.providers.kubernetes.lib.service.service import KubernetesService -from tests.providers.kubernetes.audit_info_utils import set_mocked_audit_info - - -class Test_KubernetesService: - def test_KubernetesService_init(self): - audit_info = set_mocked_audit_info() - service = KubernetesService(audit_info) - - assert service.context is None - assert service.api_client == client.ApiClient