From bcaa6ac4887cb62ce605b202bfa776d87429a341 Mon Sep 17 00:00:00 2001 From: Ivan Necheporenko <63012530+ivan-necheporenko@users.noreply.github.com> Date: Thu, 7 May 2026 13:59:38 +0200 Subject: [PATCH] fix(sdk): scan every Azure subscription when display names collide (#10718) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Rubén De la Torre Vico Co-authored-by: Daniel Barranquero --- prowler/CHANGELOG.md | 1 + prowler/lib/check/check.py | 7 +- prowler/lib/outputs/finding.py | 6 +- prowler/lib/outputs/html/html.py | 7 +- prowler/lib/outputs/slack/slack.py | 7 +- prowler/lib/outputs/summary_table.py | 8 +- prowler/providers/azure/azure_provider.py | 47 ++-- .../providers/azure/lib/mutelist/mutelist.py | 32 +-- .../providers/azure/lib/service/service.py | 10 +- .../services/aisearch/aisearch_service.py | 2 +- ...isearch_service_not_publicly_accessible.py | 11 +- .../aks_cluster_rbac_enabled.py | 11 +- ...aks_clusters_created_with_private_nodes.py | 11 +- .../aks_clusters_public_access_disabled.py | 11 +- .../aks_network_policy_enabled.py | 11 +- .../azure/services/aks/aks_service.py | 8 +- .../azure/services/apim/apim_service.py | 2 +- .../apim_threat_detection_llm_jacking.py | 21 +- .../app_client_certificates_on.py | 11 +- .../app_ensure_auth_is_set_up.py | 11 +- .../app_ensure_http_is_redirected_to_https.py | 11 +- .../app_ensure_java_version_is_latest.py | 11 +- .../app_ensure_php_version_is_latest.py | 11 +- .../app_ensure_python_version_is_latest.py | 11 +- .../app_ensure_using_http20.py | 11 +- .../app_ftp_deployment_disabled.py | 11 +- .../app_function_access_keys_configured.py | 13 +- ...p_function_application_insights_enabled.py | 15 +- .../app_function_ftps_deployment_disabled.py | 13 +- .../app_function_identity_is_configured.py | 16 +- ...ction_identity_without_admin_privileges.py | 17 +- .../app_function_latest_runtime_version.py | 13 +- .../app_function_not_publicly_accessible.py | 15 +- .../app_function_vnet_integration_enabled.py | 11 +- .../app_http_logs_enabled.py | 15 +- .../app_minimum_tls_version_12.py | 11 +- .../app_register_with_identity.py | 11 +- .../azure/services/app/app_service.py | 30 +-- .../appinsights_ensure_is_configured.py | 17 +- .../appinsights/appinsights_service.py | 8 +- .../containerregistry_admin_user_disabled.py | 7 +- ...ntainerregistry_not_publicly_accessible.py | 7 +- .../containerregistry_service.py | 8 +- .../containerregistry_uses_private_link.py | 7 +- ..._account_firewall_use_selected_networks.py | 7 +- .../cosmosdb_account_use_aad_and_rbac.py | 7 +- .../cosmosdb_account_use_private_endpoints.py | 7 +- .../services/cosmosdb/cosmosdb_service.py | 2 +- ...bricks_workspace_cmk_encryption_enabled.py | 7 +- ...bricks_workspace_vnet_injection_enabled.py | 7 +- ...mail_configured_with_a_security_contact.py | 11 +- ...sments_vm_endpoint_protection_installed.py | 11 +- ..._path_notifications_properly_configured.py | 13 +- ...provisioning_log_analytics_agent_vms_on.py | 11 +- ...ng_vulnerabilty_assessments_machines_on.py | 11 +- ...ntainer_images_resolved_vulnerabilities.py | 11 +- .../defender_container_images_scan_enabled.py | 9 +- ..._ensure_defender_for_app_services_is_on.py | 7 +- .../defender_ensure_defender_for_arm_is_on.py | 7 +- ..._defender_for_azure_sql_databases_is_on.py | 7 +- ...er_ensure_defender_for_containers_is_on.py | 7 +- ...nder_ensure_defender_for_cosmosdb_is_on.py | 7 +- ...der_ensure_defender_for_databases_is_on.py | 7 +- .../defender_ensure_defender_for_dns_is_on.py | 7 +- ...nder_ensure_defender_for_keyvault_is_on.py | 7 +- ...ender_for_os_relational_databases_is_on.py | 7 +- ...fender_ensure_defender_for_server_is_on.py | 7 +- ...r_ensure_defender_for_sql_servers_is_on.py | 7 +- ...ender_ensure_defender_for_storage_is_on.py | 7 +- .../defender_ensure_iot_hub_defender_is_on.py | 21 +- .../defender_ensure_mcas_is_enabled.py | 21 +- ...r_ensure_notify_alerts_severity_is_high.py | 11 +- ...defender_ensure_notify_emails_to_owners.py | 11 +- ...ender_ensure_system_updates_are_applied.py | 11 +- .../defender_ensure_wdatp_is_enabled.py | 21 +- .../services/defender/defender_service.py | 68 +++--- .../entra_user_with_vm_access_has_mfa.py | 15 +- ...ermissions_to_administer_resource_locks.py | 5 +- .../iam_role_user_access_admin_restricted.py | 15 +- .../azure/services/iam/iam_service.py | 6 +- ...cription_roles_owner_custom_not_created.py | 5 +- ...t_access_only_through_private_endpoints.py | 7 +- ...keyvault_key_expiration_set_in_non_rbac.py | 7 +- .../keyvault_key_rotation_enabled.py | 7 +- .../keyvault_logging_enabled.py | 11 +- ...keyvault_non_rbac_secret_expiration_set.py | 7 +- .../keyvault_private_endpoints.py | 7 +- .../keyvault_rbac_enabled.py | 7 +- .../keyvault_rbac_key_expiration_set.py | 7 +- .../keyvault_rbac_secret_expiration_set.py | 7 +- .../keyvault_recoverable.py | 7 +- .../services/keyvault/keyvault_service.py | 14 +- .../monitor_alert_create_policy_assignment.py | 19 +- .../monitor_alert_create_update_nsg.py | 19 +- ...rt_create_update_public_ip_address_rule.py | 19 +- ...r_alert_create_update_security_solution.py | 19 +- ...onitor_alert_create_update_sqlserver_fr.py | 19 +- .../monitor_alert_delete_nsg.py | 19 +- .../monitor_alert_delete_policy_assignment.py | 19 +- ...tor_alert_delete_public_ip_address_rule.py | 19 +- .../monitor_alert_delete_security_solution.py | 19 +- .../monitor_alert_delete_sqlserver_fr.py | 19 +- .../monitor_alert_service_health_exists.py | 19 +- ...tic_setting_with_appropriate_categories.py | 19 +- .../monitor_diagnostic_settings_exists.py | 21 +- .../azure/services/monitor/monitor_service.py | 8 +- ...ccount_with_activity_logs_cmk_encrypted.py | 15 +- ...e_account_with_activity_logs_is_private.py | 15 +- ...e_server_audit_log_connection_activated.py | 11 +- ...mysql_flexible_server_audit_log_enabled.py | 11 +- ..._flexible_server_minimum_tls_version_12.py | 13 +- ..._flexible_server_ssl_connection_enabled.py | 11 +- .../azure/services/mysql/mysql_service.py | 8 +- .../network_bastion_host_exists.py | 13 +- .../network_flow_log_captured_sent.py | 11 +- .../network_flow_log_more_than_90_days.py | 11 +- ...network_http_internet_access_restricted.py | 7 +- .../network_public_ip_shodan.py | 9 +- .../network_rdp_internet_access_restricted.py | 7 +- .../azure/services/network/network_service.py | 12 +- .../network_ssh_internet_access_restricted.py | 7 +- .../network_udp_internet_access_restricted.py | 7 +- .../network_watcher_enabled.py | 11 +- .../policy_ensure_asc_enforcement_enabled.py | 11 +- .../azure/services/policy/policy_service.py | 8 +- ...e_server_allow_access_services_disabled.py | 7 +- ...lexible_server_connection_throttling_on.py | 7 +- ...sql_flexible_server_enforce_ssl_enabled.py | 7 +- ..._server_entra_id_authentication_enabled.py | 9 +- ...esql_flexible_server_log_checkpoints_on.py | 7 +- ...esql_flexible_server_log_connections_on.py | 7 +- ...l_flexible_server_log_disconnections_on.py | 7 +- ...ble_server_log_retention_days_greater_3.py | 7 +- .../services/postgresql/postgresql_service.py | 2 +- .../services/recovery/recovery_service.py | 26 +-- .../sqlserver_auditing_enabled.py | 7 +- .../sqlserver_auditing_retention_90_days.py | 9 +- ...sqlserver_azuread_administrator_enabled.py | 7 +- .../sqlserver_microsoft_defender_enabled.py | 7 +- ...lserver_recommended_minimal_tls_version.py | 7 +- .../services/sqlserver/sqlserver_service.py | 4 +- .../sqlserver_tde_encrypted_with_cmk.py | 9 +- .../sqlserver_tde_encryption_enabled.py | 7 +- .../sqlserver_unrestricted_inbound_access.py | 7 +- ..._va_emails_notifications_admins_enabled.py | 9 +- ...ver_va_periodic_recurring_scans_enabled.py | 9 +- .../sqlserver_va_scan_reports_configured.py | 9 +- ...server_vulnerability_assessment_enabled.py | 7 +- .../storage_account_key_access_disabled.py | 7 +- ...ge_blob_public_access_level_is_disabled.py | 7 +- .../storage_blob_versioning_is_enabled.py | 7 +- ...orage_cross_tenant_replication_disabled.py | 7 +- ...e_default_network_access_rule_is_denied.py | 7 +- ..._default_to_entra_authorization_enabled.py | 7 +- ...rvices_are_trusted_to_access_is_enabled.py | 7 +- ...e_encryption_with_customer_managed_keys.py | 7 +- ...sure_file_shares_soft_delete_is_enabled.py | 7 +- .../storage_ensure_minimum_tls_version_12.py | 7 +- ...e_private_endpoints_in_storage_accounts.py | 7 +- .../storage_ensure_soft_delete_is_enabled.py | 7 +- .../storage_geo_redundant_enabled.py | 7 +- ...ge_infrastructure_encryption_is_enabled.py | 7 +- .../storage_key_rotation_90_days.py | 9 +- ...age_secure_transfer_required_is_enabled.py | 7 +- .../azure/services/storage/storage_service.py | 12 +- ...hannel_encryption_with_secure_algorithm.py | 9 +- .../storage_smb_protocol_version_is_latest.py | 7 +- .../vm/vm_backup_enabled/vm_backup_enabled.py | 13 +- .../vm_desired_sku_size.py | 11 +- ...nsure_attached_disks_encrypted_with_cmk.py | 11 +- ...ure_unattached_disks_encrypted_with_cmk.py | 11 +- .../vm_ensure_using_approved_images.py | 11 +- .../vm_ensure_using_managed_disks.py | 11 +- .../vm_jit_access_enabled.py | 13 +- .../vm_linux_enforce_ssh_authentication.py | 11 +- ..._scaleset_associated_with_load_balancer.py | 5 +- .../vm_scaleset_not_empty.py | 5 +- .../providers/azure/services/vm/vm_service.py | 36 ++-- ...ufficient_daily_backup_retention_period.py | 7 +- .../vm_trusted_launch_enabled.py | 11 +- tests/lib/check/check_test.py | 34 +++ tests/lib/outputs/finding_test.py | 4 +- tests/lib/outputs/summary_table_test.py | 42 ++++ tests/providers/azure/azure_fixtures.py | 1 + tests/providers/azure/azure_provider_test.py | 204 +++++++++++++++++- .../azure/lib/mutelist/azure_mutelist_test.py | 6 +- ...ce_public_access_level_is_disabled_test.py | 9 +- .../aks_cluster_rbac_enabled_test.py | 10 +- ...lusters_created_with_private_nodes_test.py | 13 +- ...ks_clusters_public_access_disabled_test.py | 13 +- .../aks_network_policy_enabled_test.py | 10 +- .../azure/services/apim/apim_service_test.py | 7 + .../apim_threat_detection_llm_jacking_test.py | 110 +++++++++- .../app_client_certificates_on_test.py | 10 +- .../app_ensure_auth_is_set_up_test.py | 10 +- ...ensure_http_is_redirected_to_https_test.py | 10 +- .../app_ensure_java_version_is_latest_test.py | 18 +- .../app_ensure_php_version_is_latest_test.py | 11 +- ...pp_ensure_python_version_is_latest_test.py | 11 +- .../app_ensure_using_http20_test.py | 13 +- .../app_ftp_deployment_disabled_test.py | 13 +- ...pp_function_access_keys_configured_test.py | 10 +- ...ction_application_insights_enabled_test.py | 16 +- ..._function_ftps_deployment_disabled_test.py | 13 +- ...pp_function_identity_is_configured_test.py | 10 +- ..._identity_without_admin_privileges_test.py | 23 +- ...pp_function_latest_runtime_version_test.py | 10 +- ...p_function_not_publicly_accessible_test.py | 10 +- ..._function_vnet_integration_enabled_test.py | 12 +- .../app_http_logs_enabled_test.py | 16 +- .../app_minimum_tls_version_12_test.py | 16 +- .../app_register_with_identity_test.py | 10 +- .../appinsights_ensure_is_configured_test.py | 13 +- ...tainerregistry_admin_user_disabled_test.py | 15 +- ...erregistry_not_publicly_accessible_test.py | 15 +- ...ontainerregistry_uses_private_link_test.py | 15 +- ...unt_firewall_use_selected_networks_test.py | 9 +- .../cosmosdb_account_use_aad_and_rbac_test.py | 9 +- ...osdb_account_use_private_endpoints_test.py | 9 +- ...s_workspace_cmk_encryption_enabled_test.py | 15 +- ...s_workspace_vnet_injection_enabled_test.py | 15 +- ...configured_with_a_security_contact_test.py | 9 +- ...s_vm_endpoint_protection_installed_test.py | 10 +- ..._notifications_properly_configured_test.py | 24 ++- ...sioning_log_analytics_agent_vms_on_test.py | 14 +- ...lnerabilty_assessments_machines_on_test.py | 9 +- ...er_images_resolved_vulnerabilities_test.py | 12 +- ...nder_container_images_scan_enabled_test.py | 14 +- ...re_defender_for_app_services_is_on_test.py | 9 +- ...nder_ensure_defender_for_arm_is_on_test.py | 9 +- ...nder_for_azure_sql_databases_is_on_test.py | 9 +- ...sure_defender_for_containers_is_on_test.py | 9 +- ...ensure_defender_for_cosmosdb_is_on_test.py | 9 +- ...nsure_defender_for_databases_is_on_test.py | 13 +- ...nder_ensure_defender_for_dns_is_on_test.py | 9 +- ...ensure_defender_for_keyvault_is_on_test.py | 9 +- ..._for_os_relational_databases_is_on_test.py | 9 +- ...r_ensure_defender_for_server_is_on_test.py | 9 +- ...ure_defender_for_sql_servers_is_on_test.py | 9 +- ..._ensure_defender_for_storage_is_on_test.py | 9 +- ...nder_ensure_iot_hub_defender_is_on_test.py | 18 +- .../defender_ensure_mcas_is_enabled_test.py | 13 +- ...ure_notify_alerts_severity_is_high_test.py | 15 +- ...der_ensure_notify_emails_to_owners_test.py | 10 +- ..._ensure_system_updates_are_applied_test.py | 15 +- .../defender_ensure_wdatp_is_enabled_test.py | 13 +- .../entra_user_with_vm_access_has_mfa_test.py | 16 +- ...sions_to_administer_resource_locks_test.py | 13 +- ..._role_user_access_admin_restricted_test.py | 23 +- ...ion_roles_owner_custom_not_created_test.py | 9 +- ...ess_only_through_private_endpoints_test.py | 10 +- ...ult_key_expiration_set_in_non_rbac_test.py | 12 +- .../keyvault_key_rotation_enabled_test.py | 14 +- .../keyvault_logging_enabled_test.py | 14 +- ...ult_non_rbac_secret_expiration_set_test.py | 12 +- .../keyvault_private_endpoints_test.py | 9 +- .../keyvault_rbac_enabled_test.py | 9 +- .../keyvault_rbac_key_expiration_set_test.py | 12 +- ...eyvault_rbac_secret_expiration_set_test.py | 12 +- .../keyvault_recoverable_test.py | 12 +- ...tor_alert_create_policy_assignment_test.py | 10 +- .../monitor_alert_create_update_nsg_test.py | 10 +- ...eate_update_public_ip_address_rule_test.py | 10 +- ...rt_create_update_security_solution_test.py | 10 +- ...r_alert_create_update_sqlserver_fr_test.py | 10 +- .../monitor_alert_delete_nsg_test.py | 10 +- ...tor_alert_delete_policy_assignment_test.py | 10 +- ...lert_delete_public_ip_address_rule_test.py | 10 +- ...tor_alert_delete_security_solution_test.py | 10 +- .../monitor_alert_delete_sqlserver_fr_test.py | 10 +- ...onitor_alert_service_health_exists_test.py | 15 +- ...etting_with_appropriate_categories_test.py | 10 +- ...monitor_diagnostic_settings_exists_test.py | 11 +- ...t_with_activity_logs_cmk_encrypted_test.py | 10 +- ...ount_with_activity_logs_is_private_test.py | 10 +- ...ver_audit_log_connection_activated_test.py | 16 +- ..._flexible_server_audit_log_enabled_test.py | 13 +- ...ible_server_minimum_tls_version_12_test.py | 19 +- ...ible_server_ssl_connection_enabled_test.py | 21 +- .../network_bastion_host_exists_test.py | 9 +- .../network_flow_log_captured_sent_test.py | 54 ++++- ...network_flow_log_more_than_90_days_test.py | 18 +- ...rk_http_internet_access_restricted_test.py | 15 +- .../network_public_ip_shodan_test.py | 6 +- ...ork_rdp_internet_access_restricted_test.py | 15 +- ...ork_ssh_internet_access_restricted_test.py | 18 +- ...ork_udp_internet_access_restricted_test.py | 15 +- .../network_watcher_enabled_test.py | 24 ++- ...icy_ensure_asc_enforcement_enabled_test.py | 11 +- ...ver_allow_access_services_disabled_test.py | 15 +- ...le_server_connection_throttling_on_test.py | 15 +- ...lexible_server_enforce_ssl_enabled_test.py | 15 +- ...er_entra_id_authentication_enabled_test.py | 20 +- ...flexible_server_log_checkpoints_on_test.py | 15 +- ...flexible_server_log_connections_on_test.py | 15 +- ...xible_server_log_disconnections_on_test.py | 15 +- ...erver_log_retention_days_greater_3_test.py | 25 ++- .../sqlserver_auditing_enabled_test.py | 15 +- ...lserver_auditing_retention_90_days_test.py | 30 ++- ...rver_azuread_administrator_enabled_test.py | 20 +- ...lserver_microsoft_defender_enabled_test.py | 18 +- ...er_recommended_minimal_tls_version_test.py | 20 +- .../sqlserver_tde_encrypted_with_cmk_test.py | 23 +- .../sqlserver_tde_encryption_enabled_test.py | 23 +- ...server_unrestricted_inbound_access_test.py | 15 +- ...mails_notifications_admins_enabled_test.py | 25 ++- ...a_periodic_recurring_scans_enabled_test.py | 25 ++- ...lserver_va_scan_reports_configured_test.py | 30 ++- ...r_vulnerability_assessment_enabled_test.py | 20 +- ...torage_account_key_access_disabled_test.py | 9 +- ...ob_public_access_level_is_disabled_test.py | 9 +- ...storage_blob_versioning_is_enabled_test.py | 10 +- ..._cross_tenant_replication_disabled_test.py | 9 +- ...ault_network_access_rule_is_denied_test.py | 9 +- ...ult_to_entra_authorization_enabled_test.py | 9 +- ...s_are_trusted_to_access_is_enabled_test.py | 9 +- ...ryption_with_customer_managed_keys_test.py | 9 +- ...file_shares_soft_delete_is_enabled_test.py | 10 +- ...rage_ensure_minimum_tls_version_12_test.py | 9 +- ...vate_endpoints_in_storage_accounts_test.py | 9 +- ...rage_ensure_soft_delete_is_enabled_test.py | 10 +- .../storage_geo_redundant_enabled_test.py | 27 ++- ...frastructure_encryption_is_enabled_test.py | 9 +- .../storage_key_rotation_90_days_test.py | 12 +- ...ecure_transfer_required_is_enabled_test.py | 9 +- ...l_encryption_with_secure_algorithm_test.py | 13 +- ...age_smb_protocol_version_is_latest_test.py | 14 +- .../vm_backup_enabled_test.py | 32 ++- .../vm_desired_sku_size_test.py | 33 ++- ..._attached_disks_encrypted_with_cmk_test.py | 16 +- ...nattached_disks_encrypted_with_cmk_test.py | 16 +- .../vm_ensure_using_approved_images_test.py | 13 +- .../vm_ensure_using_managed_disks_test.py | 13 +- .../vm_jit_access_enabled_test.py | 13 ++ ...m_linux_enforce_ssh_authentication_test.py | 6 + ...eset_associated_with_load_balancer_test.py | 11 +- .../vm_scaleset_not_empty_test.py | 9 +- ...ient_daily_backup_retention_period_test.py | 13 ++ .../vm_trusted_launch_enabled_test.py | 13 +- 339 files changed, 3210 insertions(+), 1235 deletions(-) create mode 100644 tests/lib/outputs/summary_table_test.py diff --git a/prowler/CHANGELOG.md b/prowler/CHANGELOG.md index cb60998d21..a08bd2688a 100644 --- a/prowler/CHANGELOG.md +++ b/prowler/CHANGELOG.md @@ -25,6 +25,7 @@ All notable changes to the **Prowler SDK** are documented in this file. - AWS SDK test isolation: autouse `mock_aws` fixture and leak detector in `conftest.py` to prevent tests from hitting real AWS endpoints, with idempotent organization setup for tests calling `set_mocked_aws_provider` multiple times [(#10605)](https://github.com/prowler-cloud/prowler/pull/10605) - AWS `boto` user agent extra is now applied to every client [(#10944)](https://github.com/prowler-cloud/prowler/pull/10944) - Image provider connection check no longer fails with a misleading `host='https'` resolution error when the registry URL includes an `http://` or `https://` scheme prefix [(#10950)](https://github.com/prowler-cloud/prowler/pull/10950) +- Azure subscriptions sharing the same display name are no longer collapsed into a single identity entry, so every subscription is scanned [(#10718)](https://github.com/prowler-cloud/prowler/pull/10718) ### 🔐 Security diff --git a/prowler/lib/check/check.py b/prowler/lib/check/check.py index b15cf8bfbe..fff9454213 100644 --- a/prowler/lib/check/check.py +++ b/prowler/lib/check/check.py @@ -749,8 +749,11 @@ def execute( if global_provider.type == "cloudflare": is_finding_muted_args["account_id"] = finding.account_id if global_provider.type == "azure": - is_finding_muted_args["subscription_id"] = ( - global_provider.identity.subscriptions.get(finding.subscription) + is_finding_muted_args["subscription_id"] = finding.subscription + is_finding_muted_args["subscription_name"] = ( + global_provider.identity.subscriptions.get( + finding.subscription, finding.subscription + ) ) is_finding_muted_args["finding"] = finding finding.muted = global_provider.mutelist.is_finding_muted( diff --git a/prowler/lib/outputs/finding.py b/prowler/lib/outputs/finding.py index 95a634c85f..2c2638ed65 100644 --- a/prowler/lib/outputs/finding.py +++ b/prowler/lib/outputs/finding.py @@ -187,9 +187,11 @@ class Finding(BaseModel): output_data["account_uid"] = ( output_data["account_organization_uid"] if "Tenant:" in check_output.subscription - else provider.identity.subscriptions[check_output.subscription] + else check_output.subscription + ) + output_data["account_name"] = provider.identity.subscriptions.get( + check_output.subscription, check_output.subscription ) - output_data["account_name"] = check_output.subscription output_data["resource_name"] = check_output.resource_name output_data["resource_uid"] = check_output.resource_id output_data["region"] = check_output.location diff --git a/prowler/lib/outputs/html/html.py b/prowler/lib/outputs/html/html.py index d547ea3b95..5886a87b2f 100644 --- a/prowler/lib/outputs/html/html.py +++ b/prowler/lib/outputs/html/html.py @@ -492,8 +492,11 @@ class HTML(Output): """ try: printed_subscriptions = [] - for key, value in provider.identity.subscriptions.items(): - intermediate = f"{key} : {value}" + for ( + subscription_id, + display_name, + ) in provider.identity.subscriptions.items(): + intermediate = f"{display_name} : {subscription_id}" printed_subscriptions.append(intermediate) # check if identity is str(coming from SP) or dict(coming from browser or) diff --git a/prowler/lib/outputs/slack/slack.py b/prowler/lib/outputs/slack/slack.py index 1b1773dc92..d32214cc7c 100644 --- a/prowler/lib/outputs/slack/slack.py +++ b/prowler/lib/outputs/slack/slack.py @@ -82,8 +82,11 @@ class Slack: logo = gcp_logo elif provider.type == "azure": printed_subscriptions = [] - for key, value in provider.identity.subscriptions.items(): - intermediate = f"- *{key}: {value}*\n" + for ( + subscription_id, + display_name, + ) in provider.identity.subscriptions.items(): + intermediate = f"- *{subscription_id}: {display_name}*\n" printed_subscriptions.append(intermediate) identity = f"Azure Subscriptions:\n{''.join(printed_subscriptions)}" logo = azure_logo diff --git a/prowler/lib/outputs/summary_table.py b/prowler/lib/outputs/summary_table.py index 1f30063c8f..6ed09ed159 100644 --- a/prowler/lib/outputs/summary_table.py +++ b/prowler/lib/outputs/summary_table.py @@ -185,9 +185,13 @@ def display_summary_table( print( f"\n{entity_type} {Fore.YELLOW}{audited_entities}{Style.RESET_ALL} Scan Results (severity columns are for fails only):" ) - if provider == "azure": + if provider.type == "azure": + scanned_subscriptions = ", ".join( + f"{display_name} ({subscription_id})" + for subscription_id, display_name in provider.identity.subscriptions.items() + ) print( - f"\nSubscriptions scanned: {Fore.YELLOW}{' '.join(provider.identity.subscriptions.keys())}{Style.RESET_ALL}" + f"\nSubscriptions scanned: {Fore.YELLOW}{scanned_subscriptions}{Style.RESET_ALL}" ) print(tabulate(findings_table, headers="keys", tablefmt="rounded_grid")) print( diff --git a/prowler/providers/azure/azure_provider.py b/prowler/providers/azure/azure_provider.py index 506b433690..ce28d60bda 100644 --- a/prowler/providers/azure/azure_provider.py +++ b/prowler/providers/azure/azure_provider.py @@ -441,8 +441,8 @@ class AzureProvider(Provider): None """ printed_subscriptions = [] - for key, value in self._identity.subscriptions.items(): - intermediate = key + ": " + value + for subscription_id, display_name in self._identity.subscriptions.items(): + intermediate = display_name + ": " + subscription_id printed_subscriptions.append(intermediate) report_lines = [ f"Azure Tenant Domain: {Fore.YELLOW}{self._identity.tenant_domain}{Style.RESET_ALL} Azure Tenant ID: {Fore.YELLOW}{self._identity.tenant_ids[0]}{Style.RESET_ALL}", @@ -969,19 +969,30 @@ class AzureProvider(Provider): ) if not subscription_ids: logger.info("Scanning all the Azure subscriptions...") - for subscription in subscriptions_client.subscriptions.list(): - # TODO: get tags or labels - # TODO: fill with AzureSubscription - identity.subscriptions.update( - {subscription.display_name: subscription.subscription_id} - ) + # TODO: get tags or labels + # TODO: fill with AzureSubscription + subscription_pairs = [ + (subscription.display_name, subscription.subscription_id) + for subscription in subscriptions_client.subscriptions.list() + ] else: logger.info("Scanning the subscriptions passed as argument ...") - for id in subscription_ids: - subscription = subscriptions_client.subscriptions.get( - subscription_id=id + subscription_pairs = [ + ( + subscriptions_client.subscriptions.get( + subscription_id=id + ).display_name, + id, ) - identity.subscriptions.update({subscription.display_name: id}) + for id in subscription_ids + ] + + # Key the subscriptions dict by subscription ID (which is + # guaranteed unique) and store the display name as the value. + # This avoids collisions when multiple subscriptions share + # the same display name. + for display_name, subscription_id in subscription_pairs: + identity.subscriptions[subscription_id] = display_name # If there are no subscriptions listed -> checks are not going to be run against any resource if not identity.subscriptions: @@ -1017,28 +1028,28 @@ class AzureProvider(Provider): Returns: A dictionary containing the locations available for each subscription. The dictionary - has subscription display names as keys and lists of location names as values. + has subscription IDs as keys and lists of location names as values. Examples: >>> provider = AzureProvider(...) >>> provider.get_locations() { - 'Subscription 1': ['eastus', 'eastus2', 'westus', 'westus2'], - 'Subscription 2': ['eastus', 'eastus2', 'westus', 'westus2'] + 'sub-id-1': ['eastus', 'eastus2', 'westus', 'westus2'], + 'sub-id-2': ['eastus', 'eastus2', 'westus', 'westus2'] } """ credentials = self.session subscription_client = SubscriptionClient(credentials) locations = {} - for display_name, subscription_id in self._identity.subscriptions.items(): - locations[display_name] = [] + for subscription_id, display_name in self._identity.subscriptions.items(): + locations[subscription_id] = [] # List locations for each subscription for location in subscription_client.subscriptions.list_locations( subscription_id ): - locations[display_name].append(location.name) + locations[subscription_id].append(location.name) return locations diff --git a/prowler/providers/azure/lib/mutelist/mutelist.py b/prowler/providers/azure/lib/mutelist/mutelist.py index 90ad609a1a..7d80d2e4cf 100644 --- a/prowler/providers/azure/lib/mutelist/mutelist.py +++ b/prowler/providers/azure/lib/mutelist/mutelist.py @@ -8,17 +8,23 @@ class AzureMutelist(Mutelist): self, finding: Check_Report_Azure, subscription_id: str, + subscription_name: str = "", ) -> bool: - return self.is_muted( - subscription_id, # support Azure Subscription ID in mutelist - finding.check_metadata.CheckID, - finding.location, - finding.resource_name, - unroll_dict(unroll_tags(finding.resource_tags)), - ) or self.is_muted( - finding.subscription, # support Azure Subscription Name in mutelist - finding.check_metadata.CheckID, - finding.location, - finding.resource_name, - unroll_dict(unroll_tags(finding.resource_tags)), - ) + account_names = [subscription_id] + for account_name in (subscription_name, finding.subscription): + if account_name and account_name not in account_names: + account_names.append(account_name) + + tags = unroll_dict(unroll_tags(finding.resource_tags)) + + for account_name in account_names: + if self.is_muted( + account_name, + finding.check_metadata.CheckID, + finding.location, + finding.resource_name, + tags, + ): + return True + + return False diff --git a/prowler/providers/azure/lib/service/service.py b/prowler/providers/azure/lib/service/service.py index a4fc4b9b9b..f8cfd417c9 100644 --- a/prowler/providers/azure/lib/service/service.py +++ b/prowler/providers/azure/lib/service/service.py @@ -49,15 +49,15 @@ class AzureService: if "GraphServiceClient" in str(service): clients.update({identity.tenant_domain: service(credentials=session)}) elif "LogsQueryClient" in str(service): - for display_name, id in identity.subscriptions.items(): - clients.update({display_name: service(credential=session)}) + for subscription_id, display_name in identity.subscriptions.items(): + clients.update({subscription_id: service(credential=session)}) else: - for display_name, id in identity.subscriptions.items(): + for subscription_id, display_name in identity.subscriptions.items(): clients.update( { - display_name: service( + subscription_id: service( credential=session, - subscription_id=id, + subscription_id=subscription_id, base_url=region_config.base_url, credential_scopes=region_config.credential_scopes, ) diff --git a/prowler/providers/azure/services/aisearch/aisearch_service.py b/prowler/providers/azure/services/aisearch/aisearch_service.py index 2324be227d..3f482a41a5 100644 --- a/prowler/providers/azure/services/aisearch/aisearch_service.py +++ b/prowler/providers/azure/services/aisearch/aisearch_service.py @@ -36,7 +36,7 @@ class AISearch(AzureService): ) except Exception as error: logger.error( - f"Subscription name: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return aisearch_services diff --git a/prowler/providers/azure/services/aisearch/aisearch_service_not_publicly_accessible/aisearch_service_not_publicly_accessible.py b/prowler/providers/azure/services/aisearch/aisearch_service_not_publicly_accessible/aisearch_service_not_publicly_accessible.py index 424b7a832e..9e048c7ba2 100644 --- a/prowler/providers/azure/services/aisearch/aisearch_service_not_publicly_accessible/aisearch_service_not_publicly_accessible.py +++ b/prowler/providers/azure/services/aisearch/aisearch_service_not_publicly_accessible/aisearch_service_not_publicly_accessible.py @@ -9,20 +9,23 @@ class aisearch_service_not_publicly_accessible(Check): findings = [] for ( - subscription_name, + subscription_id, aisearch_services, ) in aisearch_client.aisearch_services.items(): + subscription_name = aisearch_client.subscriptions.get( + subscription_id, subscription_id + ) for aisearch_service in aisearch_services.values(): report = Check_Report_Azure( metadata=self.metadata(), resource=aisearch_service ) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "FAIL" - report.status_extended = f"AISearch Service {aisearch_service.name} from subscription {subscription_name} allows public access." + report.status_extended = f"AISearch Service {aisearch_service.name} from subscription {subscription_name} ({subscription_id}) allows public access." if not aisearch_service.public_network_access: report.status = "PASS" - report.status_extended = f"AISearch Service {aisearch_service.name} from subscription {subscription_name} does not allows public access." + report.status_extended = f"AISearch Service {aisearch_service.name} from subscription {subscription_name} ({subscription_id}) does not allows public access." findings.append(report) diff --git a/prowler/providers/azure/services/aks/aks_cluster_rbac_enabled/aks_cluster_rbac_enabled.py b/prowler/providers/azure/services/aks/aks_cluster_rbac_enabled/aks_cluster_rbac_enabled.py index e5478b0d90..12ef99e524 100644 --- a/prowler/providers/azure/services/aks/aks_cluster_rbac_enabled/aks_cluster_rbac_enabled.py +++ b/prowler/providers/azure/services/aks/aks_cluster_rbac_enabled/aks_cluster_rbac_enabled.py @@ -6,16 +6,19 @@ class aks_cluster_rbac_enabled(Check): def execute(self) -> Check_Report_Azure: findings = [] - for subscription_name, clusters in aks_client.clusters.items(): + for subscription_id, clusters in aks_client.clusters.items(): + subscription_name = aks_client.subscriptions.get( + subscription_id, subscription_id + ) for cluster in clusters.values(): report = Check_Report_Azure(metadata=self.metadata(), resource=cluster) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "PASS" - report.status_extended = f"RBAC is enabled for cluster '{cluster.name}' in subscription '{subscription_name}'." + report.status_extended = f"RBAC is enabled for cluster '{cluster.name}' in subscription '{subscription_name} ({subscription_id})'." if not cluster.rbac_enabled: report.status = "FAIL" - report.status_extended = f"RBAC is not enabled for cluster '{cluster.name}' in subscription '{subscription_name}'." + report.status_extended = f"RBAC is not enabled for cluster '{cluster.name}' in subscription '{subscription_name} ({subscription_id})'." findings.append(report) diff --git a/prowler/providers/azure/services/aks/aks_clusters_created_with_private_nodes/aks_clusters_created_with_private_nodes.py b/prowler/providers/azure/services/aks/aks_clusters_created_with_private_nodes/aks_clusters_created_with_private_nodes.py index 6de9b3653f..7eab51e085 100644 --- a/prowler/providers/azure/services/aks/aks_clusters_created_with_private_nodes/aks_clusters_created_with_private_nodes.py +++ b/prowler/providers/azure/services/aks/aks_clusters_created_with_private_nodes/aks_clusters_created_with_private_nodes.py @@ -6,17 +6,20 @@ class aks_clusters_created_with_private_nodes(Check): def execute(self) -> Check_Report_Azure: findings = [] - for subscription_name, clusters in aks_client.clusters.items(): + for subscription_id, clusters in aks_client.clusters.items(): + subscription_name = aks_client.subscriptions.get( + subscription_id, subscription_id + ) for cluster in clusters.values(): report = Check_Report_Azure(metadata=self.metadata(), resource=cluster) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "PASS" - report.status_extended = f"Cluster '{cluster.name}' was created with private nodes in subscription '{subscription_name}'" + report.status_extended = f"Cluster '{cluster.name}' was created with private nodes in subscription '{subscription_name} ({subscription_id})'" for agent_pool in cluster.agent_pool_profiles: if getattr(agent_pool, "enable_node_public_ip", True): report.status = "FAIL" - report.status_extended = f"Cluster '{cluster.name}' was not created with private nodes in subscription '{subscription_name}'" + report.status_extended = f"Cluster '{cluster.name}' was not created with private nodes in subscription '{subscription_name} ({subscription_id})'" break findings.append(report) diff --git a/prowler/providers/azure/services/aks/aks_clusters_public_access_disabled/aks_clusters_public_access_disabled.py b/prowler/providers/azure/services/aks/aks_clusters_public_access_disabled/aks_clusters_public_access_disabled.py index b607abb6d9..5c73934e50 100644 --- a/prowler/providers/azure/services/aks/aks_clusters_public_access_disabled/aks_clusters_public_access_disabled.py +++ b/prowler/providers/azure/services/aks/aks_clusters_public_access_disabled/aks_clusters_public_access_disabled.py @@ -6,18 +6,21 @@ class aks_clusters_public_access_disabled(Check): def execute(self) -> Check_Report_Azure: findings = [] - for subscription_name, clusters in aks_client.clusters.items(): + for subscription_id, clusters in aks_client.clusters.items(): + subscription_name = aks_client.subscriptions.get( + subscription_id, subscription_id + ) for cluster in clusters.values(): report = Check_Report_Azure(metadata=self.metadata(), resource=cluster) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "FAIL" - report.status_extended = f"Public access to nodes is enabled for cluster '{cluster.name}' in subscription '{subscription_name}'" + report.status_extended = f"Public access to nodes is enabled for cluster '{cluster.name}' in subscription '{subscription_name} ({subscription_id})'" if cluster.private_fqdn: for agent_pool in cluster.agent_pool_profiles: if not getattr(agent_pool, "enable_node_public_ip", False): report.status = "PASS" - report.status_extended = f"Public access to nodes is disabled for cluster '{cluster.name}' in subscription '{subscription_name}'" + report.status_extended = f"Public access to nodes is disabled for cluster '{cluster.name}' in subscription '{subscription_name} ({subscription_id})'" findings.append(report) diff --git a/prowler/providers/azure/services/aks/aks_network_policy_enabled/aks_network_policy_enabled.py b/prowler/providers/azure/services/aks/aks_network_policy_enabled/aks_network_policy_enabled.py index 2af996ffa5..53a1562b47 100644 --- a/prowler/providers/azure/services/aks/aks_network_policy_enabled/aks_network_policy_enabled.py +++ b/prowler/providers/azure/services/aks/aks_network_policy_enabled/aks_network_policy_enabled.py @@ -6,16 +6,19 @@ class aks_network_policy_enabled(Check): def execute(self) -> Check_Report_Azure: findings = [] - for subscription_name, clusters in aks_client.clusters.items(): + for subscription_id, clusters in aks_client.clusters.items(): + subscription_name = aks_client.subscriptions.get( + subscription_id, subscription_id + ) for cluster_id, cluster in clusters.items(): report = Check_Report_Azure(metadata=self.metadata(), resource=cluster) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "PASS" - report.status_extended = f"Network policy is enabled for cluster '{cluster.name}' in subscription '{subscription_name}'." + report.status_extended = f"Network policy is enabled for cluster '{cluster.name}' in subscription '{subscription_name} ({subscription_id})'." if not getattr(cluster, "network_policy", False): report.status = "FAIL" - report.status_extended = f"Network policy is not enabled for cluster '{cluster.name}' in subscription '{subscription_name}'." + report.status_extended = f"Network policy is not enabled for cluster '{cluster.name}' in subscription '{subscription_name} ({subscription_id})'." findings.append(report) diff --git a/prowler/providers/azure/services/aks/aks_service.py b/prowler/providers/azure/services/aks/aks_service.py index 4c269fbf28..3d158a2f70 100644 --- a/prowler/providers/azure/services/aks/aks_service.py +++ b/prowler/providers/azure/services/aks/aks_service.py @@ -17,14 +17,14 @@ class AKS(AzureService): logger.info("AKS - Getting clusters...") clusters = {} - for subscription_name, client in self.clients.items(): + for subscription_id, client in self.clients.items(): try: clusters_list = client.managed_clusters.list() - clusters.update({subscription_name: {}}) + clusters.update({subscription_id: {}}) for cluster in clusters_list: if getattr(cluster, "kubernetes_version", None): - clusters[subscription_name].update( + clusters[subscription_id].update( { cluster.id: Cluster( id=cluster.id, @@ -60,7 +60,7 @@ class AKS(AzureService): ) except Exception as error: logger.error( - f"Subscription name: {subscription_name} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription_id} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return clusters diff --git a/prowler/providers/azure/services/apim/apim_service.py b/prowler/providers/azure/services/apim/apim_service.py index 793eb727c3..98fb00f276 100644 --- a/prowler/providers/azure/services/apim/apim_service.py +++ b/prowler/providers/azure/services/apim/apim_service.py @@ -147,7 +147,7 @@ class APIM(AzureService): ) except Exception as error: logger.error( - f"Subscription name: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return instances diff --git a/prowler/providers/azure/services/apim/apim_threat_detection_llm_jacking/apim_threat_detection_llm_jacking.py b/prowler/providers/azure/services/apim/apim_threat_detection_llm_jacking/apim_threat_detection_llm_jacking.py index c08d4fe954..0fe68aa223 100644 --- a/prowler/providers/azure/services/apim/apim_threat_detection_llm_jacking/apim_threat_detection_llm_jacking.py +++ b/prowler/providers/azure/services/apim/apim_threat_detection_llm_jacking/apim_threat_detection_llm_jacking.py @@ -50,9 +50,11 @@ class apim_threat_detection_llm_jacking(Check): ], ) - # 1. Aggregate logs from all APIM instances first - all_llm_logs: List[LogsQueryLogEntry] = [] for subscription, instances in apim_client.instances.items(): + subscription_name = apim_client.subscriptions.get( + subscription, subscription + ) + all_llm_logs: List[LogsQueryLogEntry] = [] for instance in instances: if instance.log_analytics_workspace_id: logs = apim_client.get_llm_operations_logs( @@ -60,7 +62,8 @@ class apim_threat_detection_llm_jacking(Check): ) all_llm_logs.extend(logs) - # 2. Perform a single, global analysis on all collected logs + # Analyze logs only within the current subscription to avoid + # cross-subscription attribution when scanning multiple subscriptions. potential_llm_jacking_attackers = {} for log in all_llm_logs: operation_name = log.operation_id @@ -91,19 +94,17 @@ class apim_threat_detection_llm_jacking(Check): report = Check_Report_Azure(self.metadata(), resource=resource) report.subscription = subscription report.status = "FAIL" - report.status_extended = f"Potential LLM Jacking attack detected from IP address {principal_ip} with a threshold of {action_ratio}." + report.status_extended = f"Potential LLM Jacking attack detected from IP address {principal_ip} in subscription {subscription_name} ({subscription}) with an action ratio of {action_ratio}, above the configured threshold of {threshold}." findings.append(report) - # 4. If no threats were found after checking all principals, create a single PASS report + # If no threats were found after checking all principals, create a single PASS report. if not found_potential_llm_jacking_attackers: report = Check_Report_Azure(self.metadata(), resource={}) - report.resource_name = subscription - report.resource_id = ( - f"/subscriptions/{apim_client.subscriptions[subscription]}" - ) + report.resource_name = subscription_name + report.resource_id = f"/subscriptions/{subscription}" report.subscription = subscription report.status = "PASS" - report.status_extended = f"No potential LLM Jacking attacks detected across all monitored APIM instances in the last {threat_detection_minutes} minutes." + report.status_extended = f"No potential LLM Jacking attacks detected across monitored APIM instances in subscription {subscription_name} ({subscription}) in the last {threat_detection_minutes} minutes." findings.append(report) return findings diff --git a/prowler/providers/azure/services/app/app_client_certificates_on/app_client_certificates_on.py b/prowler/providers/azure/services/app/app_client_certificates_on/app_client_certificates_on.py index 44103a7625..d146a23334 100644 --- a/prowler/providers/azure/services/app/app_client_certificates_on/app_client_certificates_on.py +++ b/prowler/providers/azure/services/app/app_client_certificates_on/app_client_certificates_on.py @@ -7,18 +7,21 @@ class app_client_certificates_on(Check): findings = [] for ( - subscription_name, + subscription_id, apps, ) in app_client.apps.items(): + subscription_name = app_client.subscriptions.get( + subscription_id, subscription_id + ) for app in apps.values(): report = Check_Report_Azure(metadata=self.metadata(), resource=app) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "PASS" - report.status_extended = f"Clients are required to present a certificate for app '{app.name}' in subscription '{subscription_name}'." + report.status_extended = f"Clients are required to present a certificate for app '{app.name}' in subscription '{subscription_name} ({subscription_id})'." if app.client_cert_mode != "Required": report.status = "FAIL" - report.status_extended = f"Clients are not required to present a certificate for app '{app.name}' in subscription '{subscription_name}'." + report.status_extended = f"Clients are not required to present a certificate for app '{app.name}' in subscription '{subscription_name} ({subscription_id})'." findings.append(report) diff --git a/prowler/providers/azure/services/app/app_ensure_auth_is_set_up/app_ensure_auth_is_set_up.py b/prowler/providers/azure/services/app/app_ensure_auth_is_set_up/app_ensure_auth_is_set_up.py index 93d9d5b944..885fa64317 100644 --- a/prowler/providers/azure/services/app/app_ensure_auth_is_set_up/app_ensure_auth_is_set_up.py +++ b/prowler/providers/azure/services/app/app_ensure_auth_is_set_up/app_ensure_auth_is_set_up.py @@ -7,18 +7,21 @@ class app_ensure_auth_is_set_up(Check): findings = [] for ( - subscription_name, + subscription_id, apps, ) in app_client.apps.items(): + subscription_name = app_client.subscriptions.get( + subscription_id, subscription_id + ) for app in apps.values(): report = Check_Report_Azure(metadata=self.metadata(), resource=app) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "PASS" - report.status_extended = f"Authentication is set up for app '{app.name}' in subscription '{subscription_name}'." + report.status_extended = f"Authentication is set up for app '{app.name}' in subscription '{subscription_name} ({subscription_id})'." if not app.auth_enabled: report.status = "FAIL" - report.status_extended = f"Authentication is not set up for app '{app.name}' in subscription '{subscription_name}'." + report.status_extended = f"Authentication is not set up for app '{app.name}' in subscription '{subscription_name} ({subscription_id})'." findings.append(report) diff --git a/prowler/providers/azure/services/app/app_ensure_http_is_redirected_to_https/app_ensure_http_is_redirected_to_https.py b/prowler/providers/azure/services/app/app_ensure_http_is_redirected_to_https/app_ensure_http_is_redirected_to_https.py index 47a0b8851a..04c846c904 100644 --- a/prowler/providers/azure/services/app/app_ensure_http_is_redirected_to_https/app_ensure_http_is_redirected_to_https.py +++ b/prowler/providers/azure/services/app/app_ensure_http_is_redirected_to_https/app_ensure_http_is_redirected_to_https.py @@ -7,18 +7,21 @@ class app_ensure_http_is_redirected_to_https(Check): findings = [] for ( - subscription_name, + subscription_id, apps, ) in app_client.apps.items(): + subscription_name = app_client.subscriptions.get( + subscription_id, subscription_id + ) for app in apps.values(): report = Check_Report_Azure(metadata=self.metadata(), resource=app) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "PASS" - report.status_extended = f"HTTP is redirected to HTTPS for app '{app.name}' in subscription '{subscription_name}'." + report.status_extended = f"HTTP is redirected to HTTPS for app '{app.name}' in subscription '{subscription_name} ({subscription_id})'." if not app.https_only: report.status = "FAIL" - report.status_extended = f"HTTP is not redirected to HTTPS for app '{app.name}' in subscription '{subscription_name}'." + report.status_extended = f"HTTP is not redirected to HTTPS for app '{app.name}' in subscription '{subscription_name} ({subscription_id})'." findings.append(report) diff --git a/prowler/providers/azure/services/app/app_ensure_java_version_is_latest/app_ensure_java_version_is_latest.py b/prowler/providers/azure/services/app/app_ensure_java_version_is_latest/app_ensure_java_version_is_latest.py index bc4caf7cf3..46aaa5aa9a 100644 --- a/prowler/providers/azure/services/app/app_ensure_java_version_is_latest/app_ensure_java_version_is_latest.py +++ b/prowler/providers/azure/services/app/app_ensure_java_version_is_latest/app_ensure_java_version_is_latest.py @@ -7,9 +7,12 @@ class app_ensure_java_version_is_latest(Check): findings = [] for ( - subscription_name, + subscription_id, apps, ) in app_client.apps.items(): + subscription_name = app_client.subscriptions.get( + subscription_id, subscription_id + ) for app in apps.values(): linux_framework = getattr(app.configurations, "linux_fx_version", "") windows_framework_version = getattr( @@ -18,19 +21,19 @@ class app_ensure_java_version_is_latest(Check): if "java" in linux_framework.lower() or windows_framework_version: report = Check_Report_Azure(metadata=self.metadata(), resource=app) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "FAIL" java_latest_version = app_client.audit_config.get( "java_latest_version", "17" ) - report.status_extended = f"Java version is set to '{f'java{windows_framework_version}' if windows_framework_version else linux_framework}', but should be set to 'java {java_latest_version}' for app '{app.name}' in subscription '{subscription_name}'." + report.status_extended = f"Java version is set to '{f'java{windows_framework_version}' if windows_framework_version else linux_framework}', but should be set to 'java {java_latest_version}' for app '{app.name}' in subscription '{subscription_name} ({subscription_id})'." if ( f"java{java_latest_version}" in linux_framework or java_latest_version == windows_framework_version ): report.status = "PASS" - report.status_extended = f"Java version is set to 'java {java_latest_version}' for app '{app.name}' in subscription '{subscription_name}'." + report.status_extended = f"Java version is set to 'java {java_latest_version}' for app '{app.name}' in subscription '{subscription_name} ({subscription_id})'." findings.append(report) diff --git a/prowler/providers/azure/services/app/app_ensure_php_version_is_latest/app_ensure_php_version_is_latest.py b/prowler/providers/azure/services/app/app_ensure_php_version_is_latest/app_ensure_php_version_is_latest.py index 8c48c629e3..7ccd31fbb5 100644 --- a/prowler/providers/azure/services/app/app_ensure_php_version_is_latest/app_ensure_php_version_is_latest.py +++ b/prowler/providers/azure/services/app/app_ensure_php_version_is_latest/app_ensure_php_version_is_latest.py @@ -7,9 +7,12 @@ class app_ensure_php_version_is_latest(Check): findings = [] for ( - subscription_name, + subscription_id, apps, ) in app_client.apps.items(): + subscription_name = app_client.subscriptions.get( + subscription_id, subscription_id + ) for app in apps.values(): framework = getattr(app.configurations, "linux_fx_version", "") @@ -17,14 +20,14 @@ class app_ensure_php_version_is_latest(Check): app.configurations, "php_version", "" ): report = Check_Report_Azure(metadata=self.metadata(), resource=app) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "FAIL" php_latest_version = app_client.audit_config.get( "php_latest_version", "8.2" ) - report.status_extended = f"PHP version is set to '{framework}', the latest version that you could use is the '{php_latest_version}' version, for app '{app.name}' in subscription '{subscription_name}'." + report.status_extended = f"PHP version is set to '{framework}', the latest version that you could use is the '{php_latest_version}' version, for app '{app.name}' in subscription '{subscription_name} ({subscription_id})'." if ( php_latest_version in framework @@ -32,7 +35,7 @@ class app_ensure_php_version_is_latest(Check): == php_latest_version ): report.status = "PASS" - report.status_extended = f"PHP version is set to '{php_latest_version}' for app '{app.name}' in subscription '{subscription_name}'." + report.status_extended = f"PHP version is set to '{php_latest_version}' for app '{app.name}' in subscription '{subscription_name} ({subscription_id})'." findings.append(report) diff --git a/prowler/providers/azure/services/app/app_ensure_python_version_is_latest/app_ensure_python_version_is_latest.py b/prowler/providers/azure/services/app/app_ensure_python_version_is_latest/app_ensure_python_version_is_latest.py index 9be2d127e1..9ea6690843 100644 --- a/prowler/providers/azure/services/app/app_ensure_python_version_is_latest/app_ensure_python_version_is_latest.py +++ b/prowler/providers/azure/services/app/app_ensure_python_version_is_latest/app_ensure_python_version_is_latest.py @@ -7,9 +7,12 @@ class app_ensure_python_version_is_latest(Check): findings = [] for ( - subscription_name, + subscription_id, apps, ) in app_client.apps.items(): + subscription_name = app_client.subscriptions.get( + subscription_id, subscription_id + ) for app in apps.values(): framework = getattr(app.configurations, "linux_fx_version", "") @@ -17,12 +20,12 @@ class app_ensure_python_version_is_latest(Check): app.configurations, "python_version", "" ): report = Check_Report_Azure(metadata=self.metadata(), resource=app) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "FAIL" python_latest_version = app_client.audit_config.get( "python_latest_version", "3.12" ) - report.status_extended = f"Python version is '{framework}', the latest version that you could use is the '{python_latest_version}' version, for app '{app.name}' in subscription '{subscription_name}'." + report.status_extended = f"Python version is '{framework}', the latest version that you could use is the '{python_latest_version}' version, for app '{app.name}' in subscription '{subscription_name} ({subscription_id})'." if ( python_latest_version in framework @@ -30,7 +33,7 @@ class app_ensure_python_version_is_latest(Check): == python_latest_version ): report.status = "PASS" - report.status_extended = f"Python version is set to '{python_latest_version}' for app '{app.name}' in subscription '{subscription_name}'." + report.status_extended = f"Python version is set to '{python_latest_version}' for app '{app.name}' in subscription '{subscription_name} ({subscription_id})'." findings.append(report) diff --git a/prowler/providers/azure/services/app/app_ensure_using_http20/app_ensure_using_http20.py b/prowler/providers/azure/services/app/app_ensure_using_http20/app_ensure_using_http20.py index 52ea5c83cd..d08a9ef90d 100644 --- a/prowler/providers/azure/services/app/app_ensure_using_http20/app_ensure_using_http20.py +++ b/prowler/providers/azure/services/app/app_ensure_using_http20/app_ensure_using_http20.py @@ -7,20 +7,23 @@ class app_ensure_using_http20(Check): findings = [] for ( - subscription_name, + subscription_id, apps, ) in app_client.apps.items(): + subscription_name = app_client.subscriptions.get( + subscription_id, subscription_id + ) for app in apps.values(): report = Check_Report_Azure(metadata=self.metadata(), resource=app) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "FAIL" - report.status_extended = f"HTTP/2.0 is not enabled for app '{app.name}' in subscription '{subscription_name}'." + report.status_extended = f"HTTP/2.0 is not enabled for app '{app.name}' in subscription '{subscription_name} ({subscription_id})'." if app.configurations and getattr( app.configurations, "http20_enabled", False ): report.status = "PASS" - report.status_extended = f"HTTP/2.0 is enabled for app '{app.name}' in subscription '{subscription_name}'." + report.status_extended = f"HTTP/2.0 is enabled for app '{app.name}' in subscription '{subscription_name} ({subscription_id})'." findings.append(report) diff --git a/prowler/providers/azure/services/app/app_ftp_deployment_disabled/app_ftp_deployment_disabled.py b/prowler/providers/azure/services/app/app_ftp_deployment_disabled/app_ftp_deployment_disabled.py index 7177b05a69..94f41e8f55 100644 --- a/prowler/providers/azure/services/app/app_ftp_deployment_disabled/app_ftp_deployment_disabled.py +++ b/prowler/providers/azure/services/app/app_ftp_deployment_disabled/app_ftp_deployment_disabled.py @@ -7,21 +7,24 @@ class app_ftp_deployment_disabled(Check): findings = [] for ( - subscription_name, + subscription_id, apps, ) in app_client.apps.items(): + subscription_name = app_client.subscriptions.get( + subscription_id, subscription_id + ) for app in apps.values(): report = Check_Report_Azure(metadata=self.metadata(), resource=app) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "FAIL" - report.status_extended = f"FTP is enabled for app '{app.name}' in subscription '{subscription_name}'." + report.status_extended = f"FTP is enabled for app '{app.name}' in subscription '{subscription_name} ({subscription_id})'." if ( app.configurations and getattr(app.configurations, "ftps_state", "AllAllowed") != "AllAllowed" ): report.status = "PASS" - report.status_extended = f"FTP is disabled for app '{app.name}' in subscription '{subscription_name}'." + report.status_extended = f"FTP is disabled for app '{app.name}' in subscription '{subscription_name} ({subscription_id})'." findings.append(report) diff --git a/prowler/providers/azure/services/app/app_function_access_keys_configured/app_function_access_keys_configured.py b/prowler/providers/azure/services/app/app_function_access_keys_configured/app_function_access_keys_configured.py index 4c1fb89756..45f273784d 100644 --- a/prowler/providers/azure/services/app/app_function_access_keys_configured/app_function_access_keys_configured.py +++ b/prowler/providers/azure/services/app/app_function_access_keys_configured/app_function_access_keys_configured.py @@ -7,23 +7,24 @@ class app_function_access_keys_configured(Check): findings = [] for ( - subscription_name, + subscription_id, functions, ) in app_client.functions.items(): + subscription_name = app_client.subscriptions.get( + subscription_id, subscription_id + ) for function in functions.values(): if function.function_keys is not None: report = Check_Report_Azure( metadata=self.metadata(), resource=function ) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "FAIL" - report.status_extended = f"Function {function.name} does not have function keys configured." + report.status_extended = f"Function {function.name} from subscription {subscription_name} ({subscription_id}) does not have function keys configured." if len(function.function_keys) > 0: report.status = "PASS" - report.status_extended = ( - f"Function {function.name} has function keys configured." - ) + report.status_extended = f"Function {function.name} from subscription {subscription_name} ({subscription_id}) has function keys configured." findings.append(report) diff --git a/prowler/providers/azure/services/app/app_function_application_insights_enabled/app_function_application_insights_enabled.py b/prowler/providers/azure/services/app/app_function_application_insights_enabled/app_function_application_insights_enabled.py index 004af0da30..6fec5e7042 100644 --- a/prowler/providers/azure/services/app/app_function_application_insights_enabled/app_function_application_insights_enabled.py +++ b/prowler/providers/azure/services/app/app_function_application_insights_enabled/app_function_application_insights_enabled.py @@ -7,19 +7,20 @@ class app_function_application_insights_enabled(Check): findings = [] for ( - subscription_name, + subscription_id, functions, ) in app_client.functions.items(): + subscription_name = app_client.subscriptions.get( + subscription_id, subscription_id + ) for function in functions.values(): if function.enviroment_variables is not None: report = Check_Report_Azure( metadata=self.metadata(), resource=function ) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "FAIL" - report.status_extended = ( - f"Function {function.name} is not using Application Insights." - ) + report.status_extended = f"Function {function.name} from subscription {subscription_name} ({subscription_id}) is not using Application Insights." if function.enviroment_variables.get( "APPINSIGHTS_INSTRUMENTATIONKEY", None @@ -27,9 +28,7 @@ class app_function_application_insights_enabled(Check): "APPLICATIONINSIGHTS_CONNECTION_STRING", None ): report.status = "PASS" - report.status_extended = ( - f"Function {function.name} is using Application Insights." - ) + report.status_extended = f"Function {function.name} from subscription {subscription_name} ({subscription_id}) is using Application Insights." findings.append(report) diff --git a/prowler/providers/azure/services/app/app_function_ftps_deployment_disabled/app_function_ftps_deployment_disabled.py b/prowler/providers/azure/services/app/app_function_ftps_deployment_disabled/app_function_ftps_deployment_disabled.py index c899986036..9922e174cb 100644 --- a/prowler/providers/azure/services/app/app_function_ftps_deployment_disabled/app_function_ftps_deployment_disabled.py +++ b/prowler/providers/azure/services/app/app_function_ftps_deployment_disabled/app_function_ftps_deployment_disabled.py @@ -7,19 +7,20 @@ class app_function_ftps_deployment_disabled(Check): findings = [] for ( - subscription_name, + subscription_id, functions, ) in app_client.functions.items(): + subscription_name = app_client.subscriptions.get( + subscription_id, subscription_id + ) for function in functions.values(): report = Check_Report_Azure(metadata=self.metadata(), resource=function) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "FAIL" - report.status_extended = f"Function {function.name} has {'FTP' if function.ftps_state == 'AllAllowed' else 'FTPS' if function.ftps_state == 'FtpsOnly' else 'FTP or FTPS'} deployment enabled" + report.status_extended = f"Function {function.name} from subscription {subscription_name} ({subscription_id}) has {'FTP' if function.ftps_state == 'AllAllowed' else 'FTPS' if function.ftps_state == 'FtpsOnly' else 'FTP or FTPS'} deployment enabled." if function.ftps_state == "Disabled": report.status = "PASS" - report.status_extended = ( - f"Function {function.name} has FTP and FTPS deployment disabled" - ) + report.status_extended = f"Function {function.name} from subscription {subscription_name} ({subscription_id}) has FTP and FTPS deployment disabled." findings.append(report) diff --git a/prowler/providers/azure/services/app/app_function_identity_is_configured/app_function_identity_is_configured.py b/prowler/providers/azure/services/app/app_function_identity_is_configured/app_function_identity_is_configured.py index 0d68971f95..6ee83d6c5f 100644 --- a/prowler/providers/azure/services/app/app_function_identity_is_configured/app_function_identity_is_configured.py +++ b/prowler/providers/azure/services/app/app_function_identity_is_configured/app_function_identity_is_configured.py @@ -7,18 +7,26 @@ class app_function_identity_is_configured(Check): findings = [] for ( - subscription_name, + subscription_id, functions, ) in app_client.functions.items(): + subscription_name = app_client.subscriptions.get( + subscription_id, subscription_id + ) for function in functions.values(): report = Check_Report_Azure(metadata=self.metadata(), resource=function) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "FAIL" - report.status_extended = f"Function {function.name} does not have a managed identity enabled." + report.status_extended = f"Function {function.name} from subscription {subscription_name} ({subscription_id}) does not have a managed identity enabled." if function.identity: + identity_type = ( + function.identity.type + if getattr(function.identity, "type", "") + else "managed" + ) report.status = "PASS" - report.status_extended = f"Function {function.name} has a {function.identity.type if getattr(function.identity, 'type', '') else 'managed'} identity enabled." + report.status_extended = f"Function {function.name} from subscription {subscription_name} ({subscription_id}) has a {identity_type} identity enabled." findings.append(report) diff --git a/prowler/providers/azure/services/app/app_function_identity_without_admin_privileges/app_function_identity_without_admin_privileges.py b/prowler/providers/azure/services/app/app_function_identity_without_admin_privileges/app_function_identity_without_admin_privileges.py index 9804ce283c..5031ca7120 100644 --- a/prowler/providers/azure/services/app/app_function_identity_without_admin_privileges/app_function_identity_without_admin_privileges.py +++ b/prowler/providers/azure/services/app/app_function_identity_without_admin_privileges/app_function_identity_without_admin_privileges.py @@ -14,22 +14,25 @@ class app_function_identity_without_admin_privileges(Check): findings = [] for ( - subscription_name, + subscription_id, functions, ) in app_client.functions.items(): + subscription_name = app_client.subscriptions.get( + subscription_id, subscription_id + ) for function in functions.values(): if function.identity: report = Check_Report_Azure( metadata=self.metadata(), resource=function ) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "PASS" - report.status_extended = f"Function {function.name} has a managed identity enabled but without admin privileges." + report.status_extended = f"Function {function.name} from subscription {subscription_name} ({subscription_id}) has a managed identity enabled but without admin privileges." admin_roles_assigned = [] for role_assignment in iam_client.role_assignments[ - subscription_name + subscription_id ].values(): if ( role_assignment.agent_id == function.identity.principal_id @@ -43,8 +46,8 @@ class app_function_identity_without_admin_privileges(Check): ): admin_roles_assigned.append( getattr( - iam_client.roles[subscription_name].get( - f"/subscriptions/{iam_client.subscriptions[subscription_name]}/providers/Microsoft.Authorization/roleDefinitions/{role_assignment.role_id}" + iam_client.roles[subscription_id].get( + f"/subscriptions/{subscription_id}/providers/Microsoft.Authorization/roleDefinitions/{role_assignment.role_id}" ), "name", "", @@ -53,7 +56,7 @@ class app_function_identity_without_admin_privileges(Check): if admin_roles_assigned: report.status = "FAIL" - report.status_extended = f"Function {function.name} has a managed identity enabled and it is configure with admin privileges using {'roles: ' + ', '.join(admin_roles_assigned) if len(admin_roles_assigned) > 1 else 'role ' + admin_roles_assigned[0]}." + report.status_extended = f"Function {function.name} from subscription {subscription_name} ({subscription_id}) has a managed identity enabled and it is configure with admin privileges using {'roles: ' + ', '.join(admin_roles_assigned) if len(admin_roles_assigned) > 1 else 'role ' + admin_roles_assigned[0]}." findings.append(report) diff --git a/prowler/providers/azure/services/app/app_function_latest_runtime_version/app_function_latest_runtime_version.py b/prowler/providers/azure/services/app/app_function_latest_runtime_version/app_function_latest_runtime_version.py index 3cd8d349b4..828362a8fe 100644 --- a/prowler/providers/azure/services/app/app_function_latest_runtime_version/app_function_latest_runtime_version.py +++ b/prowler/providers/azure/services/app/app_function_latest_runtime_version/app_function_latest_runtime_version.py @@ -7,19 +7,20 @@ class app_function_latest_runtime_version(Check): findings = [] for ( - subscription_name, + subscription_id, functions, ) in app_client.functions.items(): + subscription_name = app_client.subscriptions.get( + subscription_id, subscription_id + ) for function in functions.values(): if function.enviroment_variables is not None: report = Check_Report_Azure( metadata=self.metadata(), resource=function ) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "PASS" - report.status_extended = ( - f"Function {function.name} is using the latest runtime." - ) + report.status_extended = f"Function {function.name} from subscription {subscription_name} ({subscription_id}) is using the latest runtime." if ( function.enviroment_variables.get( @@ -28,7 +29,7 @@ class app_function_latest_runtime_version(Check): != "~4" ): report.status = "FAIL" - report.status_extended = f"Function {function.name} is not using the latest runtime. The current runtime is '{function.enviroment_variables.get('FUNCTIONS_EXTENSION_VERSION', '')}' and should be '~4'." + report.status_extended = f"Function {function.name} from subscription {subscription_name} ({subscription_id}) is not using the latest runtime. The current runtime is '{function.enviroment_variables.get('FUNCTIONS_EXTENSION_VERSION', '')}' and should be '~4'." findings.append(report) diff --git a/prowler/providers/azure/services/app/app_function_not_publicly_accessible/app_function_not_publicly_accessible.py b/prowler/providers/azure/services/app/app_function_not_publicly_accessible/app_function_not_publicly_accessible.py index 3d506ae6e8..eede7d990f 100644 --- a/prowler/providers/azure/services/app/app_function_not_publicly_accessible/app_function_not_publicly_accessible.py +++ b/prowler/providers/azure/services/app/app_function_not_publicly_accessible/app_function_not_publicly_accessible.py @@ -7,22 +7,21 @@ class app_function_not_publicly_accessible(Check): findings = [] for ( - subscription_name, + subscription_id, functions, ) in app_client.functions.items(): + subscription_name = app_client.subscriptions.get( + subscription_id, subscription_id + ) for function in functions.values(): report = Check_Report_Azure(metadata=self.metadata(), resource=function) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "FAIL" - report.status_extended = ( - f"Function {function.name} is publicly accessible." - ) + report.status_extended = f"Function {function.name} from subscription {subscription_name} ({subscription_id}) is publicly accessible." if not function.public_access: report.status = "PASS" - report.status_extended = ( - f"Function {function.name} is not publicly accessible." - ) + report.status_extended = f"Function {function.name} from subscription {subscription_name} ({subscription_id}) is not publicly accessible." findings.append(report) diff --git a/prowler/providers/azure/services/app/app_function_vnet_integration_enabled/app_function_vnet_integration_enabled.py b/prowler/providers/azure/services/app/app_function_vnet_integration_enabled/app_function_vnet_integration_enabled.py index 027b98ac88..716c32955d 100644 --- a/prowler/providers/azure/services/app/app_function_vnet_integration_enabled/app_function_vnet_integration_enabled.py +++ b/prowler/providers/azure/services/app/app_function_vnet_integration_enabled/app_function_vnet_integration_enabled.py @@ -7,18 +7,21 @@ class app_function_vnet_integration_enabled(Check): findings = [] for ( - subscription_name, + subscription_id, functions, ) in app_client.functions.items(): + subscription_name = app_client.subscriptions.get( + subscription_id, subscription_id + ) for function in functions.values(): report = Check_Report_Azure(metadata=self.metadata(), resource=function) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "FAIL" - report.status_extended = f"Function {function.name} does not have virtual network integration enabled." + report.status_extended = f"Function {function.name} from subscription {subscription_name} ({subscription_id}) does not have virtual network integration enabled." if function.vnet_subnet_id: report.status = "PASS" - report.status_extended = f"Function {function.name} has Virtual Network integration enabled with subnet '{function.vnet_subnet_id}' enabled." + report.status_extended = f"Function {function.name} from subscription {subscription_name} ({subscription_id}) has Virtual Network integration enabled with subnet '{function.vnet_subnet_id}' enabled." findings.append(report) diff --git a/prowler/providers/azure/services/app/app_http_logs_enabled/app_http_logs_enabled.py b/prowler/providers/azure/services/app/app_http_logs_enabled/app_http_logs_enabled.py index 137ec3c494..ee3596e6bc 100644 --- a/prowler/providers/azure/services/app/app_http_logs_enabled/app_http_logs_enabled.py +++ b/prowler/providers/azure/services/app/app_http_logs_enabled/app_http_logs_enabled.py @@ -6,25 +6,28 @@ class app_http_logs_enabled(Check): def execute(self) -> Check_Report_Azure: findings = [] - for subscription_name, apps in app_client.apps.items(): + for subscription_id, apps in app_client.apps.items(): + subscription_name = app_client.subscriptions.get( + subscription_id, subscription_id + ) for app in apps.values(): if "functionapp" not in app.kind: report = Check_Report_Azure(metadata=self.metadata(), resource=app) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "FAIL" if not app.monitor_diagnostic_settings: - report.status_extended = f"App {app.name} does not have a diagnostic setting in subscription {subscription_name}." + report.status_extended = f"App {app.name} does not have a diagnostic setting in subscription {subscription_name} ({subscription_id})." else: for diagnostic_setting in app.monitor_diagnostic_settings: - report.status_extended = f"App {app.name} does not have HTTP Logs enabled in diagnostic setting {diagnostic_setting.name} in subscription {subscription_name}" + report.status_extended = f"App {app.name} does not have HTTP Logs enabled in diagnostic setting {diagnostic_setting.name} in subscription {subscription_name} ({subscription_id})" for log in diagnostic_setting.logs: if log.category == "AppServiceHTTPLogs" and log.enabled: report.status = "PASS" - report.status_extended = f"App {app.name} has HTTP Logs enabled in diagnostic setting {diagnostic_setting.name} in subscription {subscription_name}" + report.status_extended = f"App {app.name} has HTTP Logs enabled in diagnostic setting {diagnostic_setting.name} in subscription {subscription_name} ({subscription_id})" break elif log.category_group == "allLogs" and log.enabled: report.status = "PASS" - report.status_extended = f"App {app.name} has allLogs category group which includes HTTP Logs enabled in diagnostic setting {diagnostic_setting.name} in subscription {subscription_name}" + report.status_extended = f"App {app.name} has allLogs category group which includes HTTP Logs enabled in diagnostic setting {diagnostic_setting.name} in subscription {subscription_name} ({subscription_id})" break findings.append(report) diff --git a/prowler/providers/azure/services/app/app_minimum_tls_version_12/app_minimum_tls_version_12.py b/prowler/providers/azure/services/app/app_minimum_tls_version_12/app_minimum_tls_version_12.py index f6931ba7cf..75427c16c8 100644 --- a/prowler/providers/azure/services/app/app_minimum_tls_version_12/app_minimum_tls_version_12.py +++ b/prowler/providers/azure/services/app/app_minimum_tls_version_12/app_minimum_tls_version_12.py @@ -7,20 +7,23 @@ class app_minimum_tls_version_12(Check): findings = [] for ( - subscription_name, + subscription_id, apps, ) in app_client.apps.items(): + subscription_name = app_client.subscriptions.get( + subscription_id, subscription_id + ) for app in apps.values(): report = Check_Report_Azure(metadata=self.metadata(), resource=app) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "FAIL" - report.status_extended = f"Minimum TLS version is not set to 1.2 for app '{app.name}' in subscription '{subscription_name}'." + report.status_extended = f"Minimum TLS version is not set to 1.2 for app '{app.name}' in subscription '{subscription_name} ({subscription_id})'." if app.configurations and getattr( app.configurations, "min_tls_version", "" ) in ["1.2", "1.3"]: report.status = "PASS" - report.status_extended = f"Minimum TLS version is set to {app.configurations.min_tls_version} for app '{app.name}' in subscription '{subscription_name}'." + report.status_extended = f"Minimum TLS version is set to {app.configurations.min_tls_version} for app '{app.name}' in subscription '{subscription_name} ({subscription_id})'." findings.append(report) diff --git a/prowler/providers/azure/services/app/app_register_with_identity/app_register_with_identity.py b/prowler/providers/azure/services/app/app_register_with_identity/app_register_with_identity.py index 35961046f9..87bc58580f 100644 --- a/prowler/providers/azure/services/app/app_register_with_identity/app_register_with_identity.py +++ b/prowler/providers/azure/services/app/app_register_with_identity/app_register_with_identity.py @@ -7,18 +7,21 @@ class app_register_with_identity(Check): findings = [] for ( - subscription_name, + subscription_id, apps, ) in app_client.apps.items(): + subscription_name = app_client.subscriptions.get( + subscription_id, subscription_id + ) for app in apps.values(): report = Check_Report_Azure(metadata=self.metadata(), resource=app) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "PASS" - report.status_extended = f"App '{app.name}' in subscription '{subscription_name}' has an identity configured." + report.status_extended = f"App '{app.name}' in subscription '{subscription_name} ({subscription_id})' has an identity configured." if not app.identity: report.status = "FAIL" - report.status_extended = f"App '{app.name}' in subscription '{subscription_name}' does not have an identity configured." + report.status_extended = f"App '{app.name}' in subscription '{subscription_name} ({subscription_id})' does not have an identity configured." findings.append(report) diff --git a/prowler/providers/azure/services/app/app_service.py b/prowler/providers/azure/services/app/app_service.py index d70c51e778..201cd6a344 100644 --- a/prowler/providers/azure/services/app/app_service.py +++ b/prowler/providers/azure/services/app/app_service.py @@ -20,10 +20,10 @@ class App(AzureService): logger.info("App - Getting apps...") apps = {} - for subscription_name, client in self.clients.items(): + for subscription_id, client in self.clients.items(): try: apps_list = client.web_apps.list() - apps.update({subscription_name: {}}) + apps.update({subscription_id: {}}) for app in apps_list: # Filter function apps @@ -41,7 +41,7 @@ class App(AzureService): resource_group_name=app.resource_group, name=app.name ) - apps[subscription_name].update( + apps[subscription_id].update( { app.id: WebApp( resource_id=app.id, @@ -81,7 +81,7 @@ class App(AzureService): getattr(app, "client_cert_mode", "Ignore"), ), monitor_diagnostic_settings=self._get_app_monitor_settings( - app.name, app.resource_group, subscription_name + app.name, app.resource_group, subscription_id ), https_only=getattr(app, "https_only", False), identity=ManagedServiceIdentity( @@ -106,7 +106,7 @@ class App(AzureService): ) except Exception as error: logger.error( - f"Subscription name: {subscription_name} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription_id} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return apps @@ -115,17 +115,17 @@ class App(AzureService): logger.info("Function - Getting functions...") functions = {} - for subscription_name, client in self.clients.items(): + for subscription_id, client in self.clients.items(): try: functions_list = client.web_apps.list() - functions.update({subscription_name: {}}) + functions.update({subscription_id: {}}) for function in functions_list: # Filter function apps if getattr(function, "kind", "").startswith("functionapp"): # List host keys host_keys = self._get_function_host_keys( - subscription_name, function.resource_group, function.name + subscription_id, function.resource_group, function.name ) if host_keys is not None: function_keys = getattr(host_keys, "function_keys", {}) @@ -133,16 +133,16 @@ class App(AzureService): function_keys = None application_settings = self._list_application_settings( - subscription_name, function.resource_group, function.name + subscription_id, function.resource_group, function.name ) function_config = self._get_function_config( - subscription_name, + subscription_id, function.resource_group, function.name, ) - functions[subscription_name].update( + functions[subscription_id].update( { function.id: FunctionApp( id=function.id, @@ -175,7 +175,7 @@ class App(AzureService): ) except Exception as error: logger.error( - f"Subscription name: {subscription_name} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription_id} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return functions @@ -200,13 +200,13 @@ class App(AzureService): monitor_diagnostics_settings = [] try: monitor_diagnostics_settings = monitor_client.diagnostic_settings_with_uri( - self.subscriptions[subscription], - f"subscriptions/{self.subscriptions[subscription]}/resourceGroups/{resource_group}/providers/Microsoft.Web/sites/{app_name}", + subscription, + f"subscriptions/{subscription}/resourceGroups/{resource_group}/providers/Microsoft.Web/sites/{app_name}", monitor_client.clients[subscription], ) except Exception as error: logger.error( - f"Subscription name: {self.subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {self.subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return monitor_diagnostics_settings diff --git a/prowler/providers/azure/services/appinsights/appinsights_ensure_is_configured/appinsights_ensure_is_configured.py b/prowler/providers/azure/services/appinsights/appinsights_ensure_is_configured/appinsights_ensure_is_configured.py index c7761c115e..d803c2ea18 100644 --- a/prowler/providers/azure/services/appinsights/appinsights_ensure_is_configured/appinsights_ensure_is_configured.py +++ b/prowler/providers/azure/services/appinsights/appinsights_ensure_is_configured/appinsights_ensure_is_configured.py @@ -8,19 +8,20 @@ class appinsights_ensure_is_configured(Check): def execute(self) -> Check_Report_Azure: findings = [] - for subscription_name, components in appinsights_client.components.items(): + for subscription_id, components in appinsights_client.components.items(): + subscription_name = appinsights_client.subscriptions.get( + subscription_id, subscription_id + ) report = Check_Report_Azure(metadata=self.metadata(), resource={}) report.status = "PASS" - report.subscription = subscription_name - report.resource_name = subscription_name - report.resource_id = ( - f"/subscriptions/{appinsights_client.subscriptions[subscription_name]}" - ) - report.status_extended = f"There is at least one AppInsight configured in subscription {subscription_name}." + report.subscription = subscription_id + report.resource_name = subscription_id + report.resource_id = f"/subscriptions/{subscription_id}" + report.status_extended = f"There is at least one AppInsight configured in subscription {subscription_name} ({subscription_id})." if len(components) < 1: report.status = "FAIL" - report.status_extended = f"There are no AppInsight configured in subscription {subscription_name}." + report.status_extended = f"There are no AppInsight configured in subscription {subscription_name} ({subscription_id})." findings.append(report) diff --git a/prowler/providers/azure/services/appinsights/appinsights_service.py b/prowler/providers/azure/services/appinsights/appinsights_service.py index aae9dbf9b0..918a0f1b0f 100644 --- a/prowler/providers/azure/services/appinsights/appinsights_service.py +++ b/prowler/providers/azure/services/appinsights/appinsights_service.py @@ -15,13 +15,13 @@ class AppInsights(AzureService): logger.info("AppInsights - Getting components...") components = {} - for subscription_name, client in self.clients.items(): + for subscription_id, client in self.clients.items(): try: components_list = client.components.list() - components.update({subscription_name: {}}) + components.update({subscription_id: {}}) for component in components_list: - components[subscription_name].update( + components[subscription_id].update( { component.app_id: Component( resource_id=component.id, @@ -35,7 +35,7 @@ class AppInsights(AzureService): ) except Exception as error: logger.error( - f"Subscription name: {subscription_name} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription_id} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return components diff --git a/prowler/providers/azure/services/containerregistry/containerregistry_admin_user_disabled/containerregistry_admin_user_disabled.py b/prowler/providers/azure/services/containerregistry/containerregistry_admin_user_disabled/containerregistry_admin_user_disabled.py index 05cd0b1d6d..368dc3535e 100644 --- a/prowler/providers/azure/services/containerregistry/containerregistry_admin_user_disabled/containerregistry_admin_user_disabled.py +++ b/prowler/providers/azure/services/containerregistry/containerregistry_admin_user_disabled/containerregistry_admin_user_disabled.py @@ -9,17 +9,20 @@ class containerregistry_admin_user_disabled(Check): findings = [] for subscription, registries in containerregistry_client.registries.items(): + subscription_name = containerregistry_client.subscriptions.get( + subscription, subscription + ) for container_registry_info in registries.values(): report = Check_Report_Azure( metadata=self.metadata(), resource=container_registry_info ) report.subscription = subscription report.status = "FAIL" - report.status_extended = f"Container Registry {container_registry_info.name} from subscription {subscription} has its admin user enabled." + report.status_extended = f"Container Registry {container_registry_info.name} from subscription {subscription_name} ({subscription}) has its admin user enabled." if not container_registry_info.admin_user_enabled: report.status = "PASS" - report.status_extended = f"Container Registry {container_registry_info.name} from subscription {subscription} has its admin user disabled." + report.status_extended = f"Container Registry {container_registry_info.name} from subscription {subscription_name} ({subscription}) has its admin user disabled." findings.append(report) diff --git a/prowler/providers/azure/services/containerregistry/containerregistry_not_publicly_accessible/containerregistry_not_publicly_accessible.py b/prowler/providers/azure/services/containerregistry/containerregistry_not_publicly_accessible/containerregistry_not_publicly_accessible.py index e6401af404..707be1aafb 100644 --- a/prowler/providers/azure/services/containerregistry/containerregistry_not_publicly_accessible/containerregistry_not_publicly_accessible.py +++ b/prowler/providers/azure/services/containerregistry/containerregistry_not_publicly_accessible/containerregistry_not_publicly_accessible.py @@ -9,17 +9,20 @@ class containerregistry_not_publicly_accessible(Check): findings = [] for subscription, registries in containerregistry_client.registries.items(): + subscription_name = containerregistry_client.subscriptions.get( + subscription, subscription + ) for container_registry_info in registries.values(): report = Check_Report_Azure( metadata=self.metadata(), resource=container_registry_info ) report.subscription = subscription report.status = "FAIL" - report.status_extended = f"Container Registry {container_registry_info.name} from subscription {subscription} allows unrestricted network access." + report.status_extended = f"Container Registry {container_registry_info.name} from subscription {subscription_name} ({subscription}) allows unrestricted network access." if not container_registry_info.public_network_access: report.status = "PASS" - report.status_extended = f"Container Registry {container_registry_info.name} from subscription {subscription} does not allow unrestricted network access." + report.status_extended = f"Container Registry {container_registry_info.name} from subscription {subscription_name} ({subscription}) does not allow unrestricted network access." findings.append(report) diff --git a/prowler/providers/azure/services/containerregistry/containerregistry_service.py b/prowler/providers/azure/services/containerregistry/containerregistry_service.py index e0004429f0..ee6cce39f2 100644 --- a/prowler/providers/azure/services/containerregistry/containerregistry_service.py +++ b/prowler/providers/azure/services/containerregistry/containerregistry_service.py @@ -64,7 +64,7 @@ class ContainerRegistry(AzureService): ) except Exception as error: logger.error( - f"Subscription name: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return registries @@ -81,13 +81,13 @@ class ContainerRegistry(AzureService): monitor_diagnostics_settings = [] try: monitor_diagnostics_settings = monitor_client.diagnostic_settings_with_uri( - self.subscriptions[subscription], - f"subscriptions/{self.subscriptions[subscription]}/resourceGroups/{resource_group}/providers/Microsoft.ContainerRegistry/registries/{registry_name}", + subscription, + f"subscriptions/{subscription}/resourceGroups/{resource_group}/providers/Microsoft.ContainerRegistry/registries/{registry_name}", monitor_client.clients[subscription], ) except Exception as error: logger.error( - f"Subscription name: {self.subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {self.subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return monitor_diagnostics_settings diff --git a/prowler/providers/azure/services/containerregistry/containerregistry_uses_private_link/containerregistry_uses_private_link.py b/prowler/providers/azure/services/containerregistry/containerregistry_uses_private_link/containerregistry_uses_private_link.py index 5962a34c77..e9e6c324ad 100644 --- a/prowler/providers/azure/services/containerregistry/containerregistry_uses_private_link/containerregistry_uses_private_link.py +++ b/prowler/providers/azure/services/containerregistry/containerregistry_uses_private_link/containerregistry_uses_private_link.py @@ -9,17 +9,20 @@ class containerregistry_uses_private_link(Check): findings = [] for subscription, registries in containerregistry_client.registries.items(): + subscription_name = containerregistry_client.subscriptions.get( + subscription, subscription + ) for container_registry_info in registries.values(): report = Check_Report_Azure( metadata=self.metadata(), resource=container_registry_info ) report.subscription = subscription report.status = "FAIL" - report.status_extended = f"Container Registry {container_registry_info.name} from subscription {subscription} does not use a private link." + report.status_extended = f"Container Registry {container_registry_info.name} from subscription {subscription_name} ({subscription}) does not use a private link." if container_registry_info.private_endpoint_connections: report.status = "PASS" - report.status_extended = f"Container Registry {container_registry_info.name} from subscription {subscription} uses a private link." + report.status_extended = f"Container Registry {container_registry_info.name} from subscription {subscription_name} ({subscription}) uses a private link." findings.append(report) diff --git a/prowler/providers/azure/services/cosmosdb/cosmosdb_account_firewall_use_selected_networks/cosmosdb_account_firewall_use_selected_networks.py b/prowler/providers/azure/services/cosmosdb/cosmosdb_account_firewall_use_selected_networks/cosmosdb_account_firewall_use_selected_networks.py index d664fbfa3a..69d8bff663 100644 --- a/prowler/providers/azure/services/cosmosdb/cosmosdb_account_firewall_use_selected_networks/cosmosdb_account_firewall_use_selected_networks.py +++ b/prowler/providers/azure/services/cosmosdb/cosmosdb_account_firewall_use_selected_networks/cosmosdb_account_firewall_use_selected_networks.py @@ -6,14 +6,17 @@ class cosmosdb_account_firewall_use_selected_networks(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, accounts in cosmosdb_client.accounts.items(): + subscription_name = cosmosdb_client.subscriptions.get( + subscription, subscription + ) for account in accounts: report = Check_Report_Azure(metadata=self.metadata(), resource=account) report.subscription = subscription report.status = "FAIL" - report.status_extended = f"CosmosDB account {account.name} from subscription {subscription} has firewall rules that allow access from all networks." + report.status_extended = f"CosmosDB account {account.name} from subscription {subscription_name} ({subscription}) has firewall rules that allow access from all networks." if account.is_virtual_network_filter_enabled: report.status = "PASS" - report.status_extended = f"CosmosDB account {account.name} from subscription {subscription} has firewall rules that allow access only from selected networks." + report.status_extended = f"CosmosDB account {account.name} from subscription {subscription_name} ({subscription}) has firewall rules that allow access only from selected networks." findings.append(report) return findings diff --git a/prowler/providers/azure/services/cosmosdb/cosmosdb_account_use_aad_and_rbac/cosmosdb_account_use_aad_and_rbac.py b/prowler/providers/azure/services/cosmosdb/cosmosdb_account_use_aad_and_rbac/cosmosdb_account_use_aad_and_rbac.py index b521792256..acf77e240c 100644 --- a/prowler/providers/azure/services/cosmosdb/cosmosdb_account_use_aad_and_rbac/cosmosdb_account_use_aad_and_rbac.py +++ b/prowler/providers/azure/services/cosmosdb/cosmosdb_account_use_aad_and_rbac/cosmosdb_account_use_aad_and_rbac.py @@ -6,14 +6,17 @@ class cosmosdb_account_use_aad_and_rbac(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, accounts in cosmosdb_client.accounts.items(): + subscription_name = cosmosdb_client.subscriptions.get( + subscription, subscription + ) for account in accounts: report = Check_Report_Azure(metadata=self.metadata(), resource=account) report.subscription = subscription report.status = "FAIL" - report.status_extended = f"CosmosDB account {account.name} from subscription {subscription} is not using AAD and RBAC" + report.status_extended = f"CosmosDB account {account.name} from subscription {subscription_name} ({subscription}) is not using AAD and RBAC" if account.disable_local_auth: report.status = "PASS" - report.status_extended = f"CosmosDB account {account.name} from subscription {subscription} is using AAD and RBAC" + report.status_extended = f"CosmosDB account {account.name} from subscription {subscription_name} ({subscription}) is using AAD and RBAC" findings.append(report) return findings diff --git a/prowler/providers/azure/services/cosmosdb/cosmosdb_account_use_private_endpoints/cosmosdb_account_use_private_endpoints.py b/prowler/providers/azure/services/cosmosdb/cosmosdb_account_use_private_endpoints/cosmosdb_account_use_private_endpoints.py index 8229801134..d54abca891 100644 --- a/prowler/providers/azure/services/cosmosdb/cosmosdb_account_use_private_endpoints/cosmosdb_account_use_private_endpoints.py +++ b/prowler/providers/azure/services/cosmosdb/cosmosdb_account_use_private_endpoints/cosmosdb_account_use_private_endpoints.py @@ -6,14 +6,17 @@ class cosmosdb_account_use_private_endpoints(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, accounts in cosmosdb_client.accounts.items(): + subscription_name = cosmosdb_client.subscriptions.get( + subscription, subscription + ) for account in accounts: report = Check_Report_Azure(metadata=self.metadata(), resource=account) report.subscription = subscription report.status = "FAIL" - report.status_extended = f"CosmosDB account {account.name} from subscription {subscription} is not using private endpoints connections" + report.status_extended = f"CosmosDB account {account.name} from subscription {subscription_name} ({subscription}) is not using private endpoints connections" if account.private_endpoint_connections: report.status = "PASS" - report.status_extended = f"CosmosDB account {account.name} from subscription {subscription} is using private endpoints connections" + report.status_extended = f"CosmosDB account {account.name} from subscription {subscription_name} ({subscription}) is using private endpoints connections" findings.append(report) return findings diff --git a/prowler/providers/azure/services/cosmosdb/cosmosdb_service.py b/prowler/providers/azure/services/cosmosdb/cosmosdb_service.py index 2d229bc060..c36af1d2e9 100644 --- a/prowler/providers/azure/services/cosmosdb/cosmosdb_service.py +++ b/prowler/providers/azure/services/cosmosdb/cosmosdb_service.py @@ -48,7 +48,7 @@ class CosmosDB(AzureService): ) except Exception as error: logger.error( - f"Subscription name: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return accounts diff --git a/prowler/providers/azure/services/databricks/databricks_workspace_cmk_encryption_enabled/databricks_workspace_cmk_encryption_enabled.py b/prowler/providers/azure/services/databricks/databricks_workspace_cmk_encryption_enabled/databricks_workspace_cmk_encryption_enabled.py index a8e366f15a..ec40b94c10 100644 --- a/prowler/providers/azure/services/databricks/databricks_workspace_cmk_encryption_enabled/databricks_workspace_cmk_encryption_enabled.py +++ b/prowler/providers/azure/services/databricks/databricks_workspace_cmk_encryption_enabled/databricks_workspace_cmk_encryption_enabled.py @@ -17,6 +17,9 @@ class databricks_workspace_cmk_encryption_enabled(Check): def execute(self): findings = [] for subscription, workspaces in databricks_client.workspaces.items(): + subscription_name = databricks_client.subscriptions.get( + subscription, subscription + ) for workspace in workspaces.values(): report = Check_Report_Azure( metadata=self.metadata(), resource=workspace @@ -25,9 +28,9 @@ class databricks_workspace_cmk_encryption_enabled(Check): enc = workspace.managed_disk_encryption if enc: report.status = "PASS" - report.status_extended = f"Databricks workspace {workspace.name} in subscription {subscription} has customer-managed key (CMK) encryption enabled with key {enc.key_vault_uri}/{enc.key_name}/{enc.key_version}." + report.status_extended = f"Databricks workspace {workspace.name} in subscription {subscription_name} ({subscription}) has customer-managed key (CMK) encryption enabled with key {enc.key_vault_uri}/{enc.key_name}/{enc.key_version}." else: report.status = "FAIL" - report.status_extended = f"Databricks workspace {workspace.name} in subscription {subscription} does not have customer-managed key (CMK) encryption enabled." + report.status_extended = f"Databricks workspace {workspace.name} in subscription {subscription_name} ({subscription}) does not have customer-managed key (CMK) encryption enabled." findings.append(report) return findings diff --git a/prowler/providers/azure/services/databricks/databricks_workspace_vnet_injection_enabled/databricks_workspace_vnet_injection_enabled.py b/prowler/providers/azure/services/databricks/databricks_workspace_vnet_injection_enabled/databricks_workspace_vnet_injection_enabled.py index f667342dab..7092536b7d 100644 --- a/prowler/providers/azure/services/databricks/databricks_workspace_vnet_injection_enabled/databricks_workspace_vnet_injection_enabled.py +++ b/prowler/providers/azure/services/databricks/databricks_workspace_vnet_injection_enabled/databricks_workspace_vnet_injection_enabled.py @@ -17,6 +17,9 @@ class databricks_workspace_vnet_injection_enabled(Check): def execute(self): findings = [] for subscription, workspaces in databricks_client.workspaces.items(): + subscription_name = databricks_client.subscriptions.get( + subscription, subscription + ) for workspace in workspaces.values(): report = Check_Report_Azure( metadata=self.metadata(), resource=workspace @@ -24,9 +27,9 @@ class databricks_workspace_vnet_injection_enabled(Check): report.subscription = subscription if workspace.custom_managed_vnet_id: report.status = "PASS" - report.status_extended = f"Databricks workspace {workspace.name} in subscription {subscription} is deployed in a customer-managed VNet ({workspace.custom_managed_vnet_id})." + report.status_extended = f"Databricks workspace {workspace.name} in subscription {subscription_name} ({subscription}) is deployed in a customer-managed VNet ({workspace.custom_managed_vnet_id})." else: report.status = "FAIL" - report.status_extended = f"Databricks workspace {workspace.name} in subscription {subscription} is not deployed in a customer-managed VNet (VNet Injection is not enabled)." + report.status_extended = f"Databricks workspace {workspace.name} in subscription {subscription_name} ({subscription}) is not deployed in a customer-managed VNet (VNet Injection is not enabled)." findings.append(report) return findings diff --git a/prowler/providers/azure/services/defender/defender_additional_email_configured_with_a_security_contact/defender_additional_email_configured_with_a_security_contact.py b/prowler/providers/azure/services/defender/defender_additional_email_configured_with_a_security_contact/defender_additional_email_configured_with_a_security_contact.py index 06cb1f06d2..8a8013a261 100644 --- a/prowler/providers/azure/services/defender/defender_additional_email_configured_with_a_security_contact/defender_additional_email_configured_with_a_security_contact.py +++ b/prowler/providers/azure/services/defender/defender_additional_email_configured_with_a_security_contact/defender_additional_email_configured_with_a_security_contact.py @@ -7,9 +7,12 @@ class defender_additional_email_configured_with_a_security_contact(Check): findings = [] for ( - subscription_name, + subscription_id, security_contact_configurations, ) in defender_client.security_contact_configurations.items(): + subscription_name = defender_client.subscriptions.get( + subscription_id, subscription_id + ) for contact_configuration in security_contact_configurations.values(): report = Check_Report_Azure( metadata=self.metadata(), resource=contact_configuration @@ -19,14 +22,14 @@ class defender_additional_email_configured_with_a_security_contact(Check): if contact_configuration.name else "Security Contact" ) - report.subscription = subscription_name + report.subscription = subscription_id if len(contact_configuration.emails) > 0: report.status = "PASS" - report.status_extended = f"There is another correct email configured for subscription {subscription_name}." + report.status_extended = f"There is another correct email configured for subscription {subscription_name} ({subscription_id})." else: report.status = "FAIL" - report.status_extended = f"There is not another correct email configured for subscription {subscription_name}." + report.status_extended = f"There is not another correct email configured for subscription {subscription_name} ({subscription_id})." findings.append(report) diff --git a/prowler/providers/azure/services/defender/defender_assessments_vm_endpoint_protection_installed/defender_assessments_vm_endpoint_protection_installed.py b/prowler/providers/azure/services/defender/defender_assessments_vm_endpoint_protection_installed/defender_assessments_vm_endpoint_protection_installed.py index 1e24f4918a..d06447bdf8 100644 --- a/prowler/providers/azure/services/defender/defender_assessments_vm_endpoint_protection_installed/defender_assessments_vm_endpoint_protection_installed.py +++ b/prowler/providers/azure/services/defender/defender_assessments_vm_endpoint_protection_installed/defender_assessments_vm_endpoint_protection_installed.py @@ -7,9 +7,12 @@ class defender_assessments_vm_endpoint_protection_installed(Check): findings = [] for ( - subscription_name, + subscription_id, assessments, ) in defender_client.assessments.items(): + subscription_name = defender_client.subscriptions.get( + subscription_id, subscription_id + ) if ( "Install endpoint protection solution on virtual machines" in assessments @@ -20,9 +23,9 @@ class defender_assessments_vm_endpoint_protection_installed(Check): "Install endpoint protection solution on virtual machines" ], ) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "PASS" - report.status_extended = f"Endpoint protection is set up in all VMs in subscription {subscription_name}." + report.status_extended = f"Endpoint protection is set up in all VMs in subscription {subscription_name} ({subscription_id})." if ( assessments[ @@ -31,7 +34,7 @@ class defender_assessments_vm_endpoint_protection_installed(Check): == "Unhealthy" ): report.status = "FAIL" - report.status_extended = f"Endpoint protection is not set up in all VMs in subscription {subscription_name}." + report.status_extended = f"Endpoint protection is not set up in all VMs in subscription {subscription_name} ({subscription_id})." findings.append(report) diff --git a/prowler/providers/azure/services/defender/defender_attack_path_notifications_properly_configured/defender_attack_path_notifications_properly_configured.py b/prowler/providers/azure/services/defender/defender_attack_path_notifications_properly_configured/defender_attack_path_notifications_properly_configured.py index 8a9935457d..47d2a76cef 100644 --- a/prowler/providers/azure/services/defender/defender_attack_path_notifications_properly_configured/defender_attack_path_notifications_properly_configured.py +++ b/prowler/providers/azure/services/defender/defender_attack_path_notifications_properly_configured/defender_attack_path_notifications_properly_configured.py @@ -24,9 +24,12 @@ class defender_attack_path_notifications_properly_configured(Check): min_risk_index = risk_levels.index(min_risk_level) for ( - subscription_name, + subscription_id, security_contact_configurations, ) in defender_client.security_contact_configurations.items(): + subscription_name = defender_client.subscriptions.get( + subscription_id, subscription_id + ) for contact_configuration in security_contact_configurations.values(): report = Check_Report_Azure( metadata=self.metadata(), resource=contact_configuration @@ -36,21 +39,21 @@ class defender_attack_path_notifications_properly_configured(Check): if contact_configuration.name else "Security Contact" ) - report.subscription = subscription_name + report.subscription = subscription_id actual_risk_level = getattr( contact_configuration, "attack_path_minimal_risk_level", None ) if not actual_risk_level or actual_risk_level not in risk_levels: report.status = "FAIL" - report.status_extended = f"Attack path notifications are not enabled in subscription {subscription_name} for security contact {contact_configuration.name}." + report.status_extended = f"Attack path notifications are not enabled in subscription {subscription_name} ({subscription_id}) for security contact {contact_configuration.name}." else: actual_risk_index = risk_levels.index(actual_risk_level) if actual_risk_index <= min_risk_index: report.status = "PASS" - report.status_extended = f"Attack path notifications are enabled with minimal risk level {actual_risk_level} in subscription {subscription_name} for security contact {contact_configuration.name}." + report.status_extended = f"Attack path notifications are enabled with minimal risk level {actual_risk_level} in subscription {subscription_name} ({subscription_id}) for security contact {contact_configuration.name}." else: report.status = "FAIL" - report.status_extended = f"Attack path notifications are enabled with minimal risk level {actual_risk_level} in subscription {subscription_name} for security contact {contact_configuration.name}." + report.status_extended = f"Attack path notifications are enabled with minimal risk level {actual_risk_level} in subscription {subscription_name} ({subscription_id}) for security contact {contact_configuration.name}." findings.append(report) return findings diff --git a/prowler/providers/azure/services/defender/defender_auto_provisioning_log_analytics_agent_vms_on/defender_auto_provisioning_log_analytics_agent_vms_on.py b/prowler/providers/azure/services/defender/defender_auto_provisioning_log_analytics_agent_vms_on/defender_auto_provisioning_log_analytics_agent_vms_on.py index 5a4121a511..0c1162ace5 100644 --- a/prowler/providers/azure/services/defender/defender_auto_provisioning_log_analytics_agent_vms_on/defender_auto_provisioning_log_analytics_agent_vms_on.py +++ b/prowler/providers/azure/services/defender/defender_auto_provisioning_log_analytics_agent_vms_on/defender_auto_provisioning_log_analytics_agent_vms_on.py @@ -7,21 +7,24 @@ class defender_auto_provisioning_log_analytics_agent_vms_on(Check): findings = [] for ( - subscription_name, + subscription_id, auto_provisioning_settings, ) in defender_client.auto_provisioning_settings.items(): + subscription_name = defender_client.subscriptions.get( + subscription_id, subscription_id + ) for auto_provisioning_setting in auto_provisioning_settings.values(): report = Check_Report_Azure( metadata=self.metadata(), resource=auto_provisioning_setting, ) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "PASS" - report.status_extended = f"Defender Auto Provisioning Log Analytics Agents from subscription {subscription_name} is set to ON." + report.status_extended = f"Defender Auto Provisioning Log Analytics Agents from subscription {subscription_name} ({subscription_id}) is set to ON." if auto_provisioning_setting.auto_provision != "On": report.status = "FAIL" - report.status_extended = f"Defender Auto Provisioning Log Analytics Agents from subscription {subscription_name} is set to OFF." + report.status_extended = f"Defender Auto Provisioning Log Analytics Agents from subscription {subscription_name} ({subscription_id}) is set to OFF." findings.append(report) diff --git a/prowler/providers/azure/services/defender/defender_auto_provisioning_vulnerabilty_assessments_machines_on/defender_auto_provisioning_vulnerabilty_assessments_machines_on.py b/prowler/providers/azure/services/defender/defender_auto_provisioning_vulnerabilty_assessments_machines_on/defender_auto_provisioning_vulnerabilty_assessments_machines_on.py index f3bb4dbc25..90404e39e4 100644 --- a/prowler/providers/azure/services/defender/defender_auto_provisioning_vulnerabilty_assessments_machines_on/defender_auto_provisioning_vulnerabilty_assessments_machines_on.py +++ b/prowler/providers/azure/services/defender/defender_auto_provisioning_vulnerabilty_assessments_machines_on/defender_auto_provisioning_vulnerabilty_assessments_machines_on.py @@ -7,9 +7,12 @@ class defender_auto_provisioning_vulnerabilty_assessments_machines_on(Check): findings = [] for ( - subscription_name, + subscription_id, assessments, ) in defender_client.assessments.items(): + subscription_name = defender_client.subscriptions.get( + subscription_id, subscription_id + ) if ( "Machines should have a vulnerability assessment solution" in assessments @@ -20,9 +23,9 @@ class defender_auto_provisioning_vulnerabilty_assessments_machines_on(Check): "Machines should have a vulnerability assessment solution" ], ) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "PASS" - report.status_extended = f"Vulnerability assessment is set up in all VMs in subscription {subscription_name}." + report.status_extended = f"Vulnerability assessment is set up in all VMs in subscription {subscription_name} ({subscription_id})." if ( assessments[ @@ -31,7 +34,7 @@ class defender_auto_provisioning_vulnerabilty_assessments_machines_on(Check): == "Unhealthy" ): report.status = "FAIL" - report.status_extended = f"Vulnerability assessment is not set up in all VMs in subscription {subscription_name}." + report.status_extended = f"Vulnerability assessment is not set up in all VMs in subscription {subscription_name} ({subscription_id})." findings.append(report) diff --git a/prowler/providers/azure/services/defender/defender_container_images_resolved_vulnerabilities/defender_container_images_resolved_vulnerabilities.py b/prowler/providers/azure/services/defender/defender_container_images_resolved_vulnerabilities/defender_container_images_resolved_vulnerabilities.py index 51dd1e3648..56a5e10752 100644 --- a/prowler/providers/azure/services/defender/defender_container_images_resolved_vulnerabilities/defender_container_images_resolved_vulnerabilities.py +++ b/prowler/providers/azure/services/defender/defender_container_images_resolved_vulnerabilities/defender_container_images_resolved_vulnerabilities.py @@ -7,9 +7,12 @@ class defender_container_images_resolved_vulnerabilities(Check): findings = [] for ( - subscription_name, + subscription_id, assessments, ) in defender_client.assessments.items(): + subscription_name = defender_client.subscriptions.get( + subscription_id, subscription_id + ) if ( "Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management)" in assessments @@ -28,9 +31,9 @@ class defender_container_images_resolved_vulnerabilities(Check): "Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management)" ], ) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "PASS" - report.status_extended = f"Azure running container images do not have unresolved vulnerabilities in subscription '{subscription_name}'." + report.status_extended = f"Azure running container images do not have unresolved vulnerabilities in subscription '{subscription_name} ({subscription_id})'." if ( assessments[ "Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management)" @@ -38,7 +41,7 @@ class defender_container_images_resolved_vulnerabilities(Check): == "Unhealthy" ): report.status = "FAIL" - report.status_extended = f"Azure running container images have unresolved vulnerabilities in subscription '{subscription_name}'." + report.status_extended = f"Azure running container images have unresolved vulnerabilities in subscription '{subscription_name} ({subscription_id})'." findings.append(report) diff --git a/prowler/providers/azure/services/defender/defender_container_images_scan_enabled/defender_container_images_scan_enabled.py b/prowler/providers/azure/services/defender/defender_container_images_scan_enabled/defender_container_images_scan_enabled.py index 06b067d1a4..2cb5d1974e 100644 --- a/prowler/providers/azure/services/defender/defender_container_images_scan_enabled/defender_container_images_scan_enabled.py +++ b/prowler/providers/azure/services/defender/defender_container_images_scan_enabled/defender_container_images_scan_enabled.py @@ -6,20 +6,21 @@ class defender_container_images_scan_enabled(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, pricings in defender_client.pricings.items(): + subscription_name = defender_client.subscriptions.get( + subscription, subscription + ) if "Containers" in pricings: report = Check_Report_Azure( metadata=self.metadata(), resource=pricings["Containers"] ) report.subscription = subscription report.status = "PASS" - report.status_extended = ( - f"Container image scan is enabled in subscription {subscription}." - ) + report.status_extended = f"Container image scan is enabled in subscription {subscription_name} ({subscription})." if not pricings["Containers"].extensions.get( "ContainerRegistriesVulnerabilityAssessments" ): report.status = "FAIL" - report.status_extended = f"Container image scan is disabled in subscription {subscription}." + report.status_extended = f"Container image scan is disabled in subscription {subscription_name} ({subscription})." findings.append(report) return findings diff --git a/prowler/providers/azure/services/defender/defender_ensure_defender_for_app_services_is_on/defender_ensure_defender_for_app_services_is_on.py b/prowler/providers/azure/services/defender/defender_ensure_defender_for_app_services_is_on/defender_ensure_defender_for_app_services_is_on.py index cd30f2e5dd..e7362491bf 100644 --- a/prowler/providers/azure/services/defender/defender_ensure_defender_for_app_services_is_on/defender_ensure_defender_for_app_services_is_on.py +++ b/prowler/providers/azure/services/defender/defender_ensure_defender_for_app_services_is_on/defender_ensure_defender_for_app_services_is_on.py @@ -6,6 +6,9 @@ class defender_ensure_defender_for_app_services_is_on(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, pricings in defender_client.pricings.items(): + subscription_name = defender_client.subscriptions.get( + subscription, subscription + ) if "AppServices" in pricings: report = Check_Report_Azure( metadata=self.metadata(), resource=pricings["AppServices"] @@ -13,10 +16,10 @@ class defender_ensure_defender_for_app_services_is_on(Check): report.subscription = subscription report.resource_name = "Defender plan App Services" report.status = "PASS" - report.status_extended = f"Defender plan Defender for App Services from subscription {subscription} is set to ON (pricing tier standard)." + report.status_extended = f"Defender plan Defender for App Services from subscription {subscription_name} ({subscription}) is set to ON (pricing tier standard)." if pricings["AppServices"].pricing_tier != "Standard": report.status = "FAIL" - report.status_extended = f"Defender plan Defender for App Services from subscription {subscription} is set to OFF (pricing tier not standard)." + report.status_extended = f"Defender plan Defender for App Services from subscription {subscription_name} ({subscription}) is set to OFF (pricing tier not standard)." findings.append(report) return findings diff --git a/prowler/providers/azure/services/defender/defender_ensure_defender_for_arm_is_on/defender_ensure_defender_for_arm_is_on.py b/prowler/providers/azure/services/defender/defender_ensure_defender_for_arm_is_on/defender_ensure_defender_for_arm_is_on.py index c05102b351..f759967661 100644 --- a/prowler/providers/azure/services/defender/defender_ensure_defender_for_arm_is_on/defender_ensure_defender_for_arm_is_on.py +++ b/prowler/providers/azure/services/defender/defender_ensure_defender_for_arm_is_on/defender_ensure_defender_for_arm_is_on.py @@ -6,6 +6,9 @@ class defender_ensure_defender_for_arm_is_on(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, pricings in defender_client.pricings.items(): + subscription_name = defender_client.subscriptions.get( + subscription, subscription + ) if "Arm" in pricings: report = Check_Report_Azure( metadata=self.metadata(), resource=pricings["Arm"] @@ -13,10 +16,10 @@ class defender_ensure_defender_for_arm_is_on(Check): report.subscription = subscription report.resource_name = "Defender plan ARM" report.status = "PASS" - report.status_extended = f"Defender plan Defender for ARM from subscription {subscription} is set to ON (pricing tier standard)." + report.status_extended = f"Defender plan Defender for ARM from subscription {subscription_name} ({subscription}) is set to ON (pricing tier standard)." if pricings["Arm"].pricing_tier != "Standard": report.status = "FAIL" - report.status_extended = f"Defender plan Defender for ARM from subscription {subscription} is set to OFF (pricing tier not standard)." + report.status_extended = f"Defender plan Defender for ARM from subscription {subscription_name} ({subscription}) is set to OFF (pricing tier not standard)." findings.append(report) return findings diff --git a/prowler/providers/azure/services/defender/defender_ensure_defender_for_azure_sql_databases_is_on/defender_ensure_defender_for_azure_sql_databases_is_on.py b/prowler/providers/azure/services/defender/defender_ensure_defender_for_azure_sql_databases_is_on/defender_ensure_defender_for_azure_sql_databases_is_on.py index 3b05ddd415..6aeb8d0ddd 100644 --- a/prowler/providers/azure/services/defender/defender_ensure_defender_for_azure_sql_databases_is_on/defender_ensure_defender_for_azure_sql_databases_is_on.py +++ b/prowler/providers/azure/services/defender/defender_ensure_defender_for_azure_sql_databases_is_on/defender_ensure_defender_for_azure_sql_databases_is_on.py @@ -6,16 +6,19 @@ class defender_ensure_defender_for_azure_sql_databases_is_on(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, pricings in defender_client.pricings.items(): + subscription_name = defender_client.subscriptions.get( + subscription, subscription + ) if "SqlServers" in pricings: report = Check_Report_Azure( metadata=self.metadata(), resource=pricings["SqlServers"] ) report.subscription = subscription report.status = "PASS" - report.status_extended = f"Defender plan Defender for Azure SQL DB Servers from subscription {subscription} is set to ON (pricing tier standard)." + report.status_extended = f"Defender plan Defender for Azure SQL DB Servers from subscription {subscription_name} ({subscription}) is set to ON (pricing tier standard)." if pricings["SqlServers"].pricing_tier != "Standard": report.status = "FAIL" - report.status_extended = f"Defender plan Defender for Azure SQL DB Servers from subscription {subscription} is set to OFF (pricing tier not standard)." + report.status_extended = f"Defender plan Defender for Azure SQL DB Servers from subscription {subscription_name} ({subscription}) is set to OFF (pricing tier not standard)." findings.append(report) return findings diff --git a/prowler/providers/azure/services/defender/defender_ensure_defender_for_containers_is_on/defender_ensure_defender_for_containers_is_on.py b/prowler/providers/azure/services/defender/defender_ensure_defender_for_containers_is_on/defender_ensure_defender_for_containers_is_on.py index 56a5ff32e3..00741c18f8 100644 --- a/prowler/providers/azure/services/defender/defender_ensure_defender_for_containers_is_on/defender_ensure_defender_for_containers_is_on.py +++ b/prowler/providers/azure/services/defender/defender_ensure_defender_for_containers_is_on/defender_ensure_defender_for_containers_is_on.py @@ -6,16 +6,19 @@ class defender_ensure_defender_for_containers_is_on(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, pricings in defender_client.pricings.items(): + subscription_name = defender_client.subscriptions.get( + subscription, subscription + ) if "Containers" in pricings: report = Check_Report_Azure( metadata=self.metadata(), resource=pricings["Containers"] ) report.subscription = subscription report.status = "PASS" - report.status_extended = f"Defender plan Defender for Containers from subscription {subscription} is set to ON (pricing tier standard)." + report.status_extended = f"Defender plan Defender for Containers from subscription {subscription_name} ({subscription}) is set to ON (pricing tier standard)." if pricings["Containers"].pricing_tier != "Standard": report.status = "FAIL" - report.status_extended = f"Defender plan Defender for Containers from subscription {subscription} is set to OFF (pricing tier not standard)." + report.status_extended = f"Defender plan Defender for Containers from subscription {subscription_name} ({subscription}) is set to OFF (pricing tier not standard)." findings.append(report) return findings diff --git a/prowler/providers/azure/services/defender/defender_ensure_defender_for_cosmosdb_is_on/defender_ensure_defender_for_cosmosdb_is_on.py b/prowler/providers/azure/services/defender/defender_ensure_defender_for_cosmosdb_is_on/defender_ensure_defender_for_cosmosdb_is_on.py index eba77eb94f..b709f00831 100644 --- a/prowler/providers/azure/services/defender/defender_ensure_defender_for_cosmosdb_is_on/defender_ensure_defender_for_cosmosdb_is_on.py +++ b/prowler/providers/azure/services/defender/defender_ensure_defender_for_cosmosdb_is_on/defender_ensure_defender_for_cosmosdb_is_on.py @@ -6,6 +6,9 @@ class defender_ensure_defender_for_cosmosdb_is_on(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, pricings in defender_client.pricings.items(): + subscription_name = defender_client.subscriptions.get( + subscription, subscription + ) if "CosmosDbs" in pricings: report = Check_Report_Azure( metadata=self.metadata(), resource=pricings["CosmosDbs"] @@ -13,10 +16,10 @@ class defender_ensure_defender_for_cosmosdb_is_on(Check): report.subscription = subscription report.resource_name = "Defender plan Cosmos DB" report.status = "PASS" - report.status_extended = f"Defender plan Defender for Cosmos DB from subscription {subscription} is set to ON (pricing tier standard)." + report.status_extended = f"Defender plan Defender for Cosmos DB from subscription {subscription_name} ({subscription}) is set to ON (pricing tier standard)." if pricings["CosmosDbs"].pricing_tier != "Standard": report.status = "FAIL" - report.status_extended = f"Defender plan Defender for Cosmos DB from subscription {subscription} is set to OFF (pricing tier not standard)." + report.status_extended = f"Defender plan Defender for Cosmos DB from subscription {subscription_name} ({subscription}) is set to OFF (pricing tier not standard)." findings.append(report) return findings diff --git a/prowler/providers/azure/services/defender/defender_ensure_defender_for_databases_is_on/defender_ensure_defender_for_databases_is_on.py b/prowler/providers/azure/services/defender/defender_ensure_defender_for_databases_is_on/defender_ensure_defender_for_databases_is_on.py index 21f43a7e13..45b991cbdb 100644 --- a/prowler/providers/azure/services/defender/defender_ensure_defender_for_databases_is_on/defender_ensure_defender_for_databases_is_on.py +++ b/prowler/providers/azure/services/defender/defender_ensure_defender_for_databases_is_on/defender_ensure_defender_for_databases_is_on.py @@ -6,6 +6,9 @@ class defender_ensure_defender_for_databases_is_on(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, pricings in defender_client.pricings.items(): + subscription_name = defender_client.subscriptions.get( + subscription, subscription + ) if ( "SqlServers" in pricings and "SqlServerVirtualMachines" in pricings @@ -17,7 +20,7 @@ class defender_ensure_defender_for_databases_is_on(Check): ) report.subscription = subscription report.status = "PASS" - report.status_extended = f"Defender plan Defender for Databases from subscription {subscription} is set to ON (pricing tier standard)." + report.status_extended = f"Defender plan Defender for Databases from subscription {subscription_name} ({subscription}) is set to ON (pricing tier standard)." if ( pricings["SqlServers"].pricing_tier != "Standard" or pricings["SqlServerVirtualMachines"].pricing_tier != "Standard" @@ -26,7 +29,7 @@ class defender_ensure_defender_for_databases_is_on(Check): or pricings["CosmosDbs"].pricing_tier != "Standard" ): report.status = "FAIL" - report.status_extended = f"Defender plan Defender for Databases from subscription {subscription} is set to OFF (pricing tier not standard)." + report.status_extended = f"Defender plan Defender for Databases from subscription {subscription_name} ({subscription}) is set to OFF (pricing tier not standard)." findings.append(report) return findings diff --git a/prowler/providers/azure/services/defender/defender_ensure_defender_for_dns_is_on/defender_ensure_defender_for_dns_is_on.py b/prowler/providers/azure/services/defender/defender_ensure_defender_for_dns_is_on/defender_ensure_defender_for_dns_is_on.py index e096e93bab..86fd78f554 100644 --- a/prowler/providers/azure/services/defender/defender_ensure_defender_for_dns_is_on/defender_ensure_defender_for_dns_is_on.py +++ b/prowler/providers/azure/services/defender/defender_ensure_defender_for_dns_is_on/defender_ensure_defender_for_dns_is_on.py @@ -6,6 +6,9 @@ class defender_ensure_defender_for_dns_is_on(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, pricings in defender_client.pricings.items(): + subscription_name = defender_client.subscriptions.get( + subscription, subscription + ) if "Dns" in pricings: report = Check_Report_Azure( metadata=self.metadata(), resource=pricings["Dns"] @@ -13,10 +16,10 @@ class defender_ensure_defender_for_dns_is_on(Check): report.subscription = subscription report.resource_name = "Defender plan DNS" report.status = "PASS" - report.status_extended = f"Defender plan Defender for DNS from subscription {subscription} is set to ON (pricing tier standard)." + report.status_extended = f"Defender plan Defender for DNS from subscription {subscription_name} ({subscription}) is set to ON (pricing tier standard)." if pricings["Dns"].pricing_tier != "Standard": report.status = "FAIL" - report.status_extended = f"Defender plan Defender for DNS from subscription {subscription} is set to OFF (pricing tier not standard)." + report.status_extended = f"Defender plan Defender for DNS from subscription {subscription_name} ({subscription}) is set to OFF (pricing tier not standard)." findings.append(report) return findings diff --git a/prowler/providers/azure/services/defender/defender_ensure_defender_for_keyvault_is_on/defender_ensure_defender_for_keyvault_is_on.py b/prowler/providers/azure/services/defender/defender_ensure_defender_for_keyvault_is_on/defender_ensure_defender_for_keyvault_is_on.py index 202e76b4b4..42bcb62ed4 100644 --- a/prowler/providers/azure/services/defender/defender_ensure_defender_for_keyvault_is_on/defender_ensure_defender_for_keyvault_is_on.py +++ b/prowler/providers/azure/services/defender/defender_ensure_defender_for_keyvault_is_on/defender_ensure_defender_for_keyvault_is_on.py @@ -6,6 +6,9 @@ class defender_ensure_defender_for_keyvault_is_on(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, pricings in defender_client.pricings.items(): + subscription_name = defender_client.subscriptions.get( + subscription, subscription + ) if "KeyVaults" in pricings: report = Check_Report_Azure( metadata=self.metadata(), resource=pricings["KeyVaults"] @@ -13,10 +16,10 @@ class defender_ensure_defender_for_keyvault_is_on(Check): report.subscription = subscription report.resource_name = "Defender plan KeyVaults" report.status = "PASS" - report.status_extended = f"Defender plan Defender for KeyVaults from subscription {subscription} is set to ON (pricing tier standard)." + report.status_extended = f"Defender plan Defender for KeyVaults from subscription {subscription_name} ({subscription}) is set to ON (pricing tier standard)." if pricings["KeyVaults"].pricing_tier != "Standard": report.status = "FAIL" - report.status_extended = f"Defender plan Defender for KeyVaults from subscription {subscription} is set to OFF (pricing tier not standard)." + report.status_extended = f"Defender plan Defender for KeyVaults from subscription {subscription_name} ({subscription}) is set to OFF (pricing tier not standard)." findings.append(report) return findings diff --git a/prowler/providers/azure/services/defender/defender_ensure_defender_for_os_relational_databases_is_on/defender_ensure_defender_for_os_relational_databases_is_on.py b/prowler/providers/azure/services/defender/defender_ensure_defender_for_os_relational_databases_is_on/defender_ensure_defender_for_os_relational_databases_is_on.py index 7497e9fc2a..187b1950f1 100644 --- a/prowler/providers/azure/services/defender/defender_ensure_defender_for_os_relational_databases_is_on/defender_ensure_defender_for_os_relational_databases_is_on.py +++ b/prowler/providers/azure/services/defender/defender_ensure_defender_for_os_relational_databases_is_on/defender_ensure_defender_for_os_relational_databases_is_on.py @@ -6,6 +6,9 @@ class defender_ensure_defender_for_os_relational_databases_is_on(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, pricings in defender_client.pricings.items(): + subscription_name = defender_client.subscriptions.get( + subscription, subscription + ) if "OpenSourceRelationalDatabases" in pricings: report = Check_Report_Azure( metadata=self.metadata(), @@ -14,10 +17,10 @@ class defender_ensure_defender_for_os_relational_databases_is_on(Check): report.subscription = subscription report.resource_name = "Defender plan Open-Source Relational Databases" report.status = "PASS" - report.status_extended = f"Defender plan Defender for Open-Source Relational Databases from subscription {subscription} is set to ON (pricing tier standard)." + report.status_extended = f"Defender plan Defender for Open-Source Relational Databases from subscription {subscription_name} ({subscription}) is set to ON (pricing tier standard)." if pricings["OpenSourceRelationalDatabases"].pricing_tier != "Standard": report.status = "FAIL" - report.status_extended = f"Defender plan Defender for Open-Source Relational Databases from subscription {subscription} is set to OFF (pricing tier not standard)." + report.status_extended = f"Defender plan Defender for Open-Source Relational Databases from subscription {subscription_name} ({subscription}) is set to OFF (pricing tier not standard)." findings.append(report) return findings diff --git a/prowler/providers/azure/services/defender/defender_ensure_defender_for_server_is_on/defender_ensure_defender_for_server_is_on.py b/prowler/providers/azure/services/defender/defender_ensure_defender_for_server_is_on/defender_ensure_defender_for_server_is_on.py index 54cf846b78..3c5afd49b9 100644 --- a/prowler/providers/azure/services/defender/defender_ensure_defender_for_server_is_on/defender_ensure_defender_for_server_is_on.py +++ b/prowler/providers/azure/services/defender/defender_ensure_defender_for_server_is_on/defender_ensure_defender_for_server_is_on.py @@ -6,6 +6,9 @@ class defender_ensure_defender_for_server_is_on(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, pricings in defender_client.pricings.items(): + subscription_name = defender_client.subscriptions.get( + subscription, subscription + ) if "VirtualMachines" in pricings: report = Check_Report_Azure( metadata=self.metadata(), @@ -14,10 +17,10 @@ class defender_ensure_defender_for_server_is_on(Check): report.subscription = subscription report.resource_name = "Defender plan Servers" report.status = "PASS" - report.status_extended = f"Defender plan Defender for Servers from subscription {subscription} is set to ON (pricing tier standard)." + report.status_extended = f"Defender plan Defender for Servers from subscription {subscription_name} ({subscription}) is set to ON (pricing tier standard)." if pricings["VirtualMachines"].pricing_tier != "Standard": report.status = "FAIL" - report.status_extended = f"Defender plan Defender for Servers from subscription {subscription} is set to OFF (pricing tier not standard)." + report.status_extended = f"Defender plan Defender for Servers from subscription {subscription_name} ({subscription}) is set to OFF (pricing tier not standard)." findings.append(report) return findings diff --git a/prowler/providers/azure/services/defender/defender_ensure_defender_for_sql_servers_is_on/defender_ensure_defender_for_sql_servers_is_on.py b/prowler/providers/azure/services/defender/defender_ensure_defender_for_sql_servers_is_on/defender_ensure_defender_for_sql_servers_is_on.py index 741b5906a9..5f40f32b28 100644 --- a/prowler/providers/azure/services/defender/defender_ensure_defender_for_sql_servers_is_on/defender_ensure_defender_for_sql_servers_is_on.py +++ b/prowler/providers/azure/services/defender/defender_ensure_defender_for_sql_servers_is_on/defender_ensure_defender_for_sql_servers_is_on.py @@ -6,6 +6,9 @@ class defender_ensure_defender_for_sql_servers_is_on(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, pricings in defender_client.pricings.items(): + subscription_name = defender_client.subscriptions.get( + subscription, subscription + ) if "SqlServerVirtualMachines" in pricings: report = Check_Report_Azure( metadata=self.metadata(), @@ -14,10 +17,10 @@ class defender_ensure_defender_for_sql_servers_is_on(Check): report.subscription = subscription report.resource_name = "Defender plan SQL Server VMs" report.status = "PASS" - report.status_extended = f"Defender plan Defender for SQL Server VMs from subscription {subscription} is set to ON (pricing tier standard)." + report.status_extended = f"Defender plan Defender for SQL Server VMs from subscription {subscription_name} ({subscription}) is set to ON (pricing tier standard)." if pricings["SqlServerVirtualMachines"].pricing_tier != "Standard": report.status = "FAIL" - report.status_extended = f"Defender plan Defender for SQL Server VMs from subscription {subscription} is set to OFF (pricing tier not standard)." + report.status_extended = f"Defender plan Defender for SQL Server VMs from subscription {subscription_name} ({subscription}) is set to OFF (pricing tier not standard)." findings.append(report) return findings diff --git a/prowler/providers/azure/services/defender/defender_ensure_defender_for_storage_is_on/defender_ensure_defender_for_storage_is_on.py b/prowler/providers/azure/services/defender/defender_ensure_defender_for_storage_is_on/defender_ensure_defender_for_storage_is_on.py index 390d6e8cde..e4844d343d 100644 --- a/prowler/providers/azure/services/defender/defender_ensure_defender_for_storage_is_on/defender_ensure_defender_for_storage_is_on.py +++ b/prowler/providers/azure/services/defender/defender_ensure_defender_for_storage_is_on/defender_ensure_defender_for_storage_is_on.py @@ -6,6 +6,9 @@ class defender_ensure_defender_for_storage_is_on(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, pricings in defender_client.pricings.items(): + subscription_name = defender_client.subscriptions.get( + subscription, subscription + ) if "StorageAccounts" in pricings: report = Check_Report_Azure( metadata=self.metadata(), @@ -14,10 +17,10 @@ class defender_ensure_defender_for_storage_is_on(Check): report.subscription = subscription report.resource_name = "Defender plan Storage Accounts" report.status = "PASS" - report.status_extended = f"Defender plan Defender for Storage Accounts from subscription {subscription} is set to ON (pricing tier standard)." + report.status_extended = f"Defender plan Defender for Storage Accounts from subscription {subscription_name} ({subscription}) is set to ON (pricing tier standard)." if pricings["StorageAccounts"].pricing_tier != "Standard": report.status = "FAIL" - report.status_extended = f"Defender plan Defender for Storage Accounts from subscription {subscription} is set to OFF (pricing tier not standard)." + report.status_extended = f"Defender plan Defender for Storage Accounts from subscription {subscription_name} ({subscription}) is set to OFF (pricing tier not standard)." findings.append(report) return findings diff --git a/prowler/providers/azure/services/defender/defender_ensure_iot_hub_defender_is_on/defender_ensure_iot_hub_defender_is_on.py b/prowler/providers/azure/services/defender/defender_ensure_iot_hub_defender_is_on/defender_ensure_iot_hub_defender_is_on.py index e608e09fbd..07cbc79102 100644 --- a/prowler/providers/azure/services/defender/defender_ensure_iot_hub_defender_is_on/defender_ensure_iot_hub_defender_is_on.py +++ b/prowler/providers/azure/services/defender/defender_ensure_iot_hub_defender_is_on/defender_ensure_iot_hub_defender_is_on.py @@ -7,18 +7,19 @@ class defender_ensure_iot_hub_defender_is_on(Check): findings = [] for ( - subscription_name, + subscription_id, iot_security_solutions, ) in defender_client.iot_security_solutions.items(): + subscription_name = defender_client.subscriptions.get( + subscription_id, subscription_id + ) if not iot_security_solutions: report = Check_Report_Azure(metadata=self.metadata(), resource={}) report.status = "FAIL" - report.subscription = subscription_name - report.resource_name = subscription_name - report.resource_id = ( - f"/subscriptions/{defender_client.subscriptions[subscription_name]}" - ) - report.status_extended = f"No IoT Security Solutions found in the subscription {subscription_name}." + report.subscription = subscription_id + report.resource_name = subscription_id + report.resource_id = f"/subscriptions/{subscription_id}" + report.status_extended = f"No IoT Security Solutions found in the subscription {subscription_name} ({subscription_id})." findings.append(report) else: for iot_security_solution in iot_security_solutions.values(): @@ -26,13 +27,13 @@ class defender_ensure_iot_hub_defender_is_on(Check): metadata=self.metadata(), resource=iot_security_solution, ) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "PASS" - report.status_extended = f"The security solution {iot_security_solution.name} is enabled in subscription {subscription_name}." + report.status_extended = f"The security solution {iot_security_solution.name} is enabled in subscription {subscription_name} ({subscription_id})." if iot_security_solution.status != "Enabled": report.status = "FAIL" - report.status_extended = f"The security solution {iot_security_solution.name} is disabled in subscription {subscription_name}" + report.status_extended = f"The security solution {iot_security_solution.name} is disabled in subscription {subscription_name} ({subscription_id})" findings.append(report) diff --git a/prowler/providers/azure/services/defender/defender_ensure_mcas_is_enabled/defender_ensure_mcas_is_enabled.py b/prowler/providers/azure/services/defender/defender_ensure_mcas_is_enabled/defender_ensure_mcas_is_enabled.py index 4899f2dc06..c836fa1c67 100644 --- a/prowler/providers/azure/services/defender/defender_ensure_mcas_is_enabled/defender_ensure_mcas_is_enabled.py +++ b/prowler/providers/azure/services/defender/defender_ensure_mcas_is_enabled/defender_ensure_mcas_is_enabled.py @@ -7,29 +7,30 @@ class defender_ensure_mcas_is_enabled(Check): findings = [] for ( - subscription_name, + subscription_id, settings, ) in defender_client.settings.items(): + subscription_name = defender_client.subscriptions.get( + subscription_id, subscription_id + ) if "MCAS" not in settings: report = Check_Report_Azure(metadata=self.metadata(), resource={}) - report.subscription = subscription_name - report.resource_name = subscription_name - report.resource_id = ( - f"/subscriptions/{defender_client.subscriptions[subscription_name]}" - ) + report.subscription = subscription_id + report.resource_name = subscription_id + report.resource_id = f"/subscriptions/{subscription_id}" report.status = "FAIL" - report.status_extended = f"Microsoft Defender for Cloud Apps not exists for subscription {subscription_name}." + report.status_extended = f"Microsoft Defender for Cloud Apps not exists for subscription {subscription_name} ({subscription_id})." else: report = Check_Report_Azure( metadata=self.metadata(), resource=settings["MCAS"] ) - report.subscription = subscription_name + report.subscription = subscription_id if settings["MCAS"].enabled: report.status = "PASS" - report.status_extended = f"Microsoft Defender for Cloud Apps is enabled for subscription {subscription_name}." + report.status_extended = f"Microsoft Defender for Cloud Apps is enabled for subscription {subscription_name} ({subscription_id})." else: report.status = "FAIL" - report.status_extended = f"Microsoft Defender for Cloud Apps is disabled for subscription {subscription_name}." + report.status_extended = f"Microsoft Defender for Cloud Apps is disabled for subscription {subscription_name} ({subscription_id})." findings.append(report) diff --git a/prowler/providers/azure/services/defender/defender_ensure_notify_alerts_severity_is_high/defender_ensure_notify_alerts_severity_is_high.py b/prowler/providers/azure/services/defender/defender_ensure_notify_alerts_severity_is_high/defender_ensure_notify_alerts_severity_is_high.py index d01fec8966..fb99f0277b 100644 --- a/prowler/providers/azure/services/defender/defender_ensure_notify_alerts_severity_is_high/defender_ensure_notify_alerts_severity_is_high.py +++ b/prowler/providers/azure/services/defender/defender_ensure_notify_alerts_severity_is_high/defender_ensure_notify_alerts_severity_is_high.py @@ -7,9 +7,12 @@ class defender_ensure_notify_alerts_severity_is_high(Check): findings = [] for ( - subscription_name, + subscription_id, security_contact_configurations, ) in defender_client.security_contact_configurations.items(): + subscription_name = defender_client.subscriptions.get( + subscription_id, subscription_id + ) for contact_configuration in security_contact_configurations.values(): report = Check_Report_Azure( metadata=self.metadata(), resource=contact_configuration @@ -19,16 +22,16 @@ class defender_ensure_notify_alerts_severity_is_high(Check): if contact_configuration.name else "Security Contact" ) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "FAIL" - report.status_extended = f"Notifications are not enabled for alerts with a minimum severity of high or lower in subscription {subscription_name}." + report.status_extended = f"Notifications are not enabled for alerts with a minimum severity of high or lower in subscription {subscription_name} ({subscription_id})." if ( contact_configuration.alert_minimal_severity and contact_configuration.alert_minimal_severity != "Critical" ): report.status = "PASS" - report.status_extended = f"Notifications are enabled for alerts with a minimum severity of high or lower ({contact_configuration.alert_minimal_severity}) in subscription {subscription_name}." + report.status_extended = f"Notifications are enabled for alerts with a minimum severity of high or lower ({contact_configuration.alert_minimal_severity}) in subscription {subscription_name} ({subscription_id})." findings.append(report) diff --git a/prowler/providers/azure/services/defender/defender_ensure_notify_emails_to_owners/defender_ensure_notify_emails_to_owners.py b/prowler/providers/azure/services/defender/defender_ensure_notify_emails_to_owners/defender_ensure_notify_emails_to_owners.py index ed16c609c3..7c751bb816 100644 --- a/prowler/providers/azure/services/defender/defender_ensure_notify_emails_to_owners/defender_ensure_notify_emails_to_owners.py +++ b/prowler/providers/azure/services/defender/defender_ensure_notify_emails_to_owners/defender_ensure_notify_emails_to_owners.py @@ -7,9 +7,12 @@ class defender_ensure_notify_emails_to_owners(Check): findings = [] for ( - subscription_name, + subscription_id, security_contact_configurations, ) in defender_client.security_contact_configurations.items(): + subscription_name = defender_client.subscriptions.get( + subscription_id, subscription_id + ) for contact_configuration in security_contact_configurations.values(): report = Check_Report_Azure( metadata=self.metadata(), @@ -20,16 +23,16 @@ class defender_ensure_notify_emails_to_owners(Check): if contact_configuration.name else "Security Contact" ) - report.subscription = subscription_name + report.subscription = subscription_id if ( contact_configuration.notifications_by_role.state and "Owner" in contact_configuration.notifications_by_role.roles ): report.status = "PASS" - report.status_extended = f"The Owner role is notified for subscription {subscription_name}." + report.status_extended = f"The Owner role is notified for subscription {subscription_name} ({subscription_id})." else: report.status = "FAIL" - report.status_extended = f"The Owner role is not notified for subscription {subscription_name}." + report.status_extended = f"The Owner role is not notified for subscription {subscription_name} ({subscription_id})." findings.append(report) diff --git a/prowler/providers/azure/services/defender/defender_ensure_system_updates_are_applied/defender_ensure_system_updates_are_applied.py b/prowler/providers/azure/services/defender/defender_ensure_system_updates_are_applied/defender_ensure_system_updates_are_applied.py index 1984888f02..01da3dec82 100644 --- a/prowler/providers/azure/services/defender/defender_ensure_system_updates_are_applied/defender_ensure_system_updates_are_applied.py +++ b/prowler/providers/azure/services/defender/defender_ensure_system_updates_are_applied/defender_ensure_system_updates_are_applied.py @@ -7,9 +7,12 @@ class defender_ensure_system_updates_are_applied(Check): findings = [] for ( - subscription_name, + subscription_id, assessments, ) in defender_client.assessments.items(): + subscription_name = defender_client.subscriptions.get( + subscription_id, subscription_id + ) if ( "Log Analytics agent should be installed on virtual machines" in assessments @@ -23,9 +26,9 @@ class defender_ensure_system_updates_are_applied(Check): "System updates should be installed on your machines" ], ) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "PASS" - report.status_extended = f"System updates are applied for all the VMs in the subscription {subscription_name}." + report.status_extended = f"System updates are applied for all the VMs in the subscription {subscription_name} ({subscription_id})." if ( assessments[ @@ -42,7 +45,7 @@ class defender_ensure_system_updates_are_applied(Check): == "Unhealthy" ): report.status = "FAIL" - report.status_extended = f"System updates are not applied for all the VMs in the subscription {subscription_name}." + report.status_extended = f"System updates are not applied for all the VMs in the subscription {subscription_name} ({subscription_id})." findings.append(report) diff --git a/prowler/providers/azure/services/defender/defender_ensure_wdatp_is_enabled/defender_ensure_wdatp_is_enabled.py b/prowler/providers/azure/services/defender/defender_ensure_wdatp_is_enabled/defender_ensure_wdatp_is_enabled.py index 47aa40a904..9b2049c9fb 100644 --- a/prowler/providers/azure/services/defender/defender_ensure_wdatp_is_enabled/defender_ensure_wdatp_is_enabled.py +++ b/prowler/providers/azure/services/defender/defender_ensure_wdatp_is_enabled/defender_ensure_wdatp_is_enabled.py @@ -7,29 +7,30 @@ class defender_ensure_wdatp_is_enabled(Check): findings = [] for ( - subscription_name, + subscription_id, settings, ) in defender_client.settings.items(): + subscription_name = defender_client.subscriptions.get( + subscription_id, subscription_id + ) if "WDATP" not in settings: report = Check_Report_Azure(metadata=self.metadata(), resource={}) - report.subscription = subscription_name - report.resource_name = subscription_name - report.resource_id = ( - f"/subscriptions/{defender_client.subscriptions[subscription_name]}" - ) + report.subscription = subscription_id + report.resource_name = subscription_id + report.resource_id = f"/subscriptions/{subscription_id}" report.status = "FAIL" - report.status_extended = f"Microsoft Defender for Endpoint integration not exists for subscription {subscription_name}." + report.status_extended = f"Microsoft Defender for Endpoint integration not exists for subscription {subscription_name} ({subscription_id})." else: report = Check_Report_Azure( metadata=self.metadata(), resource=settings["WDATP"] ) - report.subscription = subscription_name + report.subscription = subscription_id if settings["WDATP"].enabled: report.status = "PASS" - report.status_extended = f"Microsoft Defender for Endpoint integration is enabled for subscription {subscription_name}." + report.status_extended = f"Microsoft Defender for Endpoint integration is enabled for subscription {subscription_name} ({subscription_id})." else: report.status = "FAIL" - report.status_extended = f"Microsoft Defender for Endpoint integration is disabled for subscription {subscription_name}." + report.status_extended = f"Microsoft Defender for Endpoint integration is disabled for subscription {subscription_name} ({subscription_id})." findings.append(report) diff --git a/prowler/providers/azure/services/defender/defender_service.py b/prowler/providers/azure/services/defender/defender_service.py index 089a8846d7..7da96cd8ec 100644 --- a/prowler/providers/azure/services/defender/defender_service.py +++ b/prowler/providers/azure/services/defender/defender_service.py @@ -30,14 +30,14 @@ class Defender(AzureService): def _get_pricings(self): logger.info("Defender - Getting pricings...") pricings = {} - for subscription_name, client in self.clients.items(): + for subscription_id, client in self.clients.items(): try: pricings_list = client.pricings.list( - scope_id=f"subscriptions/{self.subscriptions[subscription_name]}" + scope_id=f"subscriptions/{subscription_id}" ) - pricings.update({subscription_name: {}}) + pricings.update({subscription_id: {}}) for pricing in pricings_list.value: - pricings[subscription_name].update( + pricings[subscription_id].update( { pricing.name: Pricing( resource_id=pricing.id, @@ -60,23 +60,23 @@ class Defender(AzureService): except ResourceNotFoundError as error: if "Subscription Not Registered" in error.message: logger.error( - f"Subscription name: {subscription_name} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: Subscription Not Registered - Please register to Microsoft.Security in order to view your security status" + f"Subscription ID: {subscription_id} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: Subscription Not Registered - Please register to Microsoft.Security in order to view your security status" ) except Exception as error: logger.error( - f"Subscription name: {subscription_name} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription_id} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return pricings def _get_auto_provisioning_settings(self): logger.info("Defender - Getting auto provisioning settings...") auto_provisioning = {} - for subscription_name, client in self.clients.items(): + for subscription_id, client in self.clients.items(): try: auto_provisioning_settings = client.auto_provisioning_settings.list() - auto_provisioning.update({subscription_name: {}}) + auto_provisioning.update({subscription_id: {}}) for ap in auto_provisioning_settings: - auto_provisioning[subscription_name].update( + auto_provisioning[subscription_id].update( { ap.name: AutoProvisioningSetting( resource_id=ap.id, @@ -89,25 +89,25 @@ class Defender(AzureService): except ClientAuthenticationError as error: if "Subscription Not Registered" in error.message: logger.error( - f"Subscription name: {subscription_name} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: Subscription Not Registered - Please register to Microsoft.Security in order to view your security status" + f"Subscription ID: {subscription_id} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: Subscription Not Registered - Please register to Microsoft.Security in order to view your security status" ) except Exception as error: logger.error( - f"Subscription name: {subscription_name} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription_id} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return auto_provisioning def _get_assessments(self): logger.info("Defender - Getting assessments...") assessments = {} - for subscription_name, client in self.clients.items(): + for subscription_id, client in self.clients.items(): try: assessments_list = client.assessments.list( - f"subscriptions/{self.subscriptions[subscription_name]}" + f"subscriptions/{subscription_id}" ) - assessments.update({subscription_name: {}}) + assessments.update({subscription_id: {}}) for assessment in assessments_list: - assessments[subscription_name].update( + assessments[subscription_id].update( { assessment.display_name: Assesment( resource_id=assessment.id, @@ -120,19 +120,19 @@ class Defender(AzureService): ) except Exception as error: logger.error( - f"Subscription name: {subscription_name} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription_id} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return assessments def _get_settings(self): logger.info("Defender - Getting settings...") settings = {} - for subscription_name, client in self.clients.items(): + for subscription_id, client in self.clients.items(): try: settings_list = client.settings.list() - settings.update({subscription_name: {}}) + settings.update({subscription_id: {}}) for setting in settings_list: - settings[subscription_name].update( + settings[subscription_id].update( { setting.name: Setting( resource_id=setting.id, @@ -146,11 +146,11 @@ class Defender(AzureService): except ClientAuthenticationError as error: if "Subscription Not Registered" in error.message: logger.error( - f"Subscription name: {subscription_name} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: Subscription Not Registered - Please register to Microsoft.Security in order to view your security status" + f"Subscription ID: {subscription_id} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: Subscription Not Registered - Please register to Microsoft.Security in order to view your security status" ) except Exception as error: logger.error( - f"Subscription name: {subscription_name} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription_id} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return settings @@ -166,7 +166,7 @@ class Defender(AzureService): """ logger.info("Defender - Getting security contacts...") security_contacts = {} - for subscription_name, subscription_id in self.subscriptions.items(): + for subscription_id, display_name in self.subscriptions.items(): try: url = f"https://management.azure.com/subscriptions/{subscription_id}/providers/Microsoft.Security/securityContacts?api-version=2023-12-01-preview" headers = { @@ -176,7 +176,7 @@ class Defender(AzureService): response = requests.get(url, headers=headers) response.raise_for_status() contact_configurations = response.json().get("value", []) - security_contacts[subscription_name] = {} + security_contacts[subscription_id] = {} for contact_configuration in contact_configurations: props = contact_configuration.get("properties", {}) @@ -204,7 +204,7 @@ class Defender(AzureService): if value is not None: alert_minimal_severity = value - security_contacts[subscription_name][ + security_contacts[subscription_id][ contact_configuration.get("name", "default") ] = SecurityContactConfiguration( id=contact_configuration.get("id", ""), @@ -221,21 +221,21 @@ class Defender(AzureService): ) except Exception as error: logger.error( - f"Subscription name: {subscription_name} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription_id} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return security_contacts def _get_iot_security_solutions(self): logger.info("Defender - Getting IoT Security Solutions...") iot_security_solutions = {} - for subscription_name, client in self.clients.items(): + for subscription_id, client in self.clients.items(): try: iot_security_solutions_list = ( client.iot_security_solution.list_by_subscription() ) - iot_security_solutions.update({subscription_name: {}}) + iot_security_solutions.update({subscription_id: {}}) for iot_security_solution in iot_security_solutions_list: - iot_security_solutions[subscription_name].update( + iot_security_solutions[subscription_id].update( { iot_security_solution.id: IoTSecuritySolution( resource_id=iot_security_solution.id, @@ -246,7 +246,7 @@ class Defender(AzureService): ) except Exception as error: logger.error( - f"Subscription name: {subscription_name} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription_id} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return iot_security_solutions @@ -257,22 +257,22 @@ class Defender(AzureService): Returns: A dictionary of JIT policies for each subscription. The format will be: { - "subscription_name": { + "subscription_id": { "jit_policy_id": JITPolicy } } """ logger.info("Defender - Getting JIT policies...") jit_policies = {} - for subscription_name, client in self.clients.items(): + for subscription_id, client in self.clients.items(): try: - jit_policies[subscription_name] = {} + jit_policies[subscription_id] = {} policies = client.jit_network_access_policies.list() for policy in policies: vm_ids = set() for vm in getattr(policy, "virtual_machines", []): vm_ids.add(vm.id) - jit_policies[subscription_name].update( + jit_policies[subscription_id].update( { policy.id: JITPolicy( id=policy.id, @@ -284,7 +284,7 @@ class Defender(AzureService): ) except Exception as error: logger.error( - f"Subscription name: {subscription_name} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription_id} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return jit_policies diff --git a/prowler/providers/azure/services/entra/entra_user_with_vm_access_has_mfa/entra_user_with_vm_access_has_mfa.py b/prowler/providers/azure/services/entra/entra_user_with_vm_access_has_mfa/entra_user_with_vm_access_has_mfa.py index eec21c474a..917200864e 100644 --- a/prowler/providers/azure/services/entra/entra_user_with_vm_access_has_mfa/entra_user_with_vm_access_has_mfa.py +++ b/prowler/providers/azure/services/entra/entra_user_with_vm_access_has_mfa/entra_user_with_vm_access_has_mfa.py @@ -20,10 +20,13 @@ class entra_user_with_vm_access_has_mfa(Check): for users in entra_client.users.values(): for user in users.values(): for ( - subscription_name, + subscription_id, role_assigns, ) in iam_client.role_assignments.items(): - if (user.id, subscription_name) in already_reported: + subscription_name = entra_client.subscriptions.get( + subscription_id, subscription_id + ) + if (user.id, subscription_id) in already_reported: continue for assignment in role_assigns.values(): @@ -44,15 +47,15 @@ class entra_user_with_vm_access_has_mfa(Check): report = Check_Report_Azure( metadata=self.metadata(), resource=user ) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "FAIL" - report.status_extended = f"User {user.name} without MFA can access VMs in subscription {subscription_name}" + report.status_extended = f"User {user.name} without MFA can access VMs in subscription {subscription_name} ({subscription_id})" if user.is_mfa_capable: report.status = "PASS" - report.status_extended = f"User {user.name} can access VMs in subscription {subscription_name} but it has MFA." + report.status_extended = f"User {user.name} can access VMs in subscription {subscription_name} ({subscription_id}) but it has MFA." findings.append(report) - already_reported.add((user.id, subscription_name)) + already_reported.add((user.id, subscription_id)) break return findings diff --git a/prowler/providers/azure/services/iam/iam_custom_role_has_permissions_to_administer_resource_locks/iam_custom_role_has_permissions_to_administer_resource_locks.py b/prowler/providers/azure/services/iam/iam_custom_role_has_permissions_to_administer_resource_locks/iam_custom_role_has_permissions_to_administer_resource_locks.py index c6c16326a3..ee0604dd34 100644 --- a/prowler/providers/azure/services/iam/iam_custom_role_has_permissions_to_administer_resource_locks/iam_custom_role_has_permissions_to_administer_resource_locks.py +++ b/prowler/providers/azure/services/iam/iam_custom_role_has_permissions_to_administer_resource_locks/iam_custom_role_has_permissions_to_administer_resource_locks.py @@ -8,6 +8,7 @@ class iam_custom_role_has_permissions_to_administer_resource_locks(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, roles in iam_client.custom_roles.items(): + subscription_name = iam_client.subscriptions.get(subscription, subscription) exits_role_with_permission_over_locks = False for custom_role in roles.values(): @@ -18,7 +19,7 @@ class iam_custom_role_has_permissions_to_administer_resource_locks(Check): ) report.subscription = subscription report.status = "FAIL" - report.status_extended = f"Role {custom_role.name} from subscription {subscription} has no permission to administer resource locks." + report.status_extended = f"Role {custom_role.name} from subscription {subscription_name} ({subscription}) has no permission to administer resource locks." for permission_item in custom_role.permissions: if exits_role_with_permission_over_locks: @@ -26,7 +27,7 @@ class iam_custom_role_has_permissions_to_administer_resource_locks(Check): for action in permission_item.actions: if search("^Microsoft.Authorization/locks/.*", action): report.status = "PASS" - report.status_extended = f"Role {custom_role.name} from subscription {subscription} has permission to administer resource locks." + report.status_extended = f"Role {custom_role.name} from subscription {subscription_name} ({subscription}) has permission to administer resource locks." exits_role_with_permission_over_locks = True break findings.append(report) diff --git a/prowler/providers/azure/services/iam/iam_role_user_access_admin_restricted/iam_role_user_access_admin_restricted.py b/prowler/providers/azure/services/iam/iam_role_user_access_admin_restricted/iam_role_user_access_admin_restricted.py index 4880880cb0..409d7292ad 100644 --- a/prowler/providers/azure/services/iam/iam_role_user_access_admin_restricted/iam_role_user_access_admin_restricted.py +++ b/prowler/providers/azure/services/iam/iam_role_user_access_admin_restricted/iam_role_user_access_admin_restricted.py @@ -6,11 +6,14 @@ class iam_role_user_access_admin_restricted(Check): def execute(self): findings = [] - for subscription_name, assignments in iam_client.role_assignments.items(): + for subscription_id, assignments in iam_client.role_assignments.items(): + subscription_name = iam_client.subscriptions.get( + subscription_id, subscription_id + ) for assignment in assignments.values(): role_assignment_name = getattr( - iam_client.roles[subscription_name].get( - f"/subscriptions/{iam_client.subscriptions[subscription_name]}/providers/Microsoft.Authorization/roleDefinitions/{assignment.role_id}" + iam_client.roles[subscription_id].get( + f"/subscriptions/{subscription_id}/providers/Microsoft.Authorization/roleDefinitions/{assignment.role_id}" ), "name", "", @@ -18,12 +21,12 @@ class iam_role_user_access_admin_restricted(Check): report = Check_Report_Azure( metadata=self.metadata(), resource=assignment ) - report.subscription = subscription_name + report.subscription = subscription_id if role_assignment_name == "User Access Administrator": report.status = "FAIL" - report.status_extended = f"Role assignment {assignment.name} in subscription {subscription_name} grants User Access Administrator role to {getattr(assignment, 'agent_type', '')} {getattr(assignment, 'agent_id', '')}." + report.status_extended = f"Role assignment {assignment.name} in subscription {subscription_name} ({subscription_id}) grants User Access Administrator role to {getattr(assignment, 'agent_type', '')} {getattr(assignment, 'agent_id', '')}." else: report.status = "PASS" - report.status_extended = f"Role assignment {assignment.name} in subscription {subscription_name} does not grant User Access Administrator role." + report.status_extended = f"Role assignment {assignment.name} in subscription {subscription_name} ({subscription_id}) does not grant User Access Administrator role." findings.append(report) return findings diff --git a/prowler/providers/azure/services/iam/iam_service.py b/prowler/providers/azure/services/iam/iam_service.py index 55f1eb7e71..6a9ff814e9 100644 --- a/prowler/providers/azure/services/iam/iam_service.py +++ b/prowler/providers/azure/services/iam/iam_service.py @@ -23,7 +23,7 @@ class IAM(AzureService): builtin_roles.update({subscription: {}}) custom_roles.update({subscription: {}}) all_roles = client.role_definitions.list( - scope=f"/subscriptions/{self.subscriptions[subscription]}", + scope=f"/subscriptions/{subscription}", ) for role in all_roles: if role.role_type == "CustomRole": @@ -53,7 +53,7 @@ class IAM(AzureService): ) except Exception as error: logger.error( - f"Subscription name: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return builtin_roles, custom_roles @@ -83,7 +83,7 @@ class IAM(AzureService): ) except Exception as error: logger.error( - f"Subscription name: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return role_assignments diff --git a/prowler/providers/azure/services/iam/iam_subscription_roles_owner_custom_not_created/iam_subscription_roles_owner_custom_not_created.py b/prowler/providers/azure/services/iam/iam_subscription_roles_owner_custom_not_created/iam_subscription_roles_owner_custom_not_created.py index 8580a3aab7..abee3905b8 100644 --- a/prowler/providers/azure/services/iam/iam_subscription_roles_owner_custom_not_created/iam_subscription_roles_owner_custom_not_created.py +++ b/prowler/providers/azure/services/iam/iam_subscription_roles_owner_custom_not_created/iam_subscription_roles_owner_custom_not_created.py @@ -8,20 +8,21 @@ class iam_subscription_roles_owner_custom_not_created(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, roles in iam_client.custom_roles.items(): + subscription_name = iam_client.subscriptions.get(subscription, subscription) for custom_role in roles.values(): report = Check_Report_Azure( metadata=self.metadata(), resource=custom_role ) report.subscription = subscription report.status = "PASS" - report.status_extended = f"Role {custom_role.name} from subscription {subscription} is not a custom owner role." + report.status_extended = f"Role {custom_role.name} from subscription {subscription_name} ({subscription}) is not a custom owner role." for scope in custom_role.assignable_scopes: if search("^/.*", scope): for permission_item in custom_role.permissions: for action in permission_item.actions: if action == "*": report.status = "FAIL" - report.status_extended = f"Role {custom_role.name} from subscription {subscription} is a custom owner role." + report.status_extended = f"Role {custom_role.name} from subscription {subscription_name} ({subscription}) is a custom owner role." break findings.append(report) diff --git a/prowler/providers/azure/services/keyvault/keyvault_access_only_through_private_endpoints/keyvault_access_only_through_private_endpoints.py b/prowler/providers/azure/services/keyvault/keyvault_access_only_through_private_endpoints/keyvault_access_only_through_private_endpoints.py index 1a363f2d61..0eafd35de5 100644 --- a/prowler/providers/azure/services/keyvault/keyvault_access_only_through_private_endpoints/keyvault_access_only_through_private_endpoints.py +++ b/prowler/providers/azure/services/keyvault/keyvault_access_only_through_private_endpoints/keyvault_access_only_through_private_endpoints.py @@ -17,6 +17,9 @@ class keyvault_access_only_through_private_endpoints(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, key_vaults in keyvault_client.key_vaults.items(): + subscription_name = keyvault_client.subscriptions.get( + subscription, subscription + ) for keyvault in key_vaults: if ( keyvault.properties @@ -29,9 +32,9 @@ class keyvault_access_only_through_private_endpoints(Check): if keyvault.properties.public_network_access_disabled: report.status = "PASS" - report.status_extended = f"Keyvault {keyvault.name} from subscription {subscription} has public network access disabled and is using private endpoints." + report.status_extended = f"Keyvault {keyvault.name} from subscription {subscription_name} ({subscription}) has public network access disabled and is using private endpoints." else: report.status = "FAIL" - report.status_extended = f"Keyvault {keyvault.name} from subscription {subscription} has public network access enabled while using private endpoints." + report.status_extended = f"Keyvault {keyvault.name} from subscription {subscription_name} ({subscription}) has public network access enabled while using private endpoints." findings.append(report) return findings diff --git a/prowler/providers/azure/services/keyvault/keyvault_key_expiration_set_in_non_rbac/keyvault_key_expiration_set_in_non_rbac.py b/prowler/providers/azure/services/keyvault/keyvault_key_expiration_set_in_non_rbac/keyvault_key_expiration_set_in_non_rbac.py index 6b3e8803c4..fd4b4074ff 100644 --- a/prowler/providers/azure/services/keyvault/keyvault_key_expiration_set_in_non_rbac/keyvault_key_expiration_set_in_non_rbac.py +++ b/prowler/providers/azure/services/keyvault/keyvault_key_expiration_set_in_non_rbac/keyvault_key_expiration_set_in_non_rbac.py @@ -6,6 +6,9 @@ class keyvault_key_expiration_set_in_non_rbac(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, key_vaults in keyvault_client.key_vaults.items(): + subscription_name = keyvault_client.subscriptions.get( + subscription, subscription + ) for keyvault in key_vaults: if not keyvault.properties.enable_rbac_authorization: for key in keyvault.keys or []: @@ -17,9 +20,9 @@ class keyvault_key_expiration_set_in_non_rbac(Check): report.subscription = subscription if not key.attributes.expires: report.status = "FAIL" - report.status_extended = f"Key {key.name} in Key Vault {keyvault.name} from subscription {subscription} does not have an expiration date set." + report.status_extended = f"Key {key.name} in Key Vault {keyvault.name} from subscription {subscription_name} ({subscription}) does not have an expiration date set." else: report.status = "PASS" - report.status_extended = f"Key {key.name} in Key Vault {keyvault.name} from subscription {subscription} has an expiration date set." + report.status_extended = f"Key {key.name} in Key Vault {keyvault.name} from subscription {subscription_name} ({subscription}) has an expiration date set." findings.append(report) return findings diff --git a/prowler/providers/azure/services/keyvault/keyvault_key_rotation_enabled/keyvault_key_rotation_enabled.py b/prowler/providers/azure/services/keyvault/keyvault_key_rotation_enabled/keyvault_key_rotation_enabled.py index 988bd5c47c..8a587a41ed 100644 --- a/prowler/providers/azure/services/keyvault/keyvault_key_rotation_enabled/keyvault_key_rotation_enabled.py +++ b/prowler/providers/azure/services/keyvault/keyvault_key_rotation_enabled/keyvault_key_rotation_enabled.py @@ -6,6 +6,9 @@ class keyvault_key_rotation_enabled(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, key_vaults in keyvault_client.key_vaults.items(): + subscription_name = keyvault_client.subscriptions.get( + subscription, subscription + ) for keyvault in key_vaults: for key in keyvault.keys or []: report = Check_Report_Azure(metadata=self.metadata(), resource=key) @@ -19,9 +22,9 @@ class keyvault_key_rotation_enabled(Check): ) ): report.status = "PASS" - report.status_extended = f"Key {key.name} in Key Vault {keyvault.name} from subscription {subscription} has a rotation policy set." + report.status_extended = f"Key {key.name} in Key Vault {keyvault.name} from subscription {subscription_name} ({subscription}) has a rotation policy set." else: report.status = "FAIL" - report.status_extended = f"Key {key.name} in Key Vault {keyvault.name} from subscription {subscription} does not have a rotation policy set." + report.status_extended = f"Key {key.name} in Key Vault {keyvault.name} from subscription {subscription_name} ({subscription}) does not have a rotation policy set." findings.append(report) return findings diff --git a/prowler/providers/azure/services/keyvault/keyvault_logging_enabled/keyvault_logging_enabled.py b/prowler/providers/azure/services/keyvault/keyvault_logging_enabled/keyvault_logging_enabled.py index dee956d63d..68ef149cd7 100644 --- a/prowler/providers/azure/services/keyvault/keyvault_logging_enabled/keyvault_logging_enabled.py +++ b/prowler/providers/azure/services/keyvault/keyvault_logging_enabled/keyvault_logging_enabled.py @@ -6,12 +6,15 @@ class keyvault_logging_enabled(Check): def execute(self) -> Check_Report_Azure: findings = [] - for subscription_name, key_vaults in keyvault_client.key_vaults.items(): + for subscription_id, key_vaults in keyvault_client.key_vaults.items(): + subscription_name = keyvault_client.subscriptions.get( + subscription_id, subscription_id + ) for keyvault in key_vaults: report = Check_Report_Azure(metadata=self.metadata(), resource=keyvault) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "FAIL" - report.status_extended = f"Key Vault {keyvault.name} in subscription {subscription_name} does not have a diagnostic setting with audit logging." + report.status_extended = f"Key Vault {keyvault.name} in subscription {subscription_name} ({subscription_id}) does not have a diagnostic setting with audit logging." for diagnostic_setting in keyvault.monitor_diagnostic_settings or []: has_audit = False has_all_logs = False @@ -22,7 +25,7 @@ class keyvault_logging_enabled(Check): has_all_logs = True if has_audit and has_all_logs: report.status = "PASS" - report.status_extended = f"Key Vault {keyvault.name} in subscription {subscription_name} has a diagnostic setting with audit logging." + report.status_extended = f"Key Vault {keyvault.name} in subscription {subscription_name} ({subscription_id}) has a diagnostic setting with audit logging." break findings.append(report) diff --git a/prowler/providers/azure/services/keyvault/keyvault_non_rbac_secret_expiration_set/keyvault_non_rbac_secret_expiration_set.py b/prowler/providers/azure/services/keyvault/keyvault_non_rbac_secret_expiration_set/keyvault_non_rbac_secret_expiration_set.py index 2123ad0d32..a0d83eeae6 100644 --- a/prowler/providers/azure/services/keyvault/keyvault_non_rbac_secret_expiration_set/keyvault_non_rbac_secret_expiration_set.py +++ b/prowler/providers/azure/services/keyvault/keyvault_non_rbac_secret_expiration_set/keyvault_non_rbac_secret_expiration_set.py @@ -6,6 +6,9 @@ class keyvault_non_rbac_secret_expiration_set(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, key_vaults in keyvault_client.key_vaults.items(): + subscription_name = keyvault_client.subscriptions.get( + subscription, subscription + ) for keyvault in key_vaults: if not keyvault.properties.enable_rbac_authorization: for secret in keyvault.secrets or []: @@ -17,9 +20,9 @@ class keyvault_non_rbac_secret_expiration_set(Check): report.subscription = subscription if not secret.attributes.expires: report.status = "FAIL" - report.status_extended = f"Secret {secret.name} in Key Vault {keyvault.name} from subscription {subscription} does not have an expiration date set." + report.status_extended = f"Secret {secret.name} in Key Vault {keyvault.name} from subscription {subscription_name} ({subscription}) does not have an expiration date set." else: report.status = "PASS" - report.status_extended = f"Secret {secret.name} in Key Vault {keyvault.name} from subscription {subscription} has an expiration date set." + report.status_extended = f"Secret {secret.name} in Key Vault {keyvault.name} from subscription {subscription_name} ({subscription}) has an expiration date set." findings.append(report) return findings diff --git a/prowler/providers/azure/services/keyvault/keyvault_private_endpoints/keyvault_private_endpoints.py b/prowler/providers/azure/services/keyvault/keyvault_private_endpoints/keyvault_private_endpoints.py index 84c6b17e57..9af1b8ba2d 100644 --- a/prowler/providers/azure/services/keyvault/keyvault_private_endpoints/keyvault_private_endpoints.py +++ b/prowler/providers/azure/services/keyvault/keyvault_private_endpoints/keyvault_private_endpoints.py @@ -6,16 +6,19 @@ class keyvault_private_endpoints(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, key_vaults in keyvault_client.key_vaults.items(): + subscription_name = keyvault_client.subscriptions.get( + subscription, subscription + ) for keyvault in key_vaults: report = Check_Report_Azure(metadata=self.metadata(), resource=keyvault) report.subscription = subscription report.status = "FAIL" - report.status_extended = f"Keyvault {keyvault.name} from subscription {subscription} is not using private endpoints." + report.status_extended = f"Keyvault {keyvault.name} from subscription {subscription_name} ({subscription}) is not using private endpoints." if ( keyvault.properties and keyvault.properties.private_endpoint_connections ): report.status = "PASS" - report.status_extended = f"Keyvault {keyvault.name} from subscription {subscription} is using private endpoints." + report.status_extended = f"Keyvault {keyvault.name} from subscription {subscription_name} ({subscription}) is using private endpoints." findings.append(report) return findings diff --git a/prowler/providers/azure/services/keyvault/keyvault_rbac_enabled/keyvault_rbac_enabled.py b/prowler/providers/azure/services/keyvault/keyvault_rbac_enabled/keyvault_rbac_enabled.py index e26c5b84f7..1025cf5118 100644 --- a/prowler/providers/azure/services/keyvault/keyvault_rbac_enabled/keyvault_rbac_enabled.py +++ b/prowler/providers/azure/services/keyvault/keyvault_rbac_enabled/keyvault_rbac_enabled.py @@ -6,16 +6,19 @@ class keyvault_rbac_enabled(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, key_vaults in keyvault_client.key_vaults.items(): + subscription_name = keyvault_client.subscriptions.get( + subscription, subscription + ) for keyvault in key_vaults: report = Check_Report_Azure(metadata=self.metadata(), resource=keyvault) report.subscription = subscription report.status = "FAIL" - report.status_extended = f"Keyvault {keyvault.name} from subscription {subscription} is not using RBAC for access control." + report.status_extended = f"Keyvault {keyvault.name} from subscription {subscription_name} ({subscription}) is not using RBAC for access control." if ( keyvault.properties and keyvault.properties.enable_rbac_authorization ): report.status = "PASS" - report.status_extended = f"Keyvault {keyvault.name} from subscription {subscription} is using RBAC for access control." + report.status_extended = f"Keyvault {keyvault.name} from subscription {subscription_name} ({subscription}) is using RBAC for access control." findings.append(report) return findings diff --git a/prowler/providers/azure/services/keyvault/keyvault_rbac_key_expiration_set/keyvault_rbac_key_expiration_set.py b/prowler/providers/azure/services/keyvault/keyvault_rbac_key_expiration_set/keyvault_rbac_key_expiration_set.py index 1a5ca4f268..edc3416343 100644 --- a/prowler/providers/azure/services/keyvault/keyvault_rbac_key_expiration_set/keyvault_rbac_key_expiration_set.py +++ b/prowler/providers/azure/services/keyvault/keyvault_rbac_key_expiration_set/keyvault_rbac_key_expiration_set.py @@ -6,6 +6,9 @@ class keyvault_rbac_key_expiration_set(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, key_vaults in keyvault_client.key_vaults.items(): + subscription_name = keyvault_client.subscriptions.get( + subscription, subscription + ) for keyvault in key_vaults: if keyvault.properties.enable_rbac_authorization: for key in keyvault.keys or []: @@ -17,9 +20,9 @@ class keyvault_rbac_key_expiration_set(Check): report.subscription = subscription if not key.attributes.expires: report.status = "FAIL" - report.status_extended = f"Key {key.name} in Key Vault {keyvault.name} from subscription {subscription} does not have an expiration date set." + report.status_extended = f"Key {key.name} in Key Vault {keyvault.name} from subscription {subscription_name} ({subscription}) does not have an expiration date set." else: report.status = "PASS" - report.status_extended = f"Key {key.name} in Key Vault {keyvault.name} from subscription {subscription} has an expiration date set." + report.status_extended = f"Key {key.name} in Key Vault {keyvault.name} from subscription {subscription_name} ({subscription}) has an expiration date set." findings.append(report) return findings diff --git a/prowler/providers/azure/services/keyvault/keyvault_rbac_secret_expiration_set/keyvault_rbac_secret_expiration_set.py b/prowler/providers/azure/services/keyvault/keyvault_rbac_secret_expiration_set/keyvault_rbac_secret_expiration_set.py index 3515f40f08..ed9ee564b4 100644 --- a/prowler/providers/azure/services/keyvault/keyvault_rbac_secret_expiration_set/keyvault_rbac_secret_expiration_set.py +++ b/prowler/providers/azure/services/keyvault/keyvault_rbac_secret_expiration_set/keyvault_rbac_secret_expiration_set.py @@ -6,6 +6,9 @@ class keyvault_rbac_secret_expiration_set(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, key_vaults in keyvault_client.key_vaults.items(): + subscription_name = keyvault_client.subscriptions.get( + subscription, subscription + ) for keyvault in key_vaults: if keyvault.properties.enable_rbac_authorization: for secret in keyvault.secrets or []: @@ -17,9 +20,9 @@ class keyvault_rbac_secret_expiration_set(Check): report.subscription = subscription if not secret.attributes.expires: report.status = "FAIL" - report.status_extended = f"Secret {secret.name} in Key Vault {keyvault.name} from subscription {subscription} does not have an expiration date set." + report.status_extended = f"Secret {secret.name} in Key Vault {keyvault.name} from subscription {subscription_name} ({subscription}) does not have an expiration date set." else: report.status = "PASS" - report.status_extended = f"Secret {secret.name} in Key Vault {keyvault.name} from subscription {subscription} has an expiration date set." + report.status_extended = f"Secret {secret.name} in Key Vault {keyvault.name} from subscription {subscription_name} ({subscription}) has an expiration date set." findings.append(report) return findings diff --git a/prowler/providers/azure/services/keyvault/keyvault_recoverable/keyvault_recoverable.py b/prowler/providers/azure/services/keyvault/keyvault_recoverable/keyvault_recoverable.py index 3ffe1f5b93..ee3da35496 100644 --- a/prowler/providers/azure/services/keyvault/keyvault_recoverable/keyvault_recoverable.py +++ b/prowler/providers/azure/services/keyvault/keyvault_recoverable/keyvault_recoverable.py @@ -6,16 +6,19 @@ class keyvault_recoverable(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, key_vaults in keyvault_client.key_vaults.items(): + subscription_name = keyvault_client.subscriptions.get( + subscription, subscription + ) for keyvault in key_vaults: report = Check_Report_Azure(metadata=self.metadata(), resource=keyvault) report.subscription = subscription report.status = "FAIL" - report.status_extended = f"Keyvault {keyvault.name} from subscription {subscription} is not recoverable." + report.status_extended = f"Keyvault {keyvault.name} from subscription {subscription_name} ({subscription}) is not recoverable." if ( keyvault.properties.enable_soft_delete and keyvault.properties.enable_purge_protection ): report.status = "PASS" - report.status_extended = f"Keyvault {keyvault.name} from subscription {subscription} is recoverable." + report.status_extended = f"Keyvault {keyvault.name} from subscription {subscription_name} ({subscription}) is recoverable." findings.append(report) return findings diff --git a/prowler/providers/azure/services/keyvault/keyvault_service.py b/prowler/providers/azure/services/keyvault/keyvault_service.py index 8f8a0cc452..9fb3fd98af 100644 --- a/prowler/providers/azure/services/keyvault/keyvault_service.py +++ b/prowler/providers/azure/services/keyvault/keyvault_service.py @@ -56,7 +56,7 @@ class KeyVault(AzureService): except Exception as error: logger.error( - f"Subscription name: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return key_vaults @@ -172,7 +172,7 @@ class KeyVault(AzureService): except Exception as error: logger.error( - f"Subscription name: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) try: @@ -204,7 +204,7 @@ class KeyVault(AzureService): # TODO: handle different errors here since we are catching all HTTP Errors here except HttpResponseError: logger.warning( - f"Subscription name: {subscription} -- has no access policy configured for keyvault {keyvault_name}" + f"Subscription ID: {subscription} -- has no access policy configured for keyvault {keyvault_name}" ) return keys @@ -256,7 +256,7 @@ class KeyVault(AzureService): ) except Exception as error: logger.error( - f"Subscription name: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return secrets @@ -268,13 +268,13 @@ class KeyVault(AzureService): monitor_diagnostics_settings = [] try: monitor_diagnostics_settings = monitor_client.diagnostic_settings_with_uri( - self.subscriptions[subscription], - f"subscriptions/{self.subscriptions[subscription]}/resourceGroups/{resource_group}/providers/Microsoft.KeyVault/vaults/{keyvault_name}", + subscription, + f"subscriptions/{subscription}/resourceGroups/{resource_group}/providers/Microsoft.KeyVault/vaults/{keyvault_name}", monitor_client.clients[subscription], ) except Exception as error: logger.error( - f"Subscription name: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return monitor_diagnostics_settings diff --git a/prowler/providers/azure/services/monitor/monitor_alert_create_policy_assignment/monitor_alert_create_policy_assignment.py b/prowler/providers/azure/services/monitor/monitor_alert_create_policy_assignment/monitor_alert_create_policy_assignment.py index 2a7d99b622..695e0b1033 100644 --- a/prowler/providers/azure/services/monitor/monitor_alert_create_policy_assignment/monitor_alert_create_policy_assignment.py +++ b/prowler/providers/azure/services/monitor/monitor_alert_create_policy_assignment/monitor_alert_create_policy_assignment.py @@ -8,9 +8,12 @@ class monitor_alert_create_policy_assignment(Check): findings = [] for ( - subscription_name, + subscription_id, activity_log_alerts, ) in monitor_client.alert_rules.items(): + subscription_name = monitor_client.subscriptions.get( + subscription_id, subscription_id + ) for alert_rule in activity_log_alerts: if check_alert_rule( alert_rule, "Microsoft.Authorization/policyAssignments/write" @@ -18,19 +21,17 @@ class monitor_alert_create_policy_assignment(Check): report = Check_Report_Azure( metadata=self.metadata(), resource=alert_rule ) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "PASS" - report.status_extended = f"There is an alert configured for creating Policy Assignments in subscription {subscription_name}." + report.status_extended = f"There is an alert configured for creating Policy Assignments in subscription {subscription_name} ({subscription_id})." break else: report = Check_Report_Azure(metadata=self.metadata(), resource={}) - report.subscription = subscription_name - report.resource_name = subscription_name - report.resource_id = ( - f"/subscriptions/{monitor_client.subscriptions[subscription_name]}" - ) + report.subscription = subscription_id + report.resource_name = subscription_id + report.resource_id = f"/subscriptions/{subscription_id}" report.status = "FAIL" - report.status_extended = f"There is not an alert for creating Policy Assignments in subscription {subscription_name}." + report.status_extended = f"There is not an alert for creating Policy Assignments in subscription {subscription_name} ({subscription_id})." findings.append(report) diff --git a/prowler/providers/azure/services/monitor/monitor_alert_create_update_nsg/monitor_alert_create_update_nsg.py b/prowler/providers/azure/services/monitor/monitor_alert_create_update_nsg/monitor_alert_create_update_nsg.py index 2decfe40be..bb141d17fb 100644 --- a/prowler/providers/azure/services/monitor/monitor_alert_create_update_nsg/monitor_alert_create_update_nsg.py +++ b/prowler/providers/azure/services/monitor/monitor_alert_create_update_nsg/monitor_alert_create_update_nsg.py @@ -8,9 +8,12 @@ class monitor_alert_create_update_nsg(Check): findings = [] for ( - subscription_name, + subscription_id, activity_log_alerts, ) in monitor_client.alert_rules.items(): + subscription_name = monitor_client.subscriptions.get( + subscription_id, subscription_id + ) for alert_rule in activity_log_alerts: if check_alert_rule( alert_rule, "Microsoft.Network/networkSecurityGroups/write" @@ -18,19 +21,17 @@ class monitor_alert_create_update_nsg(Check): report = Check_Report_Azure( metadata=self.metadata(), resource=alert_rule ) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "PASS" - report.status_extended = f"There is an alert configured for creating/updating Network Security Groups in subscription {subscription_name}." + report.status_extended = f"There is an alert configured for creating/updating Network Security Groups in subscription {subscription_name} ({subscription_id})." break else: report = Check_Report_Azure(metadata=self.metadata(), resource={}) - report.subscription = subscription_name - report.resource_name = subscription_name - report.resource_id = ( - f"/subscriptions/{monitor_client.subscriptions[subscription_name]}" - ) + report.subscription = subscription_id + report.resource_name = subscription_id + report.resource_id = f"/subscriptions/{subscription_id}" report.status = "FAIL" - report.status_extended = f"There is not an alert for creating/updating Network Security Groups in subscription {subscription_name}." + report.status_extended = f"There is not an alert for creating/updating Network Security Groups in subscription {subscription_name} ({subscription_id})." findings.append(report) diff --git a/prowler/providers/azure/services/monitor/monitor_alert_create_update_public_ip_address_rule/monitor_alert_create_update_public_ip_address_rule.py b/prowler/providers/azure/services/monitor/monitor_alert_create_update_public_ip_address_rule/monitor_alert_create_update_public_ip_address_rule.py index bc8f0bc694..3ace548574 100644 --- a/prowler/providers/azure/services/monitor/monitor_alert_create_update_public_ip_address_rule/monitor_alert_create_update_public_ip_address_rule.py +++ b/prowler/providers/azure/services/monitor/monitor_alert_create_update_public_ip_address_rule/monitor_alert_create_update_public_ip_address_rule.py @@ -8,9 +8,12 @@ class monitor_alert_create_update_public_ip_address_rule(Check): findings = [] for ( - subscription_name, + subscription_id, activity_log_alerts, ) in monitor_client.alert_rules.items(): + subscription_name = monitor_client.subscriptions.get( + subscription_id, subscription_id + ) for alert_rule in activity_log_alerts: if check_alert_rule( alert_rule, "Microsoft.Network/publicIPAddresses/write" @@ -18,19 +21,17 @@ class monitor_alert_create_update_public_ip_address_rule(Check): report = Check_Report_Azure( metadata=self.metadata(), resource=alert_rule ) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "PASS" - report.status_extended = f"There is an alert configured for creating/updating Public IP address rule in subscription {subscription_name}." + report.status_extended = f"There is an alert configured for creating/updating Public IP address rule in subscription {subscription_name} ({subscription_id})." break else: report = Check_Report_Azure(metadata=self.metadata(), resource={}) - report.subscription = subscription_name - report.resource_name = subscription_name - report.resource_id = ( - f"/subscriptions/{monitor_client.subscriptions[subscription_name]}" - ) + report.subscription = subscription_id + report.resource_name = subscription_id + report.resource_id = f"/subscriptions/{subscription_id}" report.status = "FAIL" - report.status_extended = f"There is not an alert for creating/updating Public IP address rule in subscription {subscription_name}." + report.status_extended = f"There is not an alert for creating/updating Public IP address rule in subscription {subscription_name} ({subscription_id})." findings.append(report) diff --git a/prowler/providers/azure/services/monitor/monitor_alert_create_update_security_solution/monitor_alert_create_update_security_solution.py b/prowler/providers/azure/services/monitor/monitor_alert_create_update_security_solution/monitor_alert_create_update_security_solution.py index 71334a364b..afd11b8550 100644 --- a/prowler/providers/azure/services/monitor/monitor_alert_create_update_security_solution/monitor_alert_create_update_security_solution.py +++ b/prowler/providers/azure/services/monitor/monitor_alert_create_update_security_solution/monitor_alert_create_update_security_solution.py @@ -8,9 +8,12 @@ class monitor_alert_create_update_security_solution(Check): findings = [] for ( - subscription_name, + subscription_id, activity_log_alerts, ) in monitor_client.alert_rules.items(): + subscription_name = monitor_client.subscriptions.get( + subscription_id, subscription_id + ) for alert_rule in activity_log_alerts: if check_alert_rule( alert_rule, "Microsoft.Security/securitySolutions/write" @@ -18,19 +21,17 @@ class monitor_alert_create_update_security_solution(Check): report = Check_Report_Azure( metadata=self.metadata(), resource=alert_rule ) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "PASS" - report.status_extended = f"There is an alert configured for creating/updating Security Solution in subscription {subscription_name}." + report.status_extended = f"There is an alert configured for creating/updating Security Solution in subscription {subscription_name} ({subscription_id})." break else: report = Check_Report_Azure(metadata=self.metadata(), resource={}) - report.subscription = subscription_name - report.resource_name = subscription_name - report.resource_id = ( - f"/subscriptions/{monitor_client.subscriptions[subscription_name]}" - ) + report.subscription = subscription_id + report.resource_name = subscription_id + report.resource_id = f"/subscriptions/{subscription_id}" report.status = "FAIL" - report.status_extended = f"There is not an alert for creating/updating Security Solution in subscription {subscription_name}." + report.status_extended = f"There is not an alert for creating/updating Security Solution in subscription {subscription_name} ({subscription_id})." findings.append(report) diff --git a/prowler/providers/azure/services/monitor/monitor_alert_create_update_sqlserver_fr/monitor_alert_create_update_sqlserver_fr.py b/prowler/providers/azure/services/monitor/monitor_alert_create_update_sqlserver_fr/monitor_alert_create_update_sqlserver_fr.py index feae49c01d..cb11e7b714 100644 --- a/prowler/providers/azure/services/monitor/monitor_alert_create_update_sqlserver_fr/monitor_alert_create_update_sqlserver_fr.py +++ b/prowler/providers/azure/services/monitor/monitor_alert_create_update_sqlserver_fr/monitor_alert_create_update_sqlserver_fr.py @@ -8,9 +8,12 @@ class monitor_alert_create_update_sqlserver_fr(Check): findings = [] for ( - subscription_name, + subscription_id, activity_log_alerts, ) in monitor_client.alert_rules.items(): + subscription_name = monitor_client.subscriptions.get( + subscription_id, subscription_id + ) for alert_rule in activity_log_alerts: if check_alert_rule( alert_rule, "Microsoft.Sql/servers/firewallRules/write" @@ -18,19 +21,17 @@ class monitor_alert_create_update_sqlserver_fr(Check): report = Check_Report_Azure( metadata=self.metadata(), resource=alert_rule ) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "PASS" - report.status_extended = f"There is an alert configured for creating/updating SQL Server firewall rule in subscription {subscription_name}." + report.status_extended = f"There is an alert configured for creating/updating SQL Server firewall rule in subscription {subscription_name} ({subscription_id})." break else: report = Check_Report_Azure(metadata=self.metadata(), resource={}) - report.subscription = subscription_name - report.resource_name = subscription_name - report.resource_id = ( - f"/subscriptions/{monitor_client.subscriptions[subscription_name]}" - ) + report.subscription = subscription_id + report.resource_name = subscription_id + report.resource_id = f"/subscriptions/{subscription_id}" report.status = "FAIL" - report.status_extended = f"There is not an alert for creating/updating SQL Server firewall rule in subscription {subscription_name}." + report.status_extended = f"There is not an alert for creating/updating SQL Server firewall rule in subscription {subscription_name} ({subscription_id})." findings.append(report) diff --git a/prowler/providers/azure/services/monitor/monitor_alert_delete_nsg/monitor_alert_delete_nsg.py b/prowler/providers/azure/services/monitor/monitor_alert_delete_nsg/monitor_alert_delete_nsg.py index bf4d2eb170..aa4bf8438e 100644 --- a/prowler/providers/azure/services/monitor/monitor_alert_delete_nsg/monitor_alert_delete_nsg.py +++ b/prowler/providers/azure/services/monitor/monitor_alert_delete_nsg/monitor_alert_delete_nsg.py @@ -8,9 +8,12 @@ class monitor_alert_delete_nsg(Check): findings = [] for ( - subscription_name, + subscription_id, activity_log_alerts, ) in monitor_client.alert_rules.items(): + subscription_name = monitor_client.subscriptions.get( + subscription_id, subscription_id + ) for alert_rule in activity_log_alerts: if check_alert_rule( alert_rule, "Microsoft.Network/networkSecurityGroups/delete" @@ -20,19 +23,17 @@ class monitor_alert_delete_nsg(Check): report = Check_Report_Azure( metadata=self.metadata(), resource=alert_rule ) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "PASS" - report.status_extended = f"There is an alert configured for deleting Network Security Groups in subscription {subscription_name}." + report.status_extended = f"There is an alert configured for deleting Network Security Groups in subscription {subscription_name} ({subscription_id})." break else: report = Check_Report_Azure(metadata=self.metadata(), resource={}) - report.subscription = subscription_name - report.resource_name = subscription_name - report.resource_id = ( - f"/subscriptions/{monitor_client.subscriptions[subscription_name]}" - ) + report.subscription = subscription_id + report.resource_name = subscription_id + report.resource_id = f"/subscriptions/{subscription_id}" report.status = "FAIL" - report.status_extended = f"There is not an alert for deleting Network Security Groups in subscription {subscription_name}." + report.status_extended = f"There is not an alert for deleting Network Security Groups in subscription {subscription_name} ({subscription_id})." findings.append(report) diff --git a/prowler/providers/azure/services/monitor/monitor_alert_delete_policy_assignment/monitor_alert_delete_policy_assignment.py b/prowler/providers/azure/services/monitor/monitor_alert_delete_policy_assignment/monitor_alert_delete_policy_assignment.py index cd236de59d..abed374b1e 100644 --- a/prowler/providers/azure/services/monitor/monitor_alert_delete_policy_assignment/monitor_alert_delete_policy_assignment.py +++ b/prowler/providers/azure/services/monitor/monitor_alert_delete_policy_assignment/monitor_alert_delete_policy_assignment.py @@ -8,9 +8,12 @@ class monitor_alert_delete_policy_assignment(Check): findings = [] for ( - subscription_name, + subscription_id, activity_log_alerts, ) in monitor_client.alert_rules.items(): + subscription_name = monitor_client.subscriptions.get( + subscription_id, subscription_id + ) for alert_rule in activity_log_alerts: if check_alert_rule( alert_rule, "Microsoft.Authorization/policyAssignments/delete" @@ -18,19 +21,17 @@ class monitor_alert_delete_policy_assignment(Check): report = Check_Report_Azure( metadata=self.metadata(), resource=alert_rule ) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "PASS" - report.status_extended = f"There is an alert configured for deleting policy assignment in subscription {subscription_name}." + report.status_extended = f"There is an alert configured for deleting policy assignment in subscription {subscription_name} ({subscription_id})." break else: report = Check_Report_Azure(metadata=self.metadata(), resource={}) - report.subscription = subscription_name - report.resource_name = subscription_name - report.resource_id = ( - f"/subscriptions/{monitor_client.subscriptions[subscription_name]}" - ) + report.subscription = subscription_id + report.resource_name = subscription_id + report.resource_id = f"/subscriptions/{subscription_id}" report.status = "FAIL" - report.status_extended = f"There is not an alert for deleting policy assignment in subscription {subscription_name}." + report.status_extended = f"There is not an alert for deleting policy assignment in subscription {subscription_name} ({subscription_id})." findings.append(report) diff --git a/prowler/providers/azure/services/monitor/monitor_alert_delete_public_ip_address_rule/monitor_alert_delete_public_ip_address_rule.py b/prowler/providers/azure/services/monitor/monitor_alert_delete_public_ip_address_rule/monitor_alert_delete_public_ip_address_rule.py index a60a972d65..7ea8420bc0 100644 --- a/prowler/providers/azure/services/monitor/monitor_alert_delete_public_ip_address_rule/monitor_alert_delete_public_ip_address_rule.py +++ b/prowler/providers/azure/services/monitor/monitor_alert_delete_public_ip_address_rule/monitor_alert_delete_public_ip_address_rule.py @@ -8,9 +8,12 @@ class monitor_alert_delete_public_ip_address_rule(Check): findings = [] for ( - subscription_name, + subscription_id, activity_log_alerts, ) in monitor_client.alert_rules.items(): + subscription_name = monitor_client.subscriptions.get( + subscription_id, subscription_id + ) for alert_rule in activity_log_alerts: if check_alert_rule( alert_rule, "Microsoft.Network/publicIPAddresses/delete" @@ -18,19 +21,17 @@ class monitor_alert_delete_public_ip_address_rule(Check): report = Check_Report_Azure( metadata=self.metadata(), resource=alert_rule ) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "PASS" - report.status_extended = f"There is an alert configured for deleting public IP address rule in subscription {subscription_name}." + report.status_extended = f"There is an alert configured for deleting public IP address rule in subscription {subscription_name} ({subscription_id})." break else: report = Check_Report_Azure(metadata=self.metadata(), resource={}) - report.subscription = subscription_name - report.resource_name = subscription_name - report.resource_id = ( - f"/subscriptions/{monitor_client.subscriptions[subscription_name]}" - ) + report.subscription = subscription_id + report.resource_name = subscription_id + report.resource_id = f"/subscriptions/{subscription_id}" report.status = "FAIL" - report.status_extended = f"There is not an alert for deleting public IP address rule in subscription {subscription_name}." + report.status_extended = f"There is not an alert for deleting public IP address rule in subscription {subscription_name} ({subscription_id})." findings.append(report) diff --git a/prowler/providers/azure/services/monitor/monitor_alert_delete_security_solution/monitor_alert_delete_security_solution.py b/prowler/providers/azure/services/monitor/monitor_alert_delete_security_solution/monitor_alert_delete_security_solution.py index 94b0f510e2..975e5ff2df 100644 --- a/prowler/providers/azure/services/monitor/monitor_alert_delete_security_solution/monitor_alert_delete_security_solution.py +++ b/prowler/providers/azure/services/monitor/monitor_alert_delete_security_solution/monitor_alert_delete_security_solution.py @@ -8,9 +8,12 @@ class monitor_alert_delete_security_solution(Check): findings = [] for ( - subscription_name, + subscription_id, activity_log_alerts, ) in monitor_client.alert_rules.items(): + subscription_name = monitor_client.subscriptions.get( + subscription_id, subscription_id + ) for alert_rule in activity_log_alerts: if check_alert_rule( alert_rule, "Microsoft.Security/securitySolutions/delete" @@ -18,19 +21,17 @@ class monitor_alert_delete_security_solution(Check): report = Check_Report_Azure( metadata=self.metadata(), resource=alert_rule ) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "PASS" - report.status_extended = f"There is an alert configured for deleting Security Solution in subscription {subscription_name}." + report.status_extended = f"There is an alert configured for deleting Security Solution in subscription {subscription_name} ({subscription_id})." break else: report = Check_Report_Azure(metadata=self.metadata(), resource={}) - report.subscription = subscription_name - report.resource_name = subscription_name - report.resource_id = ( - f"/subscriptions/{monitor_client.subscriptions[subscription_name]}" - ) + report.subscription = subscription_id + report.resource_name = subscription_id + report.resource_id = f"/subscriptions/{subscription_id}" report.status = "FAIL" - report.status_extended = f"There is not an alert for deleting Security Solution in subscription {subscription_name}." + report.status_extended = f"There is not an alert for deleting Security Solution in subscription {subscription_name} ({subscription_id})." findings.append(report) diff --git a/prowler/providers/azure/services/monitor/monitor_alert_delete_sqlserver_fr/monitor_alert_delete_sqlserver_fr.py b/prowler/providers/azure/services/monitor/monitor_alert_delete_sqlserver_fr/monitor_alert_delete_sqlserver_fr.py index 7b09098aaf..700a0caba1 100644 --- a/prowler/providers/azure/services/monitor/monitor_alert_delete_sqlserver_fr/monitor_alert_delete_sqlserver_fr.py +++ b/prowler/providers/azure/services/monitor/monitor_alert_delete_sqlserver_fr/monitor_alert_delete_sqlserver_fr.py @@ -8,9 +8,12 @@ class monitor_alert_delete_sqlserver_fr(Check): findings = [] for ( - subscription_name, + subscription_id, activity_log_alerts, ) in monitor_client.alert_rules.items(): + subscription_name = monitor_client.subscriptions.get( + subscription_id, subscription_id + ) for alert_rule in activity_log_alerts: if check_alert_rule( alert_rule, "Microsoft.Sql/servers/firewallRules/delete" @@ -18,19 +21,17 @@ class monitor_alert_delete_sqlserver_fr(Check): report = Check_Report_Azure( metadata=self.metadata(), resource=alert_rule ) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "PASS" - report.status_extended = f"There is an alert configured for deleting SQL Server firewall rule in subscription {subscription_name}." + report.status_extended = f"There is an alert configured for deleting SQL Server firewall rule in subscription {subscription_name} ({subscription_id})." break else: report = Check_Report_Azure(metadata=self.metadata(), resource={}) - report.subscription = subscription_name - report.resource_name = subscription_name - report.resource_id = ( - f"/subscriptions/{monitor_client.subscriptions[subscription_name]}" - ) + report.subscription = subscription_id + report.resource_name = subscription_id + report.resource_id = f"/subscriptions/{subscription_id}" report.status = "FAIL" - report.status_extended = f"There is not an alert for deleting SQL Server firewall rule in subscription {subscription_name}." + report.status_extended = f"There is not an alert for deleting SQL Server firewall rule in subscription {subscription_name} ({subscription_id})." findings.append(report) diff --git a/prowler/providers/azure/services/monitor/monitor_alert_service_health_exists/monitor_alert_service_health_exists.py b/prowler/providers/azure/services/monitor/monitor_alert_service_health_exists/monitor_alert_service_health_exists.py index 1a20efcdd3..8eea7dacb2 100644 --- a/prowler/providers/azure/services/monitor/monitor_alert_service_health_exists/monitor_alert_service_health_exists.py +++ b/prowler/providers/azure/services/monitor/monitor_alert_service_health_exists/monitor_alert_service_health_exists.py @@ -7,9 +7,12 @@ class monitor_alert_service_health_exists(Check): findings = [] for ( - subscription_name, + subscription_id, activity_log_alerts, ) in monitor_client.alert_rules.items(): + subscription_name = monitor_client.subscriptions.get( + subscription_id, subscription_id + ) for alert_rule in activity_log_alerts: # Check if alert rule is enabled and has required Service Health conditions if alert_rule.enabled: @@ -31,19 +34,17 @@ class monitor_alert_service_health_exists(Check): report = Check_Report_Azure( metadata=self.metadata(), resource=alert_rule ) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "PASS" - report.status_extended = f"There is an activity log alert for Service Health in subscription {subscription_name}." + report.status_extended = f"There is an activity log alert for Service Health in subscription {subscription_name} ({subscription_id})." break else: report = Check_Report_Azure(metadata=self.metadata(), resource={}) - report.subscription = subscription_name - report.resource_name = subscription_name - report.resource_id = ( - f"/subscriptions/{monitor_client.subscriptions[subscription_name]}" - ) + report.subscription = subscription_id + report.resource_name = subscription_id + report.resource_id = f"/subscriptions/{subscription_id}" report.status = "FAIL" - report.status_extended = f"There is no activity log alert for Service Health in subscription {subscription_name}." + report.status_extended = f"There is no activity log alert for Service Health in subscription {subscription_name} ({subscription_id})." findings.append(report) diff --git a/prowler/providers/azure/services/monitor/monitor_diagnostic_setting_with_appropriate_categories/monitor_diagnostic_setting_with_appropriate_categories.py b/prowler/providers/azure/services/monitor/monitor_diagnostic_setting_with_appropriate_categories/monitor_diagnostic_setting_with_appropriate_categories.py index 0e5ee3f3ec..f0bc2d2f38 100644 --- a/prowler/providers/azure/services/monitor/monitor_diagnostic_setting_with_appropriate_categories/monitor_diagnostic_setting_with_appropriate_categories.py +++ b/prowler/providers/azure/services/monitor/monitor_diagnostic_setting_with_appropriate_categories/monitor_diagnostic_setting_with_appropriate_categories.py @@ -7,9 +7,12 @@ class monitor_diagnostic_setting_with_appropriate_categories(Check): findings = [] for ( - subscription_name, + subscription_id, diagnostic_settings, ) in monitor_client.diagnostics_settings.items(): + subscription_name = monitor_client.subscriptions.get( + subscription_id, subscription_id + ) compliant_setting = None for diagnostic_setting in diagnostic_settings: @@ -41,18 +44,16 @@ class monitor_diagnostic_setting_with_appropriate_categories(Check): report = Check_Report_Azure( metadata=self.metadata(), resource=compliant_setting ) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "PASS" - report.status_extended = f"Diagnostic setting {compliant_setting.name} captures appropriate categories in subscription {subscription_name}." + report.status_extended = f"Diagnostic setting {compliant_setting.name} captures appropriate categories in subscription {subscription_name} ({subscription_id})." else: report = Check_Report_Azure(metadata=self.metadata(), resource={}) - report.subscription = subscription_name - report.resource_name = subscription_name - report.resource_id = ( - f"/subscriptions/{monitor_client.subscriptions[subscription_name]}" - ) + report.subscription = subscription_id + report.resource_name = subscription_id + report.resource_id = f"/subscriptions/{subscription_id}" report.status = "FAIL" - report.status_extended = f"No diagnostic setting captures all appropriate categories (Administrative, Security, Alert, Policy) in subscription {subscription_name}." + report.status_extended = f"No diagnostic setting captures all appropriate categories (Administrative, Security, Alert, Policy) in subscription {subscription_name} ({subscription_id})." findings.append(report) diff --git a/prowler/providers/azure/services/monitor/monitor_diagnostic_settings_exists/monitor_diagnostic_settings_exists.py b/prowler/providers/azure/services/monitor/monitor_diagnostic_settings_exists/monitor_diagnostic_settings_exists.py index c23e7a2af1..1dbe142a28 100644 --- a/prowler/providers/azure/services/monitor/monitor_diagnostic_settings_exists/monitor_diagnostic_settings_exists.py +++ b/prowler/providers/azure/services/monitor/monitor_diagnostic_settings_exists/monitor_diagnostic_settings_exists.py @@ -7,30 +7,29 @@ class monitor_diagnostic_settings_exists(Check): findings = [] for ( - subscription_name, + subscription_id, diagnostic_settings, ) in monitor_client.diagnostics_settings.items(): + subscription_name = monitor_client.subscriptions.get( + subscription_id, subscription_id + ) if diagnostic_settings: # At least one diagnostic setting exists - report on the first one diagnostic_setting = diagnostic_settings[0] report = Check_Report_Azure( metadata=self.metadata(), resource=diagnostic_setting ) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "PASS" - report.status_extended = f"Diagnostic setting {diagnostic_setting.name} found in subscription {subscription_name}." + report.status_extended = f"Diagnostic setting {diagnostic_setting.name} found in subscription {subscription_name} ({subscription_id})." else: # No diagnostic settings - report on subscription report = Check_Report_Azure(metadata=self.metadata(), resource={}) - report.subscription = subscription_name - report.resource_name = subscription_name - report.resource_id = ( - f"/subscriptions/{monitor_client.subscriptions[subscription_name]}" - ) + report.subscription = subscription_id + report.resource_name = subscription_id + report.resource_id = f"/subscriptions/{subscription_id}" report.status = "FAIL" - report.status_extended = ( - f"No diagnostic settings found in subscription {subscription_name}." - ) + report.status_extended = f"No diagnostic settings found in subscription {subscription_name} ({subscription_id})." findings.append(report) diff --git a/prowler/providers/azure/services/monitor/monitor_service.py b/prowler/providers/azure/services/monitor/monitor_service.py index 948b0cceec..07d41d58f2 100644 --- a/prowler/providers/azure/services/monitor/monitor_service.py +++ b/prowler/providers/azure/services/monitor/monitor_service.py @@ -23,13 +23,13 @@ class Monitor(AzureService): try: diagnostics_settings_list = self.diagnostic_settings_with_uri( subscription, - f"subscriptions/{self.subscriptions[subscription]}/", + f"subscriptions/{subscription}/", client, ) diagnostics_settings.update({subscription: diagnostics_settings_list}) except Exception as error: logger.error( - f"Subscription name: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return diagnostics_settings @@ -61,7 +61,7 @@ class Monitor(AzureService): ) except Exception as error: logger.error( - f"Subscription id: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return diagnostics_settings @@ -94,7 +94,7 @@ class Monitor(AzureService): ) except Exception as error: logger.error( - f"Subscription name: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return alert_rules diff --git a/prowler/providers/azure/services/monitor/monitor_storage_account_with_activity_logs_cmk_encrypted/monitor_storage_account_with_activity_logs_cmk_encrypted.py b/prowler/providers/azure/services/monitor/monitor_storage_account_with_activity_logs_cmk_encrypted/monitor_storage_account_with_activity_logs_cmk_encrypted.py index 2400fe2206..135fde0c64 100644 --- a/prowler/providers/azure/services/monitor/monitor_storage_account_with_activity_logs_cmk_encrypted/monitor_storage_account_with_activity_logs_cmk_encrypted.py +++ b/prowler/providers/azure/services/monitor/monitor_storage_account_with_activity_logs_cmk_encrypted/monitor_storage_account_with_activity_logs_cmk_encrypted.py @@ -8,24 +8,25 @@ class monitor_storage_account_with_activity_logs_cmk_encrypted(Check): findings = [] for ( - subscription_name, + subscription_id, diagnostic_settings, ) in monitor_client.diagnostics_settings.items(): + subscription_name = monitor_client.subscriptions.get( + subscription_id, subscription_id + ) for diagnostic_setting in diagnostic_settings: - for storage_account in storage_client.storage_accounts[ - subscription_name - ]: + for storage_account in storage_client.storage_accounts[subscription_id]: if storage_account.name == diagnostic_setting.storage_account_name: report = Check_Report_Azure( metadata=self.metadata(), resource=storage_account ) - report.subscription = subscription_name + report.subscription = subscription_id if storage_account.encryption_type == "Microsoft.Storage": report.status = "FAIL" - report.status_extended = f"Storage account {storage_account.name} storing activity log in subscription {subscription_name} is not encrypted with Customer Managed Key." + report.status_extended = f"Storage account {storage_account.name} storing activity log in subscription {subscription_name} ({subscription_id}) is not encrypted with Customer Managed Key." else: report.status = "PASS" - report.status_extended = f"Storage account {storage_account.name} storing activity log in subscription {subscription_name} is encrypted with Customer Managed Key or not necessary." + report.status_extended = f"Storage account {storage_account.name} storing activity log in subscription {subscription_name} ({subscription_id}) is encrypted with Customer Managed Key or not necessary." findings.append(report) diff --git a/prowler/providers/azure/services/monitor/monitor_storage_account_with_activity_logs_is_private/monitor_storage_account_with_activity_logs_is_private.py b/prowler/providers/azure/services/monitor/monitor_storage_account_with_activity_logs_is_private/monitor_storage_account_with_activity_logs_is_private.py index 0fc6b71768..6008f7d909 100644 --- a/prowler/providers/azure/services/monitor/monitor_storage_account_with_activity_logs_is_private/monitor_storage_account_with_activity_logs_is_private.py +++ b/prowler/providers/azure/services/monitor/monitor_storage_account_with_activity_logs_is_private/monitor_storage_account_with_activity_logs_is_private.py @@ -8,24 +8,25 @@ class monitor_storage_account_with_activity_logs_is_private(Check): findings = [] for ( - subscription_name, + subscription_id, diagnostic_settings, ) in monitor_client.diagnostics_settings.items(): + subscription_name = monitor_client.subscriptions.get( + subscription_id, subscription_id + ) for diagnostic_setting in diagnostic_settings: - for storage_account in storage_client.storage_accounts[ - subscription_name - ]: + for storage_account in storage_client.storage_accounts[subscription_id]: if storage_account.name == diagnostic_setting.storage_account_name: report = Check_Report_Azure( metadata=self.metadata(), resource=storage_account ) - report.subscription = subscription_name + report.subscription = subscription_id if storage_account.allow_blob_public_access: report.status = "FAIL" - report.status_extended = f"Blob public access enabled in storage account {storage_account.name} storing activity logs in subscription {subscription_name}." + report.status_extended = f"Blob public access enabled in storage account {storage_account.name} storing activity logs in subscription {subscription_name} ({subscription_id})." else: report.status = "PASS" - report.status_extended = f"Blob public access disabled in storage account {storage_account.name} storing activity logs in subscription {subscription_name}." + report.status_extended = f"Blob public access disabled in storage account {storage_account.name} storing activity logs in subscription {subscription_name} ({subscription_id})." findings.append(report) diff --git a/prowler/providers/azure/services/mysql/mysql_flexible_server_audit_log_connection_activated/mysql_flexible_server_audit_log_connection_activated.py b/prowler/providers/azure/services/mysql/mysql_flexible_server_audit_log_connection_activated/mysql_flexible_server_audit_log_connection_activated.py index 5071da4b20..d29a2e0879 100644 --- a/prowler/providers/azure/services/mysql/mysql_flexible_server_audit_log_connection_activated/mysql_flexible_server_audit_log_connection_activated.py +++ b/prowler/providers/azure/services/mysql/mysql_flexible_server_audit_log_connection_activated/mysql_flexible_server_audit_log_connection_activated.py @@ -7,14 +7,17 @@ class mysql_flexible_server_audit_log_connection_activated(Check): findings = [] for ( - subscription_name, + subscription_id, servers, ) in mysql_client.flexible_servers.items(): + subscription_name = mysql_client.subscriptions.get( + subscription_id, subscription_id + ) for server in servers.values(): report = Check_Report_Azure(metadata=self.metadata(), resource=server) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "FAIL" - report.status_extended = f"Audit log is disabled for server {server.name} in subscription {subscription_name}." + report.status_extended = f"Audit log is disabled for server {server.name} in subscription {subscription_name} ({subscription_id})." if "audit_log_events" in server.configurations: report.resource_id = server.configurations[ @@ -25,7 +28,7 @@ class mysql_flexible_server_audit_log_connection_activated(Check): "audit_log_events" ].value.lower().split(","): report.status = "PASS" - report.status_extended = f"Audit log is enabled for server {server.name} in subscription {subscription_name}." + report.status_extended = f"Audit log is enabled for server {server.name} in subscription {subscription_name} ({subscription_id})." findings.append(report) diff --git a/prowler/providers/azure/services/mysql/mysql_flexible_server_audit_log_enabled/mysql_flexible_server_audit_log_enabled.py b/prowler/providers/azure/services/mysql/mysql_flexible_server_audit_log_enabled/mysql_flexible_server_audit_log_enabled.py index 81918f7756..c7a33bae44 100644 --- a/prowler/providers/azure/services/mysql/mysql_flexible_server_audit_log_enabled/mysql_flexible_server_audit_log_enabled.py +++ b/prowler/providers/azure/services/mysql/mysql_flexible_server_audit_log_enabled/mysql_flexible_server_audit_log_enabled.py @@ -7,14 +7,17 @@ class mysql_flexible_server_audit_log_enabled(Check): findings = [] for ( - subscription_name, + subscription_id, servers, ) in mysql_client.flexible_servers.items(): + subscription_name = mysql_client.subscriptions.get( + subscription_id, subscription_id + ) for server in servers.values(): report = Check_Report_Azure(metadata=self.metadata(), resource=server) report.status = "FAIL" - report.subscription = subscription_name - report.status_extended = f"Audit log is disabled for server {server.name} in subscription {subscription_name}." + report.subscription = subscription_id + report.status_extended = f"Audit log is disabled for server {server.name} in subscription {subscription_name} ({subscription_id})." if "audit_log_enabled" in server.configurations: report.resource_id = server.configurations[ @@ -23,7 +26,7 @@ class mysql_flexible_server_audit_log_enabled(Check): if server.configurations["audit_log_enabled"].value.lower() == "on": report.status = "PASS" - report.status_extended = f"Audit log is enabled for server {server.name} in subscription {subscription_name}." + report.status_extended = f"Audit log is enabled for server {server.name} in subscription {subscription_name} ({subscription_id})." findings.append(report) diff --git a/prowler/providers/azure/services/mysql/mysql_flexible_server_minimum_tls_version_12/mysql_flexible_server_minimum_tls_version_12.py b/prowler/providers/azure/services/mysql/mysql_flexible_server_minimum_tls_version_12/mysql_flexible_server_minimum_tls_version_12.py index dbd12bd344..d9aa962c92 100644 --- a/prowler/providers/azure/services/mysql/mysql_flexible_server_minimum_tls_version_12/mysql_flexible_server_minimum_tls_version_12.py +++ b/prowler/providers/azure/services/mysql/mysql_flexible_server_minimum_tls_version_12/mysql_flexible_server_minimum_tls_version_12.py @@ -7,27 +7,30 @@ class mysql_flexible_server_minimum_tls_version_12(Check): findings = [] for ( - subscription_name, + subscription_id, servers, ) in mysql_client.flexible_servers.items(): + subscription_name = mysql_client.subscriptions.get( + subscription_id, subscription_id + ) for server in servers.values(): report = Check_Report_Azure(metadata=self.metadata(), resource=server) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "FAIL" - report.status_extended = f"TLS version is not configured in server {server.name} in subscription {subscription_name}." + report.status_extended = f"TLS version is not configured in server {server.name} in subscription {subscription_name} ({subscription_id})." if "tls_version" in server.configurations: report.resource_id = server.configurations[ "tls_version" ].resource_id report.status = "PASS" - report.status_extended = f"TLS version is {server.configurations['tls_version'].value} in server {server.name} in subscription {subscription_name}. This version of TLS is considered secure." + report.status_extended = f"TLS version is {server.configurations['tls_version'].value} in server {server.name} in subscription {subscription_name} ({subscription_id}). This version of TLS is considered secure." tls_aviable = server.configurations["tls_version"].value.split(",") if "TLSv1.0" in tls_aviable or "TLSv1.1" in tls_aviable: report.status = "FAIL" - report.status_extended = f"TLS version is {server.configurations['tls_version'].value} in server {server.name} in subscription {subscription_name}. There is at leat one version of TLS that is considered insecure." + report.status_extended = f"TLS version is {server.configurations['tls_version'].value} in server {server.name} in subscription {subscription_name} ({subscription_id}). There is at leat one version of TLS that is considered insecure." findings.append(report) diff --git a/prowler/providers/azure/services/mysql/mysql_flexible_server_ssl_connection_enabled/mysql_flexible_server_ssl_connection_enabled.py b/prowler/providers/azure/services/mysql/mysql_flexible_server_ssl_connection_enabled/mysql_flexible_server_ssl_connection_enabled.py index 79930de947..03a32736e3 100644 --- a/prowler/providers/azure/services/mysql/mysql_flexible_server_ssl_connection_enabled/mysql_flexible_server_ssl_connection_enabled.py +++ b/prowler/providers/azure/services/mysql/mysql_flexible_server_ssl_connection_enabled/mysql_flexible_server_ssl_connection_enabled.py @@ -7,14 +7,17 @@ class mysql_flexible_server_ssl_connection_enabled(Check): findings = [] for ( - subscription_name, + subscription_id, servers, ) in mysql_client.flexible_servers.items(): + subscription_name = mysql_client.subscriptions.get( + subscription_id, subscription_id + ) for server in servers.values(): report = Check_Report_Azure(metadata=self.metadata(), resource=server) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "FAIL" - report.status_extended = f"SSL connection is disabled for server {server.name} in subscription {subscription_name}." + report.status_extended = f"SSL connection is disabled for server {server.name} in subscription {subscription_name} ({subscription_id})." if "require_secure_transport" in server.configurations: report.resource_id = server.configurations[ @@ -25,7 +28,7 @@ class mysql_flexible_server_ssl_connection_enabled(Check): == "on" ): report.status = "PASS" - report.status_extended = f"SSL connection is enabled for server {server.name} in subscription {subscription_name}." + report.status_extended = f"SSL connection is enabled for server {server.name} in subscription {subscription_name} ({subscription_id})." findings.append(report) diff --git a/prowler/providers/azure/services/mysql/mysql_service.py b/prowler/providers/azure/services/mysql/mysql_service.py index d2f152a492..565e14da01 100644 --- a/prowler/providers/azure/services/mysql/mysql_service.py +++ b/prowler/providers/azure/services/mysql/mysql_service.py @@ -16,12 +16,12 @@ class MySQL(AzureService): def _get_flexible_servers(self): logger.info("MySQL - Getting servers...") servers = {} - for subscription_name, client in self.clients.items(): + for subscription_id, client in self.clients.items(): try: servers_list = client.servers.list() - servers.update({subscription_name: {}}) + servers.update({subscription_id: {}}) for server in servers_list: - servers[subscription_name].update( + servers[subscription_id].update( { server.id: FlexibleServer( resource_id=server.id, @@ -36,7 +36,7 @@ class MySQL(AzureService): ) except Exception as error: logger.error( - f"Subscription name: {subscription_name} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription_id} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return servers diff --git a/prowler/providers/azure/services/network/network_bastion_host_exists/network_bastion_host_exists.py b/prowler/providers/azure/services/network/network_bastion_host_exists/network_bastion_host_exists.py index 85e815b3ab..1efc4bde99 100644 --- a/prowler/providers/azure/services/network/network_bastion_host_exists/network_bastion_host_exists.py +++ b/prowler/providers/azure/services/network/network_bastion_host_exists/network_bastion_host_exists.py @@ -6,17 +6,16 @@ class network_bastion_host_exists(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, bastion_hosts in network_client.bastion_hosts.items(): + subscription_name = network_client.subscriptions.get( + subscription, subscription + ) if not bastion_hosts: report = Check_Report_Azure(metadata=self.metadata(), resource={}) report.subscription = subscription report.resource_name = subscription - report.resource_id = ( - f"/subscriptions/{network_client.subscriptions[subscription]}" - ) + report.resource_id = f"/subscriptions/{subscription}" report.status = "FAIL" - report.status_extended = ( - f"Bastion Host from subscription {subscription} does not exist" - ) + report.status_extended = f"Bastion Host from subscription {subscription_name} ({subscription}) does not exist" findings.append(report) else: for bastion_host in bastion_hosts: @@ -25,7 +24,7 @@ class network_bastion_host_exists(Check): ) report.subscription = subscription report.status = "PASS" - report.status_extended = f"Bastion Host {bastion_host.name} exists in subscription {subscription}." + report.status_extended = f"Bastion Host {bastion_host.name} exists in subscription {subscription_name} ({subscription})." findings.append(report) return findings diff --git a/prowler/providers/azure/services/network/network_flow_log_captured_sent/network_flow_log_captured_sent.py b/prowler/providers/azure/services/network/network_flow_log_captured_sent/network_flow_log_captured_sent.py index 7200779202..832fa105c3 100644 --- a/prowler/providers/azure/services/network/network_flow_log_captured_sent/network_flow_log_captured_sent.py +++ b/prowler/providers/azure/services/network/network_flow_log_captured_sent/network_flow_log_captured_sent.py @@ -6,6 +6,9 @@ class network_flow_log_captured_sent(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, network_watchers in network_client.network_watchers.items(): + subscription_name = network_client.subscriptions.get( + subscription, subscription + ) for network_watcher in network_watchers: report = Check_Report_Azure( metadata=self.metadata(), resource=network_watcher @@ -13,24 +16,24 @@ class network_flow_log_captured_sent(Check): report.subscription = subscription if network_watcher.flow_logs: report.status = "PASS" - report.status_extended = f"Network Watcher {network_watcher.name} from subscription {subscription} has flow logs that are captured and sent to Log Analytics workspace" + report.status_extended = f"Network Watcher {network_watcher.name} from subscription {subscription_name} ({subscription}) has flow logs that are captured and sent to Log Analytics workspace" has_failed = False for flow_log in network_watcher.flow_logs: if not has_failed: if not flow_log.enabled: report.status = "FAIL" - report.status_extended = f"Network Watcher {network_watcher.name} from subscription {subscription} has flow logs disabled" + report.status_extended = f"Network Watcher {network_watcher.name} from subscription {subscription_name} ({subscription}) has flow logs disabled" has_failed = True elif not ( flow_log.traffic_analytics_enabled and flow_log.workspace_resource_id ): report.status = "FAIL" - report.status_extended = f"Network Watcher {network_watcher.name} from subscription {subscription} has enabled flow logs that are not configured to send traffic analytics to a Log Analytics workspace" + report.status_extended = f"Network Watcher {network_watcher.name} from subscription {subscription_name} ({subscription}) has enabled flow logs that are not configured to send traffic analytics to a Log Analytics workspace" has_failed = True else: report.status = "FAIL" - report.status_extended = f"Network Watcher {network_watcher.name} from subscription {subscription} has no flow logs" + report.status_extended = f"Network Watcher {network_watcher.name} from subscription {subscription_name} ({subscription}) has no flow logs" findings.append(report) diff --git a/prowler/providers/azure/services/network/network_flow_log_more_than_90_days/network_flow_log_more_than_90_days.py b/prowler/providers/azure/services/network/network_flow_log_more_than_90_days/network_flow_log_more_than_90_days.py index 69d17b5e0a..5030e35211 100644 --- a/prowler/providers/azure/services/network/network_flow_log_more_than_90_days/network_flow_log_more_than_90_days.py +++ b/prowler/providers/azure/services/network/network_flow_log_more_than_90_days/network_flow_log_more_than_90_days.py @@ -6,6 +6,9 @@ class network_flow_log_more_than_90_days(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, network_watchers in network_client.network_watchers.items(): + subscription_name = network_client.subscriptions.get( + subscription, subscription + ) for network_watcher in network_watchers: report = Check_Report_Azure( metadata=self.metadata(), resource=network_watcher @@ -13,24 +16,24 @@ class network_flow_log_more_than_90_days(Check): report.subscription = subscription if network_watcher.flow_logs: report.status = "PASS" - report.status_extended = f"Network Watcher {network_watcher.name} from subscription {subscription} has flow logs enabled for more than 90 days" + report.status_extended = f"Network Watcher {network_watcher.name} from subscription {subscription_name} ({subscription}) has flow logs enabled for more than 90 days" has_failed = False for flow_log in network_watcher.flow_logs: if not has_failed: if not flow_log.enabled: report.status = "FAIL" - report.status_extended = f"Network Watcher {network_watcher.name} from subscription {subscription} has flow logs disabled" + report.status_extended = f"Network Watcher {network_watcher.name} from subscription {subscription_name} ({subscription}) has flow logs disabled" has_failed = True elif ( flow_log.retention_policy.days < 90 and flow_log.retention_policy.days != 0 ) and not has_failed: report.status = "FAIL" - report.status_extended = f"Network Watcher {network_watcher.name} from subscription {subscription} flow logs retention policy is less than 90 days" + report.status_extended = f"Network Watcher {network_watcher.name} from subscription {subscription_name} ({subscription}) flow logs retention policy is less than 90 days" has_failed = True else: report.status = "FAIL" - report.status_extended = f"Network Watcher {network_watcher.name} from subscription {subscription} has no flow logs" + report.status_extended = f"Network Watcher {network_watcher.name} from subscription {subscription_name} ({subscription}) has no flow logs" findings.append(report) return findings diff --git a/prowler/providers/azure/services/network/network_http_internet_access_restricted/network_http_internet_access_restricted.py b/prowler/providers/azure/services/network/network_http_internet_access_restricted/network_http_internet_access_restricted.py index 61f018bae4..1539c3534f 100644 --- a/prowler/providers/azure/services/network/network_http_internet_access_restricted/network_http_internet_access_restricted.py +++ b/prowler/providers/azure/services/network/network_http_internet_access_restricted/network_http_internet_access_restricted.py @@ -6,13 +6,16 @@ class network_http_internet_access_restricted(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, security_groups in network_client.security_groups.items(): + subscription_name = network_client.subscriptions.get( + subscription, subscription + ) for security_group in security_groups: report = Check_Report_Azure( metadata=self.metadata(), resource=security_group ) report.subscription = subscription report.status = "PASS" - report.status_extended = f"Security Group {security_group.name} from subscription {subscription} has HTTP internet access restricted." + report.status_extended = f"Security Group {security_group.name} from subscription {subscription_name} ({subscription}) has HTTP internet access restricted." rule_fail_condition = any( ( rule.destination_port_range == "80" @@ -33,7 +36,7 @@ class network_http_internet_access_restricted(Check): ) if rule_fail_condition: report.status = "FAIL" - report.status_extended = f"Security Group {security_group.name} from subscription {subscription} has HTTP internet access allowed." + report.status_extended = f"Security Group {security_group.name} from subscription {subscription_name} ({subscription}) has HTTP internet access allowed." findings.append(report) return findings diff --git a/prowler/providers/azure/services/network/network_public_ip_shodan/network_public_ip_shodan.py b/prowler/providers/azure/services/network/network_public_ip_shodan/network_public_ip_shodan.py index 83340768eb..98b32a0c3b 100644 --- a/prowler/providers/azure/services/network/network_public_ip_shodan/network_public_ip_shodan.py +++ b/prowler/providers/azure/services/network/network_public_ip_shodan/network_public_ip_shodan.py @@ -12,20 +12,21 @@ class network_public_ip_shodan(Check): if shodan_api_key: api = shodan.Shodan(shodan_api_key) for subscription, public_ips in network_client.public_ip_addresses.items(): + subscription_name = network_client.subscriptions.get( + subscription, subscription + ) for ip in public_ips: report = Check_Report_Azure(metadata=self.metadata(), resource=ip) report.subscription = subscription try: shodan_info = api.host(ip.ip_address) report.status = "FAIL" - report.status_extended = f"Public IP {ip.ip_address} listed in Shodan with open ports {str(shodan_info['ports'])} and ISP {shodan_info['isp']} in {shodan_info['country_name']}. More info at https://www.shodan.io/host/{ip.ip_address}." + report.status_extended = f"Public IP {ip.ip_address} from subscription {subscription_name} ({subscription}) listed in Shodan with open ports {str(shodan_info['ports'])} and ISP {shodan_info['isp']} in {shodan_info['country_name']}. More info at https://www.shodan.io/host/{ip.ip_address}." findings.append(report) except shodan.APIError as error: if "No information available for that IP" in error.value: report.status = "PASS" - report.status_extended = ( - f"Public IP {ip.ip_address} is not listed in Shodan." - ) + report.status_extended = f"Public IP {ip.ip_address} from subscription {subscription_name} ({subscription}) is not listed in Shodan." findings.append(report) continue else: diff --git a/prowler/providers/azure/services/network/network_rdp_internet_access_restricted/network_rdp_internet_access_restricted.py b/prowler/providers/azure/services/network/network_rdp_internet_access_restricted/network_rdp_internet_access_restricted.py index 7d08678d27..2b321ed0c8 100644 --- a/prowler/providers/azure/services/network/network_rdp_internet_access_restricted/network_rdp_internet_access_restricted.py +++ b/prowler/providers/azure/services/network/network_rdp_internet_access_restricted/network_rdp_internet_access_restricted.py @@ -6,13 +6,16 @@ class network_rdp_internet_access_restricted(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, security_groups in network_client.security_groups.items(): + subscription_name = network_client.subscriptions.get( + subscription, subscription + ) for security_group in security_groups: report = Check_Report_Azure( metadata=self.metadata(), resource=security_group ) report.subscription = subscription report.status = "PASS" - report.status_extended = f"Security Group {security_group.name} from subscription {subscription} has RDP internet access restricted." + report.status_extended = f"Security Group {security_group.name} from subscription {subscription_name} ({subscription}) has RDP internet access restricted." rule_fail_condition = any( ( rule.destination_port_range == "3389" @@ -33,7 +36,7 @@ class network_rdp_internet_access_restricted(Check): ) if rule_fail_condition: report.status = "FAIL" - report.status_extended = f"Security Group {security_group.name} from subscription {subscription} has RDP internet access allowed." + report.status_extended = f"Security Group {security_group.name} from subscription {subscription_name} ({subscription}) has RDP internet access allowed." findings.append(report) return findings diff --git a/prowler/providers/azure/services/network/network_service.py b/prowler/providers/azure/services/network/network_service.py index fdbb32f088..0eb6144534 100644 --- a/prowler/providers/azure/services/network/network_service.py +++ b/prowler/providers/azure/services/network/network_service.py @@ -54,7 +54,7 @@ class Network(AzureService): except Exception as error: logger.error( - f"Subscription name: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return security_groups @@ -130,7 +130,7 @@ class Network(AzureService): except Exception as error: logger.error( - f"Subscription name: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return network_watchers @@ -149,12 +149,12 @@ class Network(AzureService): return flow_logs except ResourceNotFoundError as error: logger.warning( - f"Subscription name: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return [] except Exception as error: logger.error( - f"Subscription name: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return [] @@ -176,7 +176,7 @@ class Network(AzureService): except Exception as error: logger.error( - f"Subscription name: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return bastion_hosts @@ -199,7 +199,7 @@ class Network(AzureService): except Exception as error: logger.error( - f"Subscription name: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return public_ip_addresses diff --git a/prowler/providers/azure/services/network/network_ssh_internet_access_restricted/network_ssh_internet_access_restricted.py b/prowler/providers/azure/services/network/network_ssh_internet_access_restricted/network_ssh_internet_access_restricted.py index e4207194e1..f6ad26b9ef 100644 --- a/prowler/providers/azure/services/network/network_ssh_internet_access_restricted/network_ssh_internet_access_restricted.py +++ b/prowler/providers/azure/services/network/network_ssh_internet_access_restricted/network_ssh_internet_access_restricted.py @@ -6,13 +6,16 @@ class network_ssh_internet_access_restricted(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, security_groups in network_client.security_groups.items(): + subscription_name = network_client.subscriptions.get( + subscription, subscription + ) for security_group in security_groups: report = Check_Report_Azure( metadata=self.metadata(), resource=security_group ) report.subscription = subscription report.status = "PASS" - report.status_extended = f"Security Group {security_group.name} from subscription {subscription} has SSH internet access restricted." + report.status_extended = f"Security Group {security_group.name} from subscription {subscription_name} ({subscription}) has SSH internet access restricted." rule_fail_condition = any( ( rule.destination_port_range == "22" @@ -33,7 +36,7 @@ class network_ssh_internet_access_restricted(Check): ) if rule_fail_condition: report.status = "FAIL" - report.status_extended = f"Security Group {security_group.name} from subscription {subscription} has SSH internet access allowed." + report.status_extended = f"Security Group {security_group.name} from subscription {subscription_name} ({subscription}) has SSH internet access allowed." findings.append(report) return findings diff --git a/prowler/providers/azure/services/network/network_udp_internet_access_restricted/network_udp_internet_access_restricted.py b/prowler/providers/azure/services/network/network_udp_internet_access_restricted/network_udp_internet_access_restricted.py index ebd5fc7d50..94e177eb24 100644 --- a/prowler/providers/azure/services/network/network_udp_internet_access_restricted/network_udp_internet_access_restricted.py +++ b/prowler/providers/azure/services/network/network_udp_internet_access_restricted/network_udp_internet_access_restricted.py @@ -6,13 +6,16 @@ class network_udp_internet_access_restricted(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, security_groups in network_client.security_groups.items(): + subscription_name = network_client.subscriptions.get( + subscription, subscription + ) for security_group in security_groups: report = Check_Report_Azure( metadata=self.metadata(), resource=security_group ) report.subscription = subscription report.status = "PASS" - report.status_extended = f"Security Group {security_group.name} from subscription {subscription} has UDP internet access restricted." + report.status_extended = f"Security Group {security_group.name} from subscription {subscription_name} ({subscription}) has UDP internet access restricted." rule_fail_condition = any( ( rule.protocol in ["UDP", "Udp"] @@ -28,7 +31,7 @@ class network_udp_internet_access_restricted(Check): ) if rule_fail_condition: report.status = "FAIL" - report.status_extended = f"Security Group {security_group.name} from subscription {subscription} has UDP internet access allowed." + report.status_extended = f"Security Group {security_group.name} from subscription {subscription_name} ({subscription}) has UDP internet access allowed." findings.append(report) return findings diff --git a/prowler/providers/azure/services/network/network_watcher_enabled/network_watcher_enabled.py b/prowler/providers/azure/services/network/network_watcher_enabled/network_watcher_enabled.py index 5235ac0d73..b2a19f2bca 100644 --- a/prowler/providers/azure/services/network/network_watcher_enabled/network_watcher_enabled.py +++ b/prowler/providers/azure/services/network/network_watcher_enabled/network_watcher_enabled.py @@ -6,6 +6,9 @@ class network_watcher_enabled(Check): def execute(self) -> list[Check_Report_Azure]: findings = [] for subscription, network_watchers in network_client.network_watchers.items(): + subscription_name = network_client.subscriptions.get( + subscription, subscription + ) missing_locations = set(network_client.locations[subscription]) - set( network_watcher.location for network_watcher in network_watchers ) @@ -15,12 +18,10 @@ class network_watcher_enabled(Check): report = Check_Report_Azure(metadata=self.metadata(), resource={}) report.subscription = subscription report.resource_name = subscription - report.resource_id = ( - f"/subscriptions/{network_client.subscriptions[subscription]}" - ) + report.resource_id = f"/subscriptions/{subscription}" report.location = "global" report.status = "FAIL" - report.status_extended = f"Network Watcher is not enabled for the following locations in subscription '{subscription}': {', '.join(missing_locations)}." + report.status_extended = f"Network Watcher is not enabled for the following locations in subscription '{subscription_name} ({subscription})': {', '.join(missing_locations)}." findings.append(report) else: # Report each network watcher that exists @@ -30,7 +31,7 @@ class network_watcher_enabled(Check): ) report.subscription = subscription report.status = "PASS" - report.status_extended = f"Network Watcher {network_watcher.name} is enabled in location {network_watcher.location} in subscription '{subscription}'." + report.status_extended = f"Network Watcher {network_watcher.name} is enabled in location {network_watcher.location} in subscription '{subscription_name} ({subscription})'." findings.append(report) return findings diff --git a/prowler/providers/azure/services/policy/policy_ensure_asc_enforcement_enabled/policy_ensure_asc_enforcement_enabled.py b/prowler/providers/azure/services/policy/policy_ensure_asc_enforcement_enabled/policy_ensure_asc_enforcement_enabled.py index ba9ccf1eea..4c36663a1f 100644 --- a/prowler/providers/azure/services/policy/policy_ensure_asc_enforcement_enabled/policy_ensure_asc_enforcement_enabled.py +++ b/prowler/providers/azure/services/policy/policy_ensure_asc_enforcement_enabled/policy_ensure_asc_enforcement_enabled.py @@ -6,18 +6,21 @@ class policy_ensure_asc_enforcement_enabled(Check): def execute(self) -> Check_Report_Azure: findings = [] - for subscription_name, policies in policy_client.policy_assigments.items(): + for subscription_id, policies in policy_client.policy_assigments.items(): + subscription_name = policy_client.subscriptions.get( + subscription_id, subscription_id + ) if "SecurityCenterBuiltIn" in policies: report = Check_Report_Azure( metadata=self.metadata(), resource=policies["SecurityCenterBuiltIn"], ) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "PASS" - report.status_extended = f"Policy assigment '{policies['SecurityCenterBuiltIn'].id}' is configured with enforcement mode '{policies['SecurityCenterBuiltIn'].enforcement_mode}'." + report.status_extended = f"Policy assigment '{policies['SecurityCenterBuiltIn'].id}' from subscription {subscription_name} ({subscription_id}) is configured with enforcement mode '{policies['SecurityCenterBuiltIn'].enforcement_mode}'." if policies["SecurityCenterBuiltIn"].enforcement_mode != "Default": report.status = "FAIL" - report.status_extended = f"Policy assigment '{policies['SecurityCenterBuiltIn'].id}' is not configured with enforcement mode Default." + report.status_extended = f"Policy assigment '{policies['SecurityCenterBuiltIn'].id}' from subscription {subscription_name} ({subscription_id}) is not configured with enforcement mode Default." findings.append(report) diff --git a/prowler/providers/azure/services/policy/policy_service.py b/prowler/providers/azure/services/policy/policy_service.py index c7950f6d17..1d1381202f 100644 --- a/prowler/providers/azure/services/policy/policy_service.py +++ b/prowler/providers/azure/services/policy/policy_service.py @@ -16,13 +16,13 @@ class Policy(AzureService): logger.info("Policy - Getting policy assigments...") policy_assigments = {} - for subscription_name, client in self.clients.items(): + for subscription_id, client in self.clients.items(): try: policy_assigments_list = client.policy_assignments.list() - policy_assigments.update({subscription_name: {}}) + policy_assigments.update({subscription_id: {}}) for policy_assigment in policy_assigments_list: - policy_assigments[subscription_name].update( + policy_assigments[subscription_id].update( { policy_assigment.name: PolicyAssigment( id=policy_assigment.id, @@ -33,7 +33,7 @@ class Policy(AzureService): ) except Exception as error: logger.error( - f"Subscription name: {subscription_name} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription_id} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return policy_assigments diff --git a/prowler/providers/azure/services/postgresql/postgresql_flexible_server_allow_access_services_disabled/postgresql_flexible_server_allow_access_services_disabled.py b/prowler/providers/azure/services/postgresql/postgresql_flexible_server_allow_access_services_disabled/postgresql_flexible_server_allow_access_services_disabled.py index fc78091b5b..0015b959f2 100644 --- a/prowler/providers/azure/services/postgresql/postgresql_flexible_server_allow_access_services_disabled/postgresql_flexible_server_allow_access_services_disabled.py +++ b/prowler/providers/azure/services/postgresql/postgresql_flexible_server_allow_access_services_disabled/postgresql_flexible_server_allow_access_services_disabled.py @@ -11,17 +11,20 @@ class postgresql_flexible_server_allow_access_services_disabled(Check): subscription, flexible_servers, ) in postgresql_client.flexible_servers.items(): + subscription_name = postgresql_client.subscriptions.get( + subscription, subscription + ) for server in flexible_servers: report = Check_Report_Azure(metadata=self.metadata(), resource=server) report.subscription = subscription report.status = "FAIL" - report.status_extended = f"Flexible Postgresql server {server.name} from subscription {subscription} has allow public access from any Azure service enabled" + report.status_extended = f"Flexible Postgresql server {server.name} from subscription {subscription_name} ({subscription}) has allow public access from any Azure service enabled" if not any( rule.start_ip == "0.0.0.0" and rule.end_ip == "0.0.0.0" for rule in server.firewall ): report.status = "PASS" - report.status_extended = f"Flexible Postgresql server {server.name} from subscription {subscription} has allow public access from any Azure service disabled" + report.status_extended = f"Flexible Postgresql server {server.name} from subscription {subscription_name} ({subscription}) has allow public access from any Azure service disabled" findings.append(report) return findings diff --git a/prowler/providers/azure/services/postgresql/postgresql_flexible_server_connection_throttling_on/postgresql_flexible_server_connection_throttling_on.py b/prowler/providers/azure/services/postgresql/postgresql_flexible_server_connection_throttling_on/postgresql_flexible_server_connection_throttling_on.py index a395f605b8..763317d405 100644 --- a/prowler/providers/azure/services/postgresql/postgresql_flexible_server_connection_throttling_on/postgresql_flexible_server_connection_throttling_on.py +++ b/prowler/providers/azure/services/postgresql/postgresql_flexible_server_connection_throttling_on/postgresql_flexible_server_connection_throttling_on.py @@ -11,14 +11,17 @@ class postgresql_flexible_server_connection_throttling_on(Check): subscription, flexible_servers, ) in postgresql_client.flexible_servers.items(): + subscription_name = postgresql_client.subscriptions.get( + subscription, subscription + ) for server in flexible_servers: report = Check_Report_Azure(metadata=self.metadata(), resource=server) report.subscription = subscription report.status = "FAIL" - report.status_extended = f"Flexible Postgresql server {server.name} from subscription {subscription} has connection_throttling disabled" + report.status_extended = f"Flexible Postgresql server {server.name} from subscription {subscription_name} ({subscription}) has connection_throttling disabled" if server.connection_throttling == "ON": report.status = "PASS" - report.status_extended = f"Flexible Postgresql server {server.name} from subscription {subscription} has connection_throttling enabled" + report.status_extended = f"Flexible Postgresql server {server.name} from subscription {subscription_name} ({subscription}) has connection_throttling enabled" findings.append(report) return findings diff --git a/prowler/providers/azure/services/postgresql/postgresql_flexible_server_enforce_ssl_enabled/postgresql_flexible_server_enforce_ssl_enabled.py b/prowler/providers/azure/services/postgresql/postgresql_flexible_server_enforce_ssl_enabled/postgresql_flexible_server_enforce_ssl_enabled.py index 35952cd9a0..b5fa583699 100644 --- a/prowler/providers/azure/services/postgresql/postgresql_flexible_server_enforce_ssl_enabled/postgresql_flexible_server_enforce_ssl_enabled.py +++ b/prowler/providers/azure/services/postgresql/postgresql_flexible_server_enforce_ssl_enabled/postgresql_flexible_server_enforce_ssl_enabled.py @@ -11,14 +11,17 @@ class postgresql_flexible_server_enforce_ssl_enabled(Check): subscription, flexible_servers, ) in postgresql_client.flexible_servers.items(): + subscription_name = postgresql_client.subscriptions.get( + subscription, subscription + ) for server in flexible_servers: report = Check_Report_Azure(metadata=self.metadata(), resource=server) report.subscription = subscription report.status = "FAIL" - report.status_extended = f"Flexible Postgresql server {server.name} from subscription {subscription} has enforce ssl disabled" + report.status_extended = f"Flexible Postgresql server {server.name} from subscription {subscription_name} ({subscription}) has enforce ssl disabled" if server.require_secure_transport == "ON": report.status = "PASS" - report.status_extended = f"Flexible Postgresql server {server.name} from subscription {subscription} has enforce ssl enabled" + report.status_extended = f"Flexible Postgresql server {server.name} from subscription {subscription_name} ({subscription}) has enforce ssl enabled" findings.append(report) return findings diff --git a/prowler/providers/azure/services/postgresql/postgresql_flexible_server_entra_id_authentication_enabled/postgresql_flexible_server_entra_id_authentication_enabled.py b/prowler/providers/azure/services/postgresql/postgresql_flexible_server_entra_id_authentication_enabled/postgresql_flexible_server_entra_id_authentication_enabled.py index c87df50bfa..15aa6b2225 100644 --- a/prowler/providers/azure/services/postgresql/postgresql_flexible_server_entra_id_authentication_enabled/postgresql_flexible_server_entra_id_authentication_enabled.py +++ b/prowler/providers/azure/services/postgresql/postgresql_flexible_server_entra_id_authentication_enabled/postgresql_flexible_server_entra_id_authentication_enabled.py @@ -11,6 +11,9 @@ class postgresql_flexible_server_entra_id_authentication_enabled(Check): subscription, flexible_servers, ) in postgresql_client.flexible_servers.items(): + subscription_name = postgresql_client.subscriptions.get( + subscription, subscription + ) for server in flexible_servers: report = Check_Report_Azure(metadata=self.metadata(), resource=server) report.subscription = subscription @@ -23,7 +26,7 @@ class postgresql_flexible_server_entra_id_authentication_enabled(Check): not server.active_directory_auth or server.active_directory_auth != "ENABLED" ): - report.status_extended = f"Flexible Postgresql server {server.name} from subscription {subscription} has Microsoft Entra ID authentication disabled" + report.status_extended = f"Flexible Postgresql server {server.name} from subscription {subscription_name} ({subscription}) has Microsoft Entra ID authentication disabled" else: # Authentication is enabled, now check for admins admin_count = ( @@ -31,13 +34,13 @@ class postgresql_flexible_server_entra_id_authentication_enabled(Check): ) if admin_count == 0: - report.status_extended = f"Flexible Postgresql server {server.name} from subscription {subscription} has Microsoft Entra ID authentication enabled but no Entra ID administrators configured" + report.status_extended = f"Flexible Postgresql server {server.name} from subscription {subscription_name} ({subscription}) has Microsoft Entra ID authentication enabled but no Entra ID administrators configured" else: report.status = "PASS" admin_text = ( "administrator" if admin_count == 1 else "administrators" ) - report.status_extended = f"Flexible Postgresql server {server.name} from subscription {subscription} has Microsoft Entra ID authentication enabled with {admin_count} {admin_text} configured" + report.status_extended = f"Flexible Postgresql server {server.name} from subscription {subscription_name} ({subscription}) has Microsoft Entra ID authentication enabled with {admin_count} {admin_text} configured" findings.append(report) return findings diff --git a/prowler/providers/azure/services/postgresql/postgresql_flexible_server_log_checkpoints_on/postgresql_flexible_server_log_checkpoints_on.py b/prowler/providers/azure/services/postgresql/postgresql_flexible_server_log_checkpoints_on/postgresql_flexible_server_log_checkpoints_on.py index 4ff3b90e77..f04f20cb69 100644 --- a/prowler/providers/azure/services/postgresql/postgresql_flexible_server_log_checkpoints_on/postgresql_flexible_server_log_checkpoints_on.py +++ b/prowler/providers/azure/services/postgresql/postgresql_flexible_server_log_checkpoints_on/postgresql_flexible_server_log_checkpoints_on.py @@ -11,14 +11,17 @@ class postgresql_flexible_server_log_checkpoints_on(Check): subscription, flexible_servers, ) in postgresql_client.flexible_servers.items(): + subscription_name = postgresql_client.subscriptions.get( + subscription, subscription + ) for server in flexible_servers: report = Check_Report_Azure(metadata=self.metadata(), resource=server) report.subscription = subscription report.status = "FAIL" - report.status_extended = f"Flexible Postgresql server {server.name} from subscription {subscription} has log_checkpoints disabled" + report.status_extended = f"Flexible Postgresql server {server.name} from subscription {subscription_name} ({subscription}) has log_checkpoints disabled" if server.log_checkpoints == "ON": report.status = "PASS" - report.status_extended = f"Flexible Postgresql server {server.name} from subscription {subscription} has log_checkpoints enabled" + report.status_extended = f"Flexible Postgresql server {server.name} from subscription {subscription_name} ({subscription}) has log_checkpoints enabled" findings.append(report) return findings diff --git a/prowler/providers/azure/services/postgresql/postgresql_flexible_server_log_connections_on/postgresql_flexible_server_log_connections_on.py b/prowler/providers/azure/services/postgresql/postgresql_flexible_server_log_connections_on/postgresql_flexible_server_log_connections_on.py index ee7bda8fd9..4d1f1a9749 100644 --- a/prowler/providers/azure/services/postgresql/postgresql_flexible_server_log_connections_on/postgresql_flexible_server_log_connections_on.py +++ b/prowler/providers/azure/services/postgresql/postgresql_flexible_server_log_connections_on/postgresql_flexible_server_log_connections_on.py @@ -11,14 +11,17 @@ class postgresql_flexible_server_log_connections_on(Check): subscription, flexible_servers, ) in postgresql_client.flexible_servers.items(): + subscription_name = postgresql_client.subscriptions.get( + subscription, subscription + ) for server in flexible_servers: report = Check_Report_Azure(metadata=self.metadata(), resource=server) report.subscription = subscription report.status = "FAIL" - report.status_extended = f"Flexible Postgresql server {server.name} from subscription {subscription} has log_connections disabled" + report.status_extended = f"Flexible Postgresql server {server.name} from subscription {subscription_name} ({subscription}) has log_connections disabled" if server.log_connections == "ON": report.status = "PASS" - report.status_extended = f"Flexible Postgresql server {server.name} from subscription {subscription} has log_connections enabled" + report.status_extended = f"Flexible Postgresql server {server.name} from subscription {subscription_name} ({subscription}) has log_connections enabled" findings.append(report) return findings diff --git a/prowler/providers/azure/services/postgresql/postgresql_flexible_server_log_disconnections_on/postgresql_flexible_server_log_disconnections_on.py b/prowler/providers/azure/services/postgresql/postgresql_flexible_server_log_disconnections_on/postgresql_flexible_server_log_disconnections_on.py index af18535948..aecb6f94a4 100644 --- a/prowler/providers/azure/services/postgresql/postgresql_flexible_server_log_disconnections_on/postgresql_flexible_server_log_disconnections_on.py +++ b/prowler/providers/azure/services/postgresql/postgresql_flexible_server_log_disconnections_on/postgresql_flexible_server_log_disconnections_on.py @@ -11,14 +11,17 @@ class postgresql_flexible_server_log_disconnections_on(Check): subscription, flexible_servers, ) in postgresql_client.flexible_servers.items(): + subscription_name = postgresql_client.subscriptions.get( + subscription, subscription + ) for server in flexible_servers: report = Check_Report_Azure(metadata=self.metadata(), resource=server) report.subscription = subscription report.status = "FAIL" - report.status_extended = f"Flexible Postgresql server {server.name} from subscription {subscription} has log_disconnections disabled" + report.status_extended = f"Flexible Postgresql server {server.name} from subscription {subscription_name} ({subscription}) has log_disconnections disabled" if server.log_disconnections == "ON": report.status = "PASS" - report.status_extended = f"Flexible Postgresql server {server.name} from subscription {subscription} has log_disconnections enabled" + report.status_extended = f"Flexible Postgresql server {server.name} from subscription {subscription_name} ({subscription}) has log_disconnections enabled" findings.append(report) return findings diff --git a/prowler/providers/azure/services/postgresql/postgresql_flexible_server_log_retention_days_greater_3/postgresql_flexible_server_log_retention_days_greater_3.py b/prowler/providers/azure/services/postgresql/postgresql_flexible_server_log_retention_days_greater_3/postgresql_flexible_server_log_retention_days_greater_3.py index f1cb0939c8..45a5a64e32 100644 --- a/prowler/providers/azure/services/postgresql/postgresql_flexible_server_log_retention_days_greater_3/postgresql_flexible_server_log_retention_days_greater_3.py +++ b/prowler/providers/azure/services/postgresql/postgresql_flexible_server_log_retention_days_greater_3/postgresql_flexible_server_log_retention_days_greater_3.py @@ -11,13 +11,16 @@ class postgresql_flexible_server_log_retention_days_greater_3(Check): subscription, flexible_servers, ) in postgresql_client.flexible_servers.items(): + subscription_name = postgresql_client.subscriptions.get( + subscription, subscription + ) for server in flexible_servers: report = Check_Report_Azure(metadata=self.metadata(), resource=server) report.subscription = subscription report.status = "FAIL" - report.status_extended = f"Flexible Postgresql server {server.name} from subscription {subscription} has log_retention disabled" + report.status_extended = f"Flexible Postgresql server {server.name} from subscription {subscription_name} ({subscription}) has log_retention disabled" if server.log_retention_days: - report.status_extended = f"Flexible Postgresql server {server.name} from subscription {subscription} has log_retention set to {server.log_retention_days}" + report.status_extended = f"Flexible Postgresql server {server.name} from subscription {subscription_name} ({subscription}) has log_retention set to {server.log_retention_days}" if ( int(server.log_retention_days) > 3 and int(server.log_retention_days) < 8 diff --git a/prowler/providers/azure/services/postgresql/postgresql_service.py b/prowler/providers/azure/services/postgresql/postgresql_service.py index ef9449081c..13081ad270 100644 --- a/prowler/providers/azure/services/postgresql/postgresql_service.py +++ b/prowler/providers/azure/services/postgresql/postgresql_service.py @@ -72,7 +72,7 @@ class PostgreSQL(AzureService): ) except Exception as error: logger.error( - f"Subscription name: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return flexible_servers diff --git a/prowler/providers/azure/services/recovery/recovery_service.py b/prowler/providers/azure/services/recovery/recovery_service.py index efc7630bf7..16b5bc3248 100644 --- a/prowler/providers/azure/services/recovery/recovery_service.py +++ b/prowler/providers/azure/services/recovery/recovery_service.py @@ -54,19 +54,19 @@ class Recovery(AzureService): vaults_dict: dict[str, dict[str, BackupVault]] = {} try: vaults_dict: dict[str, dict[str, BackupVault]] = {} - for subscription_name, client in self.clients.items(): + for subscription_id, client in self.clients.items(): vaults = client.vaults.list_by_subscription_id() - vaults_dict[subscription_name] = {} + vaults_dict[subscription_id] = {} for vault in vaults: vault_obj = BackupVault( id=vault.id, name=vault.name, location=vault.location, ) - vaults_dict[subscription_name][vault_obj.id] = vault_obj + vaults_dict[subscription_id][vault_obj.id] = vault_obj except Exception as error: logger.error( - f"Subscription name: {subscription_name} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription_id} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return vaults_dict @@ -76,17 +76,17 @@ class RecoveryBackup(AzureService): self, provider: AzureProvider, vaults: dict[str, dict[str, BackupVault]] ): super().__init__(RecoveryServicesBackupClient, provider) - for subscription_name, vaults in vaults.items(): + for subscription_id, vaults in vaults.items(): for vault in vaults.values(): vault.backup_protected_items = self._get_backup_protected_items( - subscription_name=subscription_name, vault=vault + subscription_id=subscription_id, vault=vault ) vault.backup_policies = self._get_backup_policies( - subscription_name=subscription_name, vault=vault + subscription_id=subscription_id, vault=vault ) def _get_backup_protected_items( - self, subscription_name: str, vault: BackupVault + self, subscription_id: str, vault: BackupVault ) -> dict[str, BackupItem]: """ Retrieve all backup protected items for a given vault. @@ -95,7 +95,7 @@ class RecoveryBackup(AzureService): backup_protected_items_dict: dict[str, BackupItem] = {} try: backup_protected_items = self.clients[ - subscription_name + subscription_id ].backup_protected_items.list( vault_name=vault.name, resource_group_name=vault.id.split("/")[4], @@ -114,12 +114,12 @@ class RecoveryBackup(AzureService): ) except Exception as error: logger.error( - f"Subscription name: {subscription_name} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription_id} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return backup_protected_items_dict def _get_backup_policies( - self, subscription_name: str, vault: BackupVault + self, subscription_id: str, vault: BackupVault ) -> dict[str, BackupPolicy]: """ Retrieve all backup policies for a given vault. @@ -132,7 +132,7 @@ class RecoveryBackup(AzureService): if item.backup_policy_id: unique_backup_policies.add(item.backup_policy_id) for policy_id in unique_backup_policies: - policy = self.clients[subscription_name].protection_policies.get( + policy = self.clients[subscription_id].protection_policies.get( vault_name=vault.name, resource_group_name=vault.id.split("/")[4], policy_name=policy_id.split("/")[-1], @@ -160,6 +160,6 @@ class RecoveryBackup(AzureService): ) except Exception as error: logger.error( - f"Subscription name: {subscription_name} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription_id} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return backup_policies_dict diff --git a/prowler/providers/azure/services/sqlserver/sqlserver_auditing_enabled/sqlserver_auditing_enabled.py b/prowler/providers/azure/services/sqlserver/sqlserver_auditing_enabled/sqlserver_auditing_enabled.py index f9c7237302..bef7e2f70f 100644 --- a/prowler/providers/azure/services/sqlserver/sqlserver_auditing_enabled/sqlserver_auditing_enabled.py +++ b/prowler/providers/azure/services/sqlserver/sqlserver_auditing_enabled/sqlserver_auditing_enabled.py @@ -6,17 +6,20 @@ class sqlserver_auditing_enabled(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, sql_servers in sqlserver_client.sql_servers.items(): + subscription_name = sqlserver_client.subscriptions.get( + subscription, subscription + ) for sql_server in sql_servers: report = Check_Report_Azure( metadata=self.metadata(), resource=sql_server ) report.subscription = subscription report.status = "PASS" - report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} has an auditing policy configured." + report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription_name} ({subscription}) has an auditing policy configured." for auditing_policy in sql_server.auditing_policies: if auditing_policy.state == "Disabled": report.status = "FAIL" - report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} does not have any auditing policy configured." + report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription_name} ({subscription}) does not have any auditing policy configured." break findings.append(report) diff --git a/prowler/providers/azure/services/sqlserver/sqlserver_auditing_retention_90_days/sqlserver_auditing_retention_90_days.py b/prowler/providers/azure/services/sqlserver/sqlserver_auditing_retention_90_days/sqlserver_auditing_retention_90_days.py index 5b1120b00e..93f2914564 100644 --- a/prowler/providers/azure/services/sqlserver/sqlserver_auditing_retention_90_days/sqlserver_auditing_retention_90_days.py +++ b/prowler/providers/azure/services/sqlserver/sqlserver_auditing_retention_90_days/sqlserver_auditing_retention_90_days.py @@ -6,6 +6,9 @@ class sqlserver_auditing_retention_90_days(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, sql_servers in sqlserver_client.sql_servers.items(): + subscription_name = sqlserver_client.subscriptions.get( + subscription, subscription + ) for sql_server in sql_servers: report = Check_Report_Azure( metadata=self.metadata(), resource=sql_server @@ -20,14 +23,14 @@ class sqlserver_auditing_retention_90_days(Check): if policy.state == "Enabled": if policy.retention_days <= 90: report.status = "FAIL" - report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} has auditing retention less than 91 days." + report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription_name} ({subscription}) has auditing retention less than 91 days." has_failed = True else: report.status = "PASS" - report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} has auditing retention greater than 90 days." + report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription_name} ({subscription}) has auditing retention greater than 90 days." else: report.status = "FAIL" - report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} has auditing disabled." + report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription_name} ({subscription}) has auditing disabled." has_failed = True if has_policy: findings.append(report) diff --git a/prowler/providers/azure/services/sqlserver/sqlserver_azuread_administrator_enabled/sqlserver_azuread_administrator_enabled.py b/prowler/providers/azure/services/sqlserver/sqlserver_azuread_administrator_enabled/sqlserver_azuread_administrator_enabled.py index 6d5b1c265d..234ccf1a3f 100644 --- a/prowler/providers/azure/services/sqlserver/sqlserver_azuread_administrator_enabled/sqlserver_azuread_administrator_enabled.py +++ b/prowler/providers/azure/services/sqlserver/sqlserver_azuread_administrator_enabled/sqlserver_azuread_administrator_enabled.py @@ -6,20 +6,23 @@ class sqlserver_azuread_administrator_enabled(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, sql_servers in sqlserver_client.sql_servers.items(): + subscription_name = sqlserver_client.subscriptions.get( + subscription, subscription + ) for sql_server in sql_servers: report = Check_Report_Azure( metadata=self.metadata(), resource=sql_server ) report.subscription = subscription report.status = "PASS" - report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} has an Active Directory administrator." + report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription_name} ({subscription}) has an Active Directory administrator." if ( sql_server.administrators is None or sql_server.administrators.administrator_type != "ActiveDirectory" ): report.status = "FAIL" - report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} does not have an Active Directory administrator." + report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription_name} ({subscription}) does not have an Active Directory administrator." findings.append(report) diff --git a/prowler/providers/azure/services/sqlserver/sqlserver_microsoft_defender_enabled/sqlserver_microsoft_defender_enabled.py b/prowler/providers/azure/services/sqlserver/sqlserver_microsoft_defender_enabled/sqlserver_microsoft_defender_enabled.py index de2934bcf9..0b86e67e2e 100644 --- a/prowler/providers/azure/services/sqlserver/sqlserver_microsoft_defender_enabled/sqlserver_microsoft_defender_enabled.py +++ b/prowler/providers/azure/services/sqlserver/sqlserver_microsoft_defender_enabled/sqlserver_microsoft_defender_enabled.py @@ -6,6 +6,9 @@ class sqlserver_microsoft_defender_enabled(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, sql_servers in sqlserver_client.sql_servers.items(): + subscription_name = sqlserver_client.subscriptions.get( + subscription, subscription + ) for sql_server in sql_servers: if sql_server.security_alert_policies: report = Check_Report_Azure( @@ -13,10 +16,10 @@ class sqlserver_microsoft_defender_enabled(Check): ) report.subscription = subscription report.status = "FAIL" - report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} has microsoft defender disabled." + report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription_name} ({subscription}) has microsoft defender disabled." if sql_server.security_alert_policies.state == "Enabled": report.status = "PASS" - report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} has microsoft defender enabled." + report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription_name} ({subscription}) has microsoft defender enabled." findings.append(report) return findings diff --git a/prowler/providers/azure/services/sqlserver/sqlserver_recommended_minimal_tls_version/sqlserver_recommended_minimal_tls_version.py b/prowler/providers/azure/services/sqlserver/sqlserver_recommended_minimal_tls_version/sqlserver_recommended_minimal_tls_version.py index 2f55951436..fb88662776 100644 --- a/prowler/providers/azure/services/sqlserver/sqlserver_recommended_minimal_tls_version/sqlserver_recommended_minimal_tls_version.py +++ b/prowler/providers/azure/services/sqlserver/sqlserver_recommended_minimal_tls_version/sqlserver_recommended_minimal_tls_version.py @@ -11,15 +11,18 @@ class sqlserver_recommended_minimal_tls_version(Check): "recommended_minimal_tls_versions", ["1.2", "1.3"] ) for subscription, sql_servers in sqlserver_client.sql_servers.items(): + subscription_name = sqlserver_client.subscriptions.get( + subscription, subscription + ) for sql_server in sql_servers: report = Check_Report_Azure( metadata=self.metadata(), resource=sql_server ) report.subscription = subscription report.status = "FAIL" - report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} is using TLS version {sql_server.minimal_tls_version} as minimal accepted which is not recommended. Please use one of the recommended versions: {', '.join(recommended_minimal_tls_versions)}." + report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription_name} ({subscription}) is using TLS version {sql_server.minimal_tls_version} as minimal accepted which is not recommended. Please use one of the recommended versions: {', '.join(recommended_minimal_tls_versions)}." if sql_server.minimal_tls_version in recommended_minimal_tls_versions: - report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} is using version {sql_server.minimal_tls_version} as minimal accepted which is recommended." + report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription_name} ({subscription}) is using version {sql_server.minimal_tls_version} as minimal accepted which is recommended." report.status = "PASS" findings.append(report) diff --git a/prowler/providers/azure/services/sqlserver/sqlserver_service.py b/prowler/providers/azure/services/sqlserver/sqlserver_service.py index 4d4ca00ebc..af02dace0d 100644 --- a/prowler/providers/azure/services/sqlserver/sqlserver_service.py +++ b/prowler/providers/azure/services/sqlserver/sqlserver_service.py @@ -72,7 +72,7 @@ class SQLServer(AzureService): ) except Exception as error: logger.error( - f"Subscription name: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return sql_servers @@ -141,7 +141,7 @@ class SQLServer(AzureService): ) except Exception as error: logger.error( - f"Subscription name: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return databases diff --git a/prowler/providers/azure/services/sqlserver/sqlserver_tde_encrypted_with_cmk/sqlserver_tde_encrypted_with_cmk.py b/prowler/providers/azure/services/sqlserver/sqlserver_tde_encrypted_with_cmk/sqlserver_tde_encrypted_with_cmk.py index 2b4cd94d1b..8ba04fb50f 100644 --- a/prowler/providers/azure/services/sqlserver/sqlserver_tde_encrypted_with_cmk/sqlserver_tde_encrypted_with_cmk.py +++ b/prowler/providers/azure/services/sqlserver/sqlserver_tde_encrypted_with_cmk/sqlserver_tde_encrypted_with_cmk.py @@ -6,6 +6,9 @@ class sqlserver_tde_encrypted_with_cmk(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, sql_servers in sqlserver_client.sql_servers.items(): + subscription_name = sqlserver_client.subscriptions.get( + subscription, subscription + ) for sql_server in sql_servers: databases = ( sql_server.databases if sql_server.databases is not None else [] @@ -25,14 +28,14 @@ class sqlserver_tde_encrypted_with_cmk(Check): break if database.tde_encryption.status == "Enabled": report.status = "PASS" - report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} has TDE enabled with CMK." + report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription_name} ({subscription}) has TDE enabled with CMK." else: report.status = "FAIL" - report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} has TDE disabled with CMK." + report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription_name} ({subscription}) has TDE disabled with CMK." found_disabled = True else: report.status = "FAIL" - report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} has TDE disabled without CMK." + report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription_name} ({subscription}) has TDE disabled without CMK." findings.append(report) return findings diff --git a/prowler/providers/azure/services/sqlserver/sqlserver_tde_encryption_enabled/sqlserver_tde_encryption_enabled.py b/prowler/providers/azure/services/sqlserver/sqlserver_tde_encryption_enabled/sqlserver_tde_encryption_enabled.py index 05de0efc7a..b7bda558a2 100644 --- a/prowler/providers/azure/services/sqlserver/sqlserver_tde_encryption_enabled/sqlserver_tde_encryption_enabled.py +++ b/prowler/providers/azure/services/sqlserver/sqlserver_tde_encryption_enabled/sqlserver_tde_encryption_enabled.py @@ -6,6 +6,9 @@ class sqlserver_tde_encryption_enabled(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, sql_servers in sqlserver_client.sql_servers.items(): + subscription_name = sqlserver_client.subscriptions.get( + subscription, subscription + ) for sql_server in sql_servers: databases = ( sql_server.databases if sql_server.databases is not None else [] @@ -20,10 +23,10 @@ class sqlserver_tde_encryption_enabled(Check): report.subscription = subscription if database.tde_encryption.status == "Enabled": report.status = "PASS" - report.status_extended = f"Database {database.name} from SQL Server {sql_server.name} from subscription {subscription} has TDE enabled" + report.status_extended = f"Database {database.name} from SQL Server {sql_server.name} from subscription {subscription_name} ({subscription}) has TDE enabled" else: report.status = "FAIL" - report.status_extended = f"Database {database.name} from SQL Server {sql_server.name} from subscription {subscription} has TDE disabled" + report.status_extended = f"Database {database.name} from SQL Server {sql_server.name} from subscription {subscription_name} ({subscription}) has TDE disabled" findings.append(report) return findings diff --git a/prowler/providers/azure/services/sqlserver/sqlserver_unrestricted_inbound_access/sqlserver_unrestricted_inbound_access.py b/prowler/providers/azure/services/sqlserver/sqlserver_unrestricted_inbound_access/sqlserver_unrestricted_inbound_access.py index 9936a9a077..d9e84eaf96 100644 --- a/prowler/providers/azure/services/sqlserver/sqlserver_unrestricted_inbound_access/sqlserver_unrestricted_inbound_access.py +++ b/prowler/providers/azure/services/sqlserver/sqlserver_unrestricted_inbound_access/sqlserver_unrestricted_inbound_access.py @@ -6,20 +6,23 @@ class sqlserver_unrestricted_inbound_access(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, sql_servers in sqlserver_client.sql_servers.items(): + subscription_name = sqlserver_client.subscriptions.get( + subscription, subscription + ) for sql_server in sql_servers: report = Check_Report_Azure( metadata=self.metadata(), resource=sql_server ) report.subscription = subscription report.status = "PASS" - report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} does not have firewall rules allowing 0.0.0.0-255.255.255.255." + report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription_name} ({subscription}) does not have firewall rules allowing 0.0.0.0-255.255.255.255." for firewall_rule in sql_server.firewall_rules: if ( firewall_rule.start_ip_address == "0.0.0.0" and firewall_rule.end_ip_address == "255.255.255.255" ): report.status = "FAIL" - report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} has firewall rules allowing 0.0.0.0-255.255.255.255." + report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription_name} ({subscription}) has firewall rules allowing 0.0.0.0-255.255.255.255." break findings.append(report) diff --git a/prowler/providers/azure/services/sqlserver/sqlserver_va_emails_notifications_admins_enabled/sqlserver_va_emails_notifications_admins_enabled.py b/prowler/providers/azure/services/sqlserver/sqlserver_va_emails_notifications_admins_enabled/sqlserver_va_emails_notifications_admins_enabled.py index 62a6a1d458..d853a9ea5e 100644 --- a/prowler/providers/azure/services/sqlserver/sqlserver_va_emails_notifications_admins_enabled/sqlserver_va_emails_notifications_admins_enabled.py +++ b/prowler/providers/azure/services/sqlserver/sqlserver_va_emails_notifications_admins_enabled/sqlserver_va_emails_notifications_admins_enabled.py @@ -6,24 +6,27 @@ class sqlserver_va_emails_notifications_admins_enabled(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, sql_servers in sqlserver_client.sql_servers.items(): + subscription_name = sqlserver_client.subscriptions.get( + subscription, subscription + ) for sql_server in sql_servers: report = Check_Report_Azure( metadata=self.metadata(), resource=sql_server ) report.subscription = subscription report.status = "FAIL" - report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} has vulnerability assessment disabled." + report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription_name} ({subscription}) has vulnerability assessment disabled." if ( sql_server.vulnerability_assessment and sql_server.vulnerability_assessment.storage_container_path ): - report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} has vulnerability assessment enabled but no scan reports configured for subscription admins." + report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription_name} ({subscription}) has vulnerability assessment enabled but no scan reports configured for subscription admins." if ( sql_server.vulnerability_assessment.recurring_scans and sql_server.vulnerability_assessment.recurring_scans.email_subscription_admins ): report.status = "PASS" - report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} has vulnerability assessment enabled and scan reports configured for subscription admins." + report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription_name} ({subscription}) has vulnerability assessment enabled and scan reports configured for subscription admins." findings.append(report) return findings diff --git a/prowler/providers/azure/services/sqlserver/sqlserver_va_periodic_recurring_scans_enabled/sqlserver_va_periodic_recurring_scans_enabled.py b/prowler/providers/azure/services/sqlserver/sqlserver_va_periodic_recurring_scans_enabled/sqlserver_va_periodic_recurring_scans_enabled.py index 2aaf40a99a..45798248f4 100644 --- a/prowler/providers/azure/services/sqlserver/sqlserver_va_periodic_recurring_scans_enabled/sqlserver_va_periodic_recurring_scans_enabled.py +++ b/prowler/providers/azure/services/sqlserver/sqlserver_va_periodic_recurring_scans_enabled/sqlserver_va_periodic_recurring_scans_enabled.py @@ -6,24 +6,27 @@ class sqlserver_va_periodic_recurring_scans_enabled(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, sql_servers in sqlserver_client.sql_servers.items(): + subscription_name = sqlserver_client.subscriptions.get( + subscription, subscription + ) for sql_server in sql_servers: report = Check_Report_Azure( metadata=self.metadata(), resource=sql_server ) report.subscription = subscription report.status = "FAIL" - report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} has vulnerability assessment disabled." + report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription_name} ({subscription}) has vulnerability assessment disabled." if ( sql_server.vulnerability_assessment and sql_server.vulnerability_assessment.storage_container_path ): - report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} has vulnerability assessment enabled but no recurring scans." + report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription_name} ({subscription}) has vulnerability assessment enabled but no recurring scans." if ( sql_server.vulnerability_assessment.recurring_scans and sql_server.vulnerability_assessment.recurring_scans.is_enabled ): report.status = "PASS" - report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} has periodic recurring scans enabled." + report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription_name} ({subscription}) has periodic recurring scans enabled." findings.append(report) return findings diff --git a/prowler/providers/azure/services/sqlserver/sqlserver_va_scan_reports_configured/sqlserver_va_scan_reports_configured.py b/prowler/providers/azure/services/sqlserver/sqlserver_va_scan_reports_configured/sqlserver_va_scan_reports_configured.py index 727696225c..a0c8b55e8f 100644 --- a/prowler/providers/azure/services/sqlserver/sqlserver_va_scan_reports_configured/sqlserver_va_scan_reports_configured.py +++ b/prowler/providers/azure/services/sqlserver/sqlserver_va_scan_reports_configured/sqlserver_va_scan_reports_configured.py @@ -6,18 +6,21 @@ class sqlserver_va_scan_reports_configured(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, sql_servers in sqlserver_client.sql_servers.items(): + subscription_name = sqlserver_client.subscriptions.get( + subscription, subscription + ) for sql_server in sql_servers: report = Check_Report_Azure( metadata=self.metadata(), resource=sql_server ) report.subscription = subscription report.status = "FAIL" - report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} has vulnerability assessment disabled." + report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription_name} ({subscription}) has vulnerability assessment disabled." if ( sql_server.vulnerability_assessment and sql_server.vulnerability_assessment.storage_container_path ): - report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} has vulnerability assessment enabled but no scan reports configured." + report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription_name} ({subscription}) has vulnerability assessment enabled but no scan reports configured." if sql_server.vulnerability_assessment.recurring_scans and ( ( sql_server.vulnerability_assessment.recurring_scans.email_subscription_admins @@ -31,7 +34,7 @@ class sqlserver_va_scan_reports_configured(Check): ) ): report.status = "PASS" - report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} has vulnerability assessment enabled and scan reports configured." + report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription_name} ({subscription}) has vulnerability assessment enabled and scan reports configured." findings.append(report) return findings diff --git a/prowler/providers/azure/services/sqlserver/sqlserver_vulnerability_assessment_enabled/sqlserver_vulnerability_assessment_enabled.py b/prowler/providers/azure/services/sqlserver/sqlserver_vulnerability_assessment_enabled/sqlserver_vulnerability_assessment_enabled.py index caf0ee0081..62a97abd07 100644 --- a/prowler/providers/azure/services/sqlserver/sqlserver_vulnerability_assessment_enabled/sqlserver_vulnerability_assessment_enabled.py +++ b/prowler/providers/azure/services/sqlserver/sqlserver_vulnerability_assessment_enabled/sqlserver_vulnerability_assessment_enabled.py @@ -6,20 +6,23 @@ class sqlserver_vulnerability_assessment_enabled(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, sql_servers in sqlserver_client.sql_servers.items(): + subscription_name = sqlserver_client.subscriptions.get( + subscription, subscription + ) for sql_server in sql_servers: report = Check_Report_Azure( metadata=self.metadata(), resource=sql_server ) report.subscription = subscription report.status = "FAIL" - report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} has vulnerability assessment disabled." + report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription_name} ({subscription}) has vulnerability assessment disabled." if ( sql_server.vulnerability_assessment and sql_server.vulnerability_assessment.storage_container_path is not None ): report.status = "PASS" - report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} has vulnerability assessment enabled." + report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription_name} ({subscription}) has vulnerability assessment enabled." findings.append(report) return findings diff --git a/prowler/providers/azure/services/storage/storage_account_key_access_disabled/storage_account_key_access_disabled.py b/prowler/providers/azure/services/storage/storage_account_key_access_disabled/storage_account_key_access_disabled.py index c4b946c7cf..75ad2d0544 100644 --- a/prowler/providers/azure/services/storage/storage_account_key_access_disabled/storage_account_key_access_disabled.py +++ b/prowler/providers/azure/services/storage/storage_account_key_access_disabled/storage_account_key_access_disabled.py @@ -19,6 +19,9 @@ class storage_account_key_access_disabled(Check): """ findings = [] for subscription, storage_accounts in storage_client.storage_accounts.items(): + subscription_name = storage_client.subscriptions.get( + subscription, subscription + ) for storage_account in storage_accounts: report = Check_Report_Azure( metadata=self.metadata(), resource=storage_account @@ -26,9 +29,9 @@ class storage_account_key_access_disabled(Check): report.subscription = subscription if not storage_account.allow_shared_key_access: report.status = "PASS" - report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has shared key access disabled." + report.status_extended = f"Storage account {storage_account.name} from subscription {subscription_name} ({subscription}) has shared key access disabled." else: report.status = "FAIL" - report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has shared key access enabled." + report.status_extended = f"Storage account {storage_account.name} from subscription {subscription_name} ({subscription}) has shared key access enabled." findings.append(report) return findings diff --git a/prowler/providers/azure/services/storage/storage_blob_public_access_level_is_disabled/storage_blob_public_access_level_is_disabled.py b/prowler/providers/azure/services/storage/storage_blob_public_access_level_is_disabled/storage_blob_public_access_level_is_disabled.py index 38759f0569..f1edb63b90 100644 --- a/prowler/providers/azure/services/storage/storage_blob_public_access_level_is_disabled/storage_blob_public_access_level_is_disabled.py +++ b/prowler/providers/azure/services/storage/storage_blob_public_access_level_is_disabled/storage_blob_public_access_level_is_disabled.py @@ -6,17 +6,20 @@ class storage_blob_public_access_level_is_disabled(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, storage_accounts in storage_client.storage_accounts.items(): + subscription_name = storage_client.subscriptions.get( + subscription, subscription + ) for storage_account in storage_accounts: report = Check_Report_Azure( metadata=self.metadata(), resource=storage_account ) report.subscription = subscription report.status = "FAIL" - report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has allow blob public access enabled." + report.status_extended = f"Storage account {storage_account.name} from subscription {subscription_name} ({subscription}) has allow blob public access enabled." if not storage_account.allow_blob_public_access: report.status = "PASS" - report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has allow blob public access disabled." + report.status_extended = f"Storage account {storage_account.name} from subscription {subscription_name} ({subscription}) has allow blob public access disabled." findings.append(report) diff --git a/prowler/providers/azure/services/storage/storage_blob_versioning_is_enabled/storage_blob_versioning_is_enabled.py b/prowler/providers/azure/services/storage/storage_blob_versioning_is_enabled/storage_blob_versioning_is_enabled.py index cf55d6f830..73a40dcfd4 100644 --- a/prowler/providers/azure/services/storage/storage_blob_versioning_is_enabled/storage_blob_versioning_is_enabled.py +++ b/prowler/providers/azure/services/storage/storage_blob_versioning_is_enabled/storage_blob_versioning_is_enabled.py @@ -6,6 +6,9 @@ class storage_blob_versioning_is_enabled(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, storage_accounts in storage_client.storage_accounts.items(): + subscription_name = storage_client.subscriptions.get( + subscription, subscription + ) for storage_account in storage_accounts: if storage_account.blob_properties: report = Check_Report_Azure( @@ -16,9 +19,9 @@ class storage_blob_versioning_is_enabled(Check): storage_account.blob_properties, "versioning_enabled", False ): report.status = "PASS" - report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has blob versioning enabled." + report.status_extended = f"Storage account {storage_account.name} from subscription {subscription_name} ({subscription}) has blob versioning enabled." else: report.status = "FAIL" - report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} does not have blob versioning enabled." + report.status_extended = f"Storage account {storage_account.name} from subscription {subscription_name} ({subscription}) does not have blob versioning enabled." findings.append(report) return findings diff --git a/prowler/providers/azure/services/storage/storage_cross_tenant_replication_disabled/storage_cross_tenant_replication_disabled.py b/prowler/providers/azure/services/storage/storage_cross_tenant_replication_disabled/storage_cross_tenant_replication_disabled.py index 65ed50545e..6b23a5b050 100644 --- a/prowler/providers/azure/services/storage/storage_cross_tenant_replication_disabled/storage_cross_tenant_replication_disabled.py +++ b/prowler/providers/azure/services/storage/storage_cross_tenant_replication_disabled/storage_cross_tenant_replication_disabled.py @@ -19,6 +19,9 @@ class storage_cross_tenant_replication_disabled(Check): """ findings = [] for subscription, storage_accounts in storage_client.storage_accounts.items(): + subscription_name = storage_client.subscriptions.get( + subscription, subscription + ) for storage_account in storage_accounts: report = Check_Report_Azure( metadata=self.metadata(), resource=storage_account @@ -26,9 +29,9 @@ class storage_cross_tenant_replication_disabled(Check): report.subscription = subscription if not storage_account.allow_cross_tenant_replication: report.status = "PASS" - report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has cross-tenant replication disabled." + report.status_extended = f"Storage account {storage_account.name} from subscription {subscription_name} ({subscription}) has cross-tenant replication disabled." else: report.status = "FAIL" - report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has cross-tenant replication enabled." + report.status_extended = f"Storage account {storage_account.name} from subscription {subscription_name} ({subscription}) has cross-tenant replication enabled." findings.append(report) return findings diff --git a/prowler/providers/azure/services/storage/storage_default_network_access_rule_is_denied/storage_default_network_access_rule_is_denied.py b/prowler/providers/azure/services/storage/storage_default_network_access_rule_is_denied/storage_default_network_access_rule_is_denied.py index 4b9210eef5..1f26f8e535 100644 --- a/prowler/providers/azure/services/storage/storage_default_network_access_rule_is_denied/storage_default_network_access_rule_is_denied.py +++ b/prowler/providers/azure/services/storage/storage_default_network_access_rule_is_denied/storage_default_network_access_rule_is_denied.py @@ -6,17 +6,20 @@ class storage_default_network_access_rule_is_denied(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, storage_accounts in storage_client.storage_accounts.items(): + subscription_name = storage_client.subscriptions.get( + subscription, subscription + ) for storage_account in storage_accounts: report = Check_Report_Azure( metadata=self.metadata(), resource=storage_account ) report.subscription = subscription report.status = "PASS" - report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has network access rule set to Deny." + report.status_extended = f"Storage account {storage_account.name} from subscription {subscription_name} ({subscription}) has network access rule set to Deny." if storage_account.network_rule_set.default_action == "Allow": report.status = "FAIL" - report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has network access rule set to Allow." + report.status_extended = f"Storage account {storage_account.name} from subscription {subscription_name} ({subscription}) has network access rule set to Allow." findings.append(report) diff --git a/prowler/providers/azure/services/storage/storage_default_to_entra_authorization_enabled/storage_default_to_entra_authorization_enabled.py b/prowler/providers/azure/services/storage/storage_default_to_entra_authorization_enabled/storage_default_to_entra_authorization_enabled.py index 4b82c363e5..39d42c3133 100644 --- a/prowler/providers/azure/services/storage/storage_default_to_entra_authorization_enabled/storage_default_to_entra_authorization_enabled.py +++ b/prowler/providers/azure/services/storage/storage_default_to_entra_authorization_enabled/storage_default_to_entra_authorization_enabled.py @@ -20,6 +20,9 @@ class storage_default_to_entra_authorization_enabled(Check): """ findings = [] for subscription, storage_accounts in storage_client.storage_accounts.items(): + subscription_name = storage_client.subscriptions.get( + subscription, subscription + ) for storage_account in storage_accounts: report = Check_Report_Azure( metadata=self.metadata(), resource=storage_account @@ -28,11 +31,11 @@ class storage_default_to_entra_authorization_enabled(Check): report.resource_name = storage_account.name report.resource_id = storage_account.id report.status = "FAIL" - report.status_extended = f"Default to Microsoft Entra authorization is not enabled for storage account {storage_account.name}." + report.status_extended = f"Default to Microsoft Entra authorization is not enabled for storage account {storage_account.name} from subscription {subscription_name} ({subscription})." if storage_account.default_to_entra_authorization: report.status = "PASS" - report.status_extended = f"Default to Microsoft Entra authorization is enabled for storage account {storage_account.name}." + report.status_extended = f"Default to Microsoft Entra authorization is enabled for storage account {storage_account.name} from subscription {subscription_name} ({subscription})." findings.append(report) return findings diff --git a/prowler/providers/azure/services/storage/storage_ensure_azure_services_are_trusted_to_access_is_enabled/storage_ensure_azure_services_are_trusted_to_access_is_enabled.py b/prowler/providers/azure/services/storage/storage_ensure_azure_services_are_trusted_to_access_is_enabled/storage_ensure_azure_services_are_trusted_to_access_is_enabled.py index a8109d90f1..7d23dd5268 100644 --- a/prowler/providers/azure/services/storage/storage_ensure_azure_services_are_trusted_to_access_is_enabled/storage_ensure_azure_services_are_trusted_to_access_is_enabled.py +++ b/prowler/providers/azure/services/storage/storage_ensure_azure_services_are_trusted_to_access_is_enabled/storage_ensure_azure_services_are_trusted_to_access_is_enabled.py @@ -6,17 +6,20 @@ class storage_ensure_azure_services_are_trusted_to_access_is_enabled(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, storage_accounts in storage_client.storage_accounts.items(): + subscription_name = storage_client.subscriptions.get( + subscription, subscription + ) for storage_account in storage_accounts: report = Check_Report_Azure( metadata=self.metadata(), resource=storage_account ) report.subscription = subscription report.status = "PASS" - report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} allows trusted Microsoft services to access this storage account." + report.status_extended = f"Storage account {storage_account.name} from subscription {subscription_name} ({subscription}) allows trusted Microsoft services to access this storage account." if "AzureServices" not in storage_account.network_rule_set.bypass: report.status = "FAIL" - report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} does not allow trusted Microsoft services to access this storage account." + report.status_extended = f"Storage account {storage_account.name} from subscription {subscription_name} ({subscription}) does not allow trusted Microsoft services to access this storage account." findings.append(report) diff --git a/prowler/providers/azure/services/storage/storage_ensure_encryption_with_customer_managed_keys/storage_ensure_encryption_with_customer_managed_keys.py b/prowler/providers/azure/services/storage/storage_ensure_encryption_with_customer_managed_keys/storage_ensure_encryption_with_customer_managed_keys.py index f58fd33702..a704d14d0e 100644 --- a/prowler/providers/azure/services/storage/storage_ensure_encryption_with_customer_managed_keys/storage_ensure_encryption_with_customer_managed_keys.py +++ b/prowler/providers/azure/services/storage/storage_ensure_encryption_with_customer_managed_keys/storage_ensure_encryption_with_customer_managed_keys.py @@ -6,17 +6,20 @@ class storage_ensure_encryption_with_customer_managed_keys(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, storage_accounts in storage_client.storage_accounts.items(): + subscription_name = storage_client.subscriptions.get( + subscription, subscription + ) for storage_account in storage_accounts: report = Check_Report_Azure( metadata=self.metadata(), resource=storage_account ) report.subscription = subscription report.status = "PASS" - report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} encrypts with CMKs." + report.status_extended = f"Storage account {storage_account.name} from subscription {subscription_name} ({subscription}) encrypts with CMKs." if storage_account.encryption_type != "Microsoft.Keyvault": report.status = "FAIL" - report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} does not encrypt with CMKs." + report.status_extended = f"Storage account {storage_account.name} from subscription {subscription_name} ({subscription}) does not encrypt with CMKs." findings.append(report) diff --git a/prowler/providers/azure/services/storage/storage_ensure_file_shares_soft_delete_is_enabled/storage_ensure_file_shares_soft_delete_is_enabled.py b/prowler/providers/azure/services/storage/storage_ensure_file_shares_soft_delete_is_enabled/storage_ensure_file_shares_soft_delete_is_enabled.py index cf92ee25f3..ba5b0f065f 100644 --- a/prowler/providers/azure/services/storage/storage_ensure_file_shares_soft_delete_is_enabled/storage_ensure_file_shares_soft_delete_is_enabled.py +++ b/prowler/providers/azure/services/storage/storage_ensure_file_shares_soft_delete_is_enabled/storage_ensure_file_shares_soft_delete_is_enabled.py @@ -6,6 +6,9 @@ class storage_ensure_file_shares_soft_delete_is_enabled(Check): def execute(self) -> list: findings = [] for subscription, storage_accounts in storage_client.storage_accounts.items(): + subscription_name = storage_client.subscriptions.get( + subscription, subscription + ) for storage_account in storage_accounts: if getattr(storage_account, "file_service_properties", None): report = Check_Report_Azure( @@ -20,10 +23,10 @@ class storage_ensure_file_shares_soft_delete_is_enabled(Check): storage_account.file_service_properties.share_delete_retention_policy.enabled ): report.status = "PASS" - report.status_extended = f"File share soft delete is enabled for storage account {storage_account.name} with a retention period of {storage_account.file_service_properties.share_delete_retention_policy.days} days." + report.status_extended = f"File share soft delete is enabled for storage account {storage_account.name} from subscription {subscription_name} ({subscription}) with a retention period of {storage_account.file_service_properties.share_delete_retention_policy.days} days." else: report.status = "FAIL" - report.status_extended = f"File share soft delete is not enabled for storage account {storage_account.name}." + report.status_extended = f"File share soft delete is not enabled for storage account {storage_account.name} from subscription {subscription_name} ({subscription})." findings.append(report) diff --git a/prowler/providers/azure/services/storage/storage_ensure_minimum_tls_version_12/storage_ensure_minimum_tls_version_12.py b/prowler/providers/azure/services/storage/storage_ensure_minimum_tls_version_12/storage_ensure_minimum_tls_version_12.py index d63b3bfc9c..8e5b0c84de 100644 --- a/prowler/providers/azure/services/storage/storage_ensure_minimum_tls_version_12/storage_ensure_minimum_tls_version_12.py +++ b/prowler/providers/azure/services/storage/storage_ensure_minimum_tls_version_12/storage_ensure_minimum_tls_version_12.py @@ -6,17 +6,20 @@ class storage_ensure_minimum_tls_version_12(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, storage_accounts in storage_client.storage_accounts.items(): + subscription_name = storage_client.subscriptions.get( + subscription, subscription + ) for storage_account in storage_accounts: report = Check_Report_Azure( metadata=self.metadata(), resource=storage_account ) report.subscription = subscription report.status = "PASS" - report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has TLS version set to 1.2." + report.status_extended = f"Storage account {storage_account.name} from subscription {subscription_name} ({subscription}) has TLS version set to 1.2." if storage_account.minimum_tls_version != "TLS1_2": report.status = "FAIL" - report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} does not have TLS version set to 1.2." + report.status_extended = f"Storage account {storage_account.name} from subscription {subscription_name} ({subscription}) does not have TLS version set to 1.2." findings.append(report) diff --git a/prowler/providers/azure/services/storage/storage_ensure_private_endpoints_in_storage_accounts/storage_ensure_private_endpoints_in_storage_accounts.py b/prowler/providers/azure/services/storage/storage_ensure_private_endpoints_in_storage_accounts/storage_ensure_private_endpoints_in_storage_accounts.py index 7b73759922..e344c1ac49 100644 --- a/prowler/providers/azure/services/storage/storage_ensure_private_endpoints_in_storage_accounts/storage_ensure_private_endpoints_in_storage_accounts.py +++ b/prowler/providers/azure/services/storage/storage_ensure_private_endpoints_in_storage_accounts/storage_ensure_private_endpoints_in_storage_accounts.py @@ -6,6 +6,9 @@ class storage_ensure_private_endpoints_in_storage_accounts(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, storage_accounts in storage_client.storage_accounts.items(): + subscription_name = storage_client.subscriptions.get( + subscription, subscription + ) for storage_account in storage_accounts: report = Check_Report_Azure( metadata=self.metadata(), resource=storage_account @@ -13,10 +16,10 @@ class storage_ensure_private_endpoints_in_storage_accounts(Check): report.subscription = subscription if storage_account.private_endpoint_connections: report.status = "PASS" - report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has private endpoint connections." + report.status_extended = f"Storage account {storage_account.name} from subscription {subscription_name} ({subscription}) has private endpoint connections." else: report.status = "FAIL" - report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} does not have private endpoint connections." + report.status_extended = f"Storage account {storage_account.name} from subscription {subscription_name} ({subscription}) does not have private endpoint connections." findings.append(report) return findings diff --git a/prowler/providers/azure/services/storage/storage_ensure_soft_delete_is_enabled/storage_ensure_soft_delete_is_enabled.py b/prowler/providers/azure/services/storage/storage_ensure_soft_delete_is_enabled/storage_ensure_soft_delete_is_enabled.py index 7f8d3b39f4..965acfb5a5 100644 --- a/prowler/providers/azure/services/storage/storage_ensure_soft_delete_is_enabled/storage_ensure_soft_delete_is_enabled.py +++ b/prowler/providers/azure/services/storage/storage_ensure_soft_delete_is_enabled/storage_ensure_soft_delete_is_enabled.py @@ -6,6 +6,9 @@ class storage_ensure_soft_delete_is_enabled(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, storage_accounts in storage_client.storage_accounts.items(): + subscription_name = storage_client.subscriptions.get( + subscription, subscription + ) for storage_account in storage_accounts: if storage_account.blob_properties: report = Check_Report_Azure( @@ -18,10 +21,10 @@ class storage_ensure_soft_delete_is_enabled(Check): False, ): report.status = "PASS" - report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has soft delete enabled." + report.status_extended = f"Storage account {storage_account.name} from subscription {subscription_name} ({subscription}) has soft delete enabled." else: report.status = "FAIL" - report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has soft delete disabled." + report.status_extended = f"Storage account {storage_account.name} from subscription {subscription_name} ({subscription}) has soft delete disabled." findings.append(report) return findings diff --git a/prowler/providers/azure/services/storage/storage_geo_redundant_enabled/storage_geo_redundant_enabled.py b/prowler/providers/azure/services/storage/storage_geo_redundant_enabled/storage_geo_redundant_enabled.py index ee2d49e53d..8c71ee4819 100644 --- a/prowler/providers/azure/services/storage/storage_geo_redundant_enabled/storage_geo_redundant_enabled.py +++ b/prowler/providers/azure/services/storage/storage_geo_redundant_enabled/storage_geo_redundant_enabled.py @@ -19,6 +19,9 @@ class storage_geo_redundant_enabled(Check): """ findings = [] for subscription, storage_accounts in storage_client.storage_accounts.items(): + subscription_name = storage_client.subscriptions.get( + subscription, subscription + ) for storage_account in storage_accounts: report = Check_Report_Azure( metadata=self.metadata(), resource=storage_account @@ -32,10 +35,10 @@ class storage_geo_redundant_enabled(Check): or storage_account.replication_settings == "Standard_RAGZRS" ): report.status = "PASS" - report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has Geo-redundant storage {storage_account.replication_settings} enabled." + report.status_extended = f"Storage account {storage_account.name} from subscription {subscription_name} ({subscription}) has Geo-redundant storage {storage_account.replication_settings} enabled." else: report.status = "FAIL" - report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} does not have Geo-redundant storage enabled, it has {storage_account.replication_settings} instead." + report.status_extended = f"Storage account {storage_account.name} from subscription {subscription_name} ({subscription}) does not have Geo-redundant storage enabled, it has {storage_account.replication_settings} instead." findings.append(report) diff --git a/prowler/providers/azure/services/storage/storage_infrastructure_encryption_is_enabled/storage_infrastructure_encryption_is_enabled.py b/prowler/providers/azure/services/storage/storage_infrastructure_encryption_is_enabled/storage_infrastructure_encryption_is_enabled.py index cb969975c2..4294419d24 100644 --- a/prowler/providers/azure/services/storage/storage_infrastructure_encryption_is_enabled/storage_infrastructure_encryption_is_enabled.py +++ b/prowler/providers/azure/services/storage/storage_infrastructure_encryption_is_enabled/storage_infrastructure_encryption_is_enabled.py @@ -6,16 +6,19 @@ class storage_infrastructure_encryption_is_enabled(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, storage_accounts in storage_client.storage_accounts.items(): + subscription_name = storage_client.subscriptions.get( + subscription, subscription + ) for storage_account in storage_accounts: report = Check_Report_Azure( metadata=self.metadata(), resource=storage_account ) report.subscription = subscription report.status = "PASS" - report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has infrastructure encryption enabled." + report.status_extended = f"Storage account {storage_account.name} from subscription {subscription_name} ({subscription}) has infrastructure encryption enabled." if not storage_account.infrastructure_encryption: report.status = "FAIL" - report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has infrastructure encryption disabled." + report.status_extended = f"Storage account {storage_account.name} from subscription {subscription_name} ({subscription}) has infrastructure encryption disabled." findings.append(report) diff --git a/prowler/providers/azure/services/storage/storage_key_rotation_90_days/storage_key_rotation_90_days.py b/prowler/providers/azure/services/storage/storage_key_rotation_90_days/storage_key_rotation_90_days.py index 0007b51e6b..9fa07d029c 100644 --- a/prowler/providers/azure/services/storage/storage_key_rotation_90_days/storage_key_rotation_90_days.py +++ b/prowler/providers/azure/services/storage/storage_key_rotation_90_days/storage_key_rotation_90_days.py @@ -6,6 +6,9 @@ class storage_key_rotation_90_days(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, storage_accounts in storage_client.storage_accounts.items(): + subscription_name = storage_client.subscriptions.get( + subscription, subscription + ) for storage_account in storage_accounts: report = Check_Report_Azure( metadata=self.metadata(), resource=storage_account @@ -13,14 +16,14 @@ class storage_key_rotation_90_days(Check): report.subscription = subscription if not storage_account.key_expiration_period_in_days: report.status = "FAIL" - report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has no key expiration period set." + report.status_extended = f"Storage account {storage_account.name} from subscription {subscription_name} ({subscription}) has no key expiration period set." else: if storage_account.key_expiration_period_in_days > 90: report.status = "FAIL" - report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has an invalid key expiration period of {storage_account.key_expiration_period_in_days} days." + report.status_extended = f"Storage account {storage_account.name} from subscription {subscription_name} ({subscription}) has an invalid key expiration period of {storage_account.key_expiration_period_in_days} days." else: report.status = "PASS" - report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has a key expiration period of {storage_account.key_expiration_period_in_days} days." + report.status_extended = f"Storage account {storage_account.name} from subscription {subscription_name} ({subscription}) has a key expiration period of {storage_account.key_expiration_period_in_days} days." findings.append(report) return findings diff --git a/prowler/providers/azure/services/storage/storage_secure_transfer_required_is_enabled/storage_secure_transfer_required_is_enabled.py b/prowler/providers/azure/services/storage/storage_secure_transfer_required_is_enabled/storage_secure_transfer_required_is_enabled.py index 0711ab3991..ec4e4e0bfa 100644 --- a/prowler/providers/azure/services/storage/storage_secure_transfer_required_is_enabled/storage_secure_transfer_required_is_enabled.py +++ b/prowler/providers/azure/services/storage/storage_secure_transfer_required_is_enabled/storage_secure_transfer_required_is_enabled.py @@ -6,16 +6,19 @@ class storage_secure_transfer_required_is_enabled(Check): def execute(self) -> Check_Report_Azure: findings = [] for subscription, storage_accounts in storage_client.storage_accounts.items(): + subscription_name = storage_client.subscriptions.get( + subscription, subscription + ) for storage_account in storage_accounts: report = Check_Report_Azure( metadata=self.metadata(), resource=storage_account ) report.subscription = subscription report.status = "PASS" - report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has secure transfer required enabled." + report.status_extended = f"Storage account {storage_account.name} from subscription {subscription_name} ({subscription}) has secure transfer required enabled." if not storage_account.enable_https_traffic_only: report.status = "FAIL" - report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has secure transfer required disabled." + report.status_extended = f"Storage account {storage_account.name} from subscription {subscription_name} ({subscription}) has secure transfer required disabled." findings.append(report) diff --git a/prowler/providers/azure/services/storage/storage_service.py b/prowler/providers/azure/services/storage/storage_service.py index 429f5ba7e3..6ec88248bf 100644 --- a/prowler/providers/azure/services/storage/storage_service.py +++ b/prowler/providers/azure/services/storage/storage_service.py @@ -111,7 +111,7 @@ class Storage(AzureService): ) except Exception as error: logger.error( - f"Subscription name: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return storage_accounts @@ -156,16 +156,16 @@ class Storage(AzureService): in str(error).strip() ): logger.warning( - f"Subscription name: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) continue logger.error( - f"Subscription name: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) except Exception as error: logger.error( - f"Subscription name: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) def _get_file_share_properties(self): @@ -247,11 +247,11 @@ class Storage(AzureService): except Exception as error: if "File is not supported for the account." in str(error).strip(): logger.warning( - f"Subscription name: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) continue logger.error( - f"Subscription name: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) diff --git a/prowler/providers/azure/services/storage/storage_smb_channel_encryption_with_secure_algorithm/storage_smb_channel_encryption_with_secure_algorithm.py b/prowler/providers/azure/services/storage/storage_smb_channel_encryption_with_secure_algorithm/storage_smb_channel_encryption_with_secure_algorithm.py index c8e9f1da3c..e46b951583 100644 --- a/prowler/providers/azure/services/storage/storage_smb_channel_encryption_with_secure_algorithm/storage_smb_channel_encryption_with_secure_algorithm.py +++ b/prowler/providers/azure/services/storage/storage_smb_channel_encryption_with_secure_algorithm/storage_smb_channel_encryption_with_secure_algorithm.py @@ -16,6 +16,9 @@ class storage_smb_channel_encryption_with_secure_algorithm(Check): def execute(self) -> list[Check_Report_Azure]: findings = [] for subscription, storage_accounts in storage_client.storage_accounts.items(): + subscription_name = storage_client.subscriptions.get( + subscription, subscription + ) for account in storage_accounts: if account.file_service_properties: pretty_current_algorithms = ( @@ -36,16 +39,16 @@ class storage_smb_channel_encryption_with_secure_algorithm(Check): not account.file_service_properties.smb_protocol_settings.channel_encryption ): report.status = "FAIL" - report.status_extended = f"Storage account {account.name} from subscription {subscription} does not have SMB channel encryption enabled for file shares." + report.status_extended = f"Storage account {account.name} from subscription {subscription_name} ({subscription}) does not have SMB channel encryption enabled for file shares." elif any( algorithm in SECURE_ENCRYPTION_ALGORITHMS for algorithm in account.file_service_properties.smb_protocol_settings.channel_encryption ): report.status = "PASS" - report.status_extended = f"Storage account {account.name} from subscription {subscription} has a secure algorithm for SMB channel encryption ({', '.join(SECURE_ENCRYPTION_ALGORITHMS)}) enabled for file shares since it supports {pretty_current_algorithms}." + report.status_extended = f"Storage account {account.name} from subscription {subscription_name} ({subscription}) has a secure algorithm for SMB channel encryption ({', '.join(SECURE_ENCRYPTION_ALGORITHMS)}) enabled for file shares since it supports {pretty_current_algorithms}." else: report.status = "FAIL" - report.status_extended = f"Storage account {account.name} from subscription {subscription} does not have SMB channel encryption with a secure algorithm for file shares since it supports {pretty_current_algorithms}." + report.status_extended = f"Storage account {account.name} from subscription {subscription_name} ({subscription}) does not have SMB channel encryption with a secure algorithm for file shares since it supports {pretty_current_algorithms}." findings.append(report) return findings diff --git a/prowler/providers/azure/services/storage/storage_smb_protocol_version_is_latest/storage_smb_protocol_version_is_latest.py b/prowler/providers/azure/services/storage/storage_smb_protocol_version_is_latest/storage_smb_protocol_version_is_latest.py index 19f2d37765..7bc928756d 100644 --- a/prowler/providers/azure/services/storage/storage_smb_protocol_version_is_latest/storage_smb_protocol_version_is_latest.py +++ b/prowler/providers/azure/services/storage/storage_smb_protocol_version_is_latest/storage_smb_protocol_version_is_latest.py @@ -16,6 +16,9 @@ class storage_smb_protocol_version_is_latest(Check): findings = [] for subscription, storage_accounts in storage_client.storage_accounts.items(): + subscription_name = storage_client.subscriptions.get( + subscription, subscription + ) for account in storage_accounts: if getattr(account, "file_service_properties", None) and getattr( account.file_service_properties.smb_protocol_settings, @@ -40,9 +43,9 @@ class storage_smb_protocol_version_is_latest(Check): == LATEST_SMB_VERSION ): report.status = "PASS" - report.status_extended = f"Storage account {account.name} from subscription {subscription} allows only the latest SMB protocol version ({LATEST_SMB_VERSION}) for file shares." + report.status_extended = f"Storage account {account.name} from subscription {subscription_name} ({subscription}) allows only the latest SMB protocol version ({LATEST_SMB_VERSION}) for file shares." else: report.status = "FAIL" - report.status_extended = f"Storage account {account.name} from subscription {subscription} allows SMB protocol versions: {', '.join(account.file_service_properties.smb_protocol_settings.supported_versions) if account.file_service_properties.smb_protocol_settings.supported_versions else 'None'}. Only the latest SMB protocol version ({LATEST_SMB_VERSION}) should be allowed." + report.status_extended = f"Storage account {account.name} from subscription {subscription_name} ({subscription}) allows SMB protocol versions: {', '.join(account.file_service_properties.smb_protocol_settings.supported_versions) if account.file_service_properties.smb_protocol_settings.supported_versions else 'None'}. Only the latest SMB protocol version ({LATEST_SMB_VERSION}) should be allowed." findings.append(report) return findings diff --git a/prowler/providers/azure/services/vm/vm_backup_enabled/vm_backup_enabled.py b/prowler/providers/azure/services/vm/vm_backup_enabled/vm_backup_enabled.py index d5865937f9..1238b75d2f 100644 --- a/prowler/providers/azure/services/vm/vm_backup_enabled/vm_backup_enabled.py +++ b/prowler/providers/azure/services/vm/vm_backup_enabled/vm_backup_enabled.py @@ -22,8 +22,11 @@ class vm_backup_enabled(Check): A list of reports containing the result of the check. """ findings = [] - for subscription_name, vms in vm_client.virtual_machines.items(): - vaults = recovery_client.vaults.get(subscription_name, {}) + for subscription_id, vms in vm_client.virtual_machines.items(): + subscription_name = recovery_client.subscriptions.get( + subscription_id, subscription_id + ) + vaults = recovery_client.vaults.get(subscription_id, {}) for vm in vms.values(): found = False found_vault_name = None @@ -40,12 +43,12 @@ class vm_backup_enabled(Check): if found: break report = Check_Report_Azure(metadata=self.metadata(), resource=vm) - report.subscription = subscription_name + report.subscription = subscription_id if found: report.status = "PASS" - report.status_extended = f"VM {vm.resource_name} in subscription {subscription_name} is protected by Azure Backup (vault: {found_vault_name})." + report.status_extended = f"VM {vm.resource_name} in subscription {subscription_name} ({subscription_id}) is protected by Azure Backup (vault: {found_vault_name})." else: report.status = "FAIL" - report.status_extended = f"VM {vm.resource_name} in subscription {subscription_name} is not protected by Azure Backup." + report.status_extended = f"VM {vm.resource_name} in subscription {subscription_name} ({subscription_id}) is not protected by Azure Backup." findings.append(report) return findings diff --git a/prowler/providers/azure/services/vm/vm_desired_sku_size/vm_desired_sku_size.py b/prowler/providers/azure/services/vm/vm_desired_sku_size/vm_desired_sku_size.py index ac3df970b4..68164a7282 100644 --- a/prowler/providers/azure/services/vm/vm_desired_sku_size/vm_desired_sku_size.py +++ b/prowler/providers/azure/services/vm/vm_desired_sku_size/vm_desired_sku_size.py @@ -32,17 +32,20 @@ class vm_desired_sku_size(Check): ], ) - for subscription_name, vms in vm_client.virtual_machines.items(): + for subscription_id, vms in vm_client.virtual_machines.items(): + subscription_name = vm_client.subscriptions.get( + subscription_id, subscription_id + ) for vm in vms.values(): report = Check_Report_Azure(metadata=self.metadata(), resource=vm) - report.subscription = subscription_name + report.subscription = subscription_id if vm.vm_size in DESIRED_SKU_SIZES: report.status = "PASS" - report.status_extended = f"VM {vm.resource_name} is using desired SKU size {vm.vm_size} in subscription {subscription_name}." + report.status_extended = f"VM {vm.resource_name} is using desired SKU size {vm.vm_size} in subscription {subscription_name} ({subscription_id})." else: report.status = "FAIL" - report.status_extended = f"VM {vm.resource_name} is using {vm.vm_size} which is not a desired SKU size in subscription {subscription_name}." + report.status_extended = f"VM {vm.resource_name} is using {vm.vm_size} which is not a desired SKU size in subscription {subscription_name} ({subscription_id})." findings.append(report) diff --git a/prowler/providers/azure/services/vm/vm_ensure_attached_disks_encrypted_with_cmk/vm_ensure_attached_disks_encrypted_with_cmk.py b/prowler/providers/azure/services/vm/vm_ensure_attached_disks_encrypted_with_cmk/vm_ensure_attached_disks_encrypted_with_cmk.py index e803110a9c..029f9c8775 100644 --- a/prowler/providers/azure/services/vm/vm_ensure_attached_disks_encrypted_with_cmk/vm_ensure_attached_disks_encrypted_with_cmk.py +++ b/prowler/providers/azure/services/vm/vm_ensure_attached_disks_encrypted_with_cmk/vm_ensure_attached_disks_encrypted_with_cmk.py @@ -6,20 +6,23 @@ class vm_ensure_attached_disks_encrypted_with_cmk(Check): def execute(self) -> Check_Report_Azure: findings = [] - for subscription_name, disks in vm_client.disks.items(): + for subscription_id, disks in vm_client.disks.items(): + subscription_name = vm_client.subscriptions.get( + subscription_id, subscription_id + ) for disk_id, disk in disks.items(): if disk.vms_attached: report = Check_Report_Azure(metadata=self.metadata(), resource=disk) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "PASS" - report.status_extended = f"Disk '{disk_id}' is encrypted with a customer-managed key in subscription {subscription_name}." + report.status_extended = f"Disk '{disk_id}' is encrypted with a customer-managed key in subscription {subscription_name} ({subscription_id})." if ( not disk.encryption_type or disk.encryption_type == "EncryptionAtRestWithPlatformKey" ): report.status = "FAIL" - report.status_extended = f"Disk '{disk_id}' is not encrypted with a customer-managed key in subscription {subscription_name}." + report.status_extended = f"Disk '{disk_id}' is not encrypted with a customer-managed key in subscription {subscription_name} ({subscription_id})." findings.append(report) diff --git a/prowler/providers/azure/services/vm/vm_ensure_unattached_disks_encrypted_with_cmk/vm_ensure_unattached_disks_encrypted_with_cmk.py b/prowler/providers/azure/services/vm/vm_ensure_unattached_disks_encrypted_with_cmk/vm_ensure_unattached_disks_encrypted_with_cmk.py index ecf9cd0f87..f4e86296f4 100644 --- a/prowler/providers/azure/services/vm/vm_ensure_unattached_disks_encrypted_with_cmk/vm_ensure_unattached_disks_encrypted_with_cmk.py +++ b/prowler/providers/azure/services/vm/vm_ensure_unattached_disks_encrypted_with_cmk/vm_ensure_unattached_disks_encrypted_with_cmk.py @@ -6,20 +6,23 @@ class vm_ensure_unattached_disks_encrypted_with_cmk(Check): def execute(self) -> Check_Report_Azure: findings = [] - for subscription_name, disks in vm_client.disks.items(): + for subscription_id, disks in vm_client.disks.items(): + subscription_name = vm_client.subscriptions.get( + subscription_id, subscription_id + ) for disk_id, disk in disks.items(): if not disk.vms_attached: report = Check_Report_Azure(metadata=self.metadata(), resource=disk) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "PASS" - report.status_extended = f"Disk '{disk_id}' is encrypted with a customer-managed key in subscription {subscription_name}." + report.status_extended = f"Disk '{disk_id}' is encrypted with a customer-managed key in subscription {subscription_name} ({subscription_id})." if ( not disk.encryption_type or disk.encryption_type == "EncryptionAtRestWithPlatformKey" ): report.status = "FAIL" - report.status_extended = f"Disk '{disk_id}' is not encrypted with a customer-managed key in subscription {subscription_name}." + report.status_extended = f"Disk '{disk_id}' is not encrypted with a customer-managed key in subscription {subscription_name} ({subscription_id})." findings.append(report) diff --git a/prowler/providers/azure/services/vm/vm_ensure_using_approved_images/vm_ensure_using_approved_images.py b/prowler/providers/azure/services/vm/vm_ensure_using_approved_images/vm_ensure_using_approved_images.py index 4f6c378777..efd54edac4 100644 --- a/prowler/providers/azure/services/vm/vm_ensure_using_approved_images/vm_ensure_using_approved_images.py +++ b/prowler/providers/azure/services/vm/vm_ensure_using_approved_images/vm_ensure_using_approved_images.py @@ -14,10 +14,13 @@ class vm_ensure_using_approved_images(Check): def execute(self): findings = [] - for subscription_name, vms in vm_client.virtual_machines.items(): + for subscription_id, vms in vm_client.virtual_machines.items(): + subscription_name = vm_client.subscriptions.get( + subscription_id, subscription_id + ) for vm in vms.values(): report = Check_Report_Azure(metadata=self.metadata(), resource=vm) - report.subscription = subscription_name + report.subscription = subscription_id image_id = getattr(vm, "image_reference", None) if ( image_id @@ -25,9 +28,9 @@ class vm_ensure_using_approved_images(Check): and "/providers/Microsoft.Compute/images/" in image_id ): report.status = "PASS" - report.status_extended = f"VM {vm.resource_name} in subscription {subscription_name} is using an approved machine image: {image_id.split('/')[-1]}." + report.status_extended = f"VM {vm.resource_name} in subscription {subscription_name} ({subscription_id}) is using an approved machine image: {image_id.split('/')[-1]}." else: report.status = "FAIL" - report.status_extended = f"VM {vm.resource_name} in subscription {subscription_name} is not using an approved machine image." + report.status_extended = f"VM {vm.resource_name} in subscription {subscription_name} ({subscription_id}) is not using an approved machine image." findings.append(report) return findings diff --git a/prowler/providers/azure/services/vm/vm_ensure_using_managed_disks/vm_ensure_using_managed_disks.py b/prowler/providers/azure/services/vm/vm_ensure_using_managed_disks/vm_ensure_using_managed_disks.py index e771fc80e5..316cc426a0 100644 --- a/prowler/providers/azure/services/vm/vm_ensure_using_managed_disks/vm_ensure_using_managed_disks.py +++ b/prowler/providers/azure/services/vm/vm_ensure_using_managed_disks/vm_ensure_using_managed_disks.py @@ -6,12 +6,15 @@ class vm_ensure_using_managed_disks(Check): def execute(self) -> Check_Report_Azure: findings = [] - for subscription_name, vms in vm_client.virtual_machines.items(): + for subscription_id, vms in vm_client.virtual_machines.items(): + subscription_name = vm_client.subscriptions.get( + subscription_id, subscription_id + ) for vm in vms.values(): report = Check_Report_Azure(metadata=self.metadata(), resource=vm) report.status = "PASS" - report.subscription = subscription_name - report.status_extended = f"VM {vm.resource_name} is using managed disks in subscription {subscription_name}" + report.subscription = subscription_id + report.status_extended = f"VM {vm.resource_name} is using managed disks in subscription {subscription_name} ({subscription_id})" using_managed_disks = ( True @@ -31,7 +34,7 @@ class vm_ensure_using_managed_disks(Check): if not using_managed_disks: report.status = "FAIL" - report.status_extended = f"VM {vm.resource_name} is not using managed disks in subscription {subscription_name}" + report.status_extended = f"VM {vm.resource_name} is not using managed disks in subscription {subscription_name} ({subscription_id})" findings.append(report) diff --git a/prowler/providers/azure/services/vm/vm_jit_access_enabled/vm_jit_access_enabled.py b/prowler/providers/azure/services/vm/vm_jit_access_enabled/vm_jit_access_enabled.py index 9434608454..913b972b9b 100644 --- a/prowler/providers/azure/services/vm/vm_jit_access_enabled/vm_jit_access_enabled.py +++ b/prowler/providers/azure/services/vm/vm_jit_access_enabled/vm_jit_access_enabled.py @@ -15,19 +15,22 @@ class vm_jit_access_enabled(Check): def execute(self): findings = [] jit_enabled_vms = set() - for subscription_name, vms in vm_client.virtual_machines.items(): - for jit_policy in defender_client.jit_policies[subscription_name].values(): + for subscription_id, vms in vm_client.virtual_machines.items(): + subscription_name = defender_client.subscriptions.get( + subscription_id, subscription_id + ) + for jit_policy in defender_client.jit_policies[subscription_id].values(): jit_enabled_vms.update(jit_policy.vm_ids) for vm in vms.values(): report = Check_Report_Azure(metadata=self.metadata(), resource=vm) - report.subscription = subscription_name + report.subscription = subscription_id if vm.resource_id.lower() in { vm_id.lower() for vm_id in jit_enabled_vms }: report.status = "PASS" - report.status_extended = f"VM {vm.resource_name} in subscription {subscription_name} has JIT (Just-in-Time) access enabled." + report.status_extended = f"VM {vm.resource_name} in subscription {subscription_name} ({subscription_id}) has JIT (Just-in-Time) access enabled." else: report.status = "FAIL" - report.status_extended = f"VM {vm.resource_name} in subscription {subscription_name} does not have JIT (Just-in-Time) access enabled." + report.status_extended = f"VM {vm.resource_name} in subscription {subscription_name} ({subscription_id}) does not have JIT (Just-in-Time) access enabled." findings.append(report) return findings diff --git a/prowler/providers/azure/services/vm/vm_linux_enforce_ssh_authentication/vm_linux_enforce_ssh_authentication.py b/prowler/providers/azure/services/vm/vm_linux_enforce_ssh_authentication/vm_linux_enforce_ssh_authentication.py index c31b2c9a18..7783a42009 100644 --- a/prowler/providers/azure/services/vm/vm_linux_enforce_ssh_authentication/vm_linux_enforce_ssh_authentication.py +++ b/prowler/providers/azure/services/vm/vm_linux_enforce_ssh_authentication/vm_linux_enforce_ssh_authentication.py @@ -13,17 +13,20 @@ class vm_linux_enforce_ssh_authentication(Check): def execute(self) -> list[Check_Report_Azure]: findings = [] - for subscription_name, vms in vm_client.virtual_machines.items(): + for subscription_id, vms in vm_client.virtual_machines.items(): + subscription_name = vm_client.subscriptions.get( + subscription_id, subscription_id + ) for vm in vms.values(): if vm.linux_configuration: report = Check_Report_Azure(metadata=self.metadata(), resource=vm) - report.subscription = subscription_name + report.subscription = subscription_id if vm.linux_configuration.disable_password_authentication: report.status = "PASS" - report.status_extended = f"VM {vm.resource_name} in subscription {subscription_name} has password authentication disabled (SSH key authentication enforced)." + report.status_extended = f"VM {vm.resource_name} in subscription {subscription_name} ({subscription_id}) has password authentication disabled (SSH key authentication enforced)." else: report.status = "FAIL" - report.status_extended = f"VM {vm.resource_name} in subscription {subscription_name} has password authentication enabled (password-based SSH allowed)." + report.status_extended = f"VM {vm.resource_name} in subscription {subscription_name} ({subscription_id}) has password authentication enabled (password-based SSH allowed)." findings.append(report) return findings diff --git a/prowler/providers/azure/services/vm/vm_scaleset_associated_with_load_balancer/vm_scaleset_associated_with_load_balancer.py b/prowler/providers/azure/services/vm/vm_scaleset_associated_with_load_balancer/vm_scaleset_associated_with_load_balancer.py index c6150f1d7f..4b893397b1 100644 --- a/prowler/providers/azure/services/vm/vm_scaleset_associated_with_load_balancer/vm_scaleset_associated_with_load_balancer.py +++ b/prowler/providers/azure/services/vm/vm_scaleset_associated_with_load_balancer/vm_scaleset_associated_with_load_balancer.py @@ -14,6 +14,7 @@ class vm_scaleset_associated_with_load_balancer(Check): def execute(self): findings = [] for subscription, scale_sets in vm_client.vm_scale_sets.items(): + subscription_name = vm_client.subscriptions.get(subscription, subscription) for scale_set in scale_sets.values(): report = Check_Report_Azure( metadata=self.metadata(), resource=scale_set @@ -28,9 +29,9 @@ class vm_scaleset_associated_with_load_balancer(Check): pool.split("/")[-1] for pool in scale_set.load_balancer_backend_pools ] - report.status_extended = f"Scale set '{scale_set.resource_name}' in subscription '{subscription}' is associated with load balancer backend pool(s): {', '.join(backend_pool_names)}." + report.status_extended = f"Scale set '{scale_set.resource_name}' in subscription '{subscription_name} ({subscription})' is associated with load balancer backend pool(s): {', '.join(backend_pool_names)}." else: report.status = "FAIL" - report.status_extended = f"Scale set '{scale_set.resource_name}' in subscription '{subscription}' is not associated with any load balancer backend pool." + report.status_extended = f"Scale set '{scale_set.resource_name}' in subscription '{subscription_name} ({subscription})' is not associated with any load balancer backend pool." findings.append(report) return findings diff --git a/prowler/providers/azure/services/vm/vm_scaleset_not_empty/vm_scaleset_not_empty.py b/prowler/providers/azure/services/vm/vm_scaleset_not_empty/vm_scaleset_not_empty.py index 4061fe4790..ac77dd01e0 100644 --- a/prowler/providers/azure/services/vm/vm_scaleset_not_empty/vm_scaleset_not_empty.py +++ b/prowler/providers/azure/services/vm/vm_scaleset_not_empty/vm_scaleset_not_empty.py @@ -14,6 +14,7 @@ class vm_scaleset_not_empty(Check): def execute(self): findings = [] for subscription, scale_sets in vm_client.vm_scale_sets.items(): + subscription_name = vm_client.subscriptions.get(subscription, subscription) for scale_set in scale_sets.values(): report = Check_Report_Azure( metadata=self.metadata(), resource=scale_set @@ -21,9 +22,9 @@ class vm_scaleset_not_empty(Check): report.subscription = subscription if not scale_set.instance_ids: report.status = "FAIL" - report.status_extended = f"Scale set '{scale_set.resource_name}' in subscription '{subscription}' is empty: no VM instances present." + report.status_extended = f"Scale set '{scale_set.resource_name}' in subscription '{subscription_name} ({subscription})' is empty: no VM instances present." else: report.status = "PASS" - report.status_extended = f"Scale set '{scale_set.resource_name}' in subscription '{subscription}' has {len(scale_set.instance_ids)} VM instances." + report.status_extended = f"Scale set '{scale_set.resource_name}' in subscription '{subscription_name} ({subscription})' has {len(scale_set.instance_ids)} VM instances." findings.append(report) return findings diff --git a/prowler/providers/azure/services/vm/vm_service.py b/prowler/providers/azure/services/vm/vm_service.py index ea63de6197..b20f4b5678 100644 --- a/prowler/providers/azure/services/vm/vm_service.py +++ b/prowler/providers/azure/services/vm/vm_service.py @@ -20,10 +20,10 @@ class VirtualMachines(AzureService): logger.info("VirtualMachines - Getting virtual machines...") virtual_machines = {} - for subscription_name, client in self.clients.items(): + for subscription_id, client in self.clients.items(): try: virtual_machines_list = client.virtual_machines.list_all() - virtual_machines.update({subscription_name: {}}) + virtual_machines.update({subscription_id: {}}) for vm in virtual_machines_list: storage_profile = getattr(vm, "storage_profile", None) @@ -98,7 +98,7 @@ class VirtualMachines(AzureService): uefi_settings=uefi_settings, ) - virtual_machines[subscription_name].update( + virtual_machines[subscription_id].update( { vm.id: VirtualMachine( resource_id=vm.id, @@ -144,7 +144,7 @@ class VirtualMachines(AzureService): ) except Exception as error: logger.error( - f"Subscription name: {subscription_name} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription_id} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return virtual_machines @@ -153,10 +153,10 @@ class VirtualMachines(AzureService): logger.info("VirtualMachines - Getting disks...") disks = {} - for subscription_name, client in self.clients.items(): + for subscription_id, client in self.clients.items(): try: disks_list = client.disks.list() - disks.update({subscription_name: {}}) + disks.update({subscription_id: {}}) for disk in disks_list: vms_attached = [] @@ -164,7 +164,7 @@ class VirtualMachines(AzureService): vms_attached.append(disk.managed_by) if disk.managed_by_extended: vms_attached.extend(disk.managed_by_extended) - disks[subscription_name].update( + disks[subscription_id].update( { disk.unique_id: Disk( resource_id=disk.id, @@ -179,7 +179,7 @@ class VirtualMachines(AzureService): ) except Exception as error: logger.error( - f"Subscription name: {subscription_name} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription_id} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return disks @@ -191,7 +191,7 @@ class VirtualMachines(AzureService): Returns: A nested dictionary with the following structure: { - "subscription_name": { + "subscription_id": { "vm_scale_set_id": VirtualMachineScaleSet() } } @@ -200,10 +200,10 @@ class VirtualMachines(AzureService): "VirtualMachines - Getting VM scale sets and their load balancer associations..." ) vm_scale_sets = {} - for subscription_name, client in self.clients.items(): + for subscription_id, client in self.clients.items(): try: scale_sets = client.virtual_machine_scale_sets.list_all() - vm_scale_sets[subscription_name] = {} + vm_scale_sets[subscription_id] = {} for scale_set in scale_sets: backend_pools = [] nic_configs = [] @@ -235,9 +235,9 @@ class VirtualMachines(AzureService): backend_pools.append(pool.id) # Get instance IDs using the private method instance_ids = self._get_vmss_instance_ids( - subscription_name, scale_set.id + subscription_id, scale_set.id ) - vm_scale_sets[subscription_name][scale_set.id] = ( + vm_scale_sets[subscription_id][scale_set.id] = ( VirtualMachineScaleSet( resource_id=scale_set.id, resource_name=scale_set.name, @@ -248,28 +248,28 @@ class VirtualMachines(AzureService): ) except Exception as error: logger.error( - f"Subscription name: {subscription_name} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + f"Subscription ID: {subscription_id} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) return vm_scale_sets def _get_vmss_instance_ids( - self, subscription_name: str, scale_set_id: str + self, subscription_id: str, scale_set_id: str ) -> list[str]: """ Given a subscription and scale set ID, return the list of VM instance IDs in the scale set. Args: - subscription_name: The name of the subscription. + subscription_id: The name of the subscription. scale_set_id: The ID of the scale set. Returns: A list of VM instance IDs that compose the scale set. """ logger.info( - f"VirtualMachines - Getting VM scale set instance IDs for {scale_set_id} in {subscription_name}..." + f"VirtualMachines - Getting VM scale set instance IDs for {scale_set_id} in {subscription_id}..." ) vm_instance_ids = [] - client = self.clients.get(subscription_name, None) + client = self.clients.get(subscription_id, None) try: resource_id_parts = scale_set_id.split("/") resource_group = "" diff --git a/prowler/providers/azure/services/vm/vm_sufficient_daily_backup_retention_period/vm_sufficient_daily_backup_retention_period.py b/prowler/providers/azure/services/vm/vm_sufficient_daily_backup_retention_period/vm_sufficient_daily_backup_retention_period.py index 444cfcfa3b..09017d26b5 100644 --- a/prowler/providers/azure/services/vm/vm_sufficient_daily_backup_retention_period/vm_sufficient_daily_backup_retention_period.py +++ b/prowler/providers/azure/services/vm/vm_sufficient_daily_backup_retention_period/vm_sufficient_daily_backup_retention_period.py @@ -19,6 +19,9 @@ class vm_sufficient_daily_backup_retention_period(Check): ) for subscription, vms in vm_client.virtual_machines.items(): + subscription_name = recovery_client.subscriptions.get( + subscription, subscription + ) vaults = recovery_client.vaults.get(subscription, {}) for vm in vms.values(): backup_found = False @@ -44,9 +47,9 @@ class vm_sufficient_daily_backup_retention_period(Check): report.subscription = subscription if retention_days >= min_retention_days: report.status = "PASS" - report.status_extended = f"VM {vm.resource_name} in subscription {subscription} has a daily backup retention period of {retention_days} days (minimum required: {min_retention_days})." + report.status_extended = f"VM {vm.resource_name} in subscription {subscription_name} ({subscription}) has a daily backup retention period of {retention_days} days (minimum required: {min_retention_days})." else: report.status = "FAIL" - report.status_extended = f"VM {vm.resource_name} in subscription {subscription} has insufficient daily backup retention period of {retention_days} days (minimum required: {min_retention_days})." + report.status_extended = f"VM {vm.resource_name} in subscription {subscription_name} ({subscription}) has insufficient daily backup retention period of {retention_days} days (minimum required: {min_retention_days})." findings.append(report) return findings diff --git a/prowler/providers/azure/services/vm/vm_trusted_launch_enabled/vm_trusted_launch_enabled.py b/prowler/providers/azure/services/vm/vm_trusted_launch_enabled/vm_trusted_launch_enabled.py index d4896b70ec..4a5163c2db 100644 --- a/prowler/providers/azure/services/vm/vm_trusted_launch_enabled/vm_trusted_launch_enabled.py +++ b/prowler/providers/azure/services/vm/vm_trusted_launch_enabled/vm_trusted_launch_enabled.py @@ -6,12 +6,15 @@ class vm_trusted_launch_enabled(Check): def execute(self) -> Check_Report_Azure: findings = [] - for subscription_name, vms in vm_client.virtual_machines.items(): + for subscription_id, vms in vm_client.virtual_machines.items(): + subscription_name = vm_client.subscriptions.get( + subscription_id, subscription_id + ) for vm in vms.values(): report = Check_Report_Azure(metadata=self.metadata(), resource=vm) - report.subscription = subscription_name + report.subscription = subscription_id report.status = "FAIL" - report.status_extended = f"VM {vm.resource_name} has trusted launch disabled in subscription {subscription_name}" + report.status_extended = f"VM {vm.resource_name} has trusted launch disabled in subscription {subscription_name} ({subscription_id})" if ( vm.security_profile @@ -20,7 +23,7 @@ class vm_trusted_launch_enabled(Check): and vm.security_profile.uefi_settings.v_tpm_enabled ): report.status = "PASS" - report.status_extended = f"VM {vm.resource_name} has trusted launch enabled in subscription {subscription_name}" + report.status_extended = f"VM {vm.resource_name} has trusted launch enabled in subscription {subscription_name} ({subscription_id})" findings.append(report) diff --git a/tests/lib/check/check_test.py b/tests/lib/check/check_test.py index cda33e8fc6..b9492d6754 100644 --- a/tests/lib/check/check_test.py +++ b/tests/lib/check/check_test.py @@ -1149,6 +1149,40 @@ class TestCheck: ) assert findings[0].muted is True + def test_execute_azure_mutelist_passes_subscription_id_and_name(self): + """Test that execute() passes Azure subscription ID and display name.""" + subscription_id = "12345678-1234-1234-1234-123456789012" + subscription_name = "subscription_1" + + finding = Mock() + finding.status = "PASS" + finding.muted = False + finding.subscription = subscription_id + + check = Mock() + check.CheckID = "azure_test_check" + check.execute = Mock(return_value=[finding]) + + provider = mock.MagicMock() + provider.type = "azure" + provider.identity.subscriptions = {subscription_id: subscription_name} + provider.mutelist.mutelist = {"Accounts": {subscription_name: {}}} + provider.mutelist.is_finding_muted = Mock(return_value=True) + + findings = execute( + check=check, + global_provider=provider, + custom_checks_metadata=None, + output_options=None, + ) + + provider.mutelist.is_finding_muted.assert_called_once_with( + subscription_id=subscription_id, + subscription_name=subscription_name, + finding=finding, + ) + assert findings[0].muted is True + def test_execute_check_exception_only_logs(self, caplog): caplog.set_level(ERROR) diff --git a/tests/lib/outputs/finding_test.py b/tests/lib/outputs/finding_test.py index 2a57cc40bb..fb75a1f705 100644 --- a/tests/lib/outputs/finding_test.py +++ b/tests/lib/outputs/finding_test.py @@ -331,8 +331,8 @@ class TestFinding: assert finding_output.auth_method == "mock_identity_type: mock_identity_id" assert finding_output.account_organization_uid == "mock_tenant_id_1" assert finding_output.account_organization_name == "mock_tenant_domain" - assert finding_output.account_uid == "mock_subscription_name" - assert finding_output.account_name == "mock_subscription_id" + assert finding_output.account_uid == "mock_subscription_id" + assert finding_output.account_name == "mock_subscription_name" assert finding_output.resource_name == "test_resource_name" assert finding_output.resource_uid == "test_resource_id" assert finding_output.region == "us-west-1" diff --git a/tests/lib/outputs/summary_table_test.py b/tests/lib/outputs/summary_table_test.py new file mode 100644 index 0000000000..c1e5322c33 --- /dev/null +++ b/tests/lib/outputs/summary_table_test.py @@ -0,0 +1,42 @@ +from types import SimpleNamespace + +from prowler.lib.outputs.summary_table import display_summary_table + + +class TestDisplaySummaryTable: + def test_azure_summary_shows_display_name_and_subscription_id(self, capsys): + provider = SimpleNamespace( + type="azure", + identity=SimpleNamespace( + tenant_domain="tenant.example.com", + tenant_ids=["tenant-id"], + subscriptions={ + "subscription-id-1": "Duplicate Subscription", + "subscription-id-2": "Duplicate Subscription", + }, + ), + ) + output_options = SimpleNamespace( + output_directory="out", + output_filename="report", + output_modes=[], + ) + findings = [ + SimpleNamespace( + status="PASS", + muted=False, + check_metadata=SimpleNamespace( + ServiceName="network", + Provider="azure", + Severity="low", + ), + ) + ] + + display_summary_table(findings, provider, output_options) + + captured = capsys.readouterr() + + assert "Subscriptions scanned:" in captured.out + assert "Duplicate Subscription (subscription-id-1)" in captured.out + assert "Duplicate Subscription (subscription-id-2)" in captured.out diff --git a/tests/providers/azure/azure_fixtures.py b/tests/providers/azure/azure_fixtures.py index 51b919e0d6..84d43fd2c3 100644 --- a/tests/providers/azure/azure_fixtures.py +++ b/tests/providers/azure/azure_fixtures.py @@ -8,6 +8,7 @@ from prowler.providers.azure.models import AzureIdentityInfo, AzureRegionConfig AZURE_SUBSCRIPTION_ID = str(uuid4()) AZURE_SUBSCRIPTION_NAME = "Subscription Name" +AZURE_SUBSCRIPTION_DISPLAY = f"{AZURE_SUBSCRIPTION_NAME} ({AZURE_SUBSCRIPTION_ID})" # Azure Identity IDENTITY_ID = "00000000-0000-0000-0000-000000000000" diff --git a/tests/providers/azure/azure_provider_test.py b/tests/providers/azure/azure_provider_test.py index a0c8a5e5d4..8f99df8637 100644 --- a/tests/providers/azure/azure_provider_test.py +++ b/tests/providers/azure/azure_provider_test.py @@ -3,6 +3,7 @@ from uuid import uuid4 import pytest from azure.core.credentials import AccessToken +from azure.core.exceptions import HttpResponseError from azure.identity import DefaultAzureCredential from mock import MagicMock @@ -432,8 +433,29 @@ class TestAzureProvider: ) def test_test_connection_with_ClientAuthenticationError(self): - with pytest.raises(AzureHTTPResponseError) as exception: - tenant_id = str(uuid4()) + tenant_id = str(uuid4()) + error_message = ( + "Authentication failed: Unable to get authority configuration for " + f"https://login.microsoftonline.com/{tenant_id}." + ) + + with ( + patch( + "prowler.providers.azure.azure_provider.AzureProvider.setup_session" + ) as mock_setup_session, + patch( + "prowler.providers.azure.azure_provider.SubscriptionClient" + ) as mock_subscription_client, + pytest.raises(AzureHTTPResponseError) as exception, + ): + mock_setup_session.return_value = MagicMock() + mock_client = MagicMock() + mock_client.subscriptions = MagicMock() + mock_client.subscriptions.list.side_effect = HttpResponseError( + message=error_message + ) + mock_subscription_client.return_value = mock_client + AzureProvider.test_connection( browser_auth=True, tenant_id=tenant_id, @@ -441,9 +463,8 @@ class TestAzureProvider: ) assert exception.type == AzureHTTPResponseError - assert ( - exception.value.args[0] - == f"[2010] Error in HTTP response from Azure - Authentication failed: Unable to get authority configuration for https://login.microsoftonline.com/{tenant_id}. Authority would typically be in a format of https://login.microsoftonline.com/your_tenant or https://tenant_name.ciamlogin.com or https://tenant_name.b2clogin.com/tenant.onmicrosoft.com/policy. Also please double check your tenant name or GUID is correct." + assert exception.value.args[0] == ( + f"[2010] Error in HTTP response from Azure - {error_message}" ) def test_test_connection_without_any_method(self): @@ -527,3 +548,176 @@ class TestAzureProvider: regions = azure_provider.get_regions(subscription_ids=subscription_ids) assert regions == expected_regions + + +class TestAzureProviderSetupIdentitySubscriptions: + """Regression tests ensuring identity.subscriptions preserves every + subscription even when multiple Azure subscriptions share the same + display_name (which is permitted by Azure).""" + + @staticmethod + def _mock_subscription(display_name, subscription_id): + mock_subscription = MagicMock() + mock_subscription.display_name = display_name + mock_subscription.subscription_id = subscription_id + return mock_subscription + + @staticmethod + def _build_subscriptions_client_mock(list_result=None, get_map=None): + """Construct a fully explicit SubscriptionClient mock so the tests do + not depend on MagicMock auto-attribute behavior, which makes the suite + sensitive to shared state across test files.""" + subscriptions_operations = MagicMock() + subscriptions_operations.list = MagicMock(return_value=list_result or []) + if get_map is not None: + subscriptions_operations.get = MagicMock( + side_effect=lambda subscription_id: get_map[subscription_id] + ) + else: + subscriptions_operations.get = MagicMock() + + tenants_operations = MagicMock() + tenants_operations.list = MagicMock(return_value=[]) + + client_instance = MagicMock() + client_instance.subscriptions = subscriptions_operations + client_instance.tenants = tenants_operations + + client_class = MagicMock(return_value=client_instance) + return client_class + + @staticmethod + def _build_provider(): + """Create an AzureProvider instance ready to invoke setup_identity + with auth flags left False so the AAD lookup branches are skipped and + the test focuses on the subscription resolution logic.""" + with patch.object(AzureProvider, "__init__", return_value=None): + azure_provider = AzureProvider() + azure_provider._session = MagicMock() + azure_provider._region_config = AzureRegionConfig( + name="AzureCloud", + authority=None, + base_url="https://management.azure.com", + credential_scopes=["https://management.azure.com/.default"], + ) + return azure_provider + + def test_setup_identity_auto_discovery_preserves_unique_display_names(self): + first_id = str(uuid4()) + second_id = str(uuid4()) + client_class = self._build_subscriptions_client_mock( + list_result=[ + self._mock_subscription("Unique Name One", first_id), + self._mock_subscription("Unique Name Two", second_id), + ] + ) + with patch( + "prowler.providers.azure.azure_provider.SubscriptionClient", + client_class, + ): + azure_provider = self._build_provider() + + identity = azure_provider.setup_identity( + az_cli_auth=False, + sp_env_auth=False, + browser_auth=False, + managed_identity_auth=False, + subscription_ids=[], + client_id=None, + ) + + assert identity.subscriptions == { + first_id: "Unique Name One", + second_id: "Unique Name Two", + } + + def test_setup_identity_auto_discovery_preserves_duplicate_display_names( + self, + ): + shared_name = "Shared Display Name" + first_id = str(uuid4()) + second_id = str(uuid4()) + client_class = self._build_subscriptions_client_mock( + list_result=[ + self._mock_subscription(shared_name, first_id), + self._mock_subscription(shared_name, second_id), + ] + ) + with patch( + "prowler.providers.azure.azure_provider.SubscriptionClient", + client_class, + ): + azure_provider = self._build_provider() + + identity = azure_provider.setup_identity( + az_cli_auth=False, + sp_env_auth=False, + browser_auth=False, + managed_identity_auth=False, + subscription_ids=[], + client_id=None, + ) + + assert identity.subscriptions == { + first_id: shared_name, + second_id: shared_name, + } + + def test_setup_identity_filtered_preserves_unique_display_names(self): + first_id = str(uuid4()) + second_id = str(uuid4()) + client_class = self._build_subscriptions_client_mock( + get_map={ + first_id: self._mock_subscription("Unique Name One", first_id), + second_id: self._mock_subscription("Unique Name Two", second_id), + } + ) + with patch( + "prowler.providers.azure.azure_provider.SubscriptionClient", + client_class, + ): + azure_provider = self._build_provider() + + identity = azure_provider.setup_identity( + az_cli_auth=False, + sp_env_auth=False, + browser_auth=False, + managed_identity_auth=False, + subscription_ids=[first_id, second_id], + client_id=None, + ) + + assert identity.subscriptions == { + first_id: "Unique Name One", + second_id: "Unique Name Two", + } + + def test_setup_identity_filtered_preserves_duplicate_display_names(self): + shared_name = "Shared Display Name" + first_id = str(uuid4()) + second_id = str(uuid4()) + client_class = self._build_subscriptions_client_mock( + get_map={ + first_id: self._mock_subscription(shared_name, first_id), + second_id: self._mock_subscription(shared_name, second_id), + } + ) + with patch( + "prowler.providers.azure.azure_provider.SubscriptionClient", + client_class, + ): + azure_provider = self._build_provider() + + identity = azure_provider.setup_identity( + az_cli_auth=False, + sp_env_auth=False, + browser_auth=False, + managed_identity_auth=False, + subscription_ids=[first_id, second_id], + client_id=None, + ) + + assert identity.subscriptions == { + first_id: shared_name, + second_id: shared_name, + } diff --git a/tests/providers/azure/lib/mutelist/azure_mutelist_test.py b/tests/providers/azure/lib/mutelist/azure_mutelist_test.py index d15faa83ed..24f6d5ef1e 100644 --- a/tests/providers/azure/lib/mutelist/azure_mutelist_test.py +++ b/tests/providers/azure/lib/mutelist/azure_mutelist_test.py @@ -64,10 +64,12 @@ class TestAzureMutelist: finding.status = "FAIL" finding.resource_name = "test_resource" finding.resource_tags = {} - finding.subscription = "subscription_1" + finding.subscription = "12345678-1234-1234-1234-123456789012" assert mutelist.is_finding_muted( - finding, "12345678-1234-1234-1234-123456789012" + finding, + "12345678-1234-1234-1234-123456789012", + "subscription_1", ) def test_is_finding_muted_subscription_id(self): diff --git a/tests/providers/azure/services/aisearch/aisearch_service_public_access_level_is_disabled/aisearch_service_public_access_level_is_disabled_test.py b/tests/providers/azure/services/aisearch/aisearch_service_public_access_level_is_disabled/aisearch_service_public_access_level_is_disabled_test.py index 7e35a2ca36..6f3aebcc00 100644 --- a/tests/providers/azure/services/aisearch/aisearch_service_public_access_level_is_disabled/aisearch_service_public_access_level_is_disabled_test.py +++ b/tests/providers/azure/services/aisearch/aisearch_service_public_access_level_is_disabled/aisearch_service_public_access_level_is_disabled_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.services.aisearch.aisearch_service import AISearchService from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_AISearch_service_not_publicly_accessible: def test_aisearch_sevice_no_aisearch_services(self): aisearch_client = mock.MagicMock + aisearch_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} aisearch_client.aisearch_services = {} with ( @@ -35,6 +38,7 @@ class Test_AISearch_service_not_publicly_accessible: aisearch_service_id = str(uuid4()) aisearch_service_name = "Test AISearch Service" aisearch_client = mock.MagicMock + aisearch_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} aisearch_client.aisearch_services = { AZURE_SUBSCRIPTION_ID: { aisearch_service_id: AISearchService( @@ -66,7 +70,7 @@ class Test_AISearch_service_not_publicly_accessible: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"AISearch Service {aisearch_service_name} from subscription {AZURE_SUBSCRIPTION_ID} allows public access." + == f"AISearch Service {aisearch_service_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} allows public access." ) assert result[0].resource_id == aisearch_service_id assert result[0].subscription == AZURE_SUBSCRIPTION_ID @@ -77,6 +81,7 @@ class Test_AISearch_service_not_publicly_accessible: aisearch_service_id = str(uuid4()) aisearch_service_name = "Test Search Service" aisearch_client = mock.MagicMock + aisearch_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} aisearch_client.aisearch_services = { AZURE_SUBSCRIPTION_ID: { aisearch_service_id: AISearchService( @@ -108,7 +113,7 @@ class Test_AISearch_service_not_publicly_accessible: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"AISearch Service {aisearch_service_name} from subscription {AZURE_SUBSCRIPTION_ID} does not allows public access." + == f"AISearch Service {aisearch_service_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} does not allows public access." ) assert result[0].resource_id == aisearch_service_id assert result[0].subscription == AZURE_SUBSCRIPTION_ID diff --git a/tests/providers/azure/services/aks/aks_cluster_rbac_enabled/aks_cluster_rbac_enabled_test.py b/tests/providers/azure/services/aks/aks_cluster_rbac_enabled/aks_cluster_rbac_enabled_test.py index a4706f013a..5cbe7d67b5 100644 --- a/tests/providers/azure/services/aks/aks_cluster_rbac_enabled/aks_cluster_rbac_enabled_test.py +++ b/tests/providers/azure/services/aks/aks_cluster_rbac_enabled/aks_cluster_rbac_enabled_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.services.aks.aks_service import Cluster from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_aks_cluster_rbac_enabled: def test_aks_no_subscriptions(self): aks_client = mock.MagicMock + aks_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} aks_client.clusters = {} with ( @@ -33,6 +36,7 @@ class Test_aks_cluster_rbac_enabled: def test_aks_subscription_empty(self): aks_client = mock.MagicMock + aks_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} aks_client.clusters = {AZURE_SUBSCRIPTION_ID: {}} with ( @@ -55,6 +59,7 @@ class Test_aks_cluster_rbac_enabled: def test_aks_cluster_rbac_enabled(self): aks_client = mock.MagicMock + aks_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} cluster_id = str(uuid4()) aks_client.clusters = { AZURE_SUBSCRIPTION_ID: { @@ -91,7 +96,7 @@ class Test_aks_cluster_rbac_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"RBAC is enabled for cluster 'cluster_name' in subscription '{AZURE_SUBSCRIPTION_ID}'." + == f"RBAC is enabled for cluster 'cluster_name' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}'." ) assert result[0].resource_name == "cluster_name" assert result[0].resource_id == cluster_id @@ -100,6 +105,7 @@ class Test_aks_cluster_rbac_enabled: def test_aks_rbac_not_enabled(self): aks_client = mock.MagicMock + aks_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} cluster_id = str(uuid4()) aks_client.clusters = { AZURE_SUBSCRIPTION_ID: { @@ -136,7 +142,7 @@ class Test_aks_cluster_rbac_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"RBAC is not enabled for cluster 'cluster_name' in subscription '{AZURE_SUBSCRIPTION_ID}'." + == f"RBAC is not enabled for cluster 'cluster_name' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}'." ) assert result[0].resource_name == "cluster_name" assert result[0].resource_id == cluster_id diff --git a/tests/providers/azure/services/aks/aks_clusters_created_with_private_nodes/aks_clusters_created_with_private_nodes_test.py b/tests/providers/azure/services/aks/aks_clusters_created_with_private_nodes/aks_clusters_created_with_private_nodes_test.py index 74ee1e7206..bf5a32660d 100644 --- a/tests/providers/azure/services/aks/aks_clusters_created_with_private_nodes/aks_clusters_created_with_private_nodes_test.py +++ b/tests/providers/azure/services/aks/aks_clusters_created_with_private_nodes/aks_clusters_created_with_private_nodes_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.services.aks.aks_service import Cluster from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_aks_clusters_created_with_private_nodes: def test_aks_no_subscriptions(self): aks_client = mock.MagicMock + aks_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} aks_client.clusters = {} with ( @@ -33,6 +36,7 @@ class Test_aks_clusters_created_with_private_nodes: def test_aks_subscription_empty(self): aks_client = mock.MagicMock + aks_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} aks_client.clusters = {AZURE_SUBSCRIPTION_ID: {}} with ( @@ -55,6 +59,7 @@ class Test_aks_clusters_created_with_private_nodes: def test_aks_cluster_no_private_nodes(self): aks_client = mock.MagicMock + aks_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} cluster_id = str(uuid4()) aks_client.clusters = { AZURE_SUBSCRIPTION_ID: { @@ -91,7 +96,7 @@ class Test_aks_clusters_created_with_private_nodes: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Cluster 'cluster_name' was not created with private nodes in subscription '{AZURE_SUBSCRIPTION_ID}'" + == f"Cluster 'cluster_name' was not created with private nodes in subscription '{AZURE_SUBSCRIPTION_DISPLAY}'" ) assert result[0].resource_id == cluster_id assert result[0].resource_name == "cluster_name" @@ -100,6 +105,7 @@ class Test_aks_clusters_created_with_private_nodes: def test_aks_cluster_private_nodes(self): aks_client = mock.MagicMock + aks_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} cluster_id = str(uuid4()) aks_client.clusters = { AZURE_SUBSCRIPTION_ID: { @@ -136,7 +142,7 @@ class Test_aks_clusters_created_with_private_nodes: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Cluster 'cluster_name' was created with private nodes in subscription '{AZURE_SUBSCRIPTION_ID}'" + == f"Cluster 'cluster_name' was created with private nodes in subscription '{AZURE_SUBSCRIPTION_DISPLAY}'" ) assert result[0].resource_id == cluster_id assert result[0].resource_name == "cluster_name" @@ -145,6 +151,7 @@ class Test_aks_clusters_created_with_private_nodes: def test_aks_cluster_public_and_private_nodes(self): aks_client = mock.MagicMock + aks_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} cluster_id = str(uuid4()) aks_client.clusters = { AZURE_SUBSCRIPTION_ID: { @@ -185,7 +192,7 @@ class Test_aks_clusters_created_with_private_nodes: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Cluster 'cluster_name' was not created with private nodes in subscription '{AZURE_SUBSCRIPTION_ID}'" + == f"Cluster 'cluster_name' was not created with private nodes in subscription '{AZURE_SUBSCRIPTION_DISPLAY}'" ) assert result[0].resource_id == cluster_id assert result[0].resource_name == "cluster_name" diff --git a/tests/providers/azure/services/aks/aks_clusters_public_access_disabled/aks_clusters_public_access_disabled_test.py b/tests/providers/azure/services/aks/aks_clusters_public_access_disabled/aks_clusters_public_access_disabled_test.py index 6d012c39e5..dfb000a096 100644 --- a/tests/providers/azure/services/aks/aks_clusters_public_access_disabled/aks_clusters_public_access_disabled_test.py +++ b/tests/providers/azure/services/aks/aks_clusters_public_access_disabled/aks_clusters_public_access_disabled_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.services.aks.aks_service import Cluster from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_aks_clusters_public_access_disabled: def test_aks_no_subscriptions(self): aks_client = mock.MagicMock + aks_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} aks_client.clusters = {} with ( @@ -33,6 +36,7 @@ class Test_aks_clusters_public_access_disabled: def test_aks_subscription_empty(self): aks_client = mock.MagicMock + aks_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} aks_client.clusters = {AZURE_SUBSCRIPTION_ID: {}} with ( @@ -55,6 +59,7 @@ class Test_aks_clusters_public_access_disabled: def test_aks_cluster_public_fqdn(self): aks_client = mock.MagicMock + aks_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} cluster_id = str(uuid4()) aks_client.clusters = { AZURE_SUBSCRIPTION_ID: { @@ -91,7 +96,7 @@ class Test_aks_clusters_public_access_disabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Public access to nodes is enabled for cluster 'cluster_name' in subscription '{AZURE_SUBSCRIPTION_ID}'" + == f"Public access to nodes is enabled for cluster 'cluster_name' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}'" ) assert result[0].resource_id == cluster_id assert result[0].resource_name == "cluster_name" @@ -100,6 +105,7 @@ class Test_aks_clusters_public_access_disabled: def test_aks_cluster_private_fqdn(self): aks_client = mock.MagicMock + aks_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} cluster_id = str(uuid4()) aks_client.clusters = { AZURE_SUBSCRIPTION_ID: { @@ -136,7 +142,7 @@ class Test_aks_clusters_public_access_disabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Public access to nodes is disabled for cluster 'cluster_name' in subscription '{AZURE_SUBSCRIPTION_ID}'" + == f"Public access to nodes is disabled for cluster 'cluster_name' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}'" ) assert result[0].resource_id == cluster_id assert result[0].resource_name == "cluster_name" @@ -145,6 +151,7 @@ class Test_aks_clusters_public_access_disabled: def test_aks_cluster_private_fqdn_with_public_ip(self): aks_client = mock.MagicMock + aks_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} cluster_id = str(uuid4()) aks_client.clusters = { AZURE_SUBSCRIPTION_ID: { @@ -181,7 +188,7 @@ class Test_aks_clusters_public_access_disabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Public access to nodes is enabled for cluster 'cluster_name' in subscription '{AZURE_SUBSCRIPTION_ID}'" + == f"Public access to nodes is enabled for cluster 'cluster_name' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}'" ) assert result[0].resource_id == cluster_id assert result[0].resource_name == "cluster_name" diff --git a/tests/providers/azure/services/aks/aks_network_policy_enabled/aks_network_policy_enabled_test.py b/tests/providers/azure/services/aks/aks_network_policy_enabled/aks_network_policy_enabled_test.py index a172e94151..896fa44405 100644 --- a/tests/providers/azure/services/aks/aks_network_policy_enabled/aks_network_policy_enabled_test.py +++ b/tests/providers/azure/services/aks/aks_network_policy_enabled/aks_network_policy_enabled_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.services.aks.aks_service import Cluster from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_aks_network_policy_enabled: def test_aks_no_subscriptions(self): aks_client = mock.MagicMock + aks_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} aks_client.clusters = {} with ( @@ -33,6 +36,7 @@ class Test_aks_network_policy_enabled: def test_aks_subscription_empty(self): aks_client = mock.MagicMock + aks_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} aks_client.clusters = {AZURE_SUBSCRIPTION_ID: {}} with ( @@ -55,6 +59,7 @@ class Test_aks_network_policy_enabled: def test_aks_network_policy_enabled(self): aks_client = mock.MagicMock + aks_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} cluster_id = str(uuid4()) aks_client.clusters = { AZURE_SUBSCRIPTION_ID: { @@ -91,7 +96,7 @@ class Test_aks_network_policy_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Network policy is enabled for cluster 'cluster_name' in subscription '{AZURE_SUBSCRIPTION_ID}'." + == f"Network policy is enabled for cluster 'cluster_name' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}'." ) assert result[0].resource_name == "cluster_name" assert result[0].resource_id == cluster_id @@ -100,6 +105,7 @@ class Test_aks_network_policy_enabled: def test_aks_network_policy_disabled(self): aks_client = mock.MagicMock + aks_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} cluster_id = str(uuid4()) aks_client.clusters = { AZURE_SUBSCRIPTION_ID: { @@ -136,7 +142,7 @@ class Test_aks_network_policy_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Network policy is not enabled for cluster 'cluster_name' in subscription '{AZURE_SUBSCRIPTION_ID}'." + == f"Network policy is not enabled for cluster 'cluster_name' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}'." ) assert result[0].resource_name == "cluster_name" assert result[0].resource_id == cluster_id diff --git a/tests/providers/azure/services/apim/apim_service_test.py b/tests/providers/azure/services/apim/apim_service_test.py index 3b1a061293..f2141aee6b 100644 --- a/tests/providers/azure/services/apim/apim_service_test.py +++ b/tests/providers/azure/services/apim/apim_service_test.py @@ -8,6 +8,7 @@ from azure.monitor.query import LogsQueryResult from tests.providers.azure.azure_fixtures import ( AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -193,6 +194,9 @@ class Test_APIM_Service(TestCase): # Properly mock the nested client structure mock_client = mock.MagicMock() + mock_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } mock_workspaces = mock.MagicMock() mock_workspaces.get.return_value = mock_workspace mock_client.workspaces = mock_workspaces @@ -246,6 +250,9 @@ class Test_APIM_Service(TestCase): # Properly mock the nested client structure mock_client = mock.MagicMock() + mock_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } mock_client.query_workspace.return_value = mock_response mock_logsquery_client.clients = {AZURE_SUBSCRIPTION_ID: mock_client} diff --git a/tests/providers/azure/services/apim/apim_threat_detection_llm_jacking/apim_threat_detection_llm_jacking_test.py b/tests/providers/azure/services/apim/apim_threat_detection_llm_jacking/apim_threat_detection_llm_jacking_test.py index a551b33c7e..997c2392fa 100644 --- a/tests/providers/azure/services/apim/apim_threat_detection_llm_jacking/apim_threat_detection_llm_jacking_test.py +++ b/tests/providers/azure/services/apim/apim_threat_detection_llm_jacking/apim_threat_detection_llm_jacking_test.py @@ -2,7 +2,9 @@ from datetime import datetime from unittest import mock from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -139,10 +141,18 @@ def mock_get_llm_operations_logs_no_workspace(subscription, instance, minutes): return [] +def mock_get_llm_operations_logs_by_subscription(subscription, instance, minutes): + """Return different logs per subscription to validate isolation.""" + if subscription == AZURE_SUBSCRIPTION_ID: + return mock_get_llm_operations_logs_attacker(subscription, instance, minutes) + return mock_get_llm_operations_logs_2_operations(subscription, instance, minutes) + + class Test_apim_threat_detection_llm_jacking: def test_no_apim_instances(self): """Test when there are no APIM instances""" apim_client = mock.MagicMock() + apim_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} apim_client.instances = {} apim_client.audit_config = { "apim_threat_detection_llm_jacking_threshold": 0.1, @@ -175,6 +185,7 @@ class Test_apim_threat_detection_llm_jacking: def test_no_potential_llm_jacking(self): """Test when no potential LLM jacking is detected""" apim_client = mock.MagicMock() + apim_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} apim_client.instances = { AZURE_SUBSCRIPTION_ID: [ mock.MagicMock( @@ -184,7 +195,7 @@ class Test_apim_threat_detection_llm_jacking: ) ] } - apim_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_ID} + apim_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} apim_client.audit_config = { "apim_threat_detection_llm_jacking_threshold": 0.9, "apim_threat_detection_llm_jacking_minutes": 1440, @@ -240,6 +251,7 @@ class Test_apim_threat_detection_llm_jacking: def test_potential_llm_jacking_detected(self): """Test when potential LLM jacking is detected""" apim_client = mock.MagicMock() + apim_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} apim_client.instances = { AZURE_SUBSCRIPTION_ID: [ mock.MagicMock( @@ -286,6 +298,7 @@ class Test_apim_threat_detection_llm_jacking: "Potential LLM Jacking attack detected from IP address 10.0.0.50" in result[0].status_extended ) + assert AZURE_SUBSCRIPTION_DISPLAY in result[0].status_extended assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource["name"] == "10.0.0.50" assert result[0].resource["id"] == "10.0.0.50" @@ -293,6 +306,7 @@ class Test_apim_threat_detection_llm_jacking: def test_higher_threshold_no_detection(self): """Test when threshold is higher and no attack is detected""" apim_client = mock.MagicMock() + apim_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} apim_client.instances = { AZURE_SUBSCRIPTION_ID: [ mock.MagicMock( @@ -302,7 +316,7 @@ class Test_apim_threat_detection_llm_jacking: ) ] } - apim_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_ID} + apim_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} apim_client.audit_config = { "apim_threat_detection_llm_jacking_threshold": 0.9, "apim_threat_detection_llm_jacking_minutes": 1440, @@ -367,7 +381,7 @@ class Test_apim_threat_detection_llm_jacking: ) ] } - apim_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_ID} + apim_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} apim_client.audit_config = { "apim_threat_detection_llm_jacking_threshold": 0.9, "apim_threat_detection_llm_jacking_minutes": 1440, @@ -423,6 +437,7 @@ class Test_apim_threat_detection_llm_jacking: def test_multiple_subscriptions(self): """Test with multiple subscriptions""" apim_client = mock.MagicMock() + apim_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} apim_client.instances = { AZURE_SUBSCRIPTION_ID: [ mock.MagicMock( @@ -440,7 +455,7 @@ class Test_apim_threat_detection_llm_jacking: ], } apim_client.subscriptions = { - AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME, "another-subscription": "another-subscription-id", } apim_client.audit_config = { @@ -496,3 +511,90 @@ class Test_apim_threat_detection_llm_jacking: "No potential LLM Jacking attacks detected" in report.status_extended ) + + def test_multiple_subscriptions_keep_findings_isolated(self): + """Ensure findings from one subscription do not leak into another.""" + apim_client = mock.MagicMock() + second_subscription_id = "another-subscription" + second_subscription_name = "another-subscription-id" + apim_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME, + second_subscription_id: second_subscription_name, + } + apim_client.instances = { + AZURE_SUBSCRIPTION_ID: [ + mock.MagicMock( + id="/subscriptions/test-sub/resourceGroups/test-rg/providers/Microsoft.ApiManagement/service/test-apim", + name="test-apim", + log_analytics_workspace_id="/subscriptions/test-sub/resourceGroups/test-rg/providers/Microsoft.OperationalInsights/workspaces/test-workspace", + ) + ], + second_subscription_id: [ + mock.MagicMock( + id="/subscriptions/another-sub/resourceGroups/test-rg/providers/Microsoft.ApiManagement/service/another-apim", + name="another-apim", + log_analytics_workspace_id="/subscriptions/another-sub/resourceGroups/test-rg/providers/Microsoft.OperationalInsights/workspaces/another-workspace", + ) + ], + } + apim_client.audit_config = { + "apim_threat_detection_llm_jacking_threshold": 0.2, + "apim_threat_detection_llm_jacking_minutes": 1440, + "apim_threat_detection_llm_jacking_actions": [ + "ChatCompletions_Create", + "ImageGenerations_Create", + "Completions_Create", + "Embeddings_Create", + "FineTuning_Jobs_Create", + "Models_List", + "Deployments_List", + "Deployments_Get", + "Deployments_Create", + "Deployments_Delete", + "Messages_Create", + "Claude_Create", + "GenerateContent", + "GenerateText", + "GenerateImage", + "Llama_Create", + "CodeLlama_Create", + "Gemini_Generate", + "Claude_Generate", + "Llama_Generate", + ], + } + apim_client.get_llm_operations_logs = ( + mock_get_llm_operations_logs_by_subscription + ) + + with ( + mock.patch( + "prowler.providers.common.provider.Provider.get_global_provider", + return_value=set_mocked_azure_provider(), + ), + mock.patch( + "prowler.providers.azure.services.apim.apim_threat_detection_llm_jacking.apim_threat_detection_llm_jacking.apim_client", + new=apim_client, + ), + ): + from prowler.providers.azure.services.apim.apim_threat_detection_llm_jacking.apim_threat_detection_llm_jacking import ( + apim_threat_detection_llm_jacking, + ) + + check = apim_threat_detection_llm_jacking() + result = check.execute() + + assert len(result) == 2 + + report_by_subscription = {report.subscription: report for report in result} + + assert report_by_subscription[AZURE_SUBSCRIPTION_ID].status == "FAIL" + assert ( + AZURE_SUBSCRIPTION_DISPLAY + in report_by_subscription[AZURE_SUBSCRIPTION_ID].status_extended + ) + assert report_by_subscription[second_subscription_id].status == "PASS" + assert ( + f"{second_subscription_name} ({second_subscription_id})" + in report_by_subscription[second_subscription_id].status_extended + ) diff --git a/tests/providers/azure/services/app/app_client_certificates_on/app_client_certificates_on_test.py b/tests/providers/azure/services/app/app_client_certificates_on/app_client_certificates_on_test.py index 581b3be994..b140223890 100644 --- a/tests/providers/azure/services/app/app_client_certificates_on/app_client_certificates_on_test.py +++ b/tests/providers/azure/services/app/app_client_certificates_on/app_client_certificates_on_test.py @@ -2,7 +2,9 @@ from unittest import mock from uuid import uuid4 from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -10,6 +12,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_app_client_certificates_on: def test_app_no_subscriptions(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} app_client.apps = {} with ( @@ -32,6 +35,7 @@ class Test_app_client_certificates_on: def test_app_subscription_empty(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} app_client.apps = {AZURE_SUBSCRIPTION_ID: {}} with ( @@ -55,6 +59,7 @@ class Test_app_client_certificates_on: def test_app_client_certificates_on(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -91,7 +96,7 @@ class Test_app_client_certificates_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Clients are required to present a certificate for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." + == f"Clients are required to present a certificate for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" @@ -101,6 +106,7 @@ class Test_app_client_certificates_on: def test_app_client_certificates_off(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -137,7 +143,7 @@ class Test_app_client_certificates_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Clients are not required to present a certificate for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." + == f"Clients are not required to present a certificate for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" diff --git a/tests/providers/azure/services/app/app_ensure_auth_is_set_up/app_ensure_auth_is_set_up_test.py b/tests/providers/azure/services/app/app_ensure_auth_is_set_up/app_ensure_auth_is_set_up_test.py index 79bf195d80..b8f0d12ed2 100644 --- a/tests/providers/azure/services/app/app_ensure_auth_is_set_up/app_ensure_auth_is_set_up_test.py +++ b/tests/providers/azure/services/app/app_ensure_auth_is_set_up/app_ensure_auth_is_set_up_test.py @@ -2,7 +2,9 @@ from unittest import mock from uuid import uuid4 from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -10,6 +12,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_app_ensure_auth_is_set_up: def test_app_no_subscriptions(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} app_client.apps = {} with ( @@ -32,6 +35,7 @@ class Test_app_ensure_auth_is_set_up: def test_app_subscription_empty(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} app_client.apps = {AZURE_SUBSCRIPTION_ID: {}} with ( @@ -55,6 +59,7 @@ class Test_app_ensure_auth_is_set_up: def test_app_auth_enabled(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -91,7 +96,7 @@ class Test_app_ensure_auth_is_set_up: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Authentication is set up for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." + == f"Authentication is set up for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}'." ) assert result[0].resource_name == "app_id-1" assert result[0].resource_id == resource_id @@ -101,6 +106,7 @@ class Test_app_ensure_auth_is_set_up: def test_app_auth_disabled(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -137,7 +143,7 @@ class Test_app_ensure_auth_is_set_up: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Authentication is not set up for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." + == f"Authentication is not set up for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}'." ) assert result[0].resource_name == "app_id-1" assert result[0].resource_id == resource_id diff --git a/tests/providers/azure/services/app/app_ensure_http_is_redirected_to_https/app_ensure_http_is_redirected_to_https_test.py b/tests/providers/azure/services/app/app_ensure_http_is_redirected_to_https/app_ensure_http_is_redirected_to_https_test.py index 08743bbd79..4d959f3e3f 100644 --- a/tests/providers/azure/services/app/app_ensure_http_is_redirected_to_https/app_ensure_http_is_redirected_to_https_test.py +++ b/tests/providers/azure/services/app/app_ensure_http_is_redirected_to_https/app_ensure_http_is_redirected_to_https_test.py @@ -2,7 +2,9 @@ from unittest import mock from uuid import uuid4 from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -10,6 +12,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_app_ensure_http_is_redirected_to_https: def test_app_no_subscriptions(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} app_client.apps = {} with ( @@ -32,6 +35,7 @@ class Test_app_ensure_http_is_redirected_to_https: def test_app_subscriptions_empty_empty(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} app_client.apps = {AZURE_SUBSCRIPTION_ID: {}} with ( @@ -55,6 +59,7 @@ class Test_app_ensure_http_is_redirected_to_https: def test_app_http_to_https(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -91,7 +96,7 @@ class Test_app_ensure_http_is_redirected_to_https: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"HTTP is not redirected to HTTPS for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." + == f"HTTP is not redirected to HTTPS for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}'." ) assert result[0].resource_name == "app_id-1" assert result[0].resource_id == resource_id @@ -101,6 +106,7 @@ class Test_app_ensure_http_is_redirected_to_https: def test_app_http_to_https_enabled(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -137,7 +143,7 @@ class Test_app_ensure_http_is_redirected_to_https: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"HTTP is redirected to HTTPS for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." + == f"HTTP is redirected to HTTPS for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}'." ) assert result[0].resource_name == "app_id-1" assert result[0].resource_id == resource_id diff --git a/tests/providers/azure/services/app/app_ensure_java_version_is_latest/app_ensure_java_version_is_latest_test.py b/tests/providers/azure/services/app/app_ensure_java_version_is_latest/app_ensure_java_version_is_latest_test.py index 22a9d3771a..2e0d847b97 100644 --- a/tests/providers/azure/services/app/app_ensure_java_version_is_latest/app_ensure_java_version_is_latest_test.py +++ b/tests/providers/azure/services/app/app_ensure_java_version_is_latest/app_ensure_java_version_is_latest_test.py @@ -2,7 +2,9 @@ from unittest import mock from uuid import uuid4 from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -10,6 +12,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_app_ensure_java_version_is_latest: def test_app_no_subscriptions(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} app_client.apps = {} with ( @@ -32,6 +35,7 @@ class Test_app_ensure_java_version_is_latest: def test_app_subscriptions_empty(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} app_client.apps = {AZURE_SUBSCRIPTION_ID: {}} with ( @@ -55,6 +59,7 @@ class Test_app_ensure_java_version_is_latest: def test_app_configurations_none(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -92,6 +97,7 @@ class Test_app_ensure_java_version_is_latest: def test_app_linux_java_version_latest(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} app_client.audit_config = {"java_latest_version": "17"} @@ -132,7 +138,7 @@ class Test_app_ensure_java_version_is_latest: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Java version is set to 'java 17' for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." + == f"Java version is set to 'java 17' for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" @@ -142,6 +148,7 @@ class Test_app_ensure_java_version_is_latest: def test_app_linux_java_version_not_latest(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} app_client.audit_config = {"java_latest_version": "17"} @@ -182,7 +189,7 @@ class Test_app_ensure_java_version_is_latest: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Java version is set to 'Tomcat|9.0-java11', but should be set to 'java 17' for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." + == f"Java version is set to 'Tomcat|9.0-java11', but should be set to 'java 17' for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" @@ -192,6 +199,7 @@ class Test_app_ensure_java_version_is_latest: def test_app_windows_java_version_latest(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} app_client.audit_config = {"java_latest_version": "17"} @@ -232,7 +240,7 @@ class Test_app_ensure_java_version_is_latest: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Java version is set to 'java 17' for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." + == f"Java version is set to 'java 17' for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" @@ -242,6 +250,7 @@ class Test_app_ensure_java_version_is_latest: def test_app_windows_java_version_not_latest(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} app_client.audit_config = {"java_latest_version": "17"} with ( @@ -281,7 +290,7 @@ class Test_app_ensure_java_version_is_latest: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Java version is set to 'java11', but should be set to 'java 17' for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." + == f"Java version is set to 'java11', but should be set to 'java 17' for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" @@ -291,6 +300,7 @@ class Test_app_ensure_java_version_is_latest: def test_app_linux_php_version_latest(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} app_client.audit_config = {"java_latest_version": "17"} diff --git a/tests/providers/azure/services/app/app_ensure_php_version_is_latest/app_ensure_php_version_is_latest_test.py b/tests/providers/azure/services/app/app_ensure_php_version_is_latest/app_ensure_php_version_is_latest_test.py index 3db89439a3..2e192501ef 100644 --- a/tests/providers/azure/services/app/app_ensure_php_version_is_latest/app_ensure_php_version_is_latest_test.py +++ b/tests/providers/azure/services/app/app_ensure_php_version_is_latest/app_ensure_php_version_is_latest_test.py @@ -2,7 +2,9 @@ from unittest import mock from uuid import uuid4 from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -10,6 +12,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_app_ensure_php_version_is_latest: def test_app_no_subscriptions(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} app_client.apps = {} with ( @@ -32,6 +35,7 @@ class Test_app_ensure_php_version_is_latest: def test_app_subscription_empty(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} app_client.apps = {AZURE_SUBSCRIPTION_ID: {}} with ( @@ -55,6 +59,7 @@ class Test_app_ensure_php_version_is_latest: def test_app_configurations_none(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -92,6 +97,7 @@ class Test_app_ensure_php_version_is_latest: def test_app_php_version_not_latest(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} app_client.audit_config = {"php_latest_version": "8.2"} @@ -130,7 +136,7 @@ class Test_app_ensure_php_version_is_latest: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"PHP version is set to 'php|8.0', the latest version that you could use is the '8.2' version, for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." + == f"PHP version is set to 'php|8.0', the latest version that you could use is the '8.2' version, for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" @@ -140,6 +146,7 @@ class Test_app_ensure_php_version_is_latest: def test_app_php_version_latest(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} app_client.audit_config = {"php_latest_version": "8.2"} @@ -178,7 +185,7 @@ class Test_app_ensure_php_version_is_latest: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"PHP version is set to '8.2' for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." + == f"PHP version is set to '8.2' for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" diff --git a/tests/providers/azure/services/app/app_ensure_python_version_is_latest/app_ensure_python_version_is_latest_test.py b/tests/providers/azure/services/app/app_ensure_python_version_is_latest/app_ensure_python_version_is_latest_test.py index 899d3615b5..7f2eaf6693 100644 --- a/tests/providers/azure/services/app/app_ensure_python_version_is_latest/app_ensure_python_version_is_latest_test.py +++ b/tests/providers/azure/services/app/app_ensure_python_version_is_latest/app_ensure_python_version_is_latest_test.py @@ -2,7 +2,9 @@ from unittest import mock from uuid import uuid4 from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -10,6 +12,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_app_ensure_python_version_is_latest: def test_app_no_subscriptions(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} app_client.apps = {} with ( @@ -32,6 +35,7 @@ class Test_app_ensure_python_version_is_latest: def test_app_subscriptions_empty(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} app_client.apps = {AZURE_SUBSCRIPTION_ID: {}} with ( @@ -55,6 +59,7 @@ class Test_app_ensure_python_version_is_latest: def test_app_configurations_none(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( "prowler.providers.common.provider.Provider.get_global_provider", @@ -91,6 +96,7 @@ class Test_app_ensure_python_version_is_latest: def test_app_python_version_latest(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} app_client.audit_config = {"python_latest_version": "3.12"} @@ -129,7 +135,7 @@ class Test_app_ensure_python_version_is_latest: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Python version is set to '3.12' for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." + == f"Python version is set to '3.12' for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" @@ -139,6 +145,7 @@ class Test_app_ensure_python_version_is_latest: def test_app_python_version_not_latest(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} app_client.audit_config = {"python_latest_version": "3.12"} @@ -177,7 +184,7 @@ class Test_app_ensure_python_version_is_latest: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Python version is 'python|3.10', the latest version that you could use is the '3.12' version, for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." + == f"Python version is 'python|3.10', the latest version that you could use is the '3.12' version, for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" diff --git a/tests/providers/azure/services/app/app_ensure_using_http20/app_ensure_using_http20_test.py b/tests/providers/azure/services/app/app_ensure_using_http20/app_ensure_using_http20_test.py index d392d4d3b0..105a7b9a03 100644 --- a/tests/providers/azure/services/app/app_ensure_using_http20/app_ensure_using_http20_test.py +++ b/tests/providers/azure/services/app/app_ensure_using_http20/app_ensure_using_http20_test.py @@ -2,7 +2,9 @@ from unittest import mock from uuid import uuid4 from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -10,6 +12,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_app_ensure_using_http20: def test_app_no_subscriptions(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} app_client.apps = {} with ( @@ -32,6 +35,7 @@ class Test_app_ensure_using_http20: def test_app_subscription_empty(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} app_client.apps = {AZURE_SUBSCRIPTION_ID: {}} with ( @@ -55,6 +59,7 @@ class Test_app_ensure_using_http20: def test_app_configurations_none(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -91,7 +96,7 @@ class Test_app_ensure_using_http20: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"HTTP/2.0 is not enabled for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." + == f"HTTP/2.0 is not enabled for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" @@ -101,6 +106,7 @@ class Test_app_ensure_using_http20: def test_app_http20_enabled(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -137,7 +143,7 @@ class Test_app_ensure_using_http20: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"HTTP/2.0 is enabled for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." + == f"HTTP/2.0 is enabled for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" @@ -147,6 +153,7 @@ class Test_app_ensure_using_http20: def test_app_http20_not_enabled(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -183,7 +190,7 @@ class Test_app_ensure_using_http20: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"HTTP/2.0 is not enabled for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." + == f"HTTP/2.0 is not enabled for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" diff --git a/tests/providers/azure/services/app/app_ftp_deployment_disabled/app_ftp_deployment_disabled_test.py b/tests/providers/azure/services/app/app_ftp_deployment_disabled/app_ftp_deployment_disabled_test.py index 6d0633fef3..fc0d61b9cc 100644 --- a/tests/providers/azure/services/app/app_ftp_deployment_disabled/app_ftp_deployment_disabled_test.py +++ b/tests/providers/azure/services/app/app_ftp_deployment_disabled/app_ftp_deployment_disabled_test.py @@ -2,7 +2,9 @@ from unittest import mock from uuid import uuid4 from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -10,6 +12,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_app_ftp_deployment_disabled: def test_app_no_subscriptions(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} app_client.apps = {} with ( @@ -32,6 +35,7 @@ class Test_app_ftp_deployment_disabled: def test_app_subscriptions_empty(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} app_client.apps = {AZURE_SUBSCRIPTION_ID: {}} with ( @@ -55,6 +59,7 @@ class Test_app_ftp_deployment_disabled: def test_app_configurations_none(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -91,7 +96,7 @@ class Test_app_ftp_deployment_disabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"FTP is enabled for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." + == f"FTP is enabled for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" @@ -101,6 +106,7 @@ class Test_app_ftp_deployment_disabled: def test_app_ftp_deployment_disabled(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -137,7 +143,7 @@ class Test_app_ftp_deployment_disabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"FTP is enabled for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." + == f"FTP is enabled for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" @@ -147,6 +153,7 @@ class Test_app_ftp_deployment_disabled: def test_app_ftp_deploy_enabled(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -183,7 +190,7 @@ class Test_app_ftp_deployment_disabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"FTP is disabled for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." + == f"FTP is disabled for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" diff --git a/tests/providers/azure/services/app/app_function_access_keys_configured/app_function_access_keys_configured_test.py b/tests/providers/azure/services/app/app_function_access_keys_configured/app_function_access_keys_configured_test.py index 42d8360ee1..770ca07b2b 100644 --- a/tests/providers/azure/services/app/app_function_access_keys_configured/app_function_access_keys_configured_test.py +++ b/tests/providers/azure/services/app/app_function_access_keys_configured/app_function_access_keys_configured_test.py @@ -2,7 +2,9 @@ from unittest import mock from uuid import uuid4 from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -10,6 +12,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_app_function_access_keys_configured: def test_app_no_subscriptions(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -33,6 +36,7 @@ class Test_app_function_access_keys_configured: def test_app_subscription_empty(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} app_client.functions = {AZURE_SUBSCRIPTION_ID: {}} with ( @@ -55,6 +59,7 @@ class Test_app_function_access_keys_configured: def test_app_function_no_keys(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} app_client.functions = {AZURE_SUBSCRIPTION_ID: {}} with ( @@ -98,7 +103,7 @@ class Test_app_function_access_keys_configured: assert result[0].status == "FAIL" assert ( result[0].status_extended - == "Function function1 does not have function keys configured." + == f"Function function1 from subscription {AZURE_SUBSCRIPTION_DISPLAY} does not have function keys configured." ) assert result[0].resource_id == function_id assert result[0].resource_name == "function1" @@ -107,6 +112,7 @@ class Test_app_function_access_keys_configured: def test_app_function_using_functions_keys(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} app_client.functions = {AZURE_SUBSCRIPTION_ID: {}} with ( @@ -153,7 +159,7 @@ class Test_app_function_access_keys_configured: assert result[0].status == "PASS" assert ( result[0].status_extended - == "Function function1 has function keys configured." + == f"Function function1 from subscription {AZURE_SUBSCRIPTION_DISPLAY} has function keys configured." ) assert result[0].resource_id == function_id assert result[0].resource_name == "function1" diff --git a/tests/providers/azure/services/app/app_function_application_insights_enabled/app_function_application_insights_enabled_test.py b/tests/providers/azure/services/app/app_function_application_insights_enabled/app_function_application_insights_enabled_test.py index 4ea444157c..4a55b1e108 100644 --- a/tests/providers/azure/services/app/app_function_application_insights_enabled/app_function_application_insights_enabled_test.py +++ b/tests/providers/azure/services/app/app_function_application_insights_enabled/app_function_application_insights_enabled_test.py @@ -2,7 +2,9 @@ from unittest import mock from uuid import uuid4 from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -10,6 +12,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_app_function_application_insights_enabled: def test_app_no_subscriptions(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -33,6 +36,7 @@ class Test_app_function_application_insights_enabled: def test_app_subscription_empty(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -56,6 +60,7 @@ class Test_app_function_application_insights_enabled: def test_app_function_no_app_insights(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -97,7 +102,7 @@ class Test_app_function_application_insights_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == "Function function1 is not using Application Insights." + == f"Function function1 from subscription {AZURE_SUBSCRIPTION_DISPLAY} is not using Application Insights." ) assert result[0].resource_id == function_id assert result[0].resource_name == "function1" @@ -106,6 +111,7 @@ class Test_app_function_application_insights_enabled: def test_app_function_using_app_insights(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -147,7 +153,7 @@ class Test_app_function_application_insights_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == "Function function1 is using Application Insights." + == f"Function function1 from subscription {AZURE_SUBSCRIPTION_DISPLAY} is using Application Insights." ) assert result[0].resource_id == function_id assert result[0].resource_name == "function1" @@ -156,6 +162,7 @@ class Test_app_function_application_insights_enabled: def test_app_function_using_app_insights_different_key(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -197,7 +204,7 @@ class Test_app_function_application_insights_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == "Function function1 is using Application Insights." + == f"Function function1 from subscription {AZURE_SUBSCRIPTION_DISPLAY} is using Application Insights." ) assert result[0].resource_id == function_id assert result[0].resource_name == "function1" @@ -206,6 +213,7 @@ class Test_app_function_application_insights_enabled: def test_app_function_with_app_insights_no_key(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -247,7 +255,7 @@ class Test_app_function_application_insights_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == "Function function1 is not using Application Insights." + == f"Function function1 from subscription {AZURE_SUBSCRIPTION_DISPLAY} is not using Application Insights." ) assert result[0].resource_id == function_id assert result[0].resource_name == "function1" diff --git a/tests/providers/azure/services/app/app_function_ftps_deployment_disabled/app_function_ftps_deployment_disabled_test.py b/tests/providers/azure/services/app/app_function_ftps_deployment_disabled/app_function_ftps_deployment_disabled_test.py index 2546ba2f44..b08c712da1 100644 --- a/tests/providers/azure/services/app/app_function_ftps_deployment_disabled/app_function_ftps_deployment_disabled_test.py +++ b/tests/providers/azure/services/app/app_function_ftps_deployment_disabled/app_function_ftps_deployment_disabled_test.py @@ -2,7 +2,9 @@ from unittest import mock from uuid import uuid4 from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -10,6 +12,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_app_function_ftps_deployment_disabled: def test_no_subscriptions(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -33,6 +36,7 @@ class Test_app_function_ftps_deployment_disabled: def test_subscription_empty(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -56,6 +60,7 @@ class Test_app_function_ftps_deployment_disabled: def test_function_ftp_deployment_enabled(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -97,7 +102,7 @@ class Test_app_function_ftps_deployment_disabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == "Function function1 has FTP deployment enabled" + == f"Function function1 from subscription {AZURE_SUBSCRIPTION_DISPLAY} has FTP deployment enabled." ) assert result[0].resource_name == "function1" assert result[0].resource_id == function_id @@ -106,6 +111,7 @@ class Test_app_function_ftps_deployment_disabled: def test_function_ftps_deployment_enabled(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -147,7 +153,7 @@ class Test_app_function_ftps_deployment_disabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == "Function function1 has FTPS deployment enabled" + == f"Function function1 from subscription {AZURE_SUBSCRIPTION_DISPLAY} has FTPS deployment enabled." ) assert result[0].resource_name == "function1" assert result[0].resource_id == function_id @@ -156,6 +162,7 @@ class Test_app_function_ftps_deployment_disabled: def test_function_ftp_and_ftps_deployment_disabled(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -197,7 +204,7 @@ class Test_app_function_ftps_deployment_disabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == "Function function1 has FTP and FTPS deployment disabled" + == f"Function function1 from subscription {AZURE_SUBSCRIPTION_DISPLAY} has FTP and FTPS deployment disabled." ) assert result[0].resource_name == "function1" assert result[0].resource_id == function_id diff --git a/tests/providers/azure/services/app/app_function_identity_is_configured/app_function_identity_is_configured_test.py b/tests/providers/azure/services/app/app_function_identity_is_configured/app_function_identity_is_configured_test.py index ffa4a0e743..84dbece6d2 100644 --- a/tests/providers/azure/services/app/app_function_identity_is_configured/app_function_identity_is_configured_test.py +++ b/tests/providers/azure/services/app/app_function_identity_is_configured/app_function_identity_is_configured_test.py @@ -2,7 +2,9 @@ from unittest import mock from uuid import uuid4 from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -10,6 +12,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_app_function_identity_is_configured: def test_app_no_subscriptions(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -33,6 +36,7 @@ class Test_app_function_identity_is_configured: def test_app_subscription_empty(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -56,6 +60,7 @@ class Test_app_function_identity_is_configured: def test_app_function_no_identity(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -97,7 +102,7 @@ class Test_app_function_identity_is_configured: assert result[0].status == "FAIL" assert ( result[0].status_extended - == "Function function1 does not have a managed identity enabled." + == f"Function function1 from subscription {AZURE_SUBSCRIPTION_DISPLAY} does not have a managed identity enabled." ) assert result[0].resource_name == "function1" assert result[0].resource_id == function_id @@ -106,6 +111,7 @@ class Test_app_function_identity_is_configured: def test_app_function_identity_configured(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -147,7 +153,7 @@ class Test_app_function_identity_is_configured: assert result[0].status == "PASS" assert ( result[0].status_extended - == "Function function1 has a SystemAssigned identity enabled." + == f"Function function1 from subscription {AZURE_SUBSCRIPTION_DISPLAY} has a SystemAssigned identity enabled." ) assert result[0].resource_name == "function1" assert result[0].resource_id == function_id diff --git a/tests/providers/azure/services/app/app_function_identity_without_admin_privileges/app_function_identity_without_admin_privileges_test.py b/tests/providers/azure/services/app/app_function_identity_without_admin_privileges/app_function_identity_without_admin_privileges_test.py index c4761099b9..9c7f074c3b 100644 --- a/tests/providers/azure/services/app/app_function_identity_without_admin_privileges/app_function_identity_without_admin_privileges_test.py +++ b/tests/providers/azure/services/app/app_function_identity_without_admin_privileges/app_function_identity_without_admin_privileges_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.config import USER_ACCESS_ADMINISTRATOR_ROLE_ID from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_app_function_identity_without_admin_privileges: def test_app_no_subscriptions(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -34,6 +37,7 @@ class Test_app_function_identity_without_admin_privileges: def test_app_subscription_empty(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -57,6 +61,7 @@ class Test_app_function_identity_without_admin_privileges: def test_app_function_no_identity(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -98,7 +103,9 @@ class Test_app_function_identity_without_admin_privileges: def test_app_function_no_admin_roles(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} iam_client = mock.MagicMock + iam_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -175,7 +182,7 @@ class Test_app_function_identity_without_admin_privileges: assert result[0].status == "PASS" assert ( result[0].status_extended - == "Function function1 has a managed identity enabled but without admin privileges." + == f"Function function1 from subscription {AZURE_SUBSCRIPTION_DISPLAY} has a managed identity enabled but without admin privileges." ) assert result[0].resource_id == function_id assert result[0].resource_name == "function1" @@ -184,7 +191,9 @@ class Test_app_function_identity_without_admin_privileges: def test_app_function_admin_roles(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} iam_client = mock.MagicMock + iam_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -212,7 +221,7 @@ class Test_app_function_identity_without_admin_privileges: function_id = str(uuid4()) function_scope = f"/subscriptions/{AZURE_SUBSCRIPTION_ID}/resourceGroups/rg/providers/Microsoft.Web/sites/function1" app_client.functions = { - "subscription-name-1": { + AZURE_SUBSCRIPTION_ID: { function_id: FunctionApp( id=function_id, name="function1", @@ -229,11 +238,11 @@ class Test_app_function_identity_without_admin_privileges: } iam_client.subscriptions = { - "subscription-name-1": AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME, } iam_client.role_assignments = { - "subscription-name-1": { + AZURE_SUBSCRIPTION_ID: { "role-assignment-id-2": RoleAssignment( id="role-assignment-id-2", name="role-assignment-name-2", @@ -246,7 +255,7 @@ class Test_app_function_identity_without_admin_privileges: } iam_client.roles = { - "subscription-name-1": { + AZURE_SUBSCRIPTION_ID: { f"/subscriptions/{AZURE_SUBSCRIPTION_ID}/providers/Microsoft.Authorization/roleDefinitions/{USER_ACCESS_ADMINISTRATOR_ROLE_ID}": Role( id=f"/subscriptions/{AZURE_SUBSCRIPTION_ID}/providers/Microsoft.Authorization/roleDefinitions/{USER_ACCESS_ADMINISTRATOR_ROLE_ID}", name="User Access Administrator", @@ -263,9 +272,9 @@ class Test_app_function_identity_without_admin_privileges: assert result[0].status == "FAIL" assert ( result[0].status_extended - == "Function function1 has a managed identity enabled and it is configure with admin privileges using role User Access Administrator." + == f"Function function1 from subscription {AZURE_SUBSCRIPTION_DISPLAY} has a managed identity enabled and it is configure with admin privileges using role User Access Administrator." ) assert result[0].resource_id == function_id assert result[0].resource_name == "function1" - assert result[0].subscription == "subscription-name-1" + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].location == "West Europe" diff --git a/tests/providers/azure/services/app/app_function_latest_runtime_version/app_function_latest_runtime_version_test.py b/tests/providers/azure/services/app/app_function_latest_runtime_version/app_function_latest_runtime_version_test.py index 533874141d..89bfc642b0 100644 --- a/tests/providers/azure/services/app/app_function_latest_runtime_version/app_function_latest_runtime_version_test.py +++ b/tests/providers/azure/services/app/app_function_latest_runtime_version/app_function_latest_runtime_version_test.py @@ -2,7 +2,9 @@ from unittest import mock from uuid import uuid4 from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -10,6 +12,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_app_function_latest_runtime_version: def test_app_no_subscriptions(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -33,6 +36,7 @@ class Test_app_function_latest_runtime_version: def test_app_subscription_empty(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -56,6 +60,7 @@ class Test_app_function_latest_runtime_version: def test_app_function_runtime_is_latest(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -96,7 +101,7 @@ class Test_app_function_latest_runtime_version: assert len(result) == 1 assert result[0].status == "PASS" assert result[0].status_extended == ( - "Function function1 is using the latest runtime." + f"Function function1 from subscription {AZURE_SUBSCRIPTION_DISPLAY} is using the latest runtime." ) assert result[0].resource_id == function_id assert result[0].resource_name == "function1" @@ -105,6 +110,7 @@ class Test_app_function_latest_runtime_version: def test_app_function_runtime_is_not_latest(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -145,7 +151,7 @@ class Test_app_function_latest_runtime_version: assert len(result) == 1 assert result[0].status == "FAIL" assert result[0].status_extended == ( - "Function function1 is not using the latest runtime. The current runtime is '2' and should be '~4'." + f"Function function1 from subscription {AZURE_SUBSCRIPTION_DISPLAY} is not using the latest runtime. The current runtime is '2' and should be '~4'." ) assert result[0].resource_id == function_id assert result[0].resource_name == "function1" diff --git a/tests/providers/azure/services/app/app_function_not_publicly_accessible/app_function_not_publicly_accessible_test.py b/tests/providers/azure/services/app/app_function_not_publicly_accessible/app_function_not_publicly_accessible_test.py index 749a094e65..3c60aebc20 100644 --- a/tests/providers/azure/services/app/app_function_not_publicly_accessible/app_function_not_publicly_accessible_test.py +++ b/tests/providers/azure/services/app/app_function_not_publicly_accessible/app_function_not_publicly_accessible_test.py @@ -2,7 +2,9 @@ from unittest import mock from uuid import uuid4 from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -10,6 +12,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_app_function_not_publicly_accessible: def test_app_no_subscriptions(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -33,6 +36,7 @@ class Test_app_function_not_publicly_accessible: def test_app_subscription_empty(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -56,6 +60,7 @@ class Test_app_function_not_publicly_accessible: def test_app_function_not_publicly_accessible(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -97,7 +102,7 @@ class Test_app_function_not_publicly_accessible: assert result[0].status == "PASS" assert ( result[0].status_extended - == "Function function1 is not publicly accessible." + == f"Function function1 from subscription {AZURE_SUBSCRIPTION_DISPLAY} is not publicly accessible." ) assert result[0].resource_name == "function1" assert result[0].resource_id == function_id @@ -106,6 +111,7 @@ class Test_app_function_not_publicly_accessible: def test_app_function_publicly_accessible(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -147,7 +153,7 @@ class Test_app_function_not_publicly_accessible: assert result[0].status == "FAIL" assert ( result[0].status_extended - == "Function function1 is publicly accessible." + == f"Function function1 from subscription {AZURE_SUBSCRIPTION_DISPLAY} is publicly accessible." ) assert result[0].resource_name == "function1" assert result[0].resource_id == function_id diff --git a/tests/providers/azure/services/app/app_function_vnet_integration_enabled/app_function_vnet_integration_enabled_test.py b/tests/providers/azure/services/app/app_function_vnet_integration_enabled/app_function_vnet_integration_enabled_test.py index 33a99d0086..f12422f1da 100644 --- a/tests/providers/azure/services/app/app_function_vnet_integration_enabled/app_function_vnet_integration_enabled_test.py +++ b/tests/providers/azure/services/app/app_function_vnet_integration_enabled/app_function_vnet_integration_enabled_test.py @@ -2,7 +2,9 @@ from unittest import mock from uuid import uuid4 from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -10,6 +12,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_app_function_vnet_integration_enabled: def test_app_no_subscriptions(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -33,6 +36,7 @@ class Test_app_function_vnet_integration_enabled: def test_app_subscription_empty(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -56,6 +60,7 @@ class Test_app_function_vnet_integration_enabled: def test_app_function_vnet_integration_enabled(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -97,14 +102,16 @@ class Test_app_function_vnet_integration_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == "Function function1 has Virtual Network integration enabled with subnet 'vnet_subnet_id' enabled." + == f"Function function1 from subscription {AZURE_SUBSCRIPTION_DISPLAY} has Virtual Network integration enabled with subnet 'vnet_subnet_id' enabled." ) assert result[0].resource_name == "function1" assert result[0].resource_id == function_id assert result[0].location == "West Europe" + assert result[0].subscription == AZURE_SUBSCRIPTION_ID def test_app_function_vnet_integration_disabled(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -146,8 +153,9 @@ class Test_app_function_vnet_integration_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == "Function function1 does not have virtual network integration enabled." + == f"Function function1 from subscription {AZURE_SUBSCRIPTION_DISPLAY} does not have virtual network integration enabled." ) assert result[0].resource_name == "function1" assert result[0].resource_id == function_id assert result[0].location == "West Europe" + assert result[0].subscription == AZURE_SUBSCRIPTION_ID diff --git a/tests/providers/azure/services/app/app_http_logs_enabled/app_http_logs_enabled_test.py b/tests/providers/azure/services/app/app_http_logs_enabled/app_http_logs_enabled_test.py index 7f24fe6284..6a8a0a1d83 100644 --- a/tests/providers/azure/services/app/app_http_logs_enabled/app_http_logs_enabled_test.py +++ b/tests/providers/azure/services/app/app_http_logs_enabled/app_http_logs_enabled_test.py @@ -1,7 +1,9 @@ from unittest import mock from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -10,6 +12,7 @@ class Test_app_http_logs_enabled: def test_app_http_logs_enabled_no_subscriptions(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} app_client.apps = {} with ( @@ -33,6 +36,7 @@ class Test_app_http_logs_enabled: def test_app_subscriptions_empty(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} app_client.apps = {AZURE_SUBSCRIPTION_ID: {}} with ( @@ -55,6 +59,7 @@ class Test_app_http_logs_enabled: def test_no_diagnostics_settings(self): app_client = mock.MagicMock() + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( "prowler.providers.common.provider.Provider.get_global_provider", @@ -93,12 +98,13 @@ class Test_app_http_logs_enabled: assert result[0].resource_id == "resource_id" assert ( result[0].status_extended - == f"App app1 does not have a diagnostic setting in subscription {AZURE_SUBSCRIPTION_ID}." + == f"App app1 does not have a diagnostic setting in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID def test_diagnostic_setting_configured(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -233,11 +239,12 @@ class Test_app_http_logs_enabled: assert result[0].resource_id == "resource_id2" assert ( result[0].status_extended - == f"App app_id-2 has HTTP Logs enabled in diagnostic setting name_diagnostic_setting2 in subscription {AZURE_SUBSCRIPTION_ID}" + == f"App app_id-2 has HTTP Logs enabled in diagnostic setting name_diagnostic_setting2 in subscription {AZURE_SUBSCRIPTION_DISPLAY}" ) def test_diagnostic_setting_with_all_logs_category_group(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -296,11 +303,12 @@ class Test_app_http_logs_enabled: assert result[0].resource_id == "resource_id3" assert ( result[0].status_extended - == f"App app_id-3 has allLogs category group which includes HTTP Logs enabled in diagnostic setting name_diagnostic_setting3 in subscription {AZURE_SUBSCRIPTION_ID}" + == f"App app_id-3 has allLogs category group which includes HTTP Logs enabled in diagnostic setting name_diagnostic_setting3 in subscription {AZURE_SUBSCRIPTION_DISPLAY}" ) def test_diagnostic_setting_with_all_logs_category_group_disabled(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -359,5 +367,5 @@ class Test_app_http_logs_enabled: assert result[0].resource_id == "resource_id4" assert ( result[0].status_extended - == f"App app_id-4 does not have HTTP Logs enabled in diagnostic setting name_diagnostic_setting4 in subscription {AZURE_SUBSCRIPTION_ID}" + == f"App app_id-4 does not have HTTP Logs enabled in diagnostic setting name_diagnostic_setting4 in subscription {AZURE_SUBSCRIPTION_DISPLAY}" ) diff --git a/tests/providers/azure/services/app/app_minimum_tls_version_12/app_minimum_tls_version_12_test.py b/tests/providers/azure/services/app/app_minimum_tls_version_12/app_minimum_tls_version_12_test.py index a3055c855a..41dc73d30d 100644 --- a/tests/providers/azure/services/app/app_minimum_tls_version_12/app_minimum_tls_version_12_test.py +++ b/tests/providers/azure/services/app/app_minimum_tls_version_12/app_minimum_tls_version_12_test.py @@ -2,7 +2,9 @@ from unittest import mock from uuid import uuid4 from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -10,6 +12,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_app_minimum_tls_version_12: def test_app_no_subscriptions(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} app_client.apps = {} with ( @@ -32,6 +35,7 @@ class Test_app_minimum_tls_version_12: def test_app_subscriptions_empty(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} app_client.apps = {AZURE_SUBSCRIPTION_ID: {}} with ( @@ -55,6 +59,7 @@ class Test_app_minimum_tls_version_12: def test_app_none_configurations(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -91,7 +96,7 @@ class Test_app_minimum_tls_version_12: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Minimum TLS version is not set to 1.2 for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." + == f"Minimum TLS version is not set to 1.2 for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" @@ -101,6 +106,7 @@ class Test_app_minimum_tls_version_12: def test_app_min_tls_version_12(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -137,7 +143,7 @@ class Test_app_minimum_tls_version_12: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Minimum TLS version is set to 1.2 for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." + == f"Minimum TLS version is set to 1.2 for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" @@ -147,6 +153,7 @@ class Test_app_minimum_tls_version_12: def test_app_min_tls_version_10(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -183,7 +190,7 @@ class Test_app_minimum_tls_version_12: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Minimum TLS version is not set to 1.2 for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." + == f"Minimum TLS version is not set to 1.2 for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" @@ -193,6 +200,7 @@ class Test_app_minimum_tls_version_12: def test_app_min_tls_version_13(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -229,7 +237,7 @@ class Test_app_minimum_tls_version_12: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Minimum TLS version is set to 1.3 for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." + == f"Minimum TLS version is set to 1.3 for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" diff --git a/tests/providers/azure/services/app/app_register_with_identity/app_register_with_identity_test.py b/tests/providers/azure/services/app/app_register_with_identity/app_register_with_identity_test.py index 785439fe0e..218a0ce136 100644 --- a/tests/providers/azure/services/app/app_register_with_identity/app_register_with_identity_test.py +++ b/tests/providers/azure/services/app/app_register_with_identity/app_register_with_identity_test.py @@ -2,7 +2,9 @@ from unittest import mock from uuid import uuid4 from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -10,6 +12,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_app_register_with_identity: def test_app_no_subscriptions(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} app_client.apps = {} with ( @@ -32,6 +35,7 @@ class Test_app_register_with_identity: def test_app_subscriptions_empty(self): app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} app_client.apps = {AZURE_SUBSCRIPTION_ID: {}} with ( @@ -55,6 +59,7 @@ class Test_app_register_with_identity: def test_app_none_configurations(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -91,7 +96,7 @@ class Test_app_register_with_identity: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"App 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}' does not have an identity configured." + == f"App 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}' does not have an identity configured." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" @@ -101,6 +106,7 @@ class Test_app_register_with_identity: def test_app_identity(self): resource_id = f"/subscriptions/{uuid4()}" app_client = mock.MagicMock + app_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -137,7 +143,7 @@ class Test_app_register_with_identity: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"App 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}' has an identity configured." + == f"App 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}' has an identity configured." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "app_id-1" diff --git a/tests/providers/azure/services/appinsights/appinsights_ensure_is_configured/appinsights_ensure_is_configured_test.py b/tests/providers/azure/services/appinsights/appinsights_ensure_is_configured/appinsights_ensure_is_configured_test.py index 4982a718cc..513414ce57 100644 --- a/tests/providers/azure/services/appinsights/appinsights_ensure_is_configured/appinsights_ensure_is_configured_test.py +++ b/tests/providers/azure/services/appinsights/appinsights_ensure_is_configured/appinsights_ensure_is_configured_test.py @@ -2,7 +2,9 @@ from unittest import mock from prowler.providers.azure.services.appinsights.appinsights_service import Component from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -10,6 +12,9 @@ from tests.providers.azure.azure_fixtures import ( class Test_appinsights_ensure_is_configured: def test_appinsights_no_subscriptions(self): appinsights_client = mock.MagicMock + appinsights_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } appinsights_client.components = {} with ( @@ -34,7 +39,7 @@ class Test_appinsights_ensure_is_configured: appinsights_client = mock.MagicMock appinsights_client.components = {AZURE_SUBSCRIPTION_ID: {}} appinsights_client.subscriptions = { - AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_ID + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME } with ( @@ -60,7 +65,7 @@ class Test_appinsights_ensure_is_configured: assert result[0].resource_name == AZURE_SUBSCRIPTION_ID assert ( result[0].status_extended - == f"There are no AppInsight configured in subscription {AZURE_SUBSCRIPTION_ID}." + == f"There are no AppInsight configured in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_appinsights_configured(self): @@ -76,7 +81,7 @@ class Test_appinsights_ensure_is_configured: } } appinsights_client.subscriptions = { - AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_ID + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME } with ( @@ -103,5 +108,5 @@ class Test_appinsights_ensure_is_configured: assert result[0].location == "global" assert ( result[0].status_extended - == f"There is at least one AppInsight configured in subscription {AZURE_SUBSCRIPTION_ID}." + == f"There is at least one AppInsight configured in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) diff --git a/tests/providers/azure/services/containerregistry/containerregistry_admin_user_disabled/containerregistry_admin_user_disabled_test.py b/tests/providers/azure/services/containerregistry/containerregistry_admin_user_disabled/containerregistry_admin_user_disabled_test.py index a2295b6d06..62cc55b1d3 100644 --- a/tests/providers/azure/services/containerregistry/containerregistry_admin_user_disabled/containerregistry_admin_user_disabled_test.py +++ b/tests/providers/azure/services/containerregistry/containerregistry_admin_user_disabled/containerregistry_admin_user_disabled_test.py @@ -3,7 +3,9 @@ from unittest.mock import MagicMock from uuid import uuid4 from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,9 @@ from tests.providers.azure.azure_fixtures import ( class TestContainerRegistryAdminUserDisabled: def test_no_container_registries(self): containerregistry_client = MagicMock() + containerregistry_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } containerregistry_client.registries = {} with ( @@ -33,6 +38,9 @@ class TestContainerRegistryAdminUserDisabled: def test_container_registry_admin_user_enabled(self): containerregistry_client = MagicMock() + containerregistry_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } registry_id = str(uuid4()) with ( @@ -76,7 +84,7 @@ class TestContainerRegistryAdminUserDisabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Container Registry mock_registry from subscription {AZURE_SUBSCRIPTION_ID} has its admin user enabled." + == f"Container Registry mock_registry from subscription {AZURE_SUBSCRIPTION_DISPLAY} has its admin user enabled." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "mock_registry" @@ -90,6 +98,9 @@ class TestContainerRegistryAdminUserDisabled: def test_container_registry_admin_user_disabled(self): containerregistry_client = mock.MagicMock() + containerregistry_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } containerregistry_client.registries = {} with ( @@ -135,7 +146,7 @@ class TestContainerRegistryAdminUserDisabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Container Registry mock_registry from subscription {AZURE_SUBSCRIPTION_ID} has its admin user disabled." + == f"Container Registry mock_registry from subscription {AZURE_SUBSCRIPTION_DISPLAY} has its admin user disabled." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "mock_registry" diff --git a/tests/providers/azure/services/containerregistry/containerregistry_not_publicly_accessible/containerregistry_not_publicly_accessible_test.py b/tests/providers/azure/services/containerregistry/containerregistry_not_publicly_accessible/containerregistry_not_publicly_accessible_test.py index 683552daca..40b6550382 100644 --- a/tests/providers/azure/services/containerregistry/containerregistry_not_publicly_accessible/containerregistry_not_publicly_accessible_test.py +++ b/tests/providers/azure/services/containerregistry/containerregistry_not_publicly_accessible/containerregistry_not_publicly_accessible_test.py @@ -3,7 +3,9 @@ from unittest.mock import MagicMock from uuid import uuid4 from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,9 @@ from tests.providers.azure.azure_fixtures import ( class Test_containerregistry_not_publicly_accessible: def test_no_container_registries(self): containerregistry_client = MagicMock() + containerregistry_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } containerregistry_client.registries = {} with ( @@ -33,6 +38,9 @@ class Test_containerregistry_not_publicly_accessible: def test_container_registry_network_access_unrestricted(self): containerregistry_client = MagicMock() + containerregistry_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } registry_id = str(uuid4()) with ( @@ -93,7 +101,7 @@ class Test_containerregistry_not_publicly_accessible: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Container Registry {containerregistry_client.registries[AZURE_SUBSCRIPTION_ID][registry_id].name} from subscription {AZURE_SUBSCRIPTION_ID} allows unrestricted network access." + == f"Container Registry {containerregistry_client.registries[AZURE_SUBSCRIPTION_ID][registry_id].name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} allows unrestricted network access." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "mock_registry" @@ -107,6 +115,9 @@ class Test_containerregistry_not_publicly_accessible: def test_container_registry_network_access_restricted(self): containerregistry_client = mock.MagicMock() + containerregistry_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } containerregistry_client.registries = {} with ( @@ -168,7 +179,7 @@ class Test_containerregistry_not_publicly_accessible: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Container Registry {containerregistry_client.registries[AZURE_SUBSCRIPTION_ID][registry_id].name} from subscription {AZURE_SUBSCRIPTION_ID} does not allow unrestricted network access." + == f"Container Registry {containerregistry_client.registries[AZURE_SUBSCRIPTION_ID][registry_id].name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} does not allow unrestricted network access." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "mock_registry" diff --git a/tests/providers/azure/services/containerregistry/containerregistry_uses_private_link/containerregistry_uses_private_link_test.py b/tests/providers/azure/services/containerregistry/containerregistry_uses_private_link/containerregistry_uses_private_link_test.py index f8b9237a21..aa0afd1742 100644 --- a/tests/providers/azure/services/containerregistry/containerregistry_uses_private_link/containerregistry_uses_private_link_test.py +++ b/tests/providers/azure/services/containerregistry/containerregistry_uses_private_link/containerregistry_uses_private_link_test.py @@ -3,7 +3,9 @@ from unittest.mock import MagicMock from uuid import uuid4 from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,9 @@ from tests.providers.azure.azure_fixtures import ( class Test_containerregistry_uses_private_link: def test_no_container_registries(self): containerregistry_client = MagicMock() + containerregistry_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } containerregistry_client.registries = {} with ( @@ -33,6 +38,9 @@ class Test_containerregistry_uses_private_link: def test_container_registry_not_uses_private_link(self): containerregistry_client = MagicMock() + containerregistry_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } registry_id = str(uuid4()) with ( @@ -76,7 +84,7 @@ class Test_containerregistry_uses_private_link: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Container Registry mock_registry from subscription {AZURE_SUBSCRIPTION_ID} does not use a private link." + == f"Container Registry mock_registry from subscription {AZURE_SUBSCRIPTION_DISPLAY} does not use a private link." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "mock_registry" @@ -90,6 +98,9 @@ class Test_containerregistry_uses_private_link: def test_container_registry_uses_private_link(self): containerregistry_client = mock.MagicMock() + containerregistry_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } containerregistry_client.registries = {} with ( @@ -141,7 +152,7 @@ class Test_containerregistry_uses_private_link: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Container Registry mock_registry from subscription {AZURE_SUBSCRIPTION_ID} uses a private link." + == f"Container Registry mock_registry from subscription {AZURE_SUBSCRIPTION_DISPLAY} uses a private link." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "mock_registry" diff --git a/tests/providers/azure/services/cosmosdb/cosmosdb_account_firewall_use_selected_networks/cosmosdb_account_firewall_use_selected_networks_test.py b/tests/providers/azure/services/cosmosdb/cosmosdb_account_firewall_use_selected_networks/cosmosdb_account_firewall_use_selected_networks_test.py index 7d7b793954..7f27f2ebf1 100644 --- a/tests/providers/azure/services/cosmosdb/cosmosdb_account_firewall_use_selected_networks/cosmosdb_account_firewall_use_selected_networks_test.py +++ b/tests/providers/azure/services/cosmosdb/cosmosdb_account_firewall_use_selected_networks/cosmosdb_account_firewall_use_selected_networks_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.services.cosmosdb.cosmosdb_service import Account from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_cosmosdb_account_firewall_use_selected_networks: def test_no_accounts(self): cosmosdb_client = mock.MagicMock + cosmosdb_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} cosmosdb_client.accounts = {} with ( @@ -33,6 +36,7 @@ class Test_cosmosdb_account_firewall_use_selected_networks: def test_accounts_no_virtual_network_filter_enabled(self): cosmosdb_client = mock.MagicMock + cosmosdb_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} account_name = "Account Name" account_id = str(uuid4()) cosmosdb_client.accounts = { @@ -71,7 +75,7 @@ class Test_cosmosdb_account_firewall_use_selected_networks: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"CosmosDB account {account_name} from subscription {AZURE_SUBSCRIPTION_ID} has firewall rules that allow access from all networks." + == f"CosmosDB account {account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has firewall rules that allow access from all networks." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == account_name @@ -80,6 +84,7 @@ class Test_cosmosdb_account_firewall_use_selected_networks: def test_accounts_virtual_network_filter_enabled(self): cosmosdb_client = mock.MagicMock + cosmosdb_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} account_name = "Account Name" account_id = str(uuid4()) cosmosdb_client.accounts = { @@ -118,7 +123,7 @@ class Test_cosmosdb_account_firewall_use_selected_networks: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"CosmosDB account {account_name} from subscription {AZURE_SUBSCRIPTION_ID} has firewall rules that allow access only from selected networks." + == f"CosmosDB account {account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has firewall rules that allow access only from selected networks." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == account_name diff --git a/tests/providers/azure/services/cosmosdb/cosmosdb_account_use_aad_and_rbac/cosmosdb_account_use_aad_and_rbac_test.py b/tests/providers/azure/services/cosmosdb/cosmosdb_account_use_aad_and_rbac/cosmosdb_account_use_aad_and_rbac_test.py index 8fcdf99fa9..5430469cfd 100644 --- a/tests/providers/azure/services/cosmosdb/cosmosdb_account_use_aad_and_rbac/cosmosdb_account_use_aad_and_rbac_test.py +++ b/tests/providers/azure/services/cosmosdb/cosmosdb_account_use_aad_and_rbac/cosmosdb_account_use_aad_and_rbac_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.services.cosmosdb.cosmosdb_service import Account from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_cosmosdb_account_use_aad_and_rbac: def test_no_accounts(self): cosmosdb_client = mock.MagicMock + cosmosdb_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} cosmosdb_client.accounts = {} with ( @@ -33,6 +36,7 @@ class Test_cosmosdb_account_use_aad_and_rbac: def test_accounts_disable_local_auth_false(self): cosmosdb_client = mock.MagicMock + cosmosdb_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} account_name = "Account Name" account_id = str(uuid4()) cosmosdb_client.accounts = { @@ -71,7 +75,7 @@ class Test_cosmosdb_account_use_aad_and_rbac: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"CosmosDB account {account_name} from subscription {AZURE_SUBSCRIPTION_ID} is not using AAD and RBAC" + == f"CosmosDB account {account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} is not using AAD and RBAC" ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == account_name @@ -80,6 +84,7 @@ class Test_cosmosdb_account_use_aad_and_rbac: def test_accounts_disable_local_auth_true(self): cosmosdb_client = mock.MagicMock + cosmosdb_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} account_name = "Account Name" account_id = str(uuid4()) cosmosdb_client.accounts = { @@ -118,7 +123,7 @@ class Test_cosmosdb_account_use_aad_and_rbac: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"CosmosDB account {account_name} from subscription {AZURE_SUBSCRIPTION_ID} is using AAD and RBAC" + == f"CosmosDB account {account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} is using AAD and RBAC" ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == account_name diff --git a/tests/providers/azure/services/cosmosdb/cosmosdb_account_use_private_endpoints/cosmosdb_account_use_private_endpoints_test.py b/tests/providers/azure/services/cosmosdb/cosmosdb_account_use_private_endpoints/cosmosdb_account_use_private_endpoints_test.py index d3827dee0b..1c62ca289e 100644 --- a/tests/providers/azure/services/cosmosdb/cosmosdb_account_use_private_endpoints/cosmosdb_account_use_private_endpoints_test.py +++ b/tests/providers/azure/services/cosmosdb/cosmosdb_account_use_private_endpoints/cosmosdb_account_use_private_endpoints_test.py @@ -5,7 +5,9 @@ from azure.mgmt.cosmosdb.models import PrivateEndpointConnection from prowler.providers.azure.services.cosmosdb.cosmosdb_service import Account from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -13,6 +15,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_cosmosdb_account_use_private_endpoints: def test_no_accounts(self): cosmosdb_client = mock.MagicMock + cosmosdb_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} cosmosdb_client.accounts = {} with ( @@ -35,6 +38,7 @@ class Test_cosmosdb_account_use_private_endpoints: def test_accounts_no_private_endpoints_connections(self): cosmosdb_client = mock.MagicMock + cosmosdb_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} account_name = "Account Name" account_id = str(uuid4()) cosmosdb_client.accounts = { @@ -73,7 +77,7 @@ class Test_cosmosdb_account_use_private_endpoints: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"CosmosDB account {account_name} from subscription {AZURE_SUBSCRIPTION_ID} is not using private endpoints connections" + == f"CosmosDB account {account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} is not using private endpoints connections" ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == account_name @@ -82,6 +86,7 @@ class Test_cosmosdb_account_use_private_endpoints: def test_accounts_private_endpoints_connections(self): cosmosdb_client = mock.MagicMock + cosmosdb_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} account_name = "Account Name" account_id = str(uuid4()) cosmosdb_client.accounts = { @@ -124,7 +129,7 @@ class Test_cosmosdb_account_use_private_endpoints: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"CosmosDB account {account_name} from subscription {AZURE_SUBSCRIPTION_ID} is using private endpoints connections" + == f"CosmosDB account {account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} is using private endpoints connections" ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == account_name diff --git a/tests/providers/azure/services/databricks/databricks_workspace_cmk_encryption_enabled/databricks_workspace_cmk_encryption_enabled_test.py b/tests/providers/azure/services/databricks/databricks_workspace_cmk_encryption_enabled/databricks_workspace_cmk_encryption_enabled_test.py index 1e145d4f80..679aec0fff 100644 --- a/tests/providers/azure/services/databricks/databricks_workspace_cmk_encryption_enabled/databricks_workspace_cmk_encryption_enabled_test.py +++ b/tests/providers/azure/services/databricks/databricks_workspace_cmk_encryption_enabled/databricks_workspace_cmk_encryption_enabled_test.py @@ -6,7 +6,9 @@ from prowler.providers.azure.services.databricks.databricks_service import ( ManagedDiskEncryption, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -14,6 +16,9 @@ from tests.providers.azure.azure_fixtures import ( class Test_databricks_workspace_cmk_encryption_enabled: def test_no_databricks_workspaces(self): databricks_client = mock.MagicMock + databricks_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } databricks_client.workspaces = {} with ( @@ -39,6 +44,9 @@ class Test_databricks_workspace_cmk_encryption_enabled: workspace_name = "test-workspace" databricks_client = mock.MagicMock + databricks_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } databricks_client.workspaces = { AZURE_SUBSCRIPTION_ID: { workspace_id: DatabricksWorkspace( @@ -71,7 +79,7 @@ class Test_databricks_workspace_cmk_encryption_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Databricks workspace {workspace_name} in subscription {AZURE_SUBSCRIPTION_ID} does not have customer-managed key (CMK) encryption enabled." + == f"Databricks workspace {workspace_name} in subscription {AZURE_SUBSCRIPTION_DISPLAY} does not have customer-managed key (CMK) encryption enabled." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == workspace_name @@ -86,6 +94,9 @@ class Test_databricks_workspace_cmk_encryption_enabled: key_vault_uri = "test-vault-uri" databricks_client = mock.MagicMock + databricks_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } databricks_client.workspaces = { AZURE_SUBSCRIPTION_ID: { workspace_id: DatabricksWorkspace( @@ -122,7 +133,7 @@ class Test_databricks_workspace_cmk_encryption_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Databricks workspace {workspace_name} in subscription {AZURE_SUBSCRIPTION_ID} has customer-managed key (CMK) encryption enabled with key {key_vault_uri}/{key_name}/{key_version}." + == f"Databricks workspace {workspace_name} in subscription {AZURE_SUBSCRIPTION_DISPLAY} has customer-managed key (CMK) encryption enabled with key {key_vault_uri}/{key_name}/{key_version}." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == workspace_name diff --git a/tests/providers/azure/services/databricks/databricks_workspace_vnet_injection_enabled/databricks_workspace_vnet_injection_enabled_test.py b/tests/providers/azure/services/databricks/databricks_workspace_vnet_injection_enabled/databricks_workspace_vnet_injection_enabled_test.py index 912ee363ac..f8f9b7bd2c 100644 --- a/tests/providers/azure/services/databricks/databricks_workspace_vnet_injection_enabled/databricks_workspace_vnet_injection_enabled_test.py +++ b/tests/providers/azure/services/databricks/databricks_workspace_vnet_injection_enabled/databricks_workspace_vnet_injection_enabled_test.py @@ -5,7 +5,9 @@ from prowler.providers.azure.services.databricks.databricks_service import ( DatabricksWorkspace, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -13,6 +15,9 @@ from tests.providers.azure.azure_fixtures import ( class Test_databricks_workspace_vnet_injection_enabled: def test_databricks_no_workspaces(self): databricks_client = mock.MagicMock + databricks_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } databricks_client.workspaces = {} with ( @@ -37,6 +42,9 @@ class Test_databricks_workspace_vnet_injection_enabled: workspace_id = str(uuid4()) workspace_name = "test-workspace" databricks_client = mock.MagicMock + databricks_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } databricks_client.workspaces = { AZURE_SUBSCRIPTION_ID: { workspace_id: DatabricksWorkspace( @@ -68,7 +76,7 @@ class Test_databricks_workspace_vnet_injection_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Databricks workspace {workspace_name} in subscription {AZURE_SUBSCRIPTION_ID} is not deployed in a customer-managed VNet (VNet Injection is not enabled)." + == f"Databricks workspace {workspace_name} in subscription {AZURE_SUBSCRIPTION_DISPLAY} is not deployed in a customer-managed VNet (VNet Injection is not enabled)." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == workspace_name @@ -80,6 +88,9 @@ class Test_databricks_workspace_vnet_injection_enabled: workspace_name = "test-workspace" vnet_id = "test-vnet-id" databricks_client = mock.MagicMock + databricks_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } databricks_client.workspaces = { AZURE_SUBSCRIPTION_ID: { workspace_id: DatabricksWorkspace( @@ -111,7 +122,7 @@ class Test_databricks_workspace_vnet_injection_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Databricks workspace {workspace_name} in subscription {AZURE_SUBSCRIPTION_ID} is deployed in a customer-managed VNet ({vnet_id})." + == f"Databricks workspace {workspace_name} in subscription {AZURE_SUBSCRIPTION_DISPLAY} is deployed in a customer-managed VNet ({vnet_id})." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == workspace_name diff --git a/tests/providers/azure/services/defender/defender_additional_email_configured_with_a_security_contact/defender_additional_email_configured_with_a_security_contact_test.py b/tests/providers/azure/services/defender/defender_additional_email_configured_with_a_security_contact/defender_additional_email_configured_with_a_security_contact_test.py index 752c8a6641..75f3d5014a 100644 --- a/tests/providers/azure/services/defender/defender_additional_email_configured_with_a_security_contact/defender_additional_email_configured_with_a_security_contact_test.py +++ b/tests/providers/azure/services/defender/defender_additional_email_configured_with_a_security_contact/defender_additional_email_configured_with_a_security_contact_test.py @@ -6,7 +6,9 @@ from prowler.providers.azure.services.defender.defender_service import ( SecurityContactConfiguration, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -14,6 +16,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_defender_additional_email_configured_with_a_security_contact: def test_defender_no_subscriptions(self): defender_client = mock.MagicMock() + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.security_contact_configurations = {} with ( @@ -37,6 +40,7 @@ class Test_defender_additional_email_configured_with_a_security_contact: def test_defender_no_additional_emails(self): resource_id = str(uuid4()) defender_client = mock.MagicMock() + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.security_contact_configurations = { AZURE_SUBSCRIPTION_ID: { resource_id: SecurityContactConfiguration( @@ -74,7 +78,7 @@ class Test_defender_additional_email_configured_with_a_security_contact: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"There is not another correct email configured for subscription {AZURE_SUBSCRIPTION_ID}." + == f"There is not another correct email configured for subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "default" @@ -83,6 +87,7 @@ class Test_defender_additional_email_configured_with_a_security_contact: def test_defender_additional_email_configured(self): resource_id = str(uuid4()) defender_client = mock.MagicMock() + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.security_contact_configurations = { AZURE_SUBSCRIPTION_ID: { resource_id: SecurityContactConfiguration( @@ -120,7 +125,7 @@ class Test_defender_additional_email_configured_with_a_security_contact: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"There is another correct email configured for subscription {AZURE_SUBSCRIPTION_ID}." + == f"There is another correct email configured for subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "default" diff --git a/tests/providers/azure/services/defender/defender_assessments_vm_endpoint_protection_installed/defender_assessments_vm_endpoint_protection_installed_test.py b/tests/providers/azure/services/defender/defender_assessments_vm_endpoint_protection_installed/defender_assessments_vm_endpoint_protection_installed_test.py index dd16c7571c..1e567ac153 100644 --- a/tests/providers/azure/services/defender/defender_assessments_vm_endpoint_protection_installed/defender_assessments_vm_endpoint_protection_installed_test.py +++ b/tests/providers/azure/services/defender/defender_assessments_vm_endpoint_protection_installed/defender_assessments_vm_endpoint_protection_installed_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Assesment from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_defender_assessments_vm_endpoint_protection_installed: def test_defender_no_subscriptions(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.assessments = {} with ( @@ -33,6 +36,7 @@ class Test_defender_assessments_vm_endpoint_protection_installed: def test_defender_subscriptions_with_no_assessments(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.assessments = {AZURE_SUBSCRIPTION_ID: {}} with ( @@ -55,6 +59,7 @@ class Test_defender_assessments_vm_endpoint_protection_installed: def test_defender_subscriptions_with_healthy_assessments(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} resource_id = str(uuid4()) defender_client.assessments = { AZURE_SUBSCRIPTION_ID: { @@ -86,13 +91,14 @@ class Test_defender_assessments_vm_endpoint_protection_installed: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Endpoint protection is set up in all VMs in subscription {AZURE_SUBSCRIPTION_ID}." + == f"Endpoint protection is set up in all VMs in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) assert result[0].resource_name == "vm1" assert result[0].resource_id == resource_id def test_defender_subscriptions_with_unhealthy_assessments(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} resource_id = str(uuid4()) defender_client.assessments = { AZURE_SUBSCRIPTION_ID: { @@ -124,7 +130,7 @@ class Test_defender_assessments_vm_endpoint_protection_installed: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Endpoint protection is not set up in all VMs in subscription {AZURE_SUBSCRIPTION_ID}." + == f"Endpoint protection is not set up in all VMs in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) assert result[0].resource_name == "vm1" assert result[0].resource_id == resource_id diff --git a/tests/providers/azure/services/defender/defender_attack_path_notifications_properly_configured/defender_attack_path_notifications_properly_configured_test.py b/tests/providers/azure/services/defender/defender_attack_path_notifications_properly_configured/defender_attack_path_notifications_properly_configured_test.py index cd21783149..ebece2e029 100644 --- a/tests/providers/azure/services/defender/defender_attack_path_notifications_properly_configured/defender_attack_path_notifications_properly_configured_test.py +++ b/tests/providers/azure/services/defender/defender_attack_path_notifications_properly_configured/defender_attack_path_notifications_properly_configured_test.py @@ -6,7 +6,9 @@ from prowler.providers.azure.services.defender.defender_service import ( SecurityContactConfiguration, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -14,6 +16,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_defender_attack_path_notifications_properly_configured: def test_no_subscriptions(self): defender_client = mock.MagicMock() + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.security_contact_configurations = {} defender_client.audit_config = {} with ( @@ -38,6 +41,7 @@ class Test_defender_attack_path_notifications_properly_configured: resource_id = str(uuid4()) contact_name = "default" defender_client = mock.MagicMock() + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.security_contact_configurations = { AZURE_SUBSCRIPTION_ID: { resource_id: SecurityContactConfiguration( @@ -74,7 +78,7 @@ class Test_defender_attack_path_notifications_properly_configured: assert len(result) == 1 assert result[0].status == "FAIL" assert result[0].status_extended == ( - f"Attack path notifications are not enabled in subscription {AZURE_SUBSCRIPTION_ID} for security contact {contact_name}." + f"Attack path notifications are not enabled in subscription {AZURE_SUBSCRIPTION_DISPLAY} for security contact {contact_name}." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == contact_name @@ -85,6 +89,7 @@ class Test_defender_attack_path_notifications_properly_configured: resource_id = str(uuid4()) contact_name = "default" defender_client = mock.MagicMock() + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.security_contact_configurations = { AZURE_SUBSCRIPTION_ID: { resource_id: SecurityContactConfiguration( @@ -123,7 +128,7 @@ class Test_defender_attack_path_notifications_properly_configured: assert len(result) == 1 assert result[0].status == "PASS" assert result[0].status_extended == ( - f"Attack path notifications are enabled with minimal risk level Medium in subscription {AZURE_SUBSCRIPTION_ID} for security contact {contact_name}." + f"Attack path notifications are enabled with minimal risk level Medium in subscription {AZURE_SUBSCRIPTION_DISPLAY} for security contact {contact_name}." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == contact_name @@ -134,6 +139,7 @@ class Test_defender_attack_path_notifications_properly_configured: resource_id = str(uuid4()) contact_name = "default" defender_client = mock.MagicMock() + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.security_contact_configurations = { AZURE_SUBSCRIPTION_ID: { resource_id: SecurityContactConfiguration( @@ -172,7 +178,7 @@ class Test_defender_attack_path_notifications_properly_configured: assert len(result) == 1 assert result[0].status == "PASS" assert result[0].status_extended == ( - f"Attack path notifications are enabled with minimal risk level Medium in subscription {AZURE_SUBSCRIPTION_ID} for security contact {contact_name}." + f"Attack path notifications are enabled with minimal risk level Medium in subscription {AZURE_SUBSCRIPTION_DISPLAY} for security contact {contact_name}." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == contact_name @@ -183,6 +189,7 @@ class Test_defender_attack_path_notifications_properly_configured: resource_id = str(uuid4()) contact_name = "default" defender_client = mock.MagicMock() + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.security_contact_configurations = { AZURE_SUBSCRIPTION_ID: { resource_id: SecurityContactConfiguration( @@ -219,7 +226,7 @@ class Test_defender_attack_path_notifications_properly_configured: assert len(result) == 1 assert result[0].status == "PASS" assert result[0].status_extended == ( - f"Attack path notifications are enabled with minimal risk level Low in subscription {AZURE_SUBSCRIPTION_ID} for security contact {contact_name}." + f"Attack path notifications are enabled with minimal risk level Low in subscription {AZURE_SUBSCRIPTION_DISPLAY} for security contact {contact_name}." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == contact_name @@ -230,6 +237,7 @@ class Test_defender_attack_path_notifications_properly_configured: resource_id = str(uuid4()) contact_name = "default" defender_client = mock.MagicMock() + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.security_contact_configurations = { AZURE_SUBSCRIPTION_ID: { resource_id: SecurityContactConfiguration( @@ -266,7 +274,7 @@ class Test_defender_attack_path_notifications_properly_configured: assert len(result) == 1 assert result[0].status == "PASS" assert result[0].status_extended == ( - f"Attack path notifications are enabled with minimal risk level Medium in subscription {AZURE_SUBSCRIPTION_ID} for security contact {contact_name}." + f"Attack path notifications are enabled with minimal risk level Medium in subscription {AZURE_SUBSCRIPTION_DISPLAY} for security contact {contact_name}." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == contact_name @@ -277,6 +285,7 @@ class Test_defender_attack_path_notifications_properly_configured: resource_id = str(uuid4()) contact_name = "default" defender_client = mock.MagicMock() + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.security_contact_configurations = { AZURE_SUBSCRIPTION_ID: { resource_id: SecurityContactConfiguration( @@ -313,7 +322,7 @@ class Test_defender_attack_path_notifications_properly_configured: assert len(result) == 1 assert result[0].status == "PASS" assert result[0].status_extended == ( - f"Attack path notifications are enabled with minimal risk level High in subscription {AZURE_SUBSCRIPTION_ID} for security contact {contact_name}." + f"Attack path notifications are enabled with minimal risk level High in subscription {AZURE_SUBSCRIPTION_DISPLAY} for security contact {contact_name}." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == contact_name @@ -324,6 +333,7 @@ class Test_defender_attack_path_notifications_properly_configured: resource_id = str(uuid4()) contact_name = "default" defender_client = mock.MagicMock() + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.security_contact_configurations = { AZURE_SUBSCRIPTION_ID: { resource_id: SecurityContactConfiguration( @@ -360,7 +370,7 @@ class Test_defender_attack_path_notifications_properly_configured: assert len(result) == 1 assert result[0].status == "FAIL" assert result[0].status_extended == ( - f"Attack path notifications are enabled with minimal risk level Critical in subscription {AZURE_SUBSCRIPTION_ID} for security contact {contact_name}." + f"Attack path notifications are enabled with minimal risk level Critical in subscription {AZURE_SUBSCRIPTION_DISPLAY} for security contact {contact_name}." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == contact_name diff --git a/tests/providers/azure/services/defender/defender_auto_provisioning_log_analytics_agent_vms_on/defender_auto_provisioning_log_analytics_agent_vms_on_test.py b/tests/providers/azure/services/defender/defender_auto_provisioning_log_analytics_agent_vms_on/defender_auto_provisioning_log_analytics_agent_vms_on_test.py index 3f39654c2b..9a99281e94 100644 --- a/tests/providers/azure/services/defender/defender_auto_provisioning_log_analytics_agent_vms_on/defender_auto_provisioning_log_analytics_agent_vms_on_test.py +++ b/tests/providers/azure/services/defender/defender_auto_provisioning_log_analytics_agent_vms_on/defender_auto_provisioning_log_analytics_agent_vms_on_test.py @@ -5,7 +5,9 @@ from prowler.providers.azure.services.defender.defender_service import ( AutoProvisioningSetting, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -13,6 +15,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_defender_auto_provisioning_log_analytics_agent_vms_on: def test_defender_no_app_services(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.auto_provisioning_settings = {} with ( @@ -36,6 +39,7 @@ class Test_defender_auto_provisioning_log_analytics_agent_vms_on: def test_defender_auto_provisioning_log_analytics_off(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.auto_provisioning_settings = { AZURE_SUBSCRIPTION_ID: { "default": AutoProvisioningSetting( @@ -67,7 +71,7 @@ class Test_defender_auto_provisioning_log_analytics_agent_vms_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Defender Auto Provisioning Log Analytics Agents from subscription {AZURE_SUBSCRIPTION_ID} is set to OFF." + == f"Defender Auto Provisioning Log Analytics Agents from subscription {AZURE_SUBSCRIPTION_DISPLAY} is set to OFF." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "default" @@ -76,6 +80,7 @@ class Test_defender_auto_provisioning_log_analytics_agent_vms_on: def test_defender_auto_provisioning_log_analytics_on(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.auto_provisioning_settings = { AZURE_SUBSCRIPTION_ID: { "default": AutoProvisioningSetting( @@ -107,7 +112,7 @@ class Test_defender_auto_provisioning_log_analytics_agent_vms_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Defender Auto Provisioning Log Analytics Agents from subscription {AZURE_SUBSCRIPTION_ID} is set to ON." + == f"Defender Auto Provisioning Log Analytics Agents from subscription {AZURE_SUBSCRIPTION_DISPLAY} is set to ON." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "default" @@ -116,6 +121,7 @@ class Test_defender_auto_provisioning_log_analytics_agent_vms_on: def test_defender_auto_provisioning_log_analytics_on_and_off(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.auto_provisioning_settings = { AZURE_SUBSCRIPTION_ID: { "default": AutoProvisioningSetting( @@ -153,7 +159,7 @@ class Test_defender_auto_provisioning_log_analytics_agent_vms_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Defender Auto Provisioning Log Analytics Agents from subscription {AZURE_SUBSCRIPTION_ID} is set to ON." + == f"Defender Auto Provisioning Log Analytics Agents from subscription {AZURE_SUBSCRIPTION_DISPLAY} is set to ON." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "default" @@ -162,7 +168,7 @@ class Test_defender_auto_provisioning_log_analytics_agent_vms_on: assert result[1].status == "FAIL" assert ( result[1].status_extended - == f"Defender Auto Provisioning Log Analytics Agents from subscription {AZURE_SUBSCRIPTION_ID} is set to OFF." + == f"Defender Auto Provisioning Log Analytics Agents from subscription {AZURE_SUBSCRIPTION_DISPLAY} is set to OFF." ) assert result[1].subscription == AZURE_SUBSCRIPTION_ID assert result[1].resource_name == "default2" diff --git a/tests/providers/azure/services/defender/defender_auto_provisioning_vulnerabilty_assessments_machines_on/defender_auto_provisioning_vulnerabilty_assessments_machines_on_test.py b/tests/providers/azure/services/defender/defender_auto_provisioning_vulnerabilty_assessments_machines_on/defender_auto_provisioning_vulnerabilty_assessments_machines_on_test.py index bb78eb8fae..eeddb61012 100644 --- a/tests/providers/azure/services/defender/defender_auto_provisioning_vulnerabilty_assessments_machines_on/defender_auto_provisioning_vulnerabilty_assessments_machines_on_test.py +++ b/tests/providers/azure/services/defender/defender_auto_provisioning_vulnerabilty_assessments_machines_on/defender_auto_provisioning_vulnerabilty_assessments_machines_on_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Assesment from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_defender_auto_provisioning_vulnerabilty_assessments_machines_on: def test_defender_no_app_services(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.assessments = {} with ( @@ -34,6 +37,7 @@ class Test_defender_auto_provisioning_vulnerabilty_assessments_machines_on: def test_defender_machines_no_vulnerability_assessment_solution(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.assessments = { AZURE_SUBSCRIPTION_ID: { "Machines should have a vulnerability assessment solution": Assesment( @@ -64,7 +68,7 @@ class Test_defender_auto_provisioning_vulnerabilty_assessments_machines_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Vulnerability assessment is not set up in all VMs in subscription {AZURE_SUBSCRIPTION_ID}." + == f"Vulnerability assessment is not set up in all VMs in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "vm1" @@ -73,6 +77,7 @@ class Test_defender_auto_provisioning_vulnerabilty_assessments_machines_on: def test_defender_machines_vulnerability_assessment_solution(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.assessments = { AZURE_SUBSCRIPTION_ID: { "Machines should have a vulnerability assessment solution": Assesment( @@ -103,7 +108,7 @@ class Test_defender_auto_provisioning_vulnerabilty_assessments_machines_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Vulnerability assessment is set up in all VMs in subscription {AZURE_SUBSCRIPTION_ID}." + == f"Vulnerability assessment is set up in all VMs in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "vm1" diff --git a/tests/providers/azure/services/defender/defender_container_images_resolved_vulnerabilities/defender_container_images_resolved_vulnerabilities_test.py b/tests/providers/azure/services/defender/defender_container_images_resolved_vulnerabilities/defender_container_images_resolved_vulnerabilities_test.py index bfaabbce9a..510a995692 100644 --- a/tests/providers/azure/services/defender/defender_container_images_resolved_vulnerabilities/defender_container_images_resolved_vulnerabilities_test.py +++ b/tests/providers/azure/services/defender/defender_container_images_resolved_vulnerabilities/defender_container_images_resolved_vulnerabilities_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Assesment from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_defender_container_images_resolved_vulnerabilities: def test_defender_no_subscriptions(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.assessments = {} with ( @@ -33,6 +36,7 @@ class Test_defender_container_images_resolved_vulnerabilities: def test_defender_subscription_empty(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.assessments = {AZURE_SUBSCRIPTION_ID: {}} with ( @@ -55,6 +59,7 @@ class Test_defender_container_images_resolved_vulnerabilities: def test_defender_subscription_no_assesment(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.assessments = { AZURE_SUBSCRIPTION_ID: { "": Assesment( @@ -85,6 +90,7 @@ class Test_defender_container_images_resolved_vulnerabilities: def test_defender_subscription_assesment_unhealthy(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.assessments = { AZURE_SUBSCRIPTION_ID: { "Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management)": Assesment( @@ -128,11 +134,12 @@ class Test_defender_container_images_resolved_vulnerabilities: assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert ( result[0].status_extended - == f"Azure running container images have unresolved vulnerabilities in subscription '{AZURE_SUBSCRIPTION_ID}'." + == f"Azure running container images have unresolved vulnerabilities in subscription '{AZURE_SUBSCRIPTION_DISPLAY}'." ) def test_defender_subscription_assesment_healthy(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.assessments = { AZURE_SUBSCRIPTION_ID: { "Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management)": Assesment( @@ -176,11 +183,12 @@ class Test_defender_container_images_resolved_vulnerabilities: assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert ( result[0].status_extended - == f"Azure running container images do not have unresolved vulnerabilities in subscription '{AZURE_SUBSCRIPTION_ID}'." + == f"Azure running container images do not have unresolved vulnerabilities in subscription '{AZURE_SUBSCRIPTION_DISPLAY}'." ) def test_defender_subscription_assesment_not_applicable(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.assessments = { AZURE_SUBSCRIPTION_ID: { "Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management)": Assesment( diff --git a/tests/providers/azure/services/defender/defender_container_images_scan_enabled/defender_container_images_scan_enabled_test.py b/tests/providers/azure/services/defender/defender_container_images_scan_enabled/defender_container_images_scan_enabled_test.py index 6bb9fb0e9a..977ee8acdb 100644 --- a/tests/providers/azure/services/defender/defender_container_images_scan_enabled/defender_container_images_scan_enabled_test.py +++ b/tests/providers/azure/services/defender/defender_container_images_scan_enabled/defender_container_images_scan_enabled_test.py @@ -4,7 +4,9 @@ from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -12,6 +14,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_defender_container_images_scan_enabled: def test_defender_no_subscriptions(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = {} with ( @@ -34,6 +37,7 @@ class Test_defender_container_images_scan_enabled: def test_defender_subscription_empty(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = {AZURE_SUBSCRIPTION_ID: {}} with ( @@ -56,6 +60,7 @@ class Test_defender_container_images_scan_enabled: def test_defender_subscription_no_containers(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = { AZURE_SUBSCRIPTION_ID: { "NotContainers": Pricing( @@ -87,6 +92,7 @@ class Test_defender_container_images_scan_enabled: def test_defender_subscription_containers_no_extensions(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = { AZURE_SUBSCRIPTION_ID: { "Containers": Pricing( @@ -118,7 +124,7 @@ class Test_defender_container_images_scan_enabled: assert len(result) == 1 assert result[0].status == "FAIL" assert result[0].status_extended == ( - f"Container image scan is disabled in subscription {AZURE_SUBSCRIPTION_ID}." + f"Container image scan is disabled in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) assert ( result[0].resource_id @@ -131,6 +137,7 @@ class Test_defender_container_images_scan_enabled: def test_defender_subscription_containers_container_images_scan_off(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = { AZURE_SUBSCRIPTION_ID: { "Containers": Pricing( @@ -162,7 +169,7 @@ class Test_defender_container_images_scan_enabled: assert len(result) == 1 assert result[0].status == "FAIL" assert result[0].status_extended == ( - f"Container image scan is disabled in subscription {AZURE_SUBSCRIPTION_ID}." + f"Container image scan is disabled in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) assert ( result[0].resource_id @@ -175,6 +182,7 @@ class Test_defender_container_images_scan_enabled: def test_defender_subscription_containers_container_images_scan_on(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = { AZURE_SUBSCRIPTION_ID: { "Containers": Pricing( @@ -206,7 +214,7 @@ class Test_defender_container_images_scan_enabled: assert len(result) == 1 assert result[0].status == "PASS" assert result[0].status_extended == ( - f"Container image scan is enabled in subscription {AZURE_SUBSCRIPTION_ID}." + f"Container image scan is enabled in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) assert ( result[0].resource_id diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_app_services_is_on/defender_ensure_defender_for_app_services_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_app_services_is_on/defender_ensure_defender_for_app_services_is_on_test.py index a3b10bb0d4..b2528e28e7 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_app_services_is_on/defender_ensure_defender_for_app_services_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_app_services_is_on/defender_ensure_defender_for_app_services_is_on_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_defender_ensure_defender_for_app_services_is_on: def test_defender_no_app_services(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = {} with ( @@ -34,6 +37,7 @@ class Test_defender_ensure_defender_for_app_services_is_on: def test_defender_app_services_pricing_tier_not_standard(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = { AZURE_SUBSCRIPTION_ID: { "AppServices": Pricing( @@ -65,7 +69,7 @@ class Test_defender_ensure_defender_for_app_services_is_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Defender plan Defender for App Services from subscription {AZURE_SUBSCRIPTION_ID} is set to OFF (pricing tier not standard)." + == f"Defender plan Defender for App Services from subscription {AZURE_SUBSCRIPTION_DISPLAY} is set to OFF (pricing tier not standard)." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan App Services" @@ -74,6 +78,7 @@ class Test_defender_ensure_defender_for_app_services_is_on: def test_defender_app_services_pricing_tier_standard(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = { AZURE_SUBSCRIPTION_ID: { "AppServices": Pricing( @@ -105,7 +110,7 @@ class Test_defender_ensure_defender_for_app_services_is_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Defender plan Defender for App Services from subscription {AZURE_SUBSCRIPTION_ID} is set to ON (pricing tier standard)." + == f"Defender plan Defender for App Services from subscription {AZURE_SUBSCRIPTION_DISPLAY} is set to ON (pricing tier standard)." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan App Services" diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_arm_is_on/defender_ensure_defender_for_arm_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_arm_is_on/defender_ensure_defender_for_arm_is_on_test.py index 247cebf877..357e3ca9e7 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_arm_is_on/defender_ensure_defender_for_arm_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_arm_is_on/defender_ensure_defender_for_arm_is_on_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_defender_ensure_defender_for_arm_is_on: def test_defender_no_arm(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = {} with ( @@ -34,6 +37,7 @@ class Test_defender_ensure_defender_for_arm_is_on: def test_defender_arm_pricing_tier_not_standard(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = { AZURE_SUBSCRIPTION_ID: { "Arm": Pricing( @@ -65,7 +69,7 @@ class Test_defender_ensure_defender_for_arm_is_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Defender plan Defender for ARM from subscription {AZURE_SUBSCRIPTION_ID} is set to OFF (pricing tier not standard)." + == f"Defender plan Defender for ARM from subscription {AZURE_SUBSCRIPTION_DISPLAY} is set to OFF (pricing tier not standard)." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan ARM" @@ -74,6 +78,7 @@ class Test_defender_ensure_defender_for_arm_is_on: def test_defender_arm_pricing_tier_standard(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = { AZURE_SUBSCRIPTION_ID: { "Arm": Pricing( @@ -105,7 +110,7 @@ class Test_defender_ensure_defender_for_arm_is_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Defender plan Defender for ARM from subscription {AZURE_SUBSCRIPTION_ID} is set to ON (pricing tier standard)." + == f"Defender plan Defender for ARM from subscription {AZURE_SUBSCRIPTION_DISPLAY} is set to ON (pricing tier standard)." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan ARM" diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_azure_sql_databases_is_on/defender_ensure_defender_for_azure_sql_databases_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_azure_sql_databases_is_on/defender_ensure_defender_for_azure_sql_databases_is_on_test.py index 5a0ab49b7a..c10314042b 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_azure_sql_databases_is_on/defender_ensure_defender_for_azure_sql_databases_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_azure_sql_databases_is_on/defender_ensure_defender_for_azure_sql_databases_is_on_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_defender_ensure_defender_for_azure_sql_databases_is_on: def test_defender_no_sql_databases(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = {} with ( @@ -34,6 +37,7 @@ class Test_defender_ensure_defender_for_azure_sql_databases_is_on: def test_defender_sql_databases_pricing_tier_not_standard(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = { AZURE_SUBSCRIPTION_ID: { "SqlServers": Pricing( @@ -65,7 +69,7 @@ class Test_defender_ensure_defender_for_azure_sql_databases_is_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Defender plan Defender for Azure SQL DB Servers from subscription {AZURE_SUBSCRIPTION_ID} is set to OFF (pricing tier not standard)." + == f"Defender plan Defender for Azure SQL DB Servers from subscription {AZURE_SUBSCRIPTION_DISPLAY} is set to OFF (pricing tier not standard)." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan Servers" @@ -74,6 +78,7 @@ class Test_defender_ensure_defender_for_azure_sql_databases_is_on: def test_defender_sql_databases_pricing_tier_standard(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = { AZURE_SUBSCRIPTION_ID: { "SqlServers": Pricing( @@ -105,7 +110,7 @@ class Test_defender_ensure_defender_for_azure_sql_databases_is_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Defender plan Defender for Azure SQL DB Servers from subscription {AZURE_SUBSCRIPTION_ID} is set to ON (pricing tier standard)." + == f"Defender plan Defender for Azure SQL DB Servers from subscription {AZURE_SUBSCRIPTION_DISPLAY} is set to ON (pricing tier standard)." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan Servers" diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_containers_is_on/defender_ensure_defender_for_containers_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_containers_is_on/defender_ensure_defender_for_containers_is_on_test.py index 622ad77b42..7ff728add9 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_containers_is_on/defender_ensure_defender_for_containers_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_containers_is_on/defender_ensure_defender_for_containers_is_on_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_defender_ensure_defender_for_containers_is_on: def test_defender_no_container_registries(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = {} with ( @@ -34,6 +37,7 @@ class Test_defender_ensure_defender_for_containers_is_on: def test_defender_container_registries_pricing_tier_not_standard(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = { AZURE_SUBSCRIPTION_ID: { "Containers": Pricing( @@ -65,7 +69,7 @@ class Test_defender_ensure_defender_for_containers_is_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Defender plan Defender for Containers from subscription {AZURE_SUBSCRIPTION_ID} is set to OFF (pricing tier not standard)." + == f"Defender plan Defender for Containers from subscription {AZURE_SUBSCRIPTION_DISPLAY} is set to OFF (pricing tier not standard)." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan Servers" @@ -74,6 +78,7 @@ class Test_defender_ensure_defender_for_containers_is_on: def test_defender_container_registries_pricing_tier_standard(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = { AZURE_SUBSCRIPTION_ID: { "Containers": Pricing( @@ -105,7 +110,7 @@ class Test_defender_ensure_defender_for_containers_is_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Defender plan Defender for Containers from subscription {AZURE_SUBSCRIPTION_ID} is set to ON (pricing tier standard)." + == f"Defender plan Defender for Containers from subscription {AZURE_SUBSCRIPTION_DISPLAY} is set to ON (pricing tier standard)." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan Servers" diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_cosmosdb_is_on/defender_ensure_defender_for_cosmosdb_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_cosmosdb_is_on/defender_ensure_defender_for_cosmosdb_is_on_test.py index 21507b9c20..351f38d97f 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_cosmosdb_is_on/defender_ensure_defender_for_cosmosdb_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_cosmosdb_is_on/defender_ensure_defender_for_cosmosdb_is_on_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_defender_ensure_defender_for_cosmosdb_is_on: def test_defender_no_cosmosdb(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = {} with ( @@ -34,6 +37,7 @@ class Test_defender_ensure_defender_for_cosmosdb_is_on: def test_defender_cosmosdb_pricing_tier_not_standard(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = { AZURE_SUBSCRIPTION_ID: { "CosmosDbs": Pricing( @@ -65,7 +69,7 @@ class Test_defender_ensure_defender_for_cosmosdb_is_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Defender plan Defender for Cosmos DB from subscription {AZURE_SUBSCRIPTION_ID} is set to OFF (pricing tier not standard)." + == f"Defender plan Defender for Cosmos DB from subscription {AZURE_SUBSCRIPTION_DISPLAY} is set to OFF (pricing tier not standard)." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan Cosmos DB" @@ -74,6 +78,7 @@ class Test_defender_ensure_defender_for_cosmosdb_is_on: def test_defender_cosmosdb_pricing_tier_standard(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = { AZURE_SUBSCRIPTION_ID: { "CosmosDbs": Pricing( @@ -105,7 +110,7 @@ class Test_defender_ensure_defender_for_cosmosdb_is_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Defender plan Defender for Cosmos DB from subscription {AZURE_SUBSCRIPTION_ID} is set to ON (pricing tier standard)." + == f"Defender plan Defender for Cosmos DB from subscription {AZURE_SUBSCRIPTION_DISPLAY} is set to ON (pricing tier standard)." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan Cosmos DB" diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_databases_is_on/defender_ensure_defender_for_databases_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_databases_is_on/defender_ensure_defender_for_databases_is_on_test.py index 354025d4b6..48cbc57ad1 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_databases_is_on/defender_ensure_defender_for_databases_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_databases_is_on/defender_ensure_defender_for_databases_is_on_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_defender_ensure_defender_for_databases_is_on: def test_defender_no_databases(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = {} with ( @@ -34,6 +37,7 @@ class Test_defender_ensure_defender_for_databases_is_on: def test_defender_databases_sql_servers(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = { AZURE_SUBSCRIPTION_ID: { "SqlServers": Pricing( @@ -66,6 +70,7 @@ class Test_defender_ensure_defender_for_databases_is_on: def test_defender_databases_sql_server_virtual_machines(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = { AZURE_SUBSCRIPTION_ID: { "SqlServerVirtualMachines": Pricing( @@ -98,6 +103,7 @@ class Test_defender_ensure_defender_for_databases_is_on: def test_defender_databases_open_source_relation_databases(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = { AZURE_SUBSCRIPTION_ID: { "OpenSourceRelationalDatabases": Pricing( @@ -130,6 +136,7 @@ class Test_defender_ensure_defender_for_databases_is_on: def test_defender_databases_cosmosdbs(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = { AZURE_SUBSCRIPTION_ID: { "CosmosDbs": Pricing( @@ -162,6 +169,7 @@ class Test_defender_ensure_defender_for_databases_is_on: def test_defender_databases_all_standard(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = { AZURE_SUBSCRIPTION_ID: { "SqlServers": Pricing( @@ -211,7 +219,7 @@ class Test_defender_ensure_defender_for_databases_is_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Defender plan Defender for Databases from subscription {AZURE_SUBSCRIPTION_ID} is set to ON (pricing tier standard)." + == f"Defender plan Defender for Databases from subscription {AZURE_SUBSCRIPTION_DISPLAY} is set to ON (pricing tier standard)." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan Servers" @@ -220,6 +228,7 @@ class Test_defender_ensure_defender_for_databases_is_on: def test_defender_databases_cosmosdb_not_standard(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = { AZURE_SUBSCRIPTION_ID: { "SqlServers": Pricing( @@ -269,7 +278,7 @@ class Test_defender_ensure_defender_for_databases_is_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Defender plan Defender for Databases from subscription {AZURE_SUBSCRIPTION_ID} is set to OFF (pricing tier not standard)." + == f"Defender plan Defender for Databases from subscription {AZURE_SUBSCRIPTION_DISPLAY} is set to OFF (pricing tier not standard)." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan Servers" diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_dns_is_on/defender_ensure_defender_for_dns_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_dns_is_on/defender_ensure_defender_for_dns_is_on_test.py index 22729f4677..6b50ea4c5f 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_dns_is_on/defender_ensure_defender_for_dns_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_dns_is_on/defender_ensure_defender_for_dns_is_on_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_defender_ensure_defender_for_dns_is_on: def test_defender_no_dns(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = {} with ( @@ -34,6 +37,7 @@ class Test_defender_ensure_defender_for_dns_is_on: def test_defender_dns_pricing_tier_not_standard(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = { AZURE_SUBSCRIPTION_ID: { "Dns": Pricing( @@ -65,7 +69,7 @@ class Test_defender_ensure_defender_for_dns_is_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Defender plan Defender for DNS from subscription {AZURE_SUBSCRIPTION_ID} is set to OFF (pricing tier not standard)." + == f"Defender plan Defender for DNS from subscription {AZURE_SUBSCRIPTION_DISPLAY} is set to OFF (pricing tier not standard)." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan DNS" @@ -74,6 +78,7 @@ class Test_defender_ensure_defender_for_dns_is_on: def test_defender_dns_pricing_tier_standard(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = { AZURE_SUBSCRIPTION_ID: { "Dns": Pricing( @@ -105,7 +110,7 @@ class Test_defender_ensure_defender_for_dns_is_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Defender plan Defender for DNS from subscription {AZURE_SUBSCRIPTION_ID} is set to ON (pricing tier standard)." + == f"Defender plan Defender for DNS from subscription {AZURE_SUBSCRIPTION_DISPLAY} is set to ON (pricing tier standard)." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan DNS" diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_keyvault_is_on/defender_ensure_defender_for_keyvault_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_keyvault_is_on/defender_ensure_defender_for_keyvault_is_on_test.py index f2ef503114..f587a92961 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_keyvault_is_on/defender_ensure_defender_for_keyvault_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_keyvault_is_on/defender_ensure_defender_for_keyvault_is_on_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_defender_ensure_defender_for_keyvault_is_on: def test_defender_no_keyvaults(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = {} with ( @@ -34,6 +37,7 @@ class Test_defender_ensure_defender_for_keyvault_is_on: def test_defender_keyvaults_pricing_tier_not_standard(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = { AZURE_SUBSCRIPTION_ID: { "KeyVaults": Pricing( @@ -65,7 +69,7 @@ class Test_defender_ensure_defender_for_keyvault_is_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Defender plan Defender for KeyVaults from subscription {AZURE_SUBSCRIPTION_ID} is set to OFF (pricing tier not standard)." + == f"Defender plan Defender for KeyVaults from subscription {AZURE_SUBSCRIPTION_DISPLAY} is set to OFF (pricing tier not standard)." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan KeyVaults" @@ -74,6 +78,7 @@ class Test_defender_ensure_defender_for_keyvault_is_on: def test_defender_keyvaults_pricing_tier_standard(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = { AZURE_SUBSCRIPTION_ID: { "KeyVaults": Pricing( @@ -105,7 +110,7 @@ class Test_defender_ensure_defender_for_keyvault_is_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Defender plan Defender for KeyVaults from subscription {AZURE_SUBSCRIPTION_ID} is set to ON (pricing tier standard)." + == f"Defender plan Defender for KeyVaults from subscription {AZURE_SUBSCRIPTION_DISPLAY} is set to ON (pricing tier standard)." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan KeyVaults" diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_os_relational_databases_is_on/defender_ensure_defender_for_os_relational_databases_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_os_relational_databases_is_on/defender_ensure_defender_for_os_relational_databases_is_on_test.py index a00ad47526..dc28fb3bb2 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_os_relational_databases_is_on/defender_ensure_defender_for_os_relational_databases_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_os_relational_databases_is_on/defender_ensure_defender_for_os_relational_databases_is_on_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_defender_ensure_defender_for_os_relational_databases_is_on: def test_defender_no_os_relational_databases(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = {} with ( @@ -34,6 +37,7 @@ class Test_defender_ensure_defender_for_os_relational_databases_is_on: def test_defender_os_relational_databases_pricing_tier_not_standard(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = { AZURE_SUBSCRIPTION_ID: { "OpenSourceRelationalDatabases": Pricing( @@ -65,7 +69,7 @@ class Test_defender_ensure_defender_for_os_relational_databases_is_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Defender plan Defender for Open-Source Relational Databases from subscription {AZURE_SUBSCRIPTION_ID} is set to OFF (pricing tier not standard)." + == f"Defender plan Defender for Open-Source Relational Databases from subscription {AZURE_SUBSCRIPTION_DISPLAY} is set to OFF (pricing tier not standard)." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert ( @@ -77,6 +81,7 @@ class Test_defender_ensure_defender_for_os_relational_databases_is_on: def test_defender_os_relational_databases_pricing_tier_standard(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = { AZURE_SUBSCRIPTION_ID: { "OpenSourceRelationalDatabases": Pricing( @@ -108,7 +113,7 @@ class Test_defender_ensure_defender_for_os_relational_databases_is_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Defender plan Defender for Open-Source Relational Databases from subscription {AZURE_SUBSCRIPTION_ID} is set to ON (pricing tier standard)." + == f"Defender plan Defender for Open-Source Relational Databases from subscription {AZURE_SUBSCRIPTION_DISPLAY} is set to ON (pricing tier standard)." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert ( diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_server_is_on/defender_ensure_defender_for_server_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_server_is_on/defender_ensure_defender_for_server_is_on_test.py index 460a206150..226b26ad3a 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_server_is_on/defender_ensure_defender_for_server_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_server_is_on/defender_ensure_defender_for_server_is_on_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_defender_ensure_defender_for_server_is_on: def test_defender_no_server(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = {} with ( @@ -34,6 +37,7 @@ class Test_defender_ensure_defender_for_server_is_on: def test_defender_server_pricing_tier_not_standard(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = { AZURE_SUBSCRIPTION_ID: { "VirtualMachines": Pricing( @@ -65,7 +69,7 @@ class Test_defender_ensure_defender_for_server_is_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Defender plan Defender for Servers from subscription {AZURE_SUBSCRIPTION_ID} is set to OFF (pricing tier not standard)." + == f"Defender plan Defender for Servers from subscription {AZURE_SUBSCRIPTION_DISPLAY} is set to OFF (pricing tier not standard)." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan Servers" @@ -74,6 +78,7 @@ class Test_defender_ensure_defender_for_server_is_on: def test_defender_server_pricing_tier_standard(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = { AZURE_SUBSCRIPTION_ID: { "VirtualMachines": Pricing( @@ -105,7 +110,7 @@ class Test_defender_ensure_defender_for_server_is_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Defender plan Defender for Servers from subscription {AZURE_SUBSCRIPTION_ID} is set to ON (pricing tier standard)." + == f"Defender plan Defender for Servers from subscription {AZURE_SUBSCRIPTION_DISPLAY} is set to ON (pricing tier standard)." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan Servers" diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_sql_servers_is_on/defender_ensure_defender_for_sql_servers_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_sql_servers_is_on/defender_ensure_defender_for_sql_servers_is_on_test.py index c99a270e89..1907cdbb6c 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_sql_servers_is_on/defender_ensure_defender_for_sql_servers_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_sql_servers_is_on/defender_ensure_defender_for_sql_servers_is_on_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_defender_ensure_defender_for_sql_servers_is_on: def test_defender_no_server(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = {} with ( @@ -34,6 +37,7 @@ class Test_defender_ensure_defender_for_sql_servers_is_on: def test_defender_server_pricing_tier_not_standard(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = { AZURE_SUBSCRIPTION_ID: { "SqlServerVirtualMachines": Pricing( @@ -65,7 +69,7 @@ class Test_defender_ensure_defender_for_sql_servers_is_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Defender plan Defender for SQL Server VMs from subscription {AZURE_SUBSCRIPTION_ID} is set to OFF (pricing tier not standard)." + == f"Defender plan Defender for SQL Server VMs from subscription {AZURE_SUBSCRIPTION_DISPLAY} is set to OFF (pricing tier not standard)." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan SQL Server VMs" @@ -74,6 +78,7 @@ class Test_defender_ensure_defender_for_sql_servers_is_on: def test_defender_server_pricing_tier_standard(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = { AZURE_SUBSCRIPTION_ID: { "SqlServerVirtualMachines": Pricing( @@ -105,7 +110,7 @@ class Test_defender_ensure_defender_for_sql_servers_is_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Defender plan Defender for SQL Server VMs from subscription {AZURE_SUBSCRIPTION_ID} is set to ON (pricing tier standard)." + == f"Defender plan Defender for SQL Server VMs from subscription {AZURE_SUBSCRIPTION_DISPLAY} is set to ON (pricing tier standard)." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan SQL Server VMs" diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_storage_is_on/defender_ensure_defender_for_storage_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_storage_is_on/defender_ensure_defender_for_storage_is_on_test.py index d3d22ee1d7..f5eee6879a 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_storage_is_on/defender_ensure_defender_for_storage_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_storage_is_on/defender_ensure_defender_for_storage_is_on_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_defender_ensure_defender_for_storage_is_on: def test_defender_no_server(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = {} with ( @@ -34,6 +37,7 @@ class Test_defender_ensure_defender_for_storage_is_on: def test_defender_server_pricing_tier_not_standard(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = { AZURE_SUBSCRIPTION_ID: { "StorageAccounts": Pricing( @@ -65,7 +69,7 @@ class Test_defender_ensure_defender_for_storage_is_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Defender plan Defender for Storage Accounts from subscription {AZURE_SUBSCRIPTION_ID} is set to OFF (pricing tier not standard)." + == f"Defender plan Defender for Storage Accounts from subscription {AZURE_SUBSCRIPTION_DISPLAY} is set to OFF (pricing tier not standard)." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan Storage Accounts" @@ -74,6 +78,7 @@ class Test_defender_ensure_defender_for_storage_is_on: def test_defender_server_pricing_tier_standard(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.pricings = { AZURE_SUBSCRIPTION_ID: { "StorageAccounts": Pricing( @@ -105,7 +110,7 @@ class Test_defender_ensure_defender_for_storage_is_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Defender plan Defender for Storage Accounts from subscription {AZURE_SUBSCRIPTION_ID} is set to ON (pricing tier standard)." + == f"Defender plan Defender for Storage Accounts from subscription {AZURE_SUBSCRIPTION_DISPLAY} is set to ON (pricing tier standard)." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "Defender plan Storage Accounts" diff --git a/tests/providers/azure/services/defender/defender_ensure_iot_hub_defender_is_on/defender_ensure_iot_hub_defender_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_iot_hub_defender_is_on/defender_ensure_iot_hub_defender_is_on_test.py index 14ae870fdf..f4ac17c5ae 100644 --- a/tests/providers/azure/services/defender/defender_ensure_iot_hub_defender_is_on/defender_ensure_iot_hub_defender_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_iot_hub_defender_is_on/defender_ensure_iot_hub_defender_is_on_test.py @@ -5,7 +5,9 @@ from prowler.providers.azure.services.defender.defender_service import ( IoTSecuritySolution, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -13,6 +15,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_defender_ensure_iot_hub_defender_is_on: def test_defender_no_subscriptions(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.iot_security_solutions = {} with ( @@ -36,7 +39,7 @@ class Test_defender_ensure_iot_hub_defender_is_on: def test_defender_no_iot_hub_solutions(self): defender_client = mock.MagicMock defender_client.iot_security_solutions = {AZURE_SUBSCRIPTION_ID: {}} - defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_ID} + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -58,7 +61,7 @@ class Test_defender_ensure_iot_hub_defender_is_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"No IoT Security Solutions found in the subscription {AZURE_SUBSCRIPTION_ID}." + == f"No IoT Security Solutions found in the subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) assert result[0].resource_name == AZURE_SUBSCRIPTION_ID assert result[0].resource_id == f"/subscriptions/{AZURE_SUBSCRIPTION_ID}" @@ -66,6 +69,7 @@ class Test_defender_ensure_iot_hub_defender_is_on: def test_defender_iot_hub_solution_disabled(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.iot_security_solutions = { AZURE_SUBSCRIPTION_ID: { resource_id: IoTSecuritySolution( @@ -94,7 +98,7 @@ class Test_defender_ensure_iot_hub_defender_is_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"The security solution iot_sec_solution is disabled in subscription {AZURE_SUBSCRIPTION_ID}" + == f"The security solution iot_sec_solution is disabled in subscription {AZURE_SUBSCRIPTION_DISPLAY}" ) assert result[0].resource_name == "iot_sec_solution" assert result[0].resource_id == resource_id @@ -102,6 +106,7 @@ class Test_defender_ensure_iot_hub_defender_is_on: def test_defender_iot_hub_solution_enabled(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.iot_security_solutions = { AZURE_SUBSCRIPTION_ID: { resource_id: IoTSecuritySolution( @@ -130,7 +135,7 @@ class Test_defender_ensure_iot_hub_defender_is_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"The security solution iot_sec_solution is enabled in subscription {AZURE_SUBSCRIPTION_ID}." + == f"The security solution iot_sec_solution is enabled in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) assert result[0].resource_name == "iot_sec_solution" assert result[0].resource_id == resource_id @@ -140,6 +145,7 @@ class Test_defender_ensure_iot_hub_defender_is_on: resource_id_enabled = str(uuid4()) resource_id_disabled = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.iot_security_solutions = { AZURE_SUBSCRIPTION_ID: { resource_id_enabled: IoTSecuritySolution( @@ -175,7 +181,7 @@ class Test_defender_ensure_iot_hub_defender_is_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"The security solution iot_sec_solution_enabled is enabled in subscription {AZURE_SUBSCRIPTION_ID}." + == f"The security solution iot_sec_solution_enabled is enabled in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) assert result[0].resource_name == "iot_sec_solution_enabled" assert result[0].resource_id == resource_id_enabled @@ -184,7 +190,7 @@ class Test_defender_ensure_iot_hub_defender_is_on: assert result[1].status == "FAIL" assert ( result[1].status_extended - == f"The security solution iot_sec_solution_disabled is disabled in subscription {AZURE_SUBSCRIPTION_ID}" + == f"The security solution iot_sec_solution_disabled is disabled in subscription {AZURE_SUBSCRIPTION_DISPLAY}" ) assert result[1].resource_name == "iot_sec_solution_disabled" assert result[1].resource_id == resource_id_disabled diff --git a/tests/providers/azure/services/defender/defender_ensure_mcas_is_enabled/defender_ensure_mcas_is_enabled_test.py b/tests/providers/azure/services/defender/defender_ensure_mcas_is_enabled/defender_ensure_mcas_is_enabled_test.py index 5db8eb19a0..7770ab0baf 100644 --- a/tests/providers/azure/services/defender/defender_ensure_mcas_is_enabled/defender_ensure_mcas_is_enabled_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_mcas_is_enabled/defender_ensure_mcas_is_enabled_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Setting from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_defender_ensure_mcas_is_enabled: def test_defender_no_settings(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.settings = {} with ( @@ -34,6 +37,7 @@ class Test_defender_ensure_mcas_is_enabled: def test_defender_mcas_disabled(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.settings = { AZURE_SUBSCRIPTION_ID: { "MCAS": Setting( @@ -66,7 +70,7 @@ class Test_defender_ensure_mcas_is_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Microsoft Defender for Cloud Apps is disabled for subscription {AZURE_SUBSCRIPTION_ID}." + == f"Microsoft Defender for Cloud Apps is disabled for subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "MCAS" @@ -75,6 +79,7 @@ class Test_defender_ensure_mcas_is_enabled: def test_defender_mcas_enabled(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.settings = { AZURE_SUBSCRIPTION_ID: { "MCAS": Setting( @@ -107,7 +112,7 @@ class Test_defender_ensure_mcas_is_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Microsoft Defender for Cloud Apps is enabled for subscription {AZURE_SUBSCRIPTION_ID}." + == f"Microsoft Defender for Cloud Apps is enabled for subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "MCAS" @@ -116,7 +121,7 @@ class Test_defender_ensure_mcas_is_enabled: def test_defender_mcas_no_settings(self): defender_client = mock.MagicMock defender_client.settings = {AZURE_SUBSCRIPTION_ID: {}} - defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_ID} + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -138,7 +143,7 @@ class Test_defender_ensure_mcas_is_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Microsoft Defender for Cloud Apps not exists for subscription {AZURE_SUBSCRIPTION_ID}." + == f"Microsoft Defender for Cloud Apps not exists for subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == AZURE_SUBSCRIPTION_ID diff --git a/tests/providers/azure/services/defender/defender_ensure_notify_alerts_severity_is_high/defender_ensure_notify_alerts_severity_is_high_test.py b/tests/providers/azure/services/defender/defender_ensure_notify_alerts_severity_is_high/defender_ensure_notify_alerts_severity_is_high_test.py index 85355bc1f0..8d2a3a05f7 100644 --- a/tests/providers/azure/services/defender/defender_ensure_notify_alerts_severity_is_high/defender_ensure_notify_alerts_severity_is_high_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_notify_alerts_severity_is_high/defender_ensure_notify_alerts_severity_is_high_test.py @@ -6,7 +6,9 @@ from prowler.providers.azure.services.defender.defender_service import ( SecurityContactConfiguration, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -14,6 +16,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_defender_ensure_notify_alerts_severity_is_high: def test_defender_no_subscriptions(self): defender_client = mock.MagicMock() + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.security_contact_configurations = {} with ( @@ -37,6 +40,7 @@ class Test_defender_ensure_notify_alerts_severity_is_high: def test_defender_severity_alerts_critical(self): resource_id = str(uuid4()) defender_client = mock.MagicMock() + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.security_contact_configurations = { AZURE_SUBSCRIPTION_ID: { resource_id: SecurityContactConfiguration( @@ -74,7 +78,7 @@ class Test_defender_ensure_notify_alerts_severity_is_high: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Notifications are not enabled for alerts with a minimum severity of high or lower in subscription {AZURE_SUBSCRIPTION_ID}." + == f"Notifications are not enabled for alerts with a minimum severity of high or lower in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "default" @@ -83,6 +87,7 @@ class Test_defender_ensure_notify_alerts_severity_is_high: def test_defender_severity_alerts_high(self): resource_id = str(uuid4()) defender_client = mock.MagicMock() + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.security_contact_configurations = { AZURE_SUBSCRIPTION_ID: { resource_id: SecurityContactConfiguration( @@ -121,7 +126,7 @@ class Test_defender_ensure_notify_alerts_severity_is_high: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Notifications are enabled for alerts with a minimum severity of high or lower (High) in subscription {AZURE_SUBSCRIPTION_ID}." + == f"Notifications are enabled for alerts with a minimum severity of high or lower (High) in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "default" @@ -130,6 +135,7 @@ class Test_defender_ensure_notify_alerts_severity_is_high: def test_defender_severity_alerts_low(self): resource_id = str(uuid4()) defender_client = mock.MagicMock() + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.security_contact_configurations = { AZURE_SUBSCRIPTION_ID: { resource_id: SecurityContactConfiguration( @@ -168,7 +174,7 @@ class Test_defender_ensure_notify_alerts_severity_is_high: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Notifications are enabled for alerts with a minimum severity of high or lower (Low) in subscription {AZURE_SUBSCRIPTION_ID}." + == f"Notifications are enabled for alerts with a minimum severity of high or lower (Low) in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "default" @@ -176,6 +182,7 @@ class Test_defender_ensure_notify_alerts_severity_is_high: def test_defender_default_security_contact_not_found(self): defender_client = mock.MagicMock() + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.security_contact_configurations = { AZURE_SUBSCRIPTION_ID: { f"/subscriptions/{AZURE_SUBSCRIPTION_ID}/providers/Microsoft.Security/securityContacts/default": SecurityContactConfiguration( @@ -212,7 +219,7 @@ class Test_defender_ensure_notify_alerts_severity_is_high: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Notifications are not enabled for alerts with a minimum severity of high or lower in subscription {AZURE_SUBSCRIPTION_ID}." + == f"Notifications are not enabled for alerts with a minimum severity of high or lower in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "default" diff --git a/tests/providers/azure/services/defender/defender_ensure_notify_emails_to_owners/defender_ensure_notify_emails_to_owners_test.py b/tests/providers/azure/services/defender/defender_ensure_notify_emails_to_owners/defender_ensure_notify_emails_to_owners_test.py index e4c2dc4371..b125320764 100644 --- a/tests/providers/azure/services/defender/defender_ensure_notify_emails_to_owners/defender_ensure_notify_emails_to_owners_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_notify_emails_to_owners/defender_ensure_notify_emails_to_owners_test.py @@ -6,7 +6,9 @@ from prowler.providers.azure.services.defender.defender_service import ( SecurityContactConfiguration, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -14,6 +16,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_defender_ensure_notify_emails_to_owners: def test_defender_no_subscriptions(self): defender_client = mock.MagicMock() + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.security_contact_configurations = {} with ( @@ -37,6 +40,7 @@ class Test_defender_ensure_notify_emails_to_owners: def test_defender_no_notify_emails_to_owners(self): resource_id = str(uuid4()) defender_client = mock.MagicMock() + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.security_contact_configurations = { AZURE_SUBSCRIPTION_ID: { resource_id: SecurityContactConfiguration( @@ -76,6 +80,7 @@ class Test_defender_ensure_notify_emails_to_owners: def test_defender_notify_emails_to_owners_off(self): resource_id = str(uuid4()) defender_client = mock.MagicMock() + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.security_contact_configurations = { AZURE_SUBSCRIPTION_ID: { resource_id: SecurityContactConfiguration( @@ -113,7 +118,7 @@ class Test_defender_ensure_notify_emails_to_owners: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"The Owner role is not notified for subscription {AZURE_SUBSCRIPTION_ID}." + == f"The Owner role is not notified for subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "default" @@ -122,6 +127,7 @@ class Test_defender_ensure_notify_emails_to_owners: def test_defender_notify_emails_to_owners(self): resource_id = str(uuid4()) defender_client = mock.MagicMock() + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.security_contact_configurations = { AZURE_SUBSCRIPTION_ID: { resource_id: SecurityContactConfiguration( @@ -159,7 +165,7 @@ class Test_defender_ensure_notify_emails_to_owners: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"The Owner role is notified for subscription {AZURE_SUBSCRIPTION_ID}." + == f"The Owner role is notified for subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "default" diff --git a/tests/providers/azure/services/defender/defender_ensure_system_updates_are_applied/defender_ensure_system_updates_are_applied_test.py b/tests/providers/azure/services/defender/defender_ensure_system_updates_are_applied/defender_ensure_system_updates_are_applied_test.py index 4a98f0bba6..e6a80853dd 100644 --- a/tests/providers/azure/services/defender/defender_ensure_system_updates_are_applied/defender_ensure_system_updates_are_applied_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_system_updates_are_applied/defender_ensure_system_updates_are_applied_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Assesment from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_defender_ensure_system_updates_are_applied: def test_defender_no_app_services(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.assessments = {} with ( @@ -34,6 +37,7 @@ class Test_defender_ensure_system_updates_are_applied: def test_defender_machines_no_log_analytics_installed(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.assessments = { AZURE_SUBSCRIPTION_ID: { "Log Analytics agent should be installed on virtual machines": Assesment( @@ -74,7 +78,7 @@ class Test_defender_ensure_system_updates_are_applied: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"System updates are not applied for all the VMs in the subscription {AZURE_SUBSCRIPTION_ID}." + == f"System updates are not applied for all the VMs in the subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "vm1" @@ -85,6 +89,7 @@ class Test_defender_ensure_system_updates_are_applied: ): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.assessments = { AZURE_SUBSCRIPTION_ID: { "Log Analytics agent should be installed on virtual machines": Assesment( @@ -125,7 +130,7 @@ class Test_defender_ensure_system_updates_are_applied: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"System updates are not applied for all the VMs in the subscription {AZURE_SUBSCRIPTION_ID}." + == f"System updates are not applied for all the VMs in the subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "vm1" @@ -134,6 +139,7 @@ class Test_defender_ensure_system_updates_are_applied: def test_defender_machines_no_system_updates_installed(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.assessments = { AZURE_SUBSCRIPTION_ID: { "Log Analytics agent should be installed on virtual machines": Assesment( @@ -174,7 +180,7 @@ class Test_defender_ensure_system_updates_are_applied: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"System updates are not applied for all the VMs in the subscription {AZURE_SUBSCRIPTION_ID}." + == f"System updates are not applied for all the VMs in the subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "vm1" @@ -185,6 +191,7 @@ class Test_defender_ensure_system_updates_are_applied: ): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.assessments = { AZURE_SUBSCRIPTION_ID: { "Log Analytics agent should be installed on virtual machines": Assesment( @@ -225,7 +232,7 @@ class Test_defender_ensure_system_updates_are_applied: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"System updates are applied for all the VMs in the subscription {AZURE_SUBSCRIPTION_ID}." + == f"System updates are applied for all the VMs in the subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "vm1" diff --git a/tests/providers/azure/services/defender/defender_ensure_wdatp_is_enabled/defender_ensure_wdatp_is_enabled_test.py b/tests/providers/azure/services/defender/defender_ensure_wdatp_is_enabled/defender_ensure_wdatp_is_enabled_test.py index fba1d24ba8..202e332b3f 100644 --- a/tests/providers/azure/services/defender/defender_ensure_wdatp_is_enabled/defender_ensure_wdatp_is_enabled_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_wdatp_is_enabled/defender_ensure_wdatp_is_enabled_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Setting from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_defender_ensure_wdatp_is_enabled: def test_defender_no_settings(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.settings = {} with ( @@ -34,6 +37,7 @@ class Test_defender_ensure_wdatp_is_enabled: def test_defender_wdatp_disabled(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.settings = { AZURE_SUBSCRIPTION_ID: { "WDATP": Setting( @@ -66,7 +70,7 @@ class Test_defender_ensure_wdatp_is_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Microsoft Defender for Endpoint integration is disabled for subscription {AZURE_SUBSCRIPTION_ID}." + == f"Microsoft Defender for Endpoint integration is disabled for subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "WDATP" @@ -75,6 +79,7 @@ class Test_defender_ensure_wdatp_is_enabled: def test_defender_wdatp_enabled(self): resource_id = str(uuid4()) defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.settings = { AZURE_SUBSCRIPTION_ID: { "WDATP": Setting( @@ -107,7 +112,7 @@ class Test_defender_ensure_wdatp_is_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Microsoft Defender for Endpoint integration is enabled for subscription {AZURE_SUBSCRIPTION_ID}." + == f"Microsoft Defender for Endpoint integration is enabled for subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "WDATP" @@ -116,7 +121,7 @@ class Test_defender_ensure_wdatp_is_enabled: def test_defender_wdatp_no_settings(self): defender_client = mock.MagicMock defender_client.settings = {AZURE_SUBSCRIPTION_ID: {}} - defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_ID} + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -138,7 +143,7 @@ class Test_defender_ensure_wdatp_is_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Microsoft Defender for Endpoint integration not exists for subscription {AZURE_SUBSCRIPTION_ID}." + == f"Microsoft Defender for Endpoint integration not exists for subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == AZURE_SUBSCRIPTION_ID diff --git a/tests/providers/azure/services/entra/entra_user_with_vm_access_has_mfa/entra_user_with_vm_access_has_mfa_test.py b/tests/providers/azure/services/entra/entra_user_with_vm_access_has_mfa/entra_user_with_vm_access_has_mfa_test.py index b9ebe959ef..46dc9389af 100644 --- a/tests/providers/azure/services/entra/entra_user_with_vm_access_has_mfa/entra_user_with_vm_access_has_mfa_test.py +++ b/tests/providers/azure/services/entra/entra_user_with_vm_access_has_mfa/entra_user_with_vm_access_has_mfa_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.config import VIRTUAL_MACHINE_ADMINISTRATOR_LOGIN_ROLE_ID from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, DOMAIN, set_mocked_azure_provider, ) @@ -12,7 +14,9 @@ from tests.providers.azure.azure_fixtures import ( class Test_iam_assignment_priviledge_access_vm_has_mfa: def test_iam_no_roles(self): iam_client = mock.MagicMock + iam_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} entra_client = mock.MagicMock + entra_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -37,8 +41,10 @@ class Test_iam_assignment_priviledge_access_vm_has_mfa: def test_entra_user_with_vm_access_has_mfa(self): iam_client = mock.MagicMock + iam_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} role_assigment_id = str(uuid4()) entra_client = mock.MagicMock + entra_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} user_id = str(uuid4()) with ( @@ -98,7 +104,7 @@ class Test_iam_assignment_priviledge_access_vm_has_mfa: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"User test can access VMs in subscription {AZURE_SUBSCRIPTION_ID} but it has MFA." + == f"User test can access VMs in subscription {AZURE_SUBSCRIPTION_DISPLAY} but it has MFA." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "test" @@ -106,8 +112,10 @@ class Test_iam_assignment_priviledge_access_vm_has_mfa: def test_entra_user_with_vm_access_has_mfa_no_mfa(self): iam_client = mock.MagicMock + iam_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} role_assigment_id = str(uuid4()) entra_client = mock.MagicMock + entra_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} user_id = str(uuid4()) with ( @@ -167,7 +175,7 @@ class Test_iam_assignment_priviledge_access_vm_has_mfa: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"User test without MFA can access VMs in subscription {AZURE_SUBSCRIPTION_ID}" + == f"User test without MFA can access VMs in subscription {AZURE_SUBSCRIPTION_DISPLAY}" ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == "test" @@ -175,8 +183,10 @@ class Test_iam_assignment_priviledge_access_vm_has_mfa: def test_entra_user_with_vm_access_has_mfa_no_user(self): iam_client = mock.MagicMock + iam_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} role_assigment_id = str(uuid4()) entra_client = mock.MagicMock + entra_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} user_id = str(uuid4()) with ( @@ -227,8 +237,10 @@ class Test_iam_assignment_priviledge_access_vm_has_mfa: def test_entra_user_with_vm_access_has_mfa_no_role(self): iam_client = mock.MagicMock + iam_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} role_assigment_id = str(uuid4()) entra_client = mock.MagicMock + entra_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} user_id = str(uuid4()) with ( diff --git a/tests/providers/azure/services/iam/iam_custom_role_has_permissions_to_administer_resource_locks/iam_custom_role_has_permissions_to_administer_resource_locks_test.py b/tests/providers/azure/services/iam/iam_custom_role_has_permissions_to_administer_resource_locks/iam_custom_role_has_permissions_to_administer_resource_locks_test.py index eaa59eff14..5125130871 100644 --- a/tests/providers/azure/services/iam/iam_custom_role_has_permissions_to_administer_resource_locks/iam_custom_role_has_permissions_to_administer_resource_locks_test.py +++ b/tests/providers/azure/services/iam/iam_custom_role_has_permissions_to_administer_resource_locks/iam_custom_role_has_permissions_to_administer_resource_locks_test.py @@ -4,7 +4,9 @@ from azure.mgmt.authorization.v2022_04_01.models import Permission from prowler.providers.azure.services.iam.iam_service import Role from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -12,6 +14,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_iam_custom_role_has_permissions_to_administer_resource_locks: def test_iam_no_roles(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.custom_roles = {} with ( @@ -36,6 +39,7 @@ class Test_iam_custom_role_has_permissions_to_administer_resource_locks: self, ): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} role_name = "test-role" defender_client.custom_roles = { AZURE_SUBSCRIPTION_ID: { @@ -76,7 +80,7 @@ class Test_iam_custom_role_has_permissions_to_administer_resource_locks: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Role {role_name} from subscription {AZURE_SUBSCRIPTION_ID} has permission to administer resource locks." + == f"Role {role_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has permission to administer resource locks." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert ( @@ -91,6 +95,7 @@ class Test_iam_custom_role_has_permissions_to_administer_resource_locks: self, ): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} role_name = "test-role" defender_client.custom_roles = { AZURE_SUBSCRIPTION_ID: { @@ -124,7 +129,7 @@ class Test_iam_custom_role_has_permissions_to_administer_resource_locks: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Role {role_name} from subscription {AZURE_SUBSCRIPTION_ID} has no permission to administer resource locks." + == f"Role {role_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has no permission to administer resource locks." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert ( @@ -139,6 +144,7 @@ class Test_iam_custom_role_has_permissions_to_administer_resource_locks: self, ): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} role_name = "test-role" role_name2 = "test-role2" defender_client.custom_roles = { @@ -194,7 +200,7 @@ class Test_iam_custom_role_has_permissions_to_administer_resource_locks: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Role {role_name} from subscription {AZURE_SUBSCRIPTION_ID} has permission to administer resource locks." + == f"Role {role_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has permission to administer resource locks." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert ( @@ -206,6 +212,7 @@ class Test_iam_custom_role_has_permissions_to_administer_resource_locks: def test_iam_custom_roles_empty_list_but_with_key(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.custom_roles = {AZURE_SUBSCRIPTION_ID: {}} with ( diff --git a/tests/providers/azure/services/iam/iam_role_user_access_admin_restricted/iam_role_user_access_admin_restricted_test.py b/tests/providers/azure/services/iam/iam_role_user_access_admin_restricted/iam_role_user_access_admin_restricted_test.py index dbf842d589..8ccf6e6f64 100644 --- a/tests/providers/azure/services/iam/iam_role_user_access_admin_restricted/iam_role_user_access_admin_restricted_test.py +++ b/tests/providers/azure/services/iam/iam_role_user_access_admin_restricted/iam_role_user_access_admin_restricted_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.services.iam.iam_service import Role, RoleAssignment from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_iam_role_user_access_admin_restricted: def test_iam_no_role_assignments(self): iam_client = mock.MagicMock + iam_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} iam_client.role_assignments = {} iam_client.roles = {} @@ -40,11 +43,11 @@ class Test_iam_role_user_access_admin_restricted: role_name = "User Access Administrator" iam_client.subscriptions = { - "subscription-name-1": AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME, } iam_client.role_assignments = { - "subscription-name-1": { + AZURE_SUBSCRIPTION_ID: { role_assignment_id: RoleAssignment( id=role_assignment_id, name="test-assignment", @@ -56,7 +59,7 @@ class Test_iam_role_user_access_admin_restricted: } } iam_client.roles = { - "subscription-name-1": { + AZURE_SUBSCRIPTION_ID: { f"/subscriptions/{AZURE_SUBSCRIPTION_ID}/providers/Microsoft.Authorization/roleDefinitions/{role_id}": Role( id=role_id, name=role_name, @@ -87,9 +90,9 @@ class Test_iam_role_user_access_admin_restricted: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Role assignment test-assignment in subscription subscription-name-1 grants User Access Administrator role to User {agent_id}." + == f"Role assignment test-assignment in subscription {AZURE_SUBSCRIPTION_DISPLAY} grants User Access Administrator role to User {agent_id}." ) - assert result[0].subscription == "subscription-name-1" + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_id == role_assignment_id def test_iam_non_user_access_administrator_role_assigned(self): @@ -100,11 +103,11 @@ class Test_iam_role_user_access_admin_restricted: role_name = "Reader" iam_client.subscriptions = { - "subscription-name-1": AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME, } iam_client.role_assignments = { - "subscription-name-1": { + AZURE_SUBSCRIPTION_ID: { role_assignment_id: RoleAssignment( id=role_assignment_id, name="test-assignment", @@ -116,7 +119,7 @@ class Test_iam_role_user_access_admin_restricted: } } iam_client.roles = { - "subscription-name-1": { + AZURE_SUBSCRIPTION_ID: { f"/subscriptions/{AZURE_SUBSCRIPTION_ID}/providers/Microsoft.Authorization/roleDefinitions/{role_id}": Role( id=role_id, name=role_name, @@ -147,7 +150,7 @@ class Test_iam_role_user_access_admin_restricted: assert result[0].status == "PASS" assert ( result[0].status_extended - == "Role assignment test-assignment in subscription subscription-name-1 does not grant User Access Administrator role." + == f"Role assignment test-assignment in subscription {AZURE_SUBSCRIPTION_DISPLAY} does not grant User Access Administrator role." ) - assert result[0].subscription == "subscription-name-1" + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_id == role_assignment_id diff --git a/tests/providers/azure/services/iam/iam_subscription_roles_owner_custom_not_created/iam_subscription_roles_owner_custom_not_created_test.py b/tests/providers/azure/services/iam/iam_subscription_roles_owner_custom_not_created/iam_subscription_roles_owner_custom_not_created_test.py index 7f15b69466..1d2d37ee11 100644 --- a/tests/providers/azure/services/iam/iam_subscription_roles_owner_custom_not_created/iam_subscription_roles_owner_custom_not_created_test.py +++ b/tests/providers/azure/services/iam/iam_subscription_roles_owner_custom_not_created/iam_subscription_roles_owner_custom_not_created_test.py @@ -4,7 +4,9 @@ from azure.mgmt.authorization.v2022_04_01.models import Permission from prowler.providers.azure.services.iam.iam_service import Role from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -12,6 +14,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_iam_subscription_roles_owner_custom_not_created: def test_iam_no_roles(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.custom_roles = {} with ( @@ -34,6 +37,7 @@ class Test_iam_subscription_roles_owner_custom_not_created: def test_iam_custom_owner_role_created_with_all(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} role_name = "test-role" defender_client.custom_roles = { AZURE_SUBSCRIPTION_ID: { @@ -67,7 +71,7 @@ class Test_iam_subscription_roles_owner_custom_not_created: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Role {role_name} from subscription {AZURE_SUBSCRIPTION_ID} is a custom owner role." + == f"Role {role_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} is a custom owner role." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert ( @@ -80,6 +84,7 @@ class Test_iam_subscription_roles_owner_custom_not_created: def test_iam_custom_owner_role_created_with_no_permissions(self): defender_client = mock.MagicMock + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} role_name = "test-role" defender_client.custom_roles = { AZURE_SUBSCRIPTION_ID: { @@ -113,7 +118,7 @@ class Test_iam_subscription_roles_owner_custom_not_created: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Role {role_name} from subscription {AZURE_SUBSCRIPTION_ID} is not a custom owner role." + == f"Role {role_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} is not a custom owner role." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert ( diff --git a/tests/providers/azure/services/keyvault/keyvault_access_only_through_private_endpoints/keyvault_access_only_through_private_endpoints_test.py b/tests/providers/azure/services/keyvault/keyvault_access_only_through_private_endpoints/keyvault_access_only_through_private_endpoints_test.py index 793b3b4912..4244684d1a 100644 --- a/tests/providers/azure/services/keyvault/keyvault_access_only_through_private_endpoints/keyvault_access_only_through_private_endpoints_test.py +++ b/tests/providers/azure/services/keyvault/keyvault_access_only_through_private_endpoints/keyvault_access_only_through_private_endpoints_test.py @@ -2,7 +2,9 @@ from unittest import mock from uuid import uuid4 from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -10,6 +12,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_keyvault_access_only_through_private_endpoints: def test_no_key_vaults(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_client.key_vaults = {} with ( @@ -32,6 +35,7 @@ class Test_keyvault_access_only_through_private_endpoints: def test_key_vaults_no_private_endpoints(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_name = "Keyvault Name" keyvault_id = str(uuid4()) @@ -78,6 +82,7 @@ class Test_keyvault_access_only_through_private_endpoints: def test_key_vaults_with_private_endpoints_public_access_enabled(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_name = "Keyvault Name" keyvault_id = str(uuid4()) @@ -127,7 +132,7 @@ class Test_keyvault_access_only_through_private_endpoints: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} has public network access enabled while using private endpoints." + == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has public network access enabled while using private endpoints." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == keyvault_name @@ -136,6 +141,7 @@ class Test_keyvault_access_only_through_private_endpoints: def test_key_vaults_with_private_endpoints_public_access_disabled(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_name = "Keyvault Name" keyvault_id = str(uuid4()) @@ -185,7 +191,7 @@ class Test_keyvault_access_only_through_private_endpoints: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} has public network access disabled and is using private endpoints." + == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has public network access disabled and is using private endpoints." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == keyvault_name diff --git a/tests/providers/azure/services/keyvault/keyvault_key_expiration_set_in_non_rbac/keyvault_key_expiration_set_in_non_rbac_test.py b/tests/providers/azure/services/keyvault/keyvault_key_expiration_set_in_non_rbac/keyvault_key_expiration_set_in_non_rbac_test.py index 5995971555..9da66f9eda 100644 --- a/tests/providers/azure/services/keyvault/keyvault_key_expiration_set_in_non_rbac/keyvault_key_expiration_set_in_non_rbac_test.py +++ b/tests/providers/azure/services/keyvault/keyvault_key_expiration_set_in_non_rbac/keyvault_key_expiration_set_in_non_rbac_test.py @@ -4,7 +4,9 @@ from uuid import uuid4 from azure.mgmt.keyvault.v2023_07_01.models import KeyAttributes, VaultProperties from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -12,6 +14,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_keyvault_key_expiration_set_in_non_rbac: def test_no_key_vaults(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_client.key_vaults = {} with ( @@ -34,6 +37,7 @@ class Test_keyvault_key_expiration_set_in_non_rbac: def test_no_keys(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -75,6 +79,7 @@ class Test_keyvault_key_expiration_set_in_non_rbac: def test_key_vaults_invalid_keys(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_name = "Keyvault Name" keyvault_id = str(uuid4()) key_name = "Key Name" @@ -127,7 +132,7 @@ class Test_keyvault_key_expiration_set_in_non_rbac: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Key {key_name} in Key Vault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} does not have an expiration date set." + == f"Key {key_name} in Key Vault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} does not have an expiration date set." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == key_name @@ -136,6 +141,7 @@ class Test_keyvault_key_expiration_set_in_non_rbac: def test_key_vaults_valid_keys(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_name = "Keyvault Name" keyvault_id = str(uuid4()) key_name = "Key Name" @@ -188,7 +194,7 @@ class Test_keyvault_key_expiration_set_in_non_rbac: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Key {key_name} in Key Vault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} has an expiration date set." + == f"Key {key_name} in Key Vault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has an expiration date set." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == key_name @@ -197,6 +203,7 @@ class Test_keyvault_key_expiration_set_in_non_rbac: def test_disabled_key_skipped(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_name = "Keyvault Name" keyvault_id = str(uuid4()) @@ -248,6 +255,7 @@ class Test_keyvault_key_expiration_set_in_non_rbac: def test_multiple_keys_mixed_expiration(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_name = "Keyvault Name" keyvault_id = str(uuid4()) key_with_expiry = "key_with_expiry" diff --git a/tests/providers/azure/services/keyvault/keyvault_key_rotation_enabled/keyvault_key_rotation_enabled_test.py b/tests/providers/azure/services/keyvault/keyvault_key_rotation_enabled/keyvault_key_rotation_enabled_test.py index 75d1e922e2..fd6e2495ce 100644 --- a/tests/providers/azure/services/keyvault/keyvault_key_rotation_enabled/keyvault_key_rotation_enabled_test.py +++ b/tests/providers/azure/services/keyvault/keyvault_key_rotation_enabled/keyvault_key_rotation_enabled_test.py @@ -4,7 +4,9 @@ from azure.keyvault.keys import KeyRotationLifetimeAction, KeyRotationPolicy from azure.mgmt.keyvault.v2023_07_01.models import KeyAttributes, VaultProperties from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -12,6 +14,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_keyvault_key_rotation_enabled: def test_no_key_vaults(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_client.key_vaults = {} with ( @@ -34,6 +37,7 @@ class Test_keyvault_key_rotation_enabled: def test_no_keys(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -75,6 +79,7 @@ class Test_keyvault_key_rotation_enabled: def test_key_without_rotation_policy(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_name = "keyvault_name" key_name = "key_name" @@ -128,7 +133,7 @@ class Test_keyvault_key_rotation_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Key {key_name} in Key Vault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} does not have a rotation policy set." + == f"Key {key_name} in Key Vault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} does not have a rotation policy set." ) assert result[0].resource_name == key_name assert result[0].resource_id == "id" @@ -137,6 +142,7 @@ class Test_keyvault_key_rotation_enabled: def test_key_with_rotation_policy(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_name = "keyvault_name" key_name = "key_name" @@ -198,7 +204,7 @@ class Test_keyvault_key_rotation_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Key {key_name} in Key Vault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} has a rotation policy set." + == f"Key {key_name} in Key Vault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has a rotation policy set." ) assert result[0].resource_name == key_name assert result[0].resource_id == "id" @@ -207,6 +213,7 @@ class Test_keyvault_key_rotation_enabled: def test_multiple_keys_mixed_rotation_policies(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_name = "keyvault_name" key_with_rotation = "key_with_rotation" key_without_rotation = "key_without_rotation" @@ -306,6 +313,7 @@ class Test_keyvault_key_rotation_enabled: def test_rotation_action_not_first_in_lifetime_actions(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_name = "keyvault_name" key_name = "key_name" @@ -372,5 +380,5 @@ class Test_keyvault_key_rotation_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Key {key_name} in Key Vault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} has a rotation policy set." + == f"Key {key_name} in Key Vault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has a rotation policy set." ) diff --git a/tests/providers/azure/services/keyvault/keyvault_logging_enabled/keyvault_logging_enabled_test.py b/tests/providers/azure/services/keyvault/keyvault_logging_enabled/keyvault_logging_enabled_test.py index 7594860d76..2fff845a7d 100644 --- a/tests/providers/azure/services/keyvault/keyvault_logging_enabled/keyvault_logging_enabled_test.py +++ b/tests/providers/azure/services/keyvault/keyvault_logging_enabled/keyvault_logging_enabled_test.py @@ -3,7 +3,9 @@ from unittest import mock from azure.mgmt.keyvault.v2023_07_01.models import VaultProperties from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_keyvault_logging_enabled: def test_no_key_vaults(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_client.key_vaults = {} with ( @@ -37,6 +40,7 @@ class Test_keyvault_logging_enabled: def test_no_diagnostic_settings(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -83,13 +87,14 @@ class Test_keyvault_logging_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Key Vault name_keyvault in subscription {AZURE_SUBSCRIPTION_ID} does not have a diagnostic setting with audit logging." + == f"Key Vault name_keyvault in subscription {AZURE_SUBSCRIPTION_DISPLAY} does not have a diagnostic setting with audit logging." ) assert result[0].resource_name == "name_keyvault" assert result[0].resource_id == "id" def test_diagnostic_setting_without_audit_logging(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -158,13 +163,14 @@ class Test_keyvault_logging_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Key Vault name_keyvault in subscription {AZURE_SUBSCRIPTION_ID} does not have a diagnostic setting with audit logging." + == f"Key Vault name_keyvault in subscription {AZURE_SUBSCRIPTION_DISPLAY} does not have a diagnostic setting with audit logging." ) assert result[0].resource_name == "name_keyvault" assert result[0].resource_id == "id" def test_diagnostic_setting_with_audit_logging(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -233,13 +239,14 @@ class Test_keyvault_logging_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Key Vault name_keyvault in subscription {AZURE_SUBSCRIPTION_ID} has a diagnostic setting with audit logging." + == f"Key Vault name_keyvault in subscription {AZURE_SUBSCRIPTION_DISPLAY} has a diagnostic setting with audit logging." ) assert result[0].resource_name == "name_keyvault" assert result[0].resource_id == "id" def test_multiple_diagnostic_settings_one_compliant(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -329,6 +336,7 @@ class Test_keyvault_logging_enabled: def test_multiple_vaults_mixed(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( diff --git a/tests/providers/azure/services/keyvault/keyvault_non_rbac_secret_expiration_set/keyvault_non_rbac_secret_expiration_set_test.py b/tests/providers/azure/services/keyvault/keyvault_non_rbac_secret_expiration_set/keyvault_non_rbac_secret_expiration_set_test.py index 22b7664ec4..eb6036f9c7 100644 --- a/tests/providers/azure/services/keyvault/keyvault_non_rbac_secret_expiration_set/keyvault_non_rbac_secret_expiration_set_test.py +++ b/tests/providers/azure/services/keyvault/keyvault_non_rbac_secret_expiration_set/keyvault_non_rbac_secret_expiration_set_test.py @@ -4,7 +4,9 @@ from uuid import uuid4 from azure.mgmt.keyvault.v2023_07_01.models import SecretAttributes, VaultProperties from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -12,6 +14,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_keyvault_non_rbac_secret_expiration_set: def test_no_key_vaults(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_client.key_vaults = {} with ( @@ -34,6 +37,7 @@ class Test_keyvault_non_rbac_secret_expiration_set: def test_no_secrets(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -76,6 +80,7 @@ class Test_keyvault_non_rbac_secret_expiration_set: def test_key_vaults_invalid_secrets(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_name = "Keyvault Name" keyvault_id = str(uuid4()) secret_name = "Secret" @@ -128,7 +133,7 @@ class Test_keyvault_non_rbac_secret_expiration_set: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Secret {secret_name} in Key Vault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} does not have an expiration date set." + == f"Secret {secret_name} in Key Vault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} does not have an expiration date set." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == secret_name @@ -137,6 +142,7 @@ class Test_keyvault_non_rbac_secret_expiration_set: def test_key_vaults_invalid_multiple_secrets(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_name = "Keyvault Name" keyvault_id = str(uuid4()) secret1_name = "Secret1" @@ -202,6 +208,7 @@ class Test_keyvault_non_rbac_secret_expiration_set: def test_key_vaults_valid_secrets(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_name = "Keyvault Name" keyvault_id = str(uuid4()) secret_name = "name" @@ -254,7 +261,7 @@ class Test_keyvault_non_rbac_secret_expiration_set: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Secret {secret_name} in Key Vault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} has an expiration date set." + == f"Secret {secret_name} in Key Vault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has an expiration date set." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == secret_name @@ -263,6 +270,7 @@ class Test_keyvault_non_rbac_secret_expiration_set: def test_disabled_secret_skipped(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_name = "Keyvault Name" keyvault_id = str(uuid4()) diff --git a/tests/providers/azure/services/keyvault/keyvault_private_endpoints/keyvault_private_endpoints_test.py b/tests/providers/azure/services/keyvault/keyvault_private_endpoints/keyvault_private_endpoints_test.py index e071453485..783ba6c319 100644 --- a/tests/providers/azure/services/keyvault/keyvault_private_endpoints/keyvault_private_endpoints_test.py +++ b/tests/providers/azure/services/keyvault/keyvault_private_endpoints/keyvault_private_endpoints_test.py @@ -7,7 +7,9 @@ from azure.mgmt.keyvault.v2023_07_01.models import ( ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -15,6 +17,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_keyvault_private_endpoints: def test_no_key_vaults(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_client.key_vaults = {} with ( @@ -37,6 +40,7 @@ class Test_keyvault_private_endpoints: def test_key_vaults_no_private_endpoints(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_name = "Keyvault Name" keyvault_id = str(uuid4()) @@ -82,7 +86,7 @@ class Test_keyvault_private_endpoints: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} is not using private endpoints." + == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} is not using private endpoints." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == keyvault_name @@ -91,6 +95,7 @@ class Test_keyvault_private_endpoints: def test_key_vaults_using_private_endpoints(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_name = "Keyvault Name" keyvault_id = str(uuid4()) private_endpoint = PrivateEndpointConnectionItem( @@ -141,7 +146,7 @@ class Test_keyvault_private_endpoints: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} is using private endpoints." + == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} is using private endpoints." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == keyvault_name diff --git a/tests/providers/azure/services/keyvault/keyvault_rbac_enabled/keyvault_rbac_enabled_test.py b/tests/providers/azure/services/keyvault/keyvault_rbac_enabled/keyvault_rbac_enabled_test.py index 00729ab0bf..be72938b0e 100644 --- a/tests/providers/azure/services/keyvault/keyvault_rbac_enabled/keyvault_rbac_enabled_test.py +++ b/tests/providers/azure/services/keyvault/keyvault_rbac_enabled/keyvault_rbac_enabled_test.py @@ -4,7 +4,9 @@ from uuid import uuid4 from azure.mgmt.keyvault.v2023_07_01.models import VaultProperties from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -12,6 +14,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_keyvault_rbac_enabled: def test_no_key_vaults(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_client.key_vaults = {} with ( @@ -34,6 +37,7 @@ class Test_keyvault_rbac_enabled: def test_key_vaults_no_rbac(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_name = "Keyvault Name" keyvault_id = str(uuid4()) @@ -77,7 +81,7 @@ class Test_keyvault_rbac_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} is not using RBAC for access control." + == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} is not using RBAC for access control." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == keyvault_name @@ -86,6 +90,7 @@ class Test_keyvault_rbac_enabled: def test_key_vaults_rbac(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_name = "Keyvault Name" keyvault_id = str(uuid4()) @@ -129,7 +134,7 @@ class Test_keyvault_rbac_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} is using RBAC for access control." + == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} is using RBAC for access control." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == keyvault_name diff --git a/tests/providers/azure/services/keyvault/keyvault_rbac_key_expiration_set/keyvault_rbac_key_expiration_set_test.py b/tests/providers/azure/services/keyvault/keyvault_rbac_key_expiration_set/keyvault_rbac_key_expiration_set_test.py index c12c000526..b73948adef 100644 --- a/tests/providers/azure/services/keyvault/keyvault_rbac_key_expiration_set/keyvault_rbac_key_expiration_set_test.py +++ b/tests/providers/azure/services/keyvault/keyvault_rbac_key_expiration_set/keyvault_rbac_key_expiration_set_test.py @@ -4,7 +4,9 @@ from uuid import uuid4 from azure.mgmt.keyvault.v2023_07_01.models import KeyAttributes, VaultProperties from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -12,6 +14,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_keyvault_rbac_key_expiration_set: def test_no_key_vaults(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_client.key_vaults = {} with ( @@ -34,6 +37,7 @@ class Test_keyvault_rbac_key_expiration_set: def test_no_keys(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -75,6 +79,7 @@ class Test_keyvault_rbac_key_expiration_set: def test_key_vaults_invalid_keys(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_name = "Keyvault Name" keyvault_id = str(uuid4()) key_name = "Key Name" @@ -127,7 +132,7 @@ class Test_keyvault_rbac_key_expiration_set: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Key {key_name} in Key Vault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} does not have an expiration date set." + == f"Key {key_name} in Key Vault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} does not have an expiration date set." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == key_name @@ -136,6 +141,7 @@ class Test_keyvault_rbac_key_expiration_set: def test_key_vaults_valid_keys(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_name = "Keyvault Name" keyvault_id = str(uuid4()) key_name = "Key Name" @@ -188,7 +194,7 @@ class Test_keyvault_rbac_key_expiration_set: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Key {key_name} in Key Vault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} has an expiration date set." + == f"Key {key_name} in Key Vault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has an expiration date set." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == key_name @@ -197,6 +203,7 @@ class Test_keyvault_rbac_key_expiration_set: def test_disabled_key_skipped(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_name = "Keyvault Name" keyvault_id = str(uuid4()) @@ -248,6 +255,7 @@ class Test_keyvault_rbac_key_expiration_set: def test_multiple_keys_mixed_expiration(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_name = "Keyvault Name" keyvault_id = str(uuid4()) key_with_expiry = "key_with_expiry" diff --git a/tests/providers/azure/services/keyvault/keyvault_rbac_secret_expiration_set/keyvault_rbac_secret_expiration_set_test.py b/tests/providers/azure/services/keyvault/keyvault_rbac_secret_expiration_set/keyvault_rbac_secret_expiration_set_test.py index d6b78380bc..dffcca1f7a 100644 --- a/tests/providers/azure/services/keyvault/keyvault_rbac_secret_expiration_set/keyvault_rbac_secret_expiration_set_test.py +++ b/tests/providers/azure/services/keyvault/keyvault_rbac_secret_expiration_set/keyvault_rbac_secret_expiration_set_test.py @@ -4,7 +4,9 @@ from uuid import uuid4 from azure.mgmt.keyvault.v2023_07_01.models import SecretAttributes, VaultProperties from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -12,6 +14,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_keyvault_rbac_secret_expiration_set: def test_no_key_vaults(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_client.key_vaults = {} with ( @@ -34,6 +37,7 @@ class Test_keyvault_rbac_secret_expiration_set: def test_no_secrets(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -75,6 +79,7 @@ class Test_keyvault_rbac_secret_expiration_set: def test_key_vaults_invalid_secrets(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_name = "Keyvault Name" keyvault_id = str(uuid4()) secret_name = "Secret" @@ -127,7 +132,7 @@ class Test_keyvault_rbac_secret_expiration_set: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Secret {secret_name} in Key Vault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} does not have an expiration date set." + == f"Secret {secret_name} in Key Vault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} does not have an expiration date set." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == secret_name @@ -136,6 +141,7 @@ class Test_keyvault_rbac_secret_expiration_set: def test_key_vaults_invalid_multiple_secrets(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_name = "Keyvault Name" keyvault_id = str(uuid4()) secret1_name = "Secret1" @@ -201,6 +207,7 @@ class Test_keyvault_rbac_secret_expiration_set: def test_key_vaults_valid_secrets(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_name = "Keyvault Name" keyvault_id = str(uuid4()) secret_name = "name" @@ -253,7 +260,7 @@ class Test_keyvault_rbac_secret_expiration_set: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Secret {secret_name} in Key Vault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} has an expiration date set." + == f"Secret {secret_name} in Key Vault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has an expiration date set." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == secret_name @@ -262,6 +269,7 @@ class Test_keyvault_rbac_secret_expiration_set: def test_disabled_secret_skipped(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_name = "Keyvault Name" keyvault_id = str(uuid4()) diff --git a/tests/providers/azure/services/keyvault/keyvault_recoverable/keyvault_recoverable_test.py b/tests/providers/azure/services/keyvault/keyvault_recoverable/keyvault_recoverable_test.py index 733683d7a1..f0a0592e02 100644 --- a/tests/providers/azure/services/keyvault/keyvault_recoverable/keyvault_recoverable_test.py +++ b/tests/providers/azure/services/keyvault/keyvault_recoverable/keyvault_recoverable_test.py @@ -4,7 +4,9 @@ from uuid import uuid4 from azure.mgmt.keyvault.v2023_07_01.models import SecretAttributes, VaultProperties from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -13,6 +15,7 @@ class Test_keyvault_recoverable: def test_no_key_vaults(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_client.key_vaults = {} with ( @@ -35,6 +38,7 @@ class Test_keyvault_recoverable: def test_key_vaults_no_purge(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_name = "Keyvault Name" keyvault_id = str(uuid4()) @@ -80,7 +84,7 @@ class Test_keyvault_recoverable: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} is not recoverable." + == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} is not recoverable." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == keyvault_name @@ -89,6 +93,7 @@ class Test_keyvault_recoverable: def test_key_vaults_no_soft_delete(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_name = "Keyvault Name" keyvault_id = str(uuid4()) @@ -149,7 +154,7 @@ class Test_keyvault_recoverable: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} is not recoverable." + == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} is not recoverable." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == keyvault_name @@ -158,6 +163,7 @@ class Test_keyvault_recoverable: def test_key_vaults_valid_configuration(self): keyvault_client = mock.MagicMock + keyvault_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} keyvault_name = "Keyvault Name" keyvault_id = str(uuid4()) @@ -211,7 +217,7 @@ class Test_keyvault_recoverable: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_ID} is recoverable." + == f"Keyvault {keyvault_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} is recoverable." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == keyvault_name diff --git a/tests/providers/azure/services/monitor/monitor_alert_create_policy_assignment/monitor_alert_create_policy_assignment_test.py b/tests/providers/azure/services/monitor/monitor_alert_create_policy_assignment/monitor_alert_create_policy_assignment_test.py index 4e380d2c33..d785de72f4 100644 --- a/tests/providers/azure/services/monitor/monitor_alert_create_policy_assignment/monitor_alert_create_policy_assignment_test.py +++ b/tests/providers/azure/services/monitor/monitor_alert_create_policy_assignment/monitor_alert_create_policy_assignment_test.py @@ -3,7 +3,9 @@ from unittest import mock from azure.mgmt.monitor.models import AlertRuleAnyOfOrLeafCondition from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_monitor_alert_create_policy_assignment: def test_monitor_alert_create_policy_assignment_no_subscriptions(self): monitor_client = mock.MagicMock + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} monitor_client.alert_rules = {} with ( @@ -34,7 +37,7 @@ class Test_monitor_alert_create_policy_assignment: def test_no_alert_rules(self): monitor_client = mock.MagicMock monitor_client.alert_rules = {AZURE_SUBSCRIPTION_ID: []} - monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_ID} + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( "prowler.providers.common.provider.Provider.get_global_provider", @@ -58,11 +61,12 @@ class Test_monitor_alert_create_policy_assignment: assert result[0].resource_id == f"/subscriptions/{AZURE_SUBSCRIPTION_ID}" assert ( result[0].status_extended - == f"There is not an alert for creating Policy Assignments in subscription {AZURE_SUBSCRIPTION_ID}." + == f"There is not an alert for creating Policy Assignments in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_alert_rules_configured(self): monitor_client = mock.MagicMock + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -125,5 +129,5 @@ class Test_monitor_alert_create_policy_assignment: assert result[0].resource_id == "id2" assert ( result[0].status_extended - == f"There is an alert configured for creating Policy Assignments in subscription {AZURE_SUBSCRIPTION_ID}." + == f"There is an alert configured for creating Policy Assignments in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) diff --git a/tests/providers/azure/services/monitor/monitor_alert_create_update_nsg/monitor_alert_create_update_nsg_test.py b/tests/providers/azure/services/monitor/monitor_alert_create_update_nsg/monitor_alert_create_update_nsg_test.py index ef620f468b..224a2eaca3 100644 --- a/tests/providers/azure/services/monitor/monitor_alert_create_update_nsg/monitor_alert_create_update_nsg_test.py +++ b/tests/providers/azure/services/monitor/monitor_alert_create_update_nsg/monitor_alert_create_update_nsg_test.py @@ -3,7 +3,9 @@ from unittest import mock from azure.mgmt.monitor.models import AlertRuleAnyOfOrLeafCondition from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_monitor_alert_create_update_nsg: def test_monitor_alert_create_update_nsg_no_subscriptions(self): monitor_client = mock.MagicMock + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} monitor_client.alert_rules = {} with ( mock.patch( @@ -33,7 +36,7 @@ class Test_monitor_alert_create_update_nsg: def test_no_alert_rules(self): monitor_client = mock.MagicMock() monitor_client.alert_rules = {AZURE_SUBSCRIPTION_ID: []} - monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_ID} + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( "prowler.providers.common.provider.Provider.get_global_provider", @@ -57,11 +60,12 @@ class Test_monitor_alert_create_update_nsg: assert result[0].resource_id == f"/subscriptions/{AZURE_SUBSCRIPTION_ID}" assert ( result[0].status_extended - == f"There is not an alert for creating/updating Network Security Groups in subscription {AZURE_SUBSCRIPTION_ID}." + == f"There is not an alert for creating/updating Network Security Groups in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_alert_rules_configured(self): monitor_client = mock.MagicMock + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( "prowler.providers.common.provider.Provider.get_global_provider", @@ -123,5 +127,5 @@ class Test_monitor_alert_create_update_nsg: assert result[0].resource_id == "id2" assert ( result[0].status_extended - == f"There is an alert configured for creating/updating Network Security Groups in subscription {AZURE_SUBSCRIPTION_ID}." + == f"There is an alert configured for creating/updating Network Security Groups in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) diff --git a/tests/providers/azure/services/monitor/monitor_alert_create_update_public_ip_address_rule/monitor_alert_create_update_public_ip_address_rule_test.py b/tests/providers/azure/services/monitor/monitor_alert_create_update_public_ip_address_rule/monitor_alert_create_update_public_ip_address_rule_test.py index 987532ed24..0917f1f381 100644 --- a/tests/providers/azure/services/monitor/monitor_alert_create_update_public_ip_address_rule/monitor_alert_create_update_public_ip_address_rule_test.py +++ b/tests/providers/azure/services/monitor/monitor_alert_create_update_public_ip_address_rule/monitor_alert_create_update_public_ip_address_rule_test.py @@ -3,7 +3,9 @@ from unittest import mock from azure.mgmt.monitor.models import AlertRuleAnyOfOrLeafCondition from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_monitor_alert_create_update_security_solution: def test_monitor_alert_create_update_public_ip_address_rule_no_subscriptions(self): monitor_client = mock.MagicMock() + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} monitor_client.alert_rules = {} with ( mock.patch( @@ -33,7 +36,7 @@ class Test_monitor_alert_create_update_security_solution: def test_no_alert_rules(self): monitor_client = mock.MagicMock() monitor_client.alert_rules = {AZURE_SUBSCRIPTION_ID: []} - monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_ID} + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( "prowler.providers.common.provider.Provider.get_global_provider", @@ -57,11 +60,12 @@ class Test_monitor_alert_create_update_security_solution: assert result[0].resource_id == f"/subscriptions/{AZURE_SUBSCRIPTION_ID}" assert ( result[0].status_extended - == f"There is not an alert for creating/updating Public IP address rule in subscription {AZURE_SUBSCRIPTION_ID}." + == f"There is not an alert for creating/updating Public IP address rule in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_alert_rules_configured(self): monitor_client = mock.MagicMock + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -124,5 +128,5 @@ class Test_monitor_alert_create_update_security_solution: assert result[0].resource_id == "id2" assert ( result[0].status_extended - == f"There is an alert configured for creating/updating Public IP address rule in subscription {AZURE_SUBSCRIPTION_ID}." + == f"There is an alert configured for creating/updating Public IP address rule in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) diff --git a/tests/providers/azure/services/monitor/monitor_alert_create_update_security_solution/monitor_alert_create_update_security_solution_test.py b/tests/providers/azure/services/monitor/monitor_alert_create_update_security_solution/monitor_alert_create_update_security_solution_test.py index ba7f475ca3..8638ba0718 100644 --- a/tests/providers/azure/services/monitor/monitor_alert_create_update_security_solution/monitor_alert_create_update_security_solution_test.py +++ b/tests/providers/azure/services/monitor/monitor_alert_create_update_security_solution/monitor_alert_create_update_security_solution_test.py @@ -3,7 +3,9 @@ from unittest import mock from azure.mgmt.monitor.models import AlertRuleAnyOfOrLeafCondition from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_monitor_alert_create_update_security_solution: def test_monitor_alert_create_update_security_solution_no_subscriptions(self): monitor_client = mock.MagicMock() + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} monitor_client.alert_rules = {} with ( mock.patch( @@ -33,7 +36,7 @@ class Test_monitor_alert_create_update_security_solution: def test_no_alert_rules(self): monitor_client = mock.MagicMock() monitor_client.alert_rules = {AZURE_SUBSCRIPTION_ID: []} - monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_ID} + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( "prowler.providers.common.provider.Provider.get_global_provider", @@ -57,11 +60,12 @@ class Test_monitor_alert_create_update_security_solution: assert result[0].resource_id == f"/subscriptions/{AZURE_SUBSCRIPTION_ID}" assert ( result[0].status_extended - == f"There is not an alert for creating/updating Security Solution in subscription {AZURE_SUBSCRIPTION_ID}." + == f"There is not an alert for creating/updating Security Solution in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_alert_rules_configured(self): monitor_client = mock.MagicMock + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -124,5 +128,5 @@ class Test_monitor_alert_create_update_security_solution: assert result[0].resource_id == "id2" assert ( result[0].status_extended - == f"There is an alert configured for creating/updating Security Solution in subscription {AZURE_SUBSCRIPTION_ID}." + == f"There is an alert configured for creating/updating Security Solution in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) diff --git a/tests/providers/azure/services/monitor/monitor_alert_create_update_sqlserver_fr/monitor_alert_create_update_sqlserver_fr_test.py b/tests/providers/azure/services/monitor/monitor_alert_create_update_sqlserver_fr/monitor_alert_create_update_sqlserver_fr_test.py index 7195e321e3..d56c7e7ba8 100644 --- a/tests/providers/azure/services/monitor/monitor_alert_create_update_sqlserver_fr/monitor_alert_create_update_sqlserver_fr_test.py +++ b/tests/providers/azure/services/monitor/monitor_alert_create_update_sqlserver_fr/monitor_alert_create_update_sqlserver_fr_test.py @@ -3,7 +3,9 @@ from unittest import mock from azure.mgmt.monitor.models import AlertRuleAnyOfOrLeafCondition from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_monitor_alert_create_update_sqlserver_fr: def test_monitor_alert_create_update_sqlserver_fr_no_subscriptions(self): monitor_client = mock.MagicMock() + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} monitor_client.alert_rules = {} with ( mock.patch( @@ -33,7 +36,7 @@ class Test_monitor_alert_create_update_sqlserver_fr: def test_no_alert_rules(self): monitor_client = mock.MagicMock() monitor_client.alert_rules = {AZURE_SUBSCRIPTION_ID: []} - monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_ID} + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( "prowler.providers.common.provider.Provider.get_global_provider", @@ -57,11 +60,12 @@ class Test_monitor_alert_create_update_sqlserver_fr: assert result[0].resource_id == f"/subscriptions/{AZURE_SUBSCRIPTION_ID}" assert ( result[0].status_extended - == f"There is not an alert for creating/updating SQL Server firewall rule in subscription {AZURE_SUBSCRIPTION_ID}." + == f"There is not an alert for creating/updating SQL Server firewall rule in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_alert_rules_configured(self): monitor_client = mock.MagicMock + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -124,5 +128,5 @@ class Test_monitor_alert_create_update_sqlserver_fr: assert result[0].resource_id == "id2" assert ( result[0].status_extended - == f"There is an alert configured for creating/updating SQL Server firewall rule in subscription {AZURE_SUBSCRIPTION_ID}." + == f"There is an alert configured for creating/updating SQL Server firewall rule in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) diff --git a/tests/providers/azure/services/monitor/monitor_alert_delete_nsg/monitor_alert_delete_nsg_test.py b/tests/providers/azure/services/monitor/monitor_alert_delete_nsg/monitor_alert_delete_nsg_test.py index 161b0de95d..a06a40b532 100644 --- a/tests/providers/azure/services/monitor/monitor_alert_delete_nsg/monitor_alert_delete_nsg_test.py +++ b/tests/providers/azure/services/monitor/monitor_alert_delete_nsg/monitor_alert_delete_nsg_test.py @@ -3,7 +3,9 @@ from unittest import mock from azure.mgmt.monitor.models import AlertRuleAnyOfOrLeafCondition from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_monitor_alert_delete_nsg: def test_monitor_alert_delete_nsg_no_subscriptions(self): monitor_client = mock.MagicMock() + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} monitor_client.alert_rules = {} with ( mock.patch( @@ -33,7 +36,7 @@ class Test_monitor_alert_delete_nsg: def test_no_alert_rules(self): monitor_client = mock.MagicMock() monitor_client.alert_rules = {AZURE_SUBSCRIPTION_ID: []} - monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_ID} + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( "prowler.providers.common.provider.Provider.get_global_provider", @@ -57,11 +60,12 @@ class Test_monitor_alert_delete_nsg: assert result[0].resource_id == f"/subscriptions/{AZURE_SUBSCRIPTION_ID}" assert ( result[0].status_extended - == f"There is not an alert for deleting Network Security Groups in subscription {AZURE_SUBSCRIPTION_ID}." + == f"There is not an alert for deleting Network Security Groups in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_alert_rules_configured(self): monitor_client = mock.MagicMock + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -124,5 +128,5 @@ class Test_monitor_alert_delete_nsg: assert result[0].resource_id == "id2" assert ( result[0].status_extended - == f"There is an alert configured for deleting Network Security Groups in subscription {AZURE_SUBSCRIPTION_ID}." + == f"There is an alert configured for deleting Network Security Groups in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) diff --git a/tests/providers/azure/services/monitor/monitor_alert_delete_policy_assignment/monitor_alert_delete_policy_assignment_test.py b/tests/providers/azure/services/monitor/monitor_alert_delete_policy_assignment/monitor_alert_delete_policy_assignment_test.py index 1f52f15480..afa492a468 100644 --- a/tests/providers/azure/services/monitor/monitor_alert_delete_policy_assignment/monitor_alert_delete_policy_assignment_test.py +++ b/tests/providers/azure/services/monitor/monitor_alert_delete_policy_assignment/monitor_alert_delete_policy_assignment_test.py @@ -3,7 +3,9 @@ from unittest import mock from azure.mgmt.monitor.models import AlertRuleAnyOfOrLeafCondition from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_monitor_alert_delete_policy_assignment: def test_monitor_alert_delete_policy_assignment_no_subscriptions(self): monitor_client = mock.MagicMock + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} monitor_client.alert_rules = {} with ( @@ -34,7 +37,7 @@ class Test_monitor_alert_delete_policy_assignment: def test_no_alert_rules(self): monitor_client = mock.MagicMock monitor_client.alert_rules = {AZURE_SUBSCRIPTION_ID: []} - monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_ID} + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( "prowler.providers.common.provider.Provider.get_global_provider", @@ -58,11 +61,12 @@ class Test_monitor_alert_delete_policy_assignment: assert result[0].resource_id == f"/subscriptions/{AZURE_SUBSCRIPTION_ID}" assert ( result[0].status_extended - == f"There is not an alert for deleting policy assignment in subscription {AZURE_SUBSCRIPTION_ID}." + == f"There is not an alert for deleting policy assignment in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_alert_rules_configured(self): monitor_client = mock.MagicMock + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -125,5 +129,5 @@ class Test_monitor_alert_delete_policy_assignment: assert result[0].resource_id == "id2" assert ( result[0].status_extended - == f"There is an alert configured for deleting policy assignment in subscription {AZURE_SUBSCRIPTION_ID}." + == f"There is an alert configured for deleting policy assignment in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) diff --git a/tests/providers/azure/services/monitor/monitor_alert_delete_public_ip_address_rule/monitor_alert_delete_public_ip_address_rule_test.py b/tests/providers/azure/services/monitor/monitor_alert_delete_public_ip_address_rule/monitor_alert_delete_public_ip_address_rule_test.py index 79aef33e20..44fdfd41c8 100644 --- a/tests/providers/azure/services/monitor/monitor_alert_delete_public_ip_address_rule/monitor_alert_delete_public_ip_address_rule_test.py +++ b/tests/providers/azure/services/monitor/monitor_alert_delete_public_ip_address_rule/monitor_alert_delete_public_ip_address_rule_test.py @@ -3,7 +3,9 @@ from unittest import mock from azure.mgmt.monitor.models import AlertRuleAnyOfOrLeafCondition from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_monitor_alert_create_update_security_solution: def test_monitor_alert_delete_public_ip_address_rule_no_subscriptions(self): monitor_client = mock.MagicMock() + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} monitor_client.alert_rules = {} with ( mock.patch( @@ -33,7 +36,7 @@ class Test_monitor_alert_create_update_security_solution: def test_no_alert_rules(self): monitor_client = mock.MagicMock() monitor_client.alert_rules = {AZURE_SUBSCRIPTION_ID: []} - monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_ID} + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( "prowler.providers.common.provider.Provider.get_global_provider", @@ -57,11 +60,12 @@ class Test_monitor_alert_create_update_security_solution: assert result[0].resource_id == f"/subscriptions/{AZURE_SUBSCRIPTION_ID}" assert ( result[0].status_extended - == f"There is not an alert for deleting public IP address rule in subscription {AZURE_SUBSCRIPTION_ID}." + == f"There is not an alert for deleting public IP address rule in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_alert_rules_configured(self): monitor_client = mock.MagicMock + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -124,5 +128,5 @@ class Test_monitor_alert_create_update_security_solution: assert result[0].resource_id == "id2" assert ( result[0].status_extended - == f"There is an alert configured for deleting public IP address rule in subscription {AZURE_SUBSCRIPTION_ID}." + == f"There is an alert configured for deleting public IP address rule in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) diff --git a/tests/providers/azure/services/monitor/monitor_alert_delete_security_solution/monitor_alert_delete_security_solution_test.py b/tests/providers/azure/services/monitor/monitor_alert_delete_security_solution/monitor_alert_delete_security_solution_test.py index ba80bfff41..3c204de572 100644 --- a/tests/providers/azure/services/monitor/monitor_alert_delete_security_solution/monitor_alert_delete_security_solution_test.py +++ b/tests/providers/azure/services/monitor/monitor_alert_delete_security_solution/monitor_alert_delete_security_solution_test.py @@ -3,7 +3,9 @@ from unittest import mock from azure.mgmt.monitor.models import AlertRuleAnyOfOrLeafCondition from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_monitor_alert_create_update_security_solution: def test_monitor_alert_delete_security_solution_no_subscriptions(self): monitor_client = mock.MagicMock() + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} monitor_client.alert_rules = {} with ( mock.patch( @@ -33,7 +36,7 @@ class Test_monitor_alert_create_update_security_solution: def test_no_alert_rules(self): monitor_client = mock.MagicMock() monitor_client.alert_rules = {AZURE_SUBSCRIPTION_ID: []} - monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_ID} + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( "prowler.providers.common.provider.Provider.get_global_provider", @@ -57,11 +60,12 @@ class Test_monitor_alert_create_update_security_solution: assert result[0].resource_id == f"/subscriptions/{AZURE_SUBSCRIPTION_ID}" assert ( result[0].status_extended - == f"There is not an alert for deleting Security Solution in subscription {AZURE_SUBSCRIPTION_ID}." + == f"There is not an alert for deleting Security Solution in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_alert_rules_configured(self): monitor_client = mock.MagicMock + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -124,5 +128,5 @@ class Test_monitor_alert_create_update_security_solution: assert result[0].resource_id == "id2" assert ( result[0].status_extended - == f"There is an alert configured for deleting Security Solution in subscription {AZURE_SUBSCRIPTION_ID}." + == f"There is an alert configured for deleting Security Solution in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) diff --git a/tests/providers/azure/services/monitor/monitor_alert_delete_sqlserver_fr/monitor_alert_delete_sqlserver_fr_test.py b/tests/providers/azure/services/monitor/monitor_alert_delete_sqlserver_fr/monitor_alert_delete_sqlserver_fr_test.py index 2725fafd19..1a0a63a869 100644 --- a/tests/providers/azure/services/monitor/monitor_alert_delete_sqlserver_fr/monitor_alert_delete_sqlserver_fr_test.py +++ b/tests/providers/azure/services/monitor/monitor_alert_delete_sqlserver_fr/monitor_alert_delete_sqlserver_fr_test.py @@ -3,7 +3,9 @@ from unittest import mock from azure.mgmt.monitor.models import AlertRuleAnyOfOrLeafCondition from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_monitor_alert_delete_sqlserver_fr: def test_monitor_alert_delete_sqlserver_fr_no_subscriptions(self): monitor_client = mock.MagicMock() + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} monitor_client.alert_rules = {} with ( mock.patch( @@ -33,7 +36,7 @@ class Test_monitor_alert_delete_sqlserver_fr: def test_no_alert_rules(self): monitor_client = mock.MagicMock() monitor_client.alert_rules = {AZURE_SUBSCRIPTION_ID: []} - monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_ID} + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( "prowler.providers.common.provider.Provider.get_global_provider", @@ -57,11 +60,12 @@ class Test_monitor_alert_delete_sqlserver_fr: assert result[0].resource_id == f"/subscriptions/{AZURE_SUBSCRIPTION_ID}" assert ( result[0].status_extended - == f"There is not an alert for deleting SQL Server firewall rule in subscription {AZURE_SUBSCRIPTION_ID}." + == f"There is not an alert for deleting SQL Server firewall rule in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_alert_rules_configured(self): monitor_client = mock.MagicMock + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -124,5 +128,5 @@ class Test_monitor_alert_delete_sqlserver_fr: assert result[0].resource_id == "id2" assert ( result[0].status_extended - == f"There is an alert configured for deleting SQL Server firewall rule in subscription {AZURE_SUBSCRIPTION_ID}." + == f"There is an alert configured for deleting SQL Server firewall rule in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) diff --git a/tests/providers/azure/services/monitor/monitor_alert_service_health_exists/monitor_alert_service_health_exists_test.py b/tests/providers/azure/services/monitor/monitor_alert_service_health_exists/monitor_alert_service_health_exists_test.py index 3cfd80bedf..ba928af0e3 100644 --- a/tests/providers/azure/services/monitor/monitor_alert_service_health_exists/monitor_alert_service_health_exists_test.py +++ b/tests/providers/azure/services/monitor/monitor_alert_service_health_exists/monitor_alert_service_health_exists_test.py @@ -1,7 +1,9 @@ from unittest import mock from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -9,6 +11,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_monitor_alert_service_health_exists: def test_monitor_alert_service_health_exists_no_subscriptions(self): monitor_client = mock.MagicMock() + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} monitor_client.alert_rules = {} with ( mock.patch( @@ -31,7 +34,7 @@ class Test_monitor_alert_service_health_exists: def test_no_alert_rules(self): monitor_client = mock.MagicMock() monitor_client.alert_rules = {AZURE_SUBSCRIPTION_ID: []} - monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_ID} + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( "prowler.providers.common.provider.Provider.get_global_provider", @@ -55,11 +58,12 @@ class Test_monitor_alert_service_health_exists: assert result[0].resource_id == f"/subscriptions/{AZURE_SUBSCRIPTION_ID}" assert ( result[0].status_extended - == f"There is no activity log alert for Service Health in subscription {AZURE_SUBSCRIPTION_ID}." + == f"There is no activity log alert for Service Health in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_alert_rules_configured(self): monitor_client = mock.MagicMock() + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( "prowler.providers.common.provider.Provider.get_global_provider", @@ -108,11 +112,12 @@ class Test_monitor_alert_service_health_exists: assert result[0].resource_id == "id1" assert ( result[0].status_extended - == f"There is an activity log alert for Service Health in subscription {AZURE_SUBSCRIPTION_ID}." + == f"There is an activity log alert for Service Health in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_alert_rules_configured_but_disabled(self): monitor_client = mock.MagicMock() + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( "prowler.providers.common.provider.Provider.get_global_provider", @@ -153,7 +158,7 @@ class Test_monitor_alert_service_health_exists: ] } monitor_client.subscriptions = { - AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_ID + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME } check = monitor_alert_service_health_exists() result = check.execute() @@ -164,5 +169,5 @@ class Test_monitor_alert_service_health_exists: assert result[0].resource_id == f"/subscriptions/{AZURE_SUBSCRIPTION_ID}" assert ( result[0].status_extended - == f"There is no activity log alert for Service Health in subscription {AZURE_SUBSCRIPTION_ID}." + == f"There is no activity log alert for Service Health in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) diff --git a/tests/providers/azure/services/monitor/monitor_diagnostic_setting_with_appropriate_categories/monitor_diagnostic_setting_with_appropriate_categories_test.py b/tests/providers/azure/services/monitor/monitor_diagnostic_setting_with_appropriate_categories/monitor_diagnostic_setting_with_appropriate_categories_test.py index 56d10199bc..6c111b76f8 100644 --- a/tests/providers/azure/services/monitor/monitor_diagnostic_setting_with_appropriate_categories/monitor_diagnostic_setting_with_appropriate_categories_test.py +++ b/tests/providers/azure/services/monitor/monitor_diagnostic_setting_with_appropriate_categories/monitor_diagnostic_setting_with_appropriate_categories_test.py @@ -1,7 +1,9 @@ from unittest import mock from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ class Test_monitor_diagnostic_setting_with_appropriate_categories: self, ): monitor_client = mock.MagicMock + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} monitor_client.diagnostics_settings = {} with ( @@ -34,7 +37,7 @@ class Test_monitor_diagnostic_setting_with_appropriate_categories: def test_no_diagnostic_settings(self): monitor_client = mock.MagicMock monitor_client.diagnostics_settings = {AZURE_SUBSCRIPTION_ID: []} - monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_ID} + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( "prowler.providers.common.provider.Provider.get_global_provider", @@ -58,11 +61,12 @@ class Test_monitor_diagnostic_setting_with_appropriate_categories: assert result[0].resource_name == AZURE_SUBSCRIPTION_ID assert ( result[0].status_extended - == f"No diagnostic setting captures all appropriate categories (Administrative, Security, Alert, Policy) in subscription {AZURE_SUBSCRIPTION_ID}." + == f"No diagnostic setting captures all appropriate categories (Administrative, Security, Alert, Policy) in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_diagnostic_settings_configured(self): monitor_client = mock.MagicMock + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -128,5 +132,5 @@ class Test_monitor_diagnostic_setting_with_appropriate_categories: assert result[0].resource_name == "name" assert ( result[0].status_extended - == f"Diagnostic setting name captures appropriate categories in subscription {AZURE_SUBSCRIPTION_ID}." + == f"Diagnostic setting name captures appropriate categories in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) diff --git a/tests/providers/azure/services/monitor/monitor_diagnostic_settings_exists/monitor_diagnostic_settings_exists_test.py b/tests/providers/azure/services/monitor/monitor_diagnostic_settings_exists/monitor_diagnostic_settings_exists_test.py index a4638ffac7..4bac8b5bd7 100644 --- a/tests/providers/azure/services/monitor/monitor_diagnostic_settings_exists/monitor_diagnostic_settings_exists_test.py +++ b/tests/providers/azure/services/monitor/monitor_diagnostic_settings_exists/monitor_diagnostic_settings_exists_test.py @@ -1,7 +1,9 @@ from unittest import mock from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ class Test_monitor_diagnostic_settings_exists: self, ): monitor_client = mock.MagicMock + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} monitor_client.diagnostics_settings = {} with ( @@ -34,7 +37,7 @@ class Test_monitor_diagnostic_settings_exists: def test_no_diagnostic_settings(self): monitor_client = mock.MagicMock monitor_client.diagnostics_settings = {AZURE_SUBSCRIPTION_ID: []} - monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_ID} + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( "prowler.providers.common.provider.Provider.get_global_provider", @@ -58,12 +61,14 @@ class Test_monitor_diagnostic_settings_exists: assert result[0].resource_id == f"/subscriptions/{AZURE_SUBSCRIPTION_ID}" assert ( result[0].status_extended - == f"No diagnostic settings found in subscription {AZURE_SUBSCRIPTION_ID}." + == f"No diagnostic settings found in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_diagnostic_settings_configured(self): monitor_client = mock.MagicMock + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -196,5 +201,5 @@ class Test_monitor_diagnostic_settings_exists: assert result[0].resource_id == "id" assert ( result[0].status_extended - == f"Diagnostic setting name found in subscription {AZURE_SUBSCRIPTION_ID}." + == f"Diagnostic setting name found in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) diff --git a/tests/providers/azure/services/monitor/monitor_storage_account_with_activity_logs_cmk_encrypted/monitor_storage_account_with_activity_logs_cmk_encrypted_test.py b/tests/providers/azure/services/monitor/monitor_storage_account_with_activity_logs_cmk_encrypted/monitor_storage_account_with_activity_logs_cmk_encrypted_test.py index 707fd11af2..cf4dbcc54b 100644 --- a/tests/providers/azure/services/monitor/monitor_storage_account_with_activity_logs_cmk_encrypted/monitor_storage_account_with_activity_logs_cmk_encrypted_test.py +++ b/tests/providers/azure/services/monitor/monitor_storage_account_with_activity_logs_cmk_encrypted/monitor_storage_account_with_activity_logs_cmk_encrypted_test.py @@ -1,7 +1,9 @@ from unittest import mock from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ class Test_monitor_storage_account_with_activity_logs_cmk_encrypted: self, ): monitor_client = mock.MagicMock + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} monitor_client.diagnostics_settings = {} with ( @@ -33,6 +36,7 @@ class Test_monitor_storage_account_with_activity_logs_cmk_encrypted: def test_no_diagnostic_settings(self): monitor_client = mock.MagicMock + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} monitor_client.diagnostics_settings = {AZURE_SUBSCRIPTION_ID: []} with ( mock.patch( @@ -54,7 +58,9 @@ class Test_monitor_storage_account_with_activity_logs_cmk_encrypted: def test_diagnostic_settings_configured(self): monitor_client = mock.MagicMock + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -191,7 +197,7 @@ class Test_monitor_storage_account_with_activity_logs_cmk_encrypted: ) assert ( result[0].status_extended - == f"Storage account {storage_client.storage_accounts[AZURE_SUBSCRIPTION_ID][0].name} storing activity log in subscription {AZURE_SUBSCRIPTION_ID} is encrypted with Customer Managed Key or not necessary." + == f"Storage account {storage_client.storage_accounts[AZURE_SUBSCRIPTION_ID][0].name} storing activity log in subscription {AZURE_SUBSCRIPTION_DISPLAY} is encrypted with Customer Managed Key or not necessary." ) assert result[1].status == "FAIL" assert result[1].resource_name == "storageaccountname2" @@ -202,5 +208,5 @@ class Test_monitor_storage_account_with_activity_logs_cmk_encrypted: ) assert ( result[1].status_extended - == f"Storage account {storage_client.storage_accounts[AZURE_SUBSCRIPTION_ID][1].name} storing activity log in subscription {AZURE_SUBSCRIPTION_ID} is not encrypted with Customer Managed Key." + == f"Storage account {storage_client.storage_accounts[AZURE_SUBSCRIPTION_ID][1].name} storing activity log in subscription {AZURE_SUBSCRIPTION_DISPLAY} is not encrypted with Customer Managed Key." ) diff --git a/tests/providers/azure/services/monitor/monitor_storage_account_with_activity_logs_is_private/monitor_storage_account_with_activity_logs_is_private_test.py b/tests/providers/azure/services/monitor/monitor_storage_account_with_activity_logs_is_private/monitor_storage_account_with_activity_logs_is_private_test.py index debcab0321..0e69470251 100644 --- a/tests/providers/azure/services/monitor/monitor_storage_account_with_activity_logs_is_private/monitor_storage_account_with_activity_logs_is_private_test.py +++ b/tests/providers/azure/services/monitor/monitor_storage_account_with_activity_logs_is_private/monitor_storage_account_with_activity_logs_is_private_test.py @@ -1,7 +1,9 @@ from unittest import mock from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ class Test_monitor_storage_account_with_activity_logs_is_private: self, ): monitor_client = mock.MagicMock + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} monitor_client.diagnostics_settings = {} with ( @@ -33,6 +36,7 @@ class Test_monitor_storage_account_with_activity_logs_is_private: def test_no_diagnostic_settings(self): monitor_client = mock.MagicMock + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} monitor_client.diagnostics_settings = {AZURE_SUBSCRIPTION_ID: []} with ( mock.patch( @@ -54,7 +58,9 @@ class Test_monitor_storage_account_with_activity_logs_is_private: def test_diagnostic_settings_configured(self): monitor_client = mock.MagicMock + monitor_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -190,7 +196,7 @@ class Test_monitor_storage_account_with_activity_logs_is_private: assert result[0].resource_name == "storageaccountname1" assert ( result[0].status_extended - == f"Blob public access enabled in storage account {storage_client.storage_accounts[AZURE_SUBSCRIPTION_ID][0].name} storing activity logs in subscription {AZURE_SUBSCRIPTION_ID}." + == f"Blob public access enabled in storage account {storage_client.storage_accounts[AZURE_SUBSCRIPTION_ID][0].name} storing activity logs in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) assert result[1].subscription == AZURE_SUBSCRIPTION_ID assert result[1].status == "PASS" @@ -202,5 +208,5 @@ class Test_monitor_storage_account_with_activity_logs_is_private: assert result[1].resource_name == "storageaccountname2" assert ( result[1].status_extended - == f"Blob public access disabled in storage account {storage_client.storage_accounts[AZURE_SUBSCRIPTION_ID][1].name} storing activity logs in subscription {AZURE_SUBSCRIPTION_ID}." + == f"Blob public access disabled in storage account {storage_client.storage_accounts[AZURE_SUBSCRIPTION_ID][1].name} storing activity logs in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) diff --git a/tests/providers/azure/services/mysql/mysql_flexible_server_audit_log_connection_activated/mysql_flexible_server_audit_log_connection_activated_test.py b/tests/providers/azure/services/mysql/mysql_flexible_server_audit_log_connection_activated/mysql_flexible_server_audit_log_connection_activated_test.py index 47ef92551b..e6eccbbd4a 100644 --- a/tests/providers/azure/services/mysql/mysql_flexible_server_audit_log_connection_activated/mysql_flexible_server_audit_log_connection_activated_test.py +++ b/tests/providers/azure/services/mysql/mysql_flexible_server_audit_log_connection_activated/mysql_flexible_server_audit_log_connection_activated_test.py @@ -6,7 +6,9 @@ from prowler.providers.azure.services.mysql.mysql_service import ( FlexibleServer, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -14,6 +16,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_mysql_flexible_server_audit_log_connection_activated: def test_mysql_no_subscriptions(self): mysql_client = mock.MagicMock + mysql_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} mysql_client.flexible_servers = {} with ( @@ -36,6 +39,7 @@ class Test_mysql_flexible_server_audit_log_connection_activated: def test_mysql_no_servers(self): mysql_client = mock.MagicMock + mysql_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} mysql_client.flexible_servers = {AZURE_SUBSCRIPTION_ID: {}} with ( @@ -59,6 +63,7 @@ class Test_mysql_flexible_server_audit_log_connection_activated: def test_mysql_audit_log_connection_activated_lowercase(self): server_name = str(uuid4()) mysql_client = mock.MagicMock + mysql_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} mysql_client.flexible_servers = { AZURE_SUBSCRIPTION_ID: { "/subscriptions/resource_id": FlexibleServer( @@ -104,12 +109,13 @@ class Test_mysql_flexible_server_audit_log_connection_activated: ) assert ( result[0].status_extended - == f"Audit log is enabled for server {server_name} in subscription {AZURE_SUBSCRIPTION_ID}." + == f"Audit log is enabled for server {server_name} in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_mysql_audit_log_connection_not_connection(self): server_name = str(uuid4()) mysql_client = mock.MagicMock + mysql_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} mysql_client.flexible_servers = { AZURE_SUBSCRIPTION_ID: { "/subscriptions/resource_id": FlexibleServer( @@ -155,12 +161,13 @@ class Test_mysql_flexible_server_audit_log_connection_activated: ) assert ( result[0].status_extended - == f"Audit log is disabled for server {server_name} in subscription {AZURE_SUBSCRIPTION_ID}." + == f"Audit log is disabled for server {server_name} in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_mysql_audit_log_connection_activated(self): server_name = str(uuid4()) mysql_client = mock.MagicMock + mysql_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} mysql_client.flexible_servers = { AZURE_SUBSCRIPTION_ID: { "/subscriptions/resource_id": FlexibleServer( @@ -206,12 +213,13 @@ class Test_mysql_flexible_server_audit_log_connection_activated: ) assert ( result[0].status_extended - == f"Audit log is enabled for server {server_name} in subscription {AZURE_SUBSCRIPTION_ID}." + == f"Audit log is enabled for server {server_name} in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_mysql_audit_log_connection_activated_with_other_options(self): server_name = str(uuid4()) mysql_client = mock.MagicMock + mysql_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} mysql_client.flexible_servers = { AZURE_SUBSCRIPTION_ID: { "/subscriptions/resource_id": FlexibleServer( @@ -257,5 +265,5 @@ class Test_mysql_flexible_server_audit_log_connection_activated: ) assert ( result[0].status_extended - == f"Audit log is enabled for server {server_name} in subscription {AZURE_SUBSCRIPTION_ID}." + == f"Audit log is enabled for server {server_name} in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) diff --git a/tests/providers/azure/services/mysql/mysql_flexible_server_audit_log_enabled/mysql_flexible_server_audit_log_enabled_test.py b/tests/providers/azure/services/mysql/mysql_flexible_server_audit_log_enabled/mysql_flexible_server_audit_log_enabled_test.py index 7c32f337fd..b4bb7c9925 100644 --- a/tests/providers/azure/services/mysql/mysql_flexible_server_audit_log_enabled/mysql_flexible_server_audit_log_enabled_test.py +++ b/tests/providers/azure/services/mysql/mysql_flexible_server_audit_log_enabled/mysql_flexible_server_audit_log_enabled_test.py @@ -6,7 +6,9 @@ from prowler.providers.azure.services.mysql.mysql_service import ( FlexibleServer, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -14,6 +16,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_mysql_flexible_server_audit_log_enabled: def test_mysql_no_subscriptions(self): mysql_client = mock.MagicMock + mysql_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} mysql_client.flexible_servers = {} with ( @@ -36,6 +39,7 @@ class Test_mysql_flexible_server_audit_log_enabled: def test_mysql_no_servers(self): mysql_client = mock.MagicMock + mysql_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} mysql_client.flexible_servers = {AZURE_SUBSCRIPTION_ID: {}} with ( @@ -59,6 +63,7 @@ class Test_mysql_flexible_server_audit_log_enabled: def test_mysql_audit_log_enabled_lowercase(self): server_name = str(uuid4()) mysql_client = mock.MagicMock + mysql_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} mysql_client.flexible_servers = { AZURE_SUBSCRIPTION_ID: { "/subscriptions/resource_id": FlexibleServer( @@ -104,12 +109,13 @@ class Test_mysql_flexible_server_audit_log_enabled: ) assert ( result[0].status_extended - == f"Audit log is enabled for server {server_name} in subscription {AZURE_SUBSCRIPTION_ID}." + == f"Audit log is enabled for server {server_name} in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_mysql_audit_log_disabled(self): server_name = str(uuid4()) mysql_client = mock.MagicMock + mysql_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} mysql_client.flexible_servers = { AZURE_SUBSCRIPTION_ID: { "/subscriptions/resource_id": FlexibleServer( @@ -155,12 +161,13 @@ class Test_mysql_flexible_server_audit_log_enabled: ) assert ( result[0].status_extended - == f"Audit log is disabled for server {server_name} in subscription {AZURE_SUBSCRIPTION_ID}." + == f"Audit log is disabled for server {server_name} in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_mysql_audit_log_enabled(self): server_name = str(uuid4()) mysql_client = mock.MagicMock + mysql_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} mysql_client.flexible_servers = { AZURE_SUBSCRIPTION_ID: { "/subscriptions/resource_id": FlexibleServer( @@ -206,5 +213,5 @@ class Test_mysql_flexible_server_audit_log_enabled: ) assert ( result[0].status_extended - == f"Audit log is enabled for server {server_name} in subscription {AZURE_SUBSCRIPTION_ID}." + == f"Audit log is enabled for server {server_name} in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) diff --git a/tests/providers/azure/services/mysql/mysql_flexible_server_minimum_tls_version_12/mysql_flexible_server_minimum_tls_version_12_test.py b/tests/providers/azure/services/mysql/mysql_flexible_server_minimum_tls_version_12/mysql_flexible_server_minimum_tls_version_12_test.py index 8d277dad77..d8571f61e9 100644 --- a/tests/providers/azure/services/mysql/mysql_flexible_server_minimum_tls_version_12/mysql_flexible_server_minimum_tls_version_12_test.py +++ b/tests/providers/azure/services/mysql/mysql_flexible_server_minimum_tls_version_12/mysql_flexible_server_minimum_tls_version_12_test.py @@ -6,7 +6,9 @@ from prowler.providers.azure.services.mysql.mysql_service import ( FlexibleServer, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -14,6 +16,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_mysql_flexible_server_minimum_tls_version_12: def test_mysql_no_subscriptions(self): mysql_client = mock.MagicMock + mysql_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} mysql_client.flexible_servers = {} with ( @@ -36,6 +39,7 @@ class Test_mysql_flexible_server_minimum_tls_version_12: def test_mysql_no_servers(self): mysql_client = mock.MagicMock + mysql_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} mysql_client.flexible_servers = {AZURE_SUBSCRIPTION_ID: {}} with ( @@ -59,6 +63,7 @@ class Test_mysql_flexible_server_minimum_tls_version_12: def test_mysql_no_tls_configuration(self): server_name = str(uuid4()) mysql_client = mock.MagicMock + mysql_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} mysql_client.flexible_servers = { AZURE_SUBSCRIPTION_ID: { "/subscriptions/resource_id": FlexibleServer( @@ -94,12 +99,13 @@ class Test_mysql_flexible_server_minimum_tls_version_12: assert result[0].location == "location" assert ( result[0].status_extended - == f"TLS version is not configured in server {server_name} in subscription {AZURE_SUBSCRIPTION_ID}." + == f"TLS version is not configured in server {server_name} in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_mysql_flexible_server_minimum_tls_version_12(self): server_name = str(uuid4()) mysql_client = mock.MagicMock + mysql_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} mysql_client.flexible_servers = { AZURE_SUBSCRIPTION_ID: { "/subscriptions/resource_id": FlexibleServer( @@ -144,12 +150,13 @@ class Test_mysql_flexible_server_minimum_tls_version_12: ) assert ( result[0].status_extended - == f"TLS version is TLSv1.2 in server {server_name} in subscription {AZURE_SUBSCRIPTION_ID}. This version of TLS is considered secure." + == f"TLS version is TLSv1.2 in server {server_name} in subscription {AZURE_SUBSCRIPTION_DISPLAY}. This version of TLS is considered secure." ) def test_mysql_tls_version_is_1_3(self): server_name = str(uuid4()) mysql_client = mock.MagicMock + mysql_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} mysql_client.flexible_servers = { AZURE_SUBSCRIPTION_ID: { "/subscriptions/resource_id": FlexibleServer( @@ -194,12 +201,13 @@ class Test_mysql_flexible_server_minimum_tls_version_12: ) assert ( result[0].status_extended - == f"TLS version is TLSv1.3 in server {server_name} in subscription {AZURE_SUBSCRIPTION_ID}. This version of TLS is considered secure." + == f"TLS version is TLSv1.3 in server {server_name} in subscription {AZURE_SUBSCRIPTION_DISPLAY}. This version of TLS is considered secure." ) def test_mysql_tls_version_is_not_1_2(self): server_name = str(uuid4()) mysql_client = mock.MagicMock + mysql_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} mysql_client.flexible_servers = { AZURE_SUBSCRIPTION_ID: { "/subscriptions/resource_id": FlexibleServer( @@ -244,12 +252,13 @@ class Test_mysql_flexible_server_minimum_tls_version_12: ) assert ( result[0].status_extended - == f"TLS version is TLSv1.1 in server {server_name} in subscription {AZURE_SUBSCRIPTION_ID}. There is at leat one version of TLS that is considered insecure." + == f"TLS version is TLSv1.1 in server {server_name} in subscription {AZURE_SUBSCRIPTION_DISPLAY}. There is at leat one version of TLS that is considered insecure." ) def test_mysql_tls_version_is_1_1_and_1_3(self): server_name = str(uuid4()) mysql_client = mock.MagicMock + mysql_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} mysql_client.flexible_servers = { AZURE_SUBSCRIPTION_ID: { "/subscriptions/resource_id": FlexibleServer( @@ -294,5 +303,5 @@ class Test_mysql_flexible_server_minimum_tls_version_12: ) assert ( result[0].status_extended - == f"TLS version is TLSv1.1,TLSv1.3 in server {server_name} in subscription {AZURE_SUBSCRIPTION_ID}. There is at leat one version of TLS that is considered insecure." + == f"TLS version is TLSv1.1,TLSv1.3 in server {server_name} in subscription {AZURE_SUBSCRIPTION_DISPLAY}. There is at leat one version of TLS that is considered insecure." ) diff --git a/tests/providers/azure/services/mysql/mysql_flexible_server_ssl_connection_enabled/mysql_flexible_server_ssl_connection_enabled_test.py b/tests/providers/azure/services/mysql/mysql_flexible_server_ssl_connection_enabled/mysql_flexible_server_ssl_connection_enabled_test.py index 2b87a28d8f..0c521458f9 100644 --- a/tests/providers/azure/services/mysql/mysql_flexible_server_ssl_connection_enabled/mysql_flexible_server_ssl_connection_enabled_test.py +++ b/tests/providers/azure/services/mysql/mysql_flexible_server_ssl_connection_enabled/mysql_flexible_server_ssl_connection_enabled_test.py @@ -6,7 +6,9 @@ from prowler.providers.azure.services.mysql.mysql_service import ( FlexibleServer, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -14,6 +16,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_mysql_flexible_server_ssl_connection_enabled: def test_mysql_no_subscriptions(self): mysql_client = mock.MagicMock + mysql_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} mysql_client.flexible_servers = {} with ( @@ -36,6 +39,7 @@ class Test_mysql_flexible_server_ssl_connection_enabled: def test_mysql_no_servers(self): mysql_client = mock.MagicMock + mysql_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} mysql_client.flexible_servers = {AZURE_SUBSCRIPTION_ID: {}} with ( @@ -59,6 +63,7 @@ class Test_mysql_flexible_server_ssl_connection_enabled: def test_mysql_connection_enabled(self): server_name = str(uuid4()) mysql_client = mock.MagicMock + mysql_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} mysql_client.flexible_servers = { AZURE_SUBSCRIPTION_ID: { "/subscriptions/resource_id": FlexibleServer( @@ -104,12 +109,13 @@ class Test_mysql_flexible_server_ssl_connection_enabled: ) assert ( result[0].status_extended - == f"SSL connection is enabled for server {server_name} in subscription {AZURE_SUBSCRIPTION_ID}." + == f"SSL connection is enabled for server {server_name} in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_mysql_connection_enabled_lowercase(self): server_name = str(uuid4()) mysql_client = mock.MagicMock + mysql_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} mysql_client.flexible_servers = { AZURE_SUBSCRIPTION_ID: { "/subscriptions/resource_id": FlexibleServer( @@ -155,12 +161,13 @@ class Test_mysql_flexible_server_ssl_connection_enabled: ) assert ( result[0].status_extended - == f"SSL connection is enabled for server {server_name} in subscription {AZURE_SUBSCRIPTION_ID}." + == f"SSL connection is enabled for server {server_name} in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_mysql_ssl_connection_disabled(self): server_name = str(uuid4()) mysql_client = mock.MagicMock + mysql_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} mysql_client.flexible_servers = { AZURE_SUBSCRIPTION_ID: { "/subscriptions/resource_id": FlexibleServer( @@ -206,12 +213,13 @@ class Test_mysql_flexible_server_ssl_connection_enabled: ) assert ( result[0].status_extended - == f"SSL connection is disabled for server {server_name} in subscription {AZURE_SUBSCRIPTION_ID}." + == f"SSL connection is disabled for server {server_name} in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_mysql_ssl_connection_no_configuration(self): server_name = str(uuid4()) mysql_client = mock.MagicMock + mysql_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} mysql_client.flexible_servers = { AZURE_SUBSCRIPTION_ID: { "/subscriptions/resource_id": FlexibleServer( @@ -248,13 +256,14 @@ class Test_mysql_flexible_server_ssl_connection_enabled: assert result[0].location == "location" assert ( result[0].status_extended - == f"SSL connection is disabled for server {server_name} in subscription {AZURE_SUBSCRIPTION_ID}." + == f"SSL connection is disabled for server {server_name} in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_mysql_ssl_connection_enabled_and_disabled(self): server_name_1 = str(uuid4()) server_name_2 = str(uuid4()) mysql_client = mock.MagicMock + mysql_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} mysql_client.flexible_servers = { AZURE_SUBSCRIPTION_ID: { "/subscriptions/resource_id1": FlexibleServer( @@ -313,7 +322,7 @@ class Test_mysql_flexible_server_ssl_connection_enabled: ) assert ( result[0].status_extended - == f"SSL connection is enabled for server {server_name_1} in subscription {AZURE_SUBSCRIPTION_ID}." + == f"SSL connection is enabled for server {server_name_1} in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) assert result[1].status == "FAIL" assert result[1].subscription == AZURE_SUBSCRIPTION_ID @@ -325,5 +334,5 @@ class Test_mysql_flexible_server_ssl_connection_enabled: ) assert ( result[1].status_extended - == f"SSL connection is disabled for server {server_name_2} in subscription {AZURE_SUBSCRIPTION_ID}." + == f"SSL connection is disabled for server {server_name_2} in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) diff --git a/tests/providers/azure/services/network/network_bastion_host_exists/network_bastion_host_exists_test.py b/tests/providers/azure/services/network/network_bastion_host_exists/network_bastion_host_exists_test.py index 4d5d1b49f1..0a5a2c7d46 100644 --- a/tests/providers/azure/services/network/network_bastion_host_exists/network_bastion_host_exists_test.py +++ b/tests/providers/azure/services/network/network_bastion_host_exists/network_bastion_host_exists_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.services.network.network_service import BastionHost from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -12,7 +14,7 @@ class Test_network_bastion_host_exists: def test_no_bastion_hosts(self): network_client = mock.MagicMock network_client.bastion_hosts = {AZURE_SUBSCRIPTION_ID: []} - network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_ID} + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( @@ -38,7 +40,7 @@ class Test_network_bastion_host_exists: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Bastion Host from subscription {AZURE_SUBSCRIPTION_ID} does not exist" + == f"Bastion Host from subscription {AZURE_SUBSCRIPTION_DISPLAY} does not exist" ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == AZURE_SUBSCRIPTION_ID @@ -46,6 +48,7 @@ class Test_network_bastion_host_exists: def test_network_bastion_host_exists(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} bastion_host_name = "Bastion Host Name" bastion_host_id = str(uuid4()) @@ -83,7 +86,7 @@ class Test_network_bastion_host_exists: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Bastion Host {bastion_host_name} exists in subscription {AZURE_SUBSCRIPTION_ID}." + == f"Bastion Host {bastion_host_name} exists in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == bastion_host_name diff --git a/tests/providers/azure/services/network/network_flow_log_captured_sent/network_flow_log_captured_sent_test.py b/tests/providers/azure/services/network/network_flow_log_captured_sent/network_flow_log_captured_sent_test.py index 4965783b39..cbd29e1d33 100644 --- a/tests/providers/azure/services/network/network_flow_log_captured_sent/network_flow_log_captured_sent_test.py +++ b/tests/providers/azure/services/network/network_flow_log_captured_sent/network_flow_log_captured_sent_test.py @@ -6,15 +6,25 @@ from prowler.providers.azure.services.network.network_service import ( NetworkWatcher, RetentionPolicy, ) -from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION_ID +from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, + AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, + set_mocked_azure_provider, +) class Test_network_flow_log_captured_sent: def test_no_network_watchers(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} network_client.network_watchers = {} with ( + mock.patch( + "prowler.providers.common.provider.Provider.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.network.network_service.Network", new=network_client, @@ -34,6 +44,7 @@ class Test_network_flow_log_captured_sent: def test_network_network_watchers_no_flow_logs(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} network_watcher_name = "Network Watcher Name" network_watcher_id = str(uuid4()) @@ -49,6 +60,10 @@ class Test_network_flow_log_captured_sent: } with ( + mock.patch( + "prowler.providers.common.provider.Provider.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.network.network_service.Network", new=network_client, @@ -68,7 +83,7 @@ class Test_network_flow_log_captured_sent: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Network Watcher {network_watcher_name} from subscription {AZURE_SUBSCRIPTION_ID} has no flow logs" + == f"Network Watcher {network_watcher_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has no flow logs" ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == network_watcher_name @@ -77,6 +92,7 @@ class Test_network_flow_log_captured_sent: def test_network_network_watchers_flow_logs_disabled(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} network_watcher_name = "Network Watcher Name" network_watcher_id = str(uuid4()) @@ -100,6 +116,10 @@ class Test_network_flow_log_captured_sent: } with ( + mock.patch( + "prowler.providers.common.provider.Provider.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.network.network_service.Network", new=network_client, @@ -119,7 +139,7 @@ class Test_network_flow_log_captured_sent: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Network Watcher {network_watcher_name} from subscription {AZURE_SUBSCRIPTION_ID} has flow logs disabled" + == f"Network Watcher {network_watcher_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has flow logs disabled" ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == network_watcher_name @@ -128,6 +148,7 @@ class Test_network_flow_log_captured_sent: def test_network_network_watchers_flow_logs_well_configured(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} network_watcher_name = "Network Watcher Name" network_watcher_id = str(uuid4()) @@ -151,6 +172,10 @@ class Test_network_flow_log_captured_sent: } with ( + mock.patch( + "prowler.providers.common.provider.Provider.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.network.network_service.Network", new=network_client, @@ -174,11 +199,12 @@ class Test_network_flow_log_captured_sent: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Network Watcher {network_watcher_name} from subscription {AZURE_SUBSCRIPTION_ID} has enabled flow logs that are not configured to send traffic analytics to a Log Analytics workspace" + == f"Network Watcher {network_watcher_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has enabled flow logs that are not configured to send traffic analytics to a Log Analytics workspace" ) def test_network_network_watchers_traffic_analytics_without_workspace(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} network_watcher_name = "Network Watcher Name" network_watcher_id = str(uuid4()) @@ -204,6 +230,10 @@ class Test_network_flow_log_captured_sent: } with ( + mock.patch( + "prowler.providers.common.provider.Provider.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.network.network_service.Network", new=network_client, @@ -223,11 +253,12 @@ class Test_network_flow_log_captured_sent: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Network Watcher {network_watcher_name} from subscription {AZURE_SUBSCRIPTION_ID} has enabled flow logs that are not configured to send traffic analytics to a Log Analytics workspace" + == f"Network Watcher {network_watcher_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has enabled flow logs that are not configured to send traffic analytics to a Log Analytics workspace" ) def test_network_network_watchers_mixed_flow_logs_fails(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} network_watcher_name = "Network Watcher Name" network_watcher_id = str(uuid4()) @@ -262,6 +293,10 @@ class Test_network_flow_log_captured_sent: } with ( + mock.patch( + "prowler.providers.common.provider.Provider.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.network.network_service.Network", new=network_client, @@ -281,11 +316,12 @@ class Test_network_flow_log_captured_sent: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Network Watcher {network_watcher_name} from subscription {AZURE_SUBSCRIPTION_ID} has enabled flow logs that are not configured to send traffic analytics to a Log Analytics workspace" + == f"Network Watcher {network_watcher_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has enabled flow logs that are not configured to send traffic analytics to a Log Analytics workspace" ) def test_network_network_watchers_vnet_flow_logs_well_configured(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} network_watcher_name = "Network Watcher Name" network_watcher_id = str(uuid4()) @@ -311,6 +347,10 @@ class Test_network_flow_log_captured_sent: } with ( + mock.patch( + "prowler.providers.common.provider.Provider.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( "prowler.providers.azure.services.network.network_service.Network", new=network_client, @@ -331,7 +371,7 @@ class Test_network_flow_log_captured_sent: assert result[0].location == "location" assert ( result[0].status_extended - == f"Network Watcher {network_watcher_name} from subscription {AZURE_SUBSCRIPTION_ID} has flow logs that are captured and sent to Log Analytics workspace" + == f"Network Watcher {network_watcher_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has flow logs that are captured and sent to Log Analytics workspace" ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == network_watcher_name diff --git a/tests/providers/azure/services/network/network_flow_log_more_than_90_days/network_flow_log_more_than_90_days_test.py b/tests/providers/azure/services/network/network_flow_log_more_than_90_days/network_flow_log_more_than_90_days_test.py index a813bb3462..771a3e2809 100644 --- a/tests/providers/azure/services/network/network_flow_log_more_than_90_days/network_flow_log_more_than_90_days_test.py +++ b/tests/providers/azure/services/network/network_flow_log_more_than_90_days/network_flow_log_more_than_90_days_test.py @@ -7,7 +7,9 @@ from prowler.providers.azure.services.network.network_service import ( RetentionPolicy, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -15,6 +17,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_network_flow_log_more_than_90_days: def test_no_network_watchers(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} network_client.network_watchers = {} with ( @@ -41,6 +44,7 @@ class Test_network_flow_log_more_than_90_days: def test_network_network_watchers_no_flow_logs(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} network_watcher_name = "Network Watcher Name" network_watcher_id = str(uuid4()) @@ -79,7 +83,7 @@ class Test_network_flow_log_more_than_90_days: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Network Watcher {network_watcher_name} from subscription {AZURE_SUBSCRIPTION_ID} has no flow logs" + == f"Network Watcher {network_watcher_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has no flow logs" ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == network_watcher_name @@ -88,6 +92,7 @@ class Test_network_flow_log_more_than_90_days: def test_network_network_watchers_flow_logs_disabled(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} network_watcher_name = "Network Watcher Name" network_watcher_id = str(uuid4()) @@ -134,7 +139,7 @@ class Test_network_flow_log_more_than_90_days: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Network Watcher {network_watcher_name} from subscription {AZURE_SUBSCRIPTION_ID} has flow logs disabled" + == f"Network Watcher {network_watcher_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has flow logs disabled" ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == network_watcher_name @@ -143,6 +148,7 @@ class Test_network_flow_log_more_than_90_days: def test_network_network_watchers_flow_logs_retention_days_80(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} network_watcher_name = "Network Watcher Name" network_watcher_id = str(uuid4()) @@ -189,7 +195,7 @@ class Test_network_flow_log_more_than_90_days: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Network Watcher {network_watcher_name} from subscription {AZURE_SUBSCRIPTION_ID} flow logs retention policy is less than 90 days" + == f"Network Watcher {network_watcher_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} flow logs retention policy is less than 90 days" ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == network_watcher_name @@ -198,6 +204,7 @@ class Test_network_flow_log_more_than_90_days: def test_network_network_watchers_flow_logs_retention_days_0(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} network_watcher_name = "Network Watcher Name" network_watcher_id = str(uuid4()) @@ -244,7 +251,7 @@ class Test_network_flow_log_more_than_90_days: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Network Watcher {network_watcher_name} from subscription {AZURE_SUBSCRIPTION_ID} has flow logs enabled for more than 90 days" + == f"Network Watcher {network_watcher_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has flow logs enabled for more than 90 days" ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == network_watcher_name @@ -253,6 +260,7 @@ class Test_network_flow_log_more_than_90_days: def test_network_network_watchers_flow_logs_well_configured(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} network_watcher_name = "Network Watcher Name" network_watcher_id = str(uuid4()) @@ -299,7 +307,7 @@ class Test_network_flow_log_more_than_90_days: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Network Watcher {network_watcher_name} from subscription {AZURE_SUBSCRIPTION_ID} has flow logs enabled for more than 90 days" + == f"Network Watcher {network_watcher_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has flow logs enabled for more than 90 days" ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == network_watcher_name diff --git a/tests/providers/azure/services/network/network_http_internet_access_restricted/network_http_internet_access_restricted_test.py b/tests/providers/azure/services/network/network_http_internet_access_restricted/network_http_internet_access_restricted_test.py index 9b8959777e..cd598f2f17 100644 --- a/tests/providers/azure/services/network/network_http_internet_access_restricted/network_http_internet_access_restricted_test.py +++ b/tests/providers/azure/services/network/network_http_internet_access_restricted/network_http_internet_access_restricted_test.py @@ -5,7 +5,9 @@ from azure.mgmt.network.models import SecurityRule from prowler.providers.azure.services.network.network_service import SecurityGroup from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -13,6 +15,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_network_http_internet_access_restricted: def test_no_security_groups(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} network_client.security_groups = {} with ( @@ -39,6 +42,7 @@ class Test_network_http_internet_access_restricted: def test_network_security_groups_none_destination_port_range(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} security_group_name = "Security Group Name" security_group_id = str(uuid4()) @@ -85,7 +89,7 @@ class Test_network_http_internet_access_restricted: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_ID} has HTTP internet access restricted." + == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has HTTP internet access restricted." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == security_group_name @@ -94,6 +98,7 @@ class Test_network_http_internet_access_restricted: def test_network_security_groups_invalid_security_rules(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} security_group_name = "Security Group Name" security_group_id = str(uuid4()) @@ -140,7 +145,7 @@ class Test_network_http_internet_access_restricted: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_ID} has HTTP internet access allowed." + == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has HTTP internet access allowed." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == security_group_name @@ -149,6 +154,7 @@ class Test_network_http_internet_access_restricted: def test_network_security_groups_invalid_security_rules_range(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} security_group_name = "Security Group Name" security_group_id = str(uuid4()) @@ -195,7 +201,7 @@ class Test_network_http_internet_access_restricted: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_ID} has HTTP internet access allowed." + == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has HTTP internet access allowed." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == security_group_name @@ -204,6 +210,7 @@ class Test_network_http_internet_access_restricted: def test_network_security_groups_valid_security_rules(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} security_group_name = "Security Group Name" security_group_id = str(uuid4()) @@ -250,7 +257,7 @@ class Test_network_http_internet_access_restricted: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_ID} has HTTP internet access restricted." + == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has HTTP internet access restricted." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == security_group_name diff --git a/tests/providers/azure/services/network/network_public_ip_shodan/network_public_ip_shodan_test.py b/tests/providers/azure/services/network/network_public_ip_shodan/network_public_ip_shodan_test.py index a2d7f3753a..ab12877620 100644 --- a/tests/providers/azure/services/network/network_public_ip_shodan/network_public_ip_shodan_test.py +++ b/tests/providers/azure/services/network/network_public_ip_shodan/network_public_ip_shodan_test.py @@ -2,7 +2,9 @@ from unittest import mock from prowler.providers.azure.services.network.network_service import PublicIp from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -10,6 +12,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_network_public_ip_shodan: def test_no_public_ip_addresses(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} network_client.public_ip_addresses = {} with ( @@ -38,6 +41,7 @@ class Test_network_public_ip_shodan: def test_network_ip_in_shodan(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} public_ip_id = "id" public_ip_name = "name" ip_address = "ip_address" @@ -87,7 +91,7 @@ class Test_network_public_ip_shodan: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Public IP {ip_address} listed in Shodan with open ports {str(shodan_info['ports'])} and ISP {shodan_info['isp']} in {shodan_info['country_name']}. More info at https://www.shodan.io/host/{ip_address}." + == f"Public IP {ip_address} from subscription {AZURE_SUBSCRIPTION_DISPLAY} listed in Shodan with open ports {str(shodan_info['ports'])} and ISP {shodan_info['isp']} in {shodan_info['country_name']}. More info at https://www.shodan.io/host/{ip_address}." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == public_ip_name diff --git a/tests/providers/azure/services/network/network_rdp_internet_access_restricted/network_rdp_internet_access_restricted_test.py b/tests/providers/azure/services/network/network_rdp_internet_access_restricted/network_rdp_internet_access_restricted_test.py index 9f8c9b145a..3f75cfe051 100644 --- a/tests/providers/azure/services/network/network_rdp_internet_access_restricted/network_rdp_internet_access_restricted_test.py +++ b/tests/providers/azure/services/network/network_rdp_internet_access_restricted/network_rdp_internet_access_restricted_test.py @@ -5,7 +5,9 @@ from azure.mgmt.network.models import SecurityRule from prowler.providers.azure.services.network.network_service import SecurityGroup from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -13,6 +15,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_network_rdp_internet_access_restricted: def test_no_security_groups(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} network_client.security_groups = {} with ( @@ -39,6 +42,7 @@ class Test_network_rdp_internet_access_restricted: def test_network_security_groups_none_destination_port_range(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} security_group_name = "Security Group Name" security_group_id = str(uuid4()) @@ -85,7 +89,7 @@ class Test_network_rdp_internet_access_restricted: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_ID} has HTTP internet access restricted." + == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has HTTP internet access restricted." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == security_group_name @@ -94,6 +98,7 @@ class Test_network_rdp_internet_access_restricted: def test_network_security_groups_no_security_rules(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} security_group_name = "Security Group Name" security_group_id = str(uuid4()) @@ -132,7 +137,7 @@ class Test_network_rdp_internet_access_restricted: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_ID} has RDP internet access restricted." + == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has RDP internet access restricted." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == security_group_name @@ -141,6 +146,7 @@ class Test_network_rdp_internet_access_restricted: def test_network_security_groups_valid_security_rules(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} security_group_name = "Security Group Name" security_group_id = str(uuid4()) @@ -187,7 +193,7 @@ class Test_network_rdp_internet_access_restricted: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_ID} has RDP internet access restricted." + == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has RDP internet access restricted." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == security_group_name @@ -196,6 +202,7 @@ class Test_network_rdp_internet_access_restricted: def test_network_security_groups_invalid_security_rules_range(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} security_group_name = "Security Group Name" security_group_id = str(uuid4()) @@ -242,7 +249,7 @@ class Test_network_rdp_internet_access_restricted: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_ID} has RDP internet access allowed." + == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has RDP internet access allowed." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == security_group_name diff --git a/tests/providers/azure/services/network/network_ssh_internet_access_restricted/network_ssh_internet_access_restricted_test.py b/tests/providers/azure/services/network/network_ssh_internet_access_restricted/network_ssh_internet_access_restricted_test.py index 4472055075..f2112d72de 100644 --- a/tests/providers/azure/services/network/network_ssh_internet_access_restricted/network_ssh_internet_access_restricted_test.py +++ b/tests/providers/azure/services/network/network_ssh_internet_access_restricted/network_ssh_internet_access_restricted_test.py @@ -5,7 +5,9 @@ from azure.mgmt.network.models import SecurityRule from prowler.providers.azure.services.network.network_service import SecurityGroup from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -13,6 +15,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_network_ssh_internet_access_restricted: def test_no_security_groups(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} network_client.security_groups = {} with ( @@ -39,6 +42,7 @@ class Test_network_ssh_internet_access_restricted: def test_network_security_groups_none_destination_port_range(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} security_group_name = "Security Group Name" security_group_id = str(uuid4()) @@ -85,7 +89,7 @@ class Test_network_ssh_internet_access_restricted: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_ID} has HTTP internet access restricted." + == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has HTTP internet access restricted." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == security_group_name @@ -94,6 +98,7 @@ class Test_network_ssh_internet_access_restricted: def test_network_security_groups_no_security_rules(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} security_group_name = "Security Group Name" security_group_id = str(uuid4()) @@ -132,7 +137,7 @@ class Test_network_ssh_internet_access_restricted: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_ID} has SSH internet access restricted." + == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has SSH internet access restricted." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == security_group_name @@ -141,6 +146,7 @@ class Test_network_ssh_internet_access_restricted: def test_network_security_groups_invalid_security_rules(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} security_group_name = "Security Group Name" security_group_id = str(uuid4()) @@ -187,7 +193,7 @@ class Test_network_ssh_internet_access_restricted: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_ID} has SSH internet access allowed." + == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has SSH internet access allowed." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == security_group_name @@ -196,6 +202,7 @@ class Test_network_ssh_internet_access_restricted: def test_network_security_groups_invalid_security_rules_range(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} security_group_name = "Security Group Name" security_group_id = str(uuid4()) @@ -242,7 +249,7 @@ class Test_network_ssh_internet_access_restricted: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_ID} has SSH internet access allowed." + == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has SSH internet access allowed." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == security_group_name @@ -251,6 +258,7 @@ class Test_network_ssh_internet_access_restricted: def test_network_security_groups_valid_security_rules(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} security_group_name = "Security Group Name" security_group_id = str(uuid4()) @@ -297,7 +305,7 @@ class Test_network_ssh_internet_access_restricted: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_ID} has SSH internet access restricted." + == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has SSH internet access restricted." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == security_group_name diff --git a/tests/providers/azure/services/network/network_udp_internet_access_restricted/network_udp_internet_access_restricted_test.py b/tests/providers/azure/services/network/network_udp_internet_access_restricted/network_udp_internet_access_restricted_test.py index 7d519df326..18fd523657 100644 --- a/tests/providers/azure/services/network/network_udp_internet_access_restricted/network_udp_internet_access_restricted_test.py +++ b/tests/providers/azure/services/network/network_udp_internet_access_restricted/network_udp_internet_access_restricted_test.py @@ -5,7 +5,9 @@ from azure.mgmt.network.models import SecurityRule from prowler.providers.azure.services.network.network_service import SecurityGroup from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -13,6 +15,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_network_udp_internet_access_restricted: def test_no_security_groups(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} network_client.security_groups = {} with ( @@ -39,6 +42,7 @@ class Test_network_udp_internet_access_restricted: def test_network_security_groups_none_source_address_prefix(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} security_group_name = "Security Group Name" security_group_id = str(uuid4()) @@ -85,7 +89,7 @@ class Test_network_udp_internet_access_restricted: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_ID} has HTTP internet access restricted." + == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has HTTP internet access restricted." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == security_group_name @@ -94,6 +98,7 @@ class Test_network_udp_internet_access_restricted: def test_network_security_groups_no_security_rules(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} security_group_name = "Security Group Name" security_group_id = str(uuid4()) @@ -132,7 +137,7 @@ class Test_network_udp_internet_access_restricted: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_ID} has UDP internet access restricted." + == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has UDP internet access restricted." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == security_group_name @@ -141,6 +146,7 @@ class Test_network_udp_internet_access_restricted: def test_network_security_groups_invalid_security_rules(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} security_group_name = "Security Group Name" security_group_id = str(uuid4()) @@ -186,7 +192,7 @@ class Test_network_udp_internet_access_restricted: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_ID} has UDP internet access allowed." + == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has UDP internet access allowed." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == security_group_name @@ -195,6 +201,7 @@ class Test_network_udp_internet_access_restricted: def test_network_security_groups_valid_security_rules(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} security_group_name = "Security Group Name" security_group_id = str(uuid4()) @@ -240,7 +247,7 @@ class Test_network_udp_internet_access_restricted: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_ID} has UDP internet access restricted." + == f"Security Group {security_group_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has UDP internet access restricted." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == security_group_name diff --git a/tests/providers/azure/services/network/network_watcher_enabled/network_watcher_enabled_test.py b/tests/providers/azure/services/network/network_watcher_enabled/network_watcher_enabled_test.py index aca77ea13e..f309a21e15 100644 --- a/tests/providers/azure/services/network/network_watcher_enabled/network_watcher_enabled_test.py +++ b/tests/providers/azure/services/network/network_watcher_enabled/network_watcher_enabled_test.py @@ -2,6 +2,7 @@ from unittest import mock from prowler.providers.azure.services.network.network_service import NetworkWatcher from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, @@ -11,6 +12,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_network_watcher_enabled: def test_no_network_watchers(self): network_client = mock.MagicMock + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} locations = [] network_client.locations = {AZURE_SUBSCRIPTION_ID: locations} network_client.security_groups = {} @@ -41,13 +43,13 @@ class Test_network_watcher_enabled: def test_network_invalid_network_watchers(self): network_client = mock.MagicMock locations = ["location"] - network_client.locations = {AZURE_SUBSCRIPTION_NAME: locations} - network_client.subscriptions = {AZURE_SUBSCRIPTION_NAME: AZURE_SUBSCRIPTION_ID} + network_client.locations = {AZURE_SUBSCRIPTION_ID: locations} + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} network_watcher_name = "Network Watcher" network_watcher_id = f"/subscriptions/{AZURE_SUBSCRIPTION_ID}/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_*" network_client.network_watchers = { - AZURE_SUBSCRIPTION_NAME: [ + AZURE_SUBSCRIPTION_ID: [ NetworkWatcher( id=network_watcher_id, name=network_watcher_name, @@ -81,23 +83,23 @@ class Test_network_watcher_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Network Watcher is not enabled for the following locations in subscription '{AZURE_SUBSCRIPTION_NAME}': location." + == f"Network Watcher is not enabled for the following locations in subscription '{AZURE_SUBSCRIPTION_DISPLAY}': location." ) - assert result[0].subscription == AZURE_SUBSCRIPTION_NAME - assert result[0].resource_name == AZURE_SUBSCRIPTION_NAME + assert result[0].subscription == AZURE_SUBSCRIPTION_ID + assert result[0].resource_name == AZURE_SUBSCRIPTION_ID assert result[0].resource_id == f"/subscriptions/{AZURE_SUBSCRIPTION_ID}" assert result[0].location == "global" def test_network_valid_network_watchers(self): network_client = mock.MagicMock locations = ["location"] - network_client.locations = {AZURE_SUBSCRIPTION_NAME: locations} - network_client.subscriptions = {AZURE_SUBSCRIPTION_NAME: AZURE_SUBSCRIPTION_ID} + network_client.locations = {AZURE_SUBSCRIPTION_ID: locations} + network_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} network_watcher_name = "Network Watcher" network_watcher_id = f"/subscriptions/{AZURE_SUBSCRIPTION_ID}/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_*" network_client.network_watchers = { - AZURE_SUBSCRIPTION_NAME: [ + AZURE_SUBSCRIPTION_ID: [ NetworkWatcher( id=network_watcher_id, name=network_watcher_name, @@ -131,8 +133,8 @@ class Test_network_watcher_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Network Watcher {network_watcher_name} is enabled in location location in subscription '{AZURE_SUBSCRIPTION_NAME}'." + == f"Network Watcher {network_watcher_name} is enabled in location location in subscription '{AZURE_SUBSCRIPTION_DISPLAY}'." ) - assert result[0].subscription == AZURE_SUBSCRIPTION_NAME + assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == network_watcher_name assert result[0].resource_id == network_watcher_id diff --git a/tests/providers/azure/services/policy/policy_ensure_asc_enforcement_enabled/policy_ensure_asc_enforcement_enabled_test.py b/tests/providers/azure/services/policy/policy_ensure_asc_enforcement_enabled/policy_ensure_asc_enforcement_enabled_test.py index f61a25b7d8..b763e7cb79 100644 --- a/tests/providers/azure/services/policy/policy_ensure_asc_enforcement_enabled/policy_ensure_asc_enforcement_enabled_test.py +++ b/tests/providers/azure/services/policy/policy_ensure_asc_enforcement_enabled/policy_ensure_asc_enforcement_enabled_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.services.policy.policy_service import PolicyAssigment from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_policy_ensure_asc_enforcement_enabled: def test_policy_no_subscriptions(self): policy_client = mock.MagicMock + policy_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} policy_client.policy_assigments = {} with ( @@ -33,6 +36,7 @@ class Test_policy_ensure_asc_enforcement_enabled: def test_policy_subscription_empty(self): policy_client = mock.MagicMock + policy_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} policy_client.policy_assigments = {AZURE_SUBSCRIPTION_ID: {}} with ( @@ -55,6 +59,7 @@ class Test_policy_ensure_asc_enforcement_enabled: def test_policy_subscription_no_asc(self): policy_client = mock.MagicMock + policy_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} resource_id = uuid4() policy_client.policy_assigments = { AZURE_SUBSCRIPTION_ID: { @@ -84,6 +89,7 @@ class Test_policy_ensure_asc_enforcement_enabled: def test_policy_subscription_asc_default(self): policy_client = mock.MagicMock + policy_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} resource_id = str(uuid4()) policy_client.policy_assigments = { AZURE_SUBSCRIPTION_ID: { @@ -115,7 +121,7 @@ class Test_policy_ensure_asc_enforcement_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Policy assigment '{resource_id}' is configured with enforcement mode 'Default'." + == f"Policy assigment '{resource_id}' from subscription {AZURE_SUBSCRIPTION_DISPLAY} is configured with enforcement mode 'Default'." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "SecurityCenterBuiltIn" @@ -123,6 +129,7 @@ class Test_policy_ensure_asc_enforcement_enabled: def test_policy_subscription_asc_not_default(self): policy_client = mock.MagicMock + policy_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} resource_id = str(uuid4()) policy_client.policy_assigments = { AZURE_SUBSCRIPTION_ID: { @@ -154,7 +161,7 @@ class Test_policy_ensure_asc_enforcement_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Policy assigment '{resource_id}' is not configured with enforcement mode Default." + == f"Policy assigment '{resource_id}' from subscription {AZURE_SUBSCRIPTION_DISPLAY} is not configured with enforcement mode Default." ) assert result[0].resource_id == resource_id assert result[0].resource_name == "SecurityCenterBuiltIn" diff --git a/tests/providers/azure/services/postgresql/postgresql_flexible_server_allow_access_services_disabled/postgresql_flexible_server_allow_access_services_disabled_test.py b/tests/providers/azure/services/postgresql/postgresql_flexible_server_allow_access_services_disabled/postgresql_flexible_server_allow_access_services_disabled_test.py index 3f21f8a200..9d1afcdbba 100644 --- a/tests/providers/azure/services/postgresql/postgresql_flexible_server_allow_access_services_disabled/postgresql_flexible_server_allow_access_services_disabled_test.py +++ b/tests/providers/azure/services/postgresql/postgresql_flexible_server_allow_access_services_disabled/postgresql_flexible_server_allow_access_services_disabled_test.py @@ -6,7 +6,9 @@ from prowler.providers.azure.services.postgresql.postgresql_service import ( Server, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -14,6 +16,9 @@ from tests.providers.azure.azure_fixtures import ( class Test_postgresql_flexible_server_allow_access_services_disabled: def test_no_postgresql_flexible_servers(self): postgresql_client = mock.MagicMock + postgresql_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } postgresql_client.flexible_servers = {} with ( @@ -36,6 +41,9 @@ class Test_postgresql_flexible_server_allow_access_services_disabled: def test_flexible_servers_allow_public_access(self): postgresql_client = mock.MagicMock + postgresql_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } postgresql_server_name = "Postgres Flexible Server Name" postgresql_server_id = str(uuid4()) firewall = Firewall( @@ -84,7 +92,7 @@ class Test_postgresql_flexible_server_allow_access_services_disabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has allow public access from any Azure service enabled" + == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has allow public access from any Azure service enabled" ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == postgresql_server_name @@ -93,6 +101,9 @@ class Test_postgresql_flexible_server_allow_access_services_disabled: def test_flexible_servers_dont_allow_public_access(self): postgresql_client = mock.MagicMock + postgresql_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } postgresql_server_name = "Postgres Flexible Server Name" postgresql_server_id = str(uuid4()) firewall = Firewall( @@ -141,7 +152,7 @@ class Test_postgresql_flexible_server_allow_access_services_disabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has allow public access from any Azure service disabled" + == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has allow public access from any Azure service disabled" ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == postgresql_server_name diff --git a/tests/providers/azure/services/postgresql/postgresql_flexible_server_connection_throttling_on/postgresql_flexible_server_connection_throttling_on_test.py b/tests/providers/azure/services/postgresql/postgresql_flexible_server_connection_throttling_on/postgresql_flexible_server_connection_throttling_on_test.py index 8a0d65d27d..f027dc44a6 100644 --- a/tests/providers/azure/services/postgresql/postgresql_flexible_server_connection_throttling_on/postgresql_flexible_server_connection_throttling_on_test.py +++ b/tests/providers/azure/services/postgresql/postgresql_flexible_server_connection_throttling_on/postgresql_flexible_server_connection_throttling_on_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.services.postgresql.postgresql_service import Server from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,9 @@ from tests.providers.azure.azure_fixtures import ( class Test_postgresql_flexible_server_connection_throttling_on: def test_no_postgresql_flexible_servers(self): postgresql_client = mock.MagicMock + postgresql_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } postgresql_client.flexible_servers = {} with ( @@ -33,6 +38,9 @@ class Test_postgresql_flexible_server_connection_throttling_on: def test_flexible_servers_connection_throttling_off(self): postgresql_client = mock.MagicMock + postgresql_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } postgresql_server_name = "Postgres Flexible Server Name" postgresql_server_id = str(uuid4()) postgresql_client.flexible_servers = { @@ -75,7 +83,7 @@ class Test_postgresql_flexible_server_connection_throttling_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has connection_throttling disabled" + == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has connection_throttling disabled" ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == postgresql_server_name @@ -84,6 +92,9 @@ class Test_postgresql_flexible_server_connection_throttling_on: def test_flexible_servers_connection_throttling_on(self): postgresql_client = mock.MagicMock + postgresql_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } postgresql_server_name = "Postgres Flexible Server Name" postgresql_server_id = str(uuid4()) postgresql_client.flexible_servers = { @@ -126,7 +137,7 @@ class Test_postgresql_flexible_server_connection_throttling_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has connection_throttling enabled" + == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has connection_throttling enabled" ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == postgresql_server_name diff --git a/tests/providers/azure/services/postgresql/postgresql_flexible_server_enforce_ssl_enabled/postgresql_flexible_server_enforce_ssl_enabled_test.py b/tests/providers/azure/services/postgresql/postgresql_flexible_server_enforce_ssl_enabled/postgresql_flexible_server_enforce_ssl_enabled_test.py index abe971b89d..55ac9c6f3d 100644 --- a/tests/providers/azure/services/postgresql/postgresql_flexible_server_enforce_ssl_enabled/postgresql_flexible_server_enforce_ssl_enabled_test.py +++ b/tests/providers/azure/services/postgresql/postgresql_flexible_server_enforce_ssl_enabled/postgresql_flexible_server_enforce_ssl_enabled_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.services.postgresql.postgresql_service import Server from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,9 @@ from tests.providers.azure.azure_fixtures import ( class Test_postgresql_flexible_server_enforce_ssl_enabled: def test_no_postgresql_flexible_servers(self): postgresql_client = mock.MagicMock + postgresql_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } postgresql_client.flexible_servers = {} with ( @@ -33,6 +38,9 @@ class Test_postgresql_flexible_server_enforce_ssl_enabled: def test_flexible_servers_require_secure_transport_off(self): postgresql_client = mock.MagicMock + postgresql_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } postgresql_server_name = "Postgres Flexible Server Name" postgresql_server_id = str(uuid4()) postgresql_client.flexible_servers = { @@ -75,7 +83,7 @@ class Test_postgresql_flexible_server_enforce_ssl_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has enforce ssl disabled" + == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has enforce ssl disabled" ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == postgresql_server_name @@ -84,6 +92,9 @@ class Test_postgresql_flexible_server_enforce_ssl_enabled: def test_flexible_servers_require_secure_transport_on(self): postgresql_client = mock.MagicMock + postgresql_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } postgresql_server_name = "Postgres Flexible Server Name" postgresql_server_id = str(uuid4()) postgresql_client.flexible_servers = { @@ -126,7 +137,7 @@ class Test_postgresql_flexible_server_enforce_ssl_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has enforce ssl enabled" + == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has enforce ssl enabled" ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == postgresql_server_name diff --git a/tests/providers/azure/services/postgresql/postgresql_flexible_server_entra_id_authentication_enabled/postgresql_flexible_server_entra_id_authentication_enabled_test.py b/tests/providers/azure/services/postgresql/postgresql_flexible_server_entra_id_authentication_enabled/postgresql_flexible_server_entra_id_authentication_enabled_test.py index 6ee413b15b..4785799245 100644 --- a/tests/providers/azure/services/postgresql/postgresql_flexible_server_entra_id_authentication_enabled/postgresql_flexible_server_entra_id_authentication_enabled_test.py +++ b/tests/providers/azure/services/postgresql/postgresql_flexible_server_entra_id_authentication_enabled/postgresql_flexible_server_entra_id_authentication_enabled_test.py @@ -6,7 +6,9 @@ from prowler.providers.azure.services.postgresql.postgresql_service import ( Server, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -14,6 +16,9 @@ from tests.providers.azure.azure_fixtures import ( class Test_postgresql_flexible_server_entra_id_authentication_enabled: def test_no_postgresql_flexible_servers(self): postgresql_client = mock.MagicMock + postgresql_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } postgresql_client.flexible_servers = {} with ( @@ -36,6 +41,9 @@ class Test_postgresql_flexible_server_entra_id_authentication_enabled: def test_flexible_servers_entra_id_auth_disabled(self): postgresql_client = mock.MagicMock + postgresql_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } postgresql_server_name = "Postgres Flexible Server Name" postgresql_server_id = str(uuid4()) postgresql_client.flexible_servers = { @@ -78,7 +86,7 @@ class Test_postgresql_flexible_server_entra_id_authentication_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has Microsoft Entra ID authentication disabled" + == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has Microsoft Entra ID authentication disabled" ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == postgresql_server_name @@ -87,6 +95,9 @@ class Test_postgresql_flexible_server_entra_id_authentication_enabled: def test_flexible_servers_entra_id_auth_enabled_no_admins(self): postgresql_client = mock.MagicMock + postgresql_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } postgresql_server_name = "Postgres Flexible Server Name" postgresql_server_id = str(uuid4()) postgresql_client.flexible_servers = { @@ -129,7 +140,7 @@ class Test_postgresql_flexible_server_entra_id_authentication_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has Microsoft Entra ID authentication enabled but no Entra ID administrators configured" + == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has Microsoft Entra ID authentication enabled but no Entra ID administrators configured" ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == postgresql_server_name @@ -138,6 +149,9 @@ class Test_postgresql_flexible_server_entra_id_authentication_enabled: def test_flexible_servers_entra_id_auth_enabled(self): postgresql_client = mock.MagicMock + postgresql_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } postgresql_server_name = "Postgres Flexible Server Name" postgresql_server_id = str(uuid4()) postgresql_client.flexible_servers = { @@ -187,7 +201,7 @@ class Test_postgresql_flexible_server_entra_id_authentication_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has Microsoft Entra ID authentication enabled with 1 administrator configured" + == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has Microsoft Entra ID authentication enabled with 1 administrator configured" ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == postgresql_server_name diff --git a/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_checkpoints_on/postgresql_flexible_server_log_checkpoints_on_test.py b/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_checkpoints_on/postgresql_flexible_server_log_checkpoints_on_test.py index 13644730b3..ee4bcb346d 100644 --- a/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_checkpoints_on/postgresql_flexible_server_log_checkpoints_on_test.py +++ b/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_checkpoints_on/postgresql_flexible_server_log_checkpoints_on_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.services.postgresql.postgresql_service import Server from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,9 @@ from tests.providers.azure.azure_fixtures import ( class Test_postgresql_flexible_server_log_checkpoints_on: def test_no_postgresql_flexible_servers(self): postgresql_client = mock.MagicMock + postgresql_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } postgresql_client.flexible_servers = {} with ( @@ -33,6 +38,9 @@ class Test_postgresql_flexible_server_log_checkpoints_on: def test_flexible_servers_log_checkpoints_off(self): postgresql_client = mock.MagicMock + postgresql_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } postgresql_server_name = "Postgres Flexible Server Name" postgresql_server_id = str(uuid4()) postgresql_client.flexible_servers = { @@ -75,7 +83,7 @@ class Test_postgresql_flexible_server_log_checkpoints_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has log_checkpoints disabled" + == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has log_checkpoints disabled" ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == postgresql_server_name @@ -84,6 +92,9 @@ class Test_postgresql_flexible_server_log_checkpoints_on: def test_flexible_servers_log_checkpoints_on(self): postgresql_client = mock.MagicMock + postgresql_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } postgresql_server_name = "Postgres Flexible Server Name" postgresql_server_id = str(uuid4()) postgresql_client.flexible_servers = { @@ -126,7 +137,7 @@ class Test_postgresql_flexible_server_log_checkpoints_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has log_checkpoints enabled" + == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has log_checkpoints enabled" ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == postgresql_server_name diff --git a/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_connections_on/postgresql_flexible_server_log_connections_on_test.py b/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_connections_on/postgresql_flexible_server_log_connections_on_test.py index 0377cb172f..d48f12b53a 100644 --- a/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_connections_on/postgresql_flexible_server_log_connections_on_test.py +++ b/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_connections_on/postgresql_flexible_server_log_connections_on_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.services.postgresql.postgresql_service import Server from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,9 @@ from tests.providers.azure.azure_fixtures import ( class Test_postgresql_flexible_server_log_connections_on: def test_no_postgresql_flexible_servers(self): postgresql_client = mock.MagicMock + postgresql_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } postgresql_client.flexible_servers = {} with ( @@ -33,6 +38,9 @@ class Test_postgresql_flexible_server_log_connections_on: def test_flexible_servers_log_connections_off(self): postgresql_client = mock.MagicMock + postgresql_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } postgresql_server_name = "Postgres Flexible Server Name" postgresql_server_id = str(uuid4()) postgresql_client.flexible_servers = { @@ -75,7 +83,7 @@ class Test_postgresql_flexible_server_log_connections_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has log_connections disabled" + == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has log_connections disabled" ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == postgresql_server_name @@ -84,6 +92,9 @@ class Test_postgresql_flexible_server_log_connections_on: def test_flexible_servers_log_connections_on(self): postgresql_client = mock.MagicMock + postgresql_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } postgresql_server_name = "Postgres Flexible Server Name" postgresql_server_id = str(uuid4()) postgresql_client.flexible_servers = { @@ -126,7 +137,7 @@ class Test_postgresql_flexible_server_log_connections_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has log_connections enabled" + == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has log_connections enabled" ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == postgresql_server_name diff --git a/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_disconnections_on/postgresql_flexible_server_log_disconnections_on_test.py b/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_disconnections_on/postgresql_flexible_server_log_disconnections_on_test.py index 91f80e53d0..f860723dfc 100644 --- a/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_disconnections_on/postgresql_flexible_server_log_disconnections_on_test.py +++ b/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_disconnections_on/postgresql_flexible_server_log_disconnections_on_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.services.postgresql.postgresql_service import Server from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,9 @@ from tests.providers.azure.azure_fixtures import ( class Test_postgresql_flexible_server_log_disconnections_on: def test_no_postgresql_flexible_servers(self): postgresql_client = mock.MagicMock + postgresql_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } postgresql_client.flexible_servers = {} with ( @@ -33,6 +38,9 @@ class Test_postgresql_flexible_server_log_disconnections_on: def test_flexible_servers_log_connections_off(self): postgresql_client = mock.MagicMock + postgresql_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } postgresql_server_name = "Postgres Flexible Server Name" postgresql_server_id = str(uuid4()) postgresql_client.flexible_servers = { @@ -75,7 +83,7 @@ class Test_postgresql_flexible_server_log_disconnections_on: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has log_disconnections disabled" + == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has log_disconnections disabled" ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == postgresql_server_name @@ -84,6 +92,9 @@ class Test_postgresql_flexible_server_log_disconnections_on: def test_flexible_servers_log_connections_on(self): postgresql_client = mock.MagicMock + postgresql_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } postgresql_server_name = "Postgres Flexible Server Name" postgresql_server_id = str(uuid4()) postgresql_client.flexible_servers = { @@ -126,7 +137,7 @@ class Test_postgresql_flexible_server_log_disconnections_on: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has log_disconnections enabled" + == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has log_disconnections enabled" ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == postgresql_server_name diff --git a/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_retention_days_greater_3/postgresql_flexible_server_log_retention_days_greater_3_test.py b/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_retention_days_greater_3/postgresql_flexible_server_log_retention_days_greater_3_test.py index 005969eb4a..046b1f9062 100644 --- a/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_retention_days_greater_3/postgresql_flexible_server_log_retention_days_greater_3_test.py +++ b/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_retention_days_greater_3/postgresql_flexible_server_log_retention_days_greater_3_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.services.postgresql.postgresql_service import Server from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,9 @@ from tests.providers.azure.azure_fixtures import ( class Test_postgresql_flexible_server_log_retention_days_greater_3: def test_no_postgresql_flexible_servers(self): postgresql_client = mock.MagicMock + postgresql_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } postgresql_client.flexible_servers = {} with ( @@ -33,6 +38,9 @@ class Test_postgresql_flexible_server_log_retention_days_greater_3: def test_flexible_servers_no_log_retention_days(self): postgresql_client = mock.MagicMock + postgresql_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } postgresql_server_name = "Postgres Flexible Server Name" postgresql_server_id = str(uuid4()) postgresql_client.flexible_servers = { @@ -75,7 +83,7 @@ class Test_postgresql_flexible_server_log_retention_days_greater_3: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has log_retention disabled" + == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has log_retention disabled" ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == postgresql_server_name @@ -84,6 +92,9 @@ class Test_postgresql_flexible_server_log_retention_days_greater_3: def test_flexible_servers_log_retention_days_3(self): postgresql_client = mock.MagicMock + postgresql_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } postgresql_server_name = "Postgres Flexible Server Name" postgresql_server_id = str(uuid4()) log_retention_days = "3" @@ -127,7 +138,7 @@ class Test_postgresql_flexible_server_log_retention_days_greater_3: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has log_retention set to {log_retention_days}" + == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has log_retention set to {log_retention_days}" ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == postgresql_server_name @@ -136,6 +147,9 @@ class Test_postgresql_flexible_server_log_retention_days_greater_3: def test_flexible_servers_log_retention_days_4(self): postgresql_client = mock.MagicMock + postgresql_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } postgresql_server_name = "Postgres Flexible Server Name" postgresql_server_id = str(uuid4()) log_retention_days = "4" @@ -179,7 +193,7 @@ class Test_postgresql_flexible_server_log_retention_days_greater_3: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has log_retention set to {log_retention_days}" + == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has log_retention set to {log_retention_days}" ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == postgresql_server_name @@ -188,6 +202,9 @@ class Test_postgresql_flexible_server_log_retention_days_greater_3: def test_flexible_servers_log_retention_days_8(self): postgresql_client = mock.MagicMock + postgresql_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } postgresql_server_name = "Postgres Flexible Server Name" postgresql_server_id = str(uuid4()) log_retention_days = "8" @@ -231,7 +248,7 @@ class Test_postgresql_flexible_server_log_retention_days_greater_3: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has log_retention set to {log_retention_days}" + == f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has log_retention set to {log_retention_days}" ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == postgresql_server_name diff --git a/tests/providers/azure/services/sqlserver/sqlserver_auditing_enabled/sqlserver_auditing_enabled_test.py b/tests/providers/azure/services/sqlserver/sqlserver_auditing_enabled/sqlserver_auditing_enabled_test.py index e11294a778..e8152ab260 100644 --- a/tests/providers/azure/services/sqlserver/sqlserver_auditing_enabled/sqlserver_auditing_enabled_test.py +++ b/tests/providers/azure/services/sqlserver/sqlserver_auditing_enabled/sqlserver_auditing_enabled_test.py @@ -9,7 +9,9 @@ from azure.mgmt.sql.models import ( from prowler.providers.azure.services.sqlserver.sqlserver_service import Server from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -17,6 +19,9 @@ from tests.providers.azure.azure_fixtures import ( class Test_sqlserver_auditing_enabled: def test_no_sql_servers(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sqlserver_client.sql_servers = {} with ( @@ -39,6 +44,9 @@ class Test_sqlserver_auditing_enabled: def test_sql_servers_auditing_disabled(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { @@ -76,7 +84,7 @@ class Test_sqlserver_auditing_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} does not have any auditing policy configured." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} does not have any auditing policy configured." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name @@ -85,6 +93,9 @@ class Test_sqlserver_auditing_enabled: def test_sql_servers_auditing_enabled(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { @@ -122,7 +133,7 @@ class Test_sqlserver_auditing_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has an auditing policy configured." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has an auditing policy configured." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name diff --git a/tests/providers/azure/services/sqlserver/sqlserver_auditing_retention_90_days/sqlserver_auditing_retention_90_days_test.py b/tests/providers/azure/services/sqlserver/sqlserver_auditing_retention_90_days/sqlserver_auditing_retention_90_days_test.py index d74632d357..fe3b8e9d3e 100644 --- a/tests/providers/azure/services/sqlserver/sqlserver_auditing_retention_90_days/sqlserver_auditing_retention_90_days_test.py +++ b/tests/providers/azure/services/sqlserver/sqlserver_auditing_retention_90_days/sqlserver_auditing_retention_90_days_test.py @@ -5,7 +5,9 @@ from azure.mgmt.sql.models import ServerBlobAuditingPolicy from prowler.providers.azure.services.sqlserver.sqlserver_service import Server from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -13,6 +15,9 @@ from tests.providers.azure.azure_fixtures import ( class Test_sqlserver_auditing_retention_90_days: def test_no_sql_servers(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sqlserver_client.sql_servers = {} with ( @@ -35,6 +40,9 @@ class Test_sqlserver_auditing_retention_90_days: def test_sql_servers_auditing_policy_disabled(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { @@ -74,7 +82,7 @@ class Test_sqlserver_auditing_retention_90_days: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has auditing disabled." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has auditing disabled." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name @@ -83,6 +91,9 @@ class Test_sqlserver_auditing_retention_90_days: def test_sql_servers_auditing_retention_less_than_90_days(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { @@ -124,7 +135,7 @@ class Test_sqlserver_auditing_retention_90_days: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has auditing retention less than 91 days." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has auditing retention less than 91 days." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name @@ -133,6 +144,9 @@ class Test_sqlserver_auditing_retention_90_days: def test_sql_servers_auditing_retention_greater_than_90_days(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { @@ -174,7 +188,7 @@ class Test_sqlserver_auditing_retention_90_days: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has auditing retention greater than 90 days." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has auditing retention greater than 90 days." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name @@ -185,6 +199,9 @@ class Test_sqlserver_auditing_retention_90_days: self, ): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { @@ -227,7 +244,7 @@ class Test_sqlserver_auditing_retention_90_days: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has auditing retention greater than 90 days." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has auditing retention greater than 90 days." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name @@ -238,6 +255,9 @@ class Test_sqlserver_auditing_retention_90_days: self, ): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { @@ -280,7 +300,7 @@ class Test_sqlserver_auditing_retention_90_days: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has auditing retention less than 91 days." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has auditing retention less than 91 days." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name diff --git a/tests/providers/azure/services/sqlserver/sqlserver_azuread_administrator_enabled/sqlserver_azuread_administrator_enabled_test.py b/tests/providers/azure/services/sqlserver/sqlserver_azuread_administrator_enabled/sqlserver_azuread_administrator_enabled_test.py index 823455d385..7699a7a9ee 100644 --- a/tests/providers/azure/services/sqlserver/sqlserver_azuread_administrator_enabled/sqlserver_azuread_administrator_enabled_test.py +++ b/tests/providers/azure/services/sqlserver/sqlserver_azuread_administrator_enabled/sqlserver_azuread_administrator_enabled_test.py @@ -5,7 +5,9 @@ from azure.mgmt.sql.models import ServerExternalAdministrator from prowler.providers.azure.services.sqlserver.sqlserver_service import Server from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -13,6 +15,9 @@ from tests.providers.azure.azure_fixtures import ( class Test_sqlserver_azuread_administrator_enabled: def test_no_sql_servers(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sqlserver_client.sql_servers = {} with ( @@ -35,6 +40,9 @@ class Test_sqlserver_azuread_administrator_enabled: def test_sql_servers_azuread_no_administrator(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { @@ -72,7 +80,7 @@ class Test_sqlserver_azuread_administrator_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} does not have an Active Directory administrator." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} does not have an Active Directory administrator." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name @@ -81,6 +89,9 @@ class Test_sqlserver_azuread_administrator_enabled: def test_sql_servers_azuread_administrator_no_active_directory(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { @@ -120,7 +131,7 @@ class Test_sqlserver_azuread_administrator_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} does not have an Active Directory administrator." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} does not have an Active Directory administrator." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name @@ -129,6 +140,9 @@ class Test_sqlserver_azuread_administrator_enabled: def test_sql_servers_azuread_administrator_active_directory(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { @@ -168,7 +182,7 @@ class Test_sqlserver_azuread_administrator_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has an Active Directory administrator." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has an Active Directory administrator." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name diff --git a/tests/providers/azure/services/sqlserver/sqlserver_microsoft_defender_enabled/sqlserver_microsoft_defender_enabled_test.py b/tests/providers/azure/services/sqlserver/sqlserver_microsoft_defender_enabled/sqlserver_microsoft_defender_enabled_test.py index 41bf400be6..73474a51da 100644 --- a/tests/providers/azure/services/sqlserver/sqlserver_microsoft_defender_enabled/sqlserver_microsoft_defender_enabled_test.py +++ b/tests/providers/azure/services/sqlserver/sqlserver_microsoft_defender_enabled/sqlserver_microsoft_defender_enabled_test.py @@ -5,7 +5,9 @@ from azure.mgmt.sql.models import ServerSecurityAlertPolicy from prowler.providers.azure.services.sqlserver.sqlserver_service import Server from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -13,6 +15,9 @@ from tests.providers.azure.azure_fixtures import ( class Test_sqlserver_microsoft_defender_enabled: def test_no_sql_servers(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sqlserver_client.sql_servers = {} with ( @@ -35,6 +40,9 @@ class Test_sqlserver_microsoft_defender_enabled: def test_sql_servers_no_security_alert_policies(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { @@ -73,6 +81,9 @@ class Test_sqlserver_microsoft_defender_enabled: def test_sql_servers_microsoft_defender_disabled(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { @@ -111,7 +122,7 @@ class Test_sqlserver_microsoft_defender_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has microsoft defender disabled." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has microsoft defender disabled." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name @@ -120,6 +131,9 @@ class Test_sqlserver_microsoft_defender_enabled: def test_sql_servers_microsoft_defender_enabled(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { @@ -158,7 +172,7 @@ class Test_sqlserver_microsoft_defender_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has microsoft defender enabled." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has microsoft defender enabled." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name diff --git a/tests/providers/azure/services/sqlserver/sqlserver_recommended_minimal_tls_version/sqlserver_recommended_minimal_tls_version_test.py b/tests/providers/azure/services/sqlserver/sqlserver_recommended_minimal_tls_version/sqlserver_recommended_minimal_tls_version_test.py index 0c6a7649b5..df7a4d6eb0 100644 --- a/tests/providers/azure/services/sqlserver/sqlserver_recommended_minimal_tls_version/sqlserver_recommended_minimal_tls_version_test.py +++ b/tests/providers/azure/services/sqlserver/sqlserver_recommended_minimal_tls_version/sqlserver_recommended_minimal_tls_version_test.py @@ -8,7 +8,9 @@ from prowler.providers.azure.services.sqlserver.sqlserver_service import ( Server, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -16,6 +18,9 @@ from tests.providers.azure.azure_fixtures import ( class Test_sqlserver_recommended_minimal_tls_version: def test_no_sql_servers(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sqlserver_client.sql_servers = {} with ( @@ -42,6 +47,9 @@ class Test_sqlserver_recommended_minimal_tls_version: def test_sql_servers_deprecated_minimal_tls_version(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) database_name = "Database Name" @@ -95,7 +103,7 @@ class Test_sqlserver_recommended_minimal_tls_version: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} is using TLS version 1.0 as minimal accepted which is not recommended. Please use one of the recommended versions: {', '.join(sqlserver_client.audit_config['recommended_minimal_tls_versions'])}." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} is using TLS version 1.0 as minimal accepted which is not recommended. Please use one of the recommended versions: {', '.join(sqlserver_client.audit_config['recommended_minimal_tls_versions'])}." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name @@ -104,6 +112,9 @@ class Test_sqlserver_recommended_minimal_tls_version: def test_sql_servers_no_minimal_tls_version(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) database_name = "Database Name" @@ -157,7 +168,7 @@ class Test_sqlserver_recommended_minimal_tls_version: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} is using TLS version as minimal accepted which is not recommended. Please use one of the recommended versions: {', '.join(sqlserver_client.audit_config['recommended_minimal_tls_versions'])}." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} is using TLS version as minimal accepted which is not recommended. Please use one of the recommended versions: {', '.join(sqlserver_client.audit_config['recommended_minimal_tls_versions'])}." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name @@ -166,6 +177,9 @@ class Test_sqlserver_recommended_minimal_tls_version: def test_sql_servers_minimal_tls_version(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) database_name = "Database Name" @@ -219,7 +233,7 @@ class Test_sqlserver_recommended_minimal_tls_version: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} is using version 1.2 as minimal accepted which is recommended." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} is using version 1.2 as minimal accepted which is recommended." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name diff --git a/tests/providers/azure/services/sqlserver/sqlserver_tde_encrypted_with_cmk/sqlserver_tde_encrypted_with_cmk_test.py b/tests/providers/azure/services/sqlserver/sqlserver_tde_encrypted_with_cmk/sqlserver_tde_encrypted_with_cmk_test.py index 73c9046940..6add11d9c3 100644 --- a/tests/providers/azure/services/sqlserver/sqlserver_tde_encrypted_with_cmk/sqlserver_tde_encrypted_with_cmk_test.py +++ b/tests/providers/azure/services/sqlserver/sqlserver_tde_encrypted_with_cmk/sqlserver_tde_encrypted_with_cmk_test.py @@ -8,7 +8,9 @@ from prowler.providers.azure.services.sqlserver.sqlserver_service import ( Server, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -16,6 +18,9 @@ from tests.providers.azure.azure_fixtures import ( class Test_sqlserver_tde_encrypted_with_cmk: def test_no_sql_servers(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sqlserver_client.sql_servers = {} with ( @@ -38,6 +43,9 @@ class Test_sqlserver_tde_encrypted_with_cmk: def test_no_sql_servers_databases(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { @@ -76,6 +84,9 @@ class Test_sqlserver_tde_encrypted_with_cmk: def test_sql_servers_encryption_protector_service_managed(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) database = Database( @@ -125,7 +136,7 @@ class Test_sqlserver_tde_encrypted_with_cmk: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has TDE disabled without CMK." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has TDE disabled without CMK." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name @@ -134,6 +145,9 @@ class Test_sqlserver_tde_encrypted_with_cmk: def test_sql_servers_database_encryption_disabled(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) database = Database( @@ -183,7 +197,7 @@ class Test_sqlserver_tde_encrypted_with_cmk: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has TDE disabled with CMK." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has TDE disabled with CMK." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name @@ -192,6 +206,9 @@ class Test_sqlserver_tde_encrypted_with_cmk: def test_sql_servers_database_encryption_enabled(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) database = Database( @@ -241,7 +258,7 @@ class Test_sqlserver_tde_encrypted_with_cmk: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has TDE enabled with CMK." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has TDE enabled with CMK." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name diff --git a/tests/providers/azure/services/sqlserver/sqlserver_tde_encryption_enabled/sqlserver_tde_encryption_enabled_test.py b/tests/providers/azure/services/sqlserver/sqlserver_tde_encryption_enabled/sqlserver_tde_encryption_enabled_test.py index ff782535e5..3de0dae8aa 100644 --- a/tests/providers/azure/services/sqlserver/sqlserver_tde_encryption_enabled/sqlserver_tde_encryption_enabled_test.py +++ b/tests/providers/azure/services/sqlserver/sqlserver_tde_encryption_enabled/sqlserver_tde_encryption_enabled_test.py @@ -8,7 +8,9 @@ from prowler.providers.azure.services.sqlserver.sqlserver_service import ( Server, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -16,6 +18,9 @@ from tests.providers.azure.azure_fixtures import ( class Test_sqlserver_tde_encryption_enabled: def test_no_sql_servers(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sqlserver_client.sql_servers = {} with ( @@ -38,6 +43,9 @@ class Test_sqlserver_tde_encryption_enabled: def test_no_sql_servers_databases(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { @@ -76,6 +84,9 @@ class Test_sqlserver_tde_encryption_enabled: def test_sql_servers_database_encryption_disabled(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) database_name = "Database Name" @@ -125,7 +136,7 @@ class Test_sqlserver_tde_encryption_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Database {database_name} from SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has TDE disabled" + == f"Database {database_name} from SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has TDE disabled" ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == database_name @@ -134,6 +145,9 @@ class Test_sqlserver_tde_encryption_enabled: def test_sql_servers_database_encryption_enabled(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) database_name = "Database Name" @@ -183,7 +197,7 @@ class Test_sqlserver_tde_encryption_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Database {database_name} from SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has TDE enabled" + == f"Database {database_name} from SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has TDE enabled" ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == database_name @@ -192,6 +206,9 @@ class Test_sqlserver_tde_encryption_enabled: def test_sql_servers_database_encryption_disabled_on_master_db(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) database_master_name = "MASTER" @@ -251,7 +268,7 @@ class Test_sqlserver_tde_encryption_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Database {database_name} from SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has TDE enabled" + == f"Database {database_name} from SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has TDE enabled" ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == database_name diff --git a/tests/providers/azure/services/sqlserver/sqlserver_unrestricted_inbound_access/sqlserver_unrestricted_inbound_access_test.py b/tests/providers/azure/services/sqlserver/sqlserver_unrestricted_inbound_access/sqlserver_unrestricted_inbound_access_test.py index d3c951e6b3..744460a3f1 100644 --- a/tests/providers/azure/services/sqlserver/sqlserver_unrestricted_inbound_access/sqlserver_unrestricted_inbound_access_test.py +++ b/tests/providers/azure/services/sqlserver/sqlserver_unrestricted_inbound_access/sqlserver_unrestricted_inbound_access_test.py @@ -5,7 +5,9 @@ from azure.mgmt.sql.models import FirewallRule from prowler.providers.azure.services.sqlserver.sqlserver_service import Server from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -13,6 +15,9 @@ from tests.providers.azure.azure_fixtures import ( class Test_sqlserver_unrestricted_inbound_access: def test_no_sql_servers(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sqlserver_client.sql_servers = {} with ( @@ -35,6 +40,9 @@ class Test_sqlserver_unrestricted_inbound_access: def test_sql_servers_unrestricted_inbound_access(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { @@ -76,7 +84,7 @@ class Test_sqlserver_unrestricted_inbound_access: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has firewall rules allowing 0.0.0.0-255.255.255.255." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has firewall rules allowing 0.0.0.0-255.255.255.255." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name @@ -85,6 +93,9 @@ class Test_sqlserver_unrestricted_inbound_access: def test_sql_servers_restricted_inbound_access(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { @@ -126,7 +137,7 @@ class Test_sqlserver_unrestricted_inbound_access: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} does not have firewall rules allowing 0.0.0.0-255.255.255.255." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} does not have firewall rules allowing 0.0.0.0-255.255.255.255." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name diff --git a/tests/providers/azure/services/sqlserver/sqlserver_va_emails_notifications_admins_enabled/sqlserver_va_emails_notifications_admins_enabled_test.py b/tests/providers/azure/services/sqlserver/sqlserver_va_emails_notifications_admins_enabled/sqlserver_va_emails_notifications_admins_enabled_test.py index 917c7c9651..4c5f59e54c 100644 --- a/tests/providers/azure/services/sqlserver/sqlserver_va_emails_notifications_admins_enabled/sqlserver_va_emails_notifications_admins_enabled_test.py +++ b/tests/providers/azure/services/sqlserver/sqlserver_va_emails_notifications_admins_enabled/sqlserver_va_emails_notifications_admins_enabled_test.py @@ -8,7 +8,9 @@ from azure.mgmt.sql.models import ( from prowler.providers.azure.services.sqlserver.sqlserver_service import Server from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -16,6 +18,9 @@ from tests.providers.azure.azure_fixtures import ( class Test_sqlserver_va_emails_notifications_admins_enabled: def test_no_sql_servers(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sqlserver_client.sql_servers = {} with ( @@ -38,6 +43,9 @@ class Test_sqlserver_va_emails_notifications_admins_enabled: def test_sql_servers_no_vulnerability_assessment(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { @@ -78,7 +86,7 @@ class Test_sqlserver_va_emails_notifications_admins_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has vulnerability assessment disabled." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has vulnerability assessment disabled." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name @@ -87,6 +95,9 @@ class Test_sqlserver_va_emails_notifications_admins_enabled: def test_sql_servers_no_vulnerability_assessment_no_admin_emails(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { @@ -132,7 +143,7 @@ class Test_sqlserver_va_emails_notifications_admins_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has vulnerability assessment enabled but no scan reports configured for subscription admins." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has vulnerability assessment enabled but no scan reports configured for subscription admins." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name @@ -141,6 +152,9 @@ class Test_sqlserver_va_emails_notifications_admins_enabled: def test_sql_servers_vulnerability_assessment_admin_emails_false(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { @@ -186,7 +200,7 @@ class Test_sqlserver_va_emails_notifications_admins_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has vulnerability assessment enabled but no scan reports configured for subscription admins." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has vulnerability assessment enabled but no scan reports configured for subscription admins." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name @@ -195,6 +209,9 @@ class Test_sqlserver_va_emails_notifications_admins_enabled: def test_sql_servers_vulnerability_assessment_no_email_subscription_admins(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { @@ -240,7 +257,7 @@ class Test_sqlserver_va_emails_notifications_admins_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has vulnerability assessment enabled and scan reports configured for subscription admins." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has vulnerability assessment enabled and scan reports configured for subscription admins." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name diff --git a/tests/providers/azure/services/sqlserver/sqlserver_va_periodic_recurring_scans_enabled/sqlserver_va_periodic_recurring_scans_enabled_test.py b/tests/providers/azure/services/sqlserver/sqlserver_va_periodic_recurring_scans_enabled/sqlserver_va_periodic_recurring_scans_enabled_test.py index e9af2d8b23..dcdbad7aee 100644 --- a/tests/providers/azure/services/sqlserver/sqlserver_va_periodic_recurring_scans_enabled/sqlserver_va_periodic_recurring_scans_enabled_test.py +++ b/tests/providers/azure/services/sqlserver/sqlserver_va_periodic_recurring_scans_enabled/sqlserver_va_periodic_recurring_scans_enabled_test.py @@ -8,7 +8,9 @@ from azure.mgmt.sql.models import ( from prowler.providers.azure.services.sqlserver.sqlserver_service import Server from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -16,6 +18,9 @@ from tests.providers.azure.azure_fixtures import ( class Test_sqlserver_va_periodic_recurring_scans_enabled: def test_no_sql_servers(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sqlserver_client.sql_servers = {} with ( @@ -38,6 +43,9 @@ class Test_sqlserver_va_periodic_recurring_scans_enabled: def test_sql_servers_no_vulnerability_assessment(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { @@ -78,7 +86,7 @@ class Test_sqlserver_va_periodic_recurring_scans_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has vulnerability assessment disabled." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has vulnerability assessment disabled." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name @@ -87,6 +95,9 @@ class Test_sqlserver_va_periodic_recurring_scans_enabled: def test_sql_servers_no_vulnerability_assessment_storage_container_path(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { @@ -129,7 +140,7 @@ class Test_sqlserver_va_periodic_recurring_scans_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has vulnerability assessment disabled." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has vulnerability assessment disabled." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name @@ -138,6 +149,9 @@ class Test_sqlserver_va_periodic_recurring_scans_enabled: def test_sql_servers_vulnerability_assessment_recuring_scans_disabled(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { @@ -183,7 +197,7 @@ class Test_sqlserver_va_periodic_recurring_scans_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has vulnerability assessment enabled but no recurring scans." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has vulnerability assessment enabled but no recurring scans." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name @@ -192,6 +206,9 @@ class Test_sqlserver_va_periodic_recurring_scans_enabled: def test_sql_servers_vulnerability_assessment_recuring_scans_enabled(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { @@ -237,7 +254,7 @@ class Test_sqlserver_va_periodic_recurring_scans_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has periodic recurring scans enabled." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has periodic recurring scans enabled." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name diff --git a/tests/providers/azure/services/sqlserver/sqlserver_va_scan_reports_configured/sqlserver_va_scan_reports_configured_test.py b/tests/providers/azure/services/sqlserver/sqlserver_va_scan_reports_configured/sqlserver_va_scan_reports_configured_test.py index ee1c15cc68..b085147446 100644 --- a/tests/providers/azure/services/sqlserver/sqlserver_va_scan_reports_configured/sqlserver_va_scan_reports_configured_test.py +++ b/tests/providers/azure/services/sqlserver/sqlserver_va_scan_reports_configured/sqlserver_va_scan_reports_configured_test.py @@ -8,7 +8,9 @@ from azure.mgmt.sql.models import ( from prowler.providers.azure.services.sqlserver.sqlserver_service import Server from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -16,6 +18,9 @@ from tests.providers.azure.azure_fixtures import ( class Test_sqlserver_va_scan_reports_configured: def test_no_sql_servers(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sqlserver_client.sql_servers = {} with ( @@ -38,6 +43,9 @@ class Test_sqlserver_va_scan_reports_configured: def test_sql_servers_no_vulnerability_assessment(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { @@ -78,7 +86,7 @@ class Test_sqlserver_va_scan_reports_configured: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has vulnerability assessment disabled." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has vulnerability assessment disabled." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name @@ -87,6 +95,9 @@ class Test_sqlserver_va_scan_reports_configured: def test_sql_servers_no_vulnerability_assessment_emails(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { @@ -132,7 +143,7 @@ class Test_sqlserver_va_scan_reports_configured: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has vulnerability assessment enabled but no scan reports configured." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has vulnerability assessment enabled but no scan reports configured." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name @@ -141,6 +152,9 @@ class Test_sqlserver_va_scan_reports_configured: def test_sql_servers_vulnerability_assessment_emails_none(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { @@ -186,7 +200,7 @@ class Test_sqlserver_va_scan_reports_configured: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has vulnerability assessment enabled and scan reports configured." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has vulnerability assessment enabled and scan reports configured." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name @@ -195,6 +209,9 @@ class Test_sqlserver_va_scan_reports_configured: def test_sql_servers_vulnerability_assessment_no_email_subscription_admins(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { @@ -240,7 +257,7 @@ class Test_sqlserver_va_scan_reports_configured: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has vulnerability assessment enabled and scan reports configured." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has vulnerability assessment enabled and scan reports configured." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name @@ -249,6 +266,9 @@ class Test_sqlserver_va_scan_reports_configured: def test_sql_servers_vulnerability_assessment_both_emails(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) sqlserver_client.sql_servers = { @@ -294,7 +314,7 @@ class Test_sqlserver_va_scan_reports_configured: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has vulnerability assessment enabled and scan reports configured." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has vulnerability assessment enabled and scan reports configured." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name diff --git a/tests/providers/azure/services/sqlserver/sqlserver_vulnerability_assessment_enabled/sqlserver_vulnerability_assessment_enabled_test.py b/tests/providers/azure/services/sqlserver/sqlserver_vulnerability_assessment_enabled/sqlserver_vulnerability_assessment_enabled_test.py index cd0f881d0e..148b34c07b 100644 --- a/tests/providers/azure/services/sqlserver/sqlserver_vulnerability_assessment_enabled/sqlserver_vulnerability_assessment_enabled_test.py +++ b/tests/providers/azure/services/sqlserver/sqlserver_vulnerability_assessment_enabled/sqlserver_vulnerability_assessment_enabled_test.py @@ -12,7 +12,9 @@ from prowler.providers.azure.services.sqlserver.sqlserver_service import ( Server, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -20,6 +22,9 @@ from tests.providers.azure.azure_fixtures import ( class Test_sqlserver_vulnerability_assessment_enabled: def test_no_sql_servers(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sqlserver_client.sql_servers = {} with ( @@ -42,6 +47,9 @@ class Test_sqlserver_vulnerability_assessment_enabled: def test_sql_servers_no_vulnerability_assessment(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) database = Database( @@ -92,7 +100,7 @@ class Test_sqlserver_vulnerability_assessment_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has vulnerability assessment disabled." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has vulnerability assessment disabled." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name @@ -101,6 +109,9 @@ class Test_sqlserver_vulnerability_assessment_enabled: def test_sql_servers_no_vulnerability_assessment_path(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) database = Database( @@ -153,7 +164,7 @@ class Test_sqlserver_vulnerability_assessment_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has vulnerability assessment disabled." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has vulnerability assessment disabled." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name @@ -162,6 +173,9 @@ class Test_sqlserver_vulnerability_assessment_enabled: def test_sql_servers_vulnerability_assessment_enabled(self): sqlserver_client = mock.MagicMock + sqlserver_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } sql_server_name = "SQL Server Name" sql_server_id = str(uuid4()) database = Database( @@ -214,7 +228,7 @@ class Test_sqlserver_vulnerability_assessment_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_ID} has vulnerability assessment enabled." + == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has vulnerability assessment enabled." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == sql_server_name diff --git a/tests/providers/azure/services/storage/storage_account_key_access_disabled/storage_account_key_access_disabled_test.py b/tests/providers/azure/services/storage/storage_account_key_access_disabled/storage_account_key_access_disabled_test.py index 6593e90a6c..9eb232a456 100644 --- a/tests/providers/azure/services/storage/storage_account_key_access_disabled/storage_account_key_access_disabled_test.py +++ b/tests/providers/azure/services/storage/storage_account_key_access_disabled/storage_account_key_access_disabled_test.py @@ -6,7 +6,9 @@ from prowler.providers.azure.services.storage.storage_service import ( NetworkRuleSet, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -14,6 +16,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_storage_account_key_access_disabled: def test_no_storage_accounts(self): storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = {} with ( @@ -38,6 +41,7 @@ class Test_storage_account_key_access_disabled: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account" storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ Account( @@ -80,7 +84,7 @@ class Test_storage_account_key_access_disabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has shared key access enabled." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has shared key access enabled." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name @@ -91,6 +95,7 @@ class Test_storage_account_key_access_disabled: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account" storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ Account( @@ -133,7 +138,7 @@ class Test_storage_account_key_access_disabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has shared key access disabled." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has shared key access disabled." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name diff --git a/tests/providers/azure/services/storage/storage_blob_public_access_level_is_disabled/storage_blob_public_access_level_is_disabled_test.py b/tests/providers/azure/services/storage/storage_blob_public_access_level_is_disabled/storage_blob_public_access_level_is_disabled_test.py index 8aaa2768d5..12765c37a5 100644 --- a/tests/providers/azure/services/storage/storage_blob_public_access_level_is_disabled/storage_blob_public_access_level_is_disabled_test.py +++ b/tests/providers/azure/services/storage/storage_blob_public_access_level_is_disabled/storage_blob_public_access_level_is_disabled_test.py @@ -6,7 +6,9 @@ from prowler.providers.azure.services.storage.storage_service import ( NetworkRuleSet, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -14,6 +16,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_storage_blob_public_access_level_is_disabled: def test_storage_no_storage_accounts(self): storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = {} with ( @@ -38,6 +41,7 @@ class Test_storage_blob_public_access_level_is_disabled: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account" storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ Account( @@ -79,7 +83,7 @@ class Test_storage_blob_public_access_level_is_disabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has allow blob public access enabled." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has allow blob public access enabled." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name @@ -90,6 +94,7 @@ class Test_storage_blob_public_access_level_is_disabled: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account" storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ Account( @@ -131,7 +136,7 @@ class Test_storage_blob_public_access_level_is_disabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has allow blob public access disabled." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has allow blob public access disabled." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name diff --git a/tests/providers/azure/services/storage/storage_blob_versioning_is_enabled/storage_blob_versioning_is_enabled_test.py b/tests/providers/azure/services/storage/storage_blob_versioning_is_enabled/storage_blob_versioning_is_enabled_test.py index 357c63a935..b3b800a225 100644 --- a/tests/providers/azure/services/storage/storage_blob_versioning_is_enabled/storage_blob_versioning_is_enabled_test.py +++ b/tests/providers/azure/services/storage/storage_blob_versioning_is_enabled/storage_blob_versioning_is_enabled_test.py @@ -2,7 +2,9 @@ from unittest import mock from uuid import uuid4 from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -10,6 +12,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_storage_blob_versioning_is_enabled: def test_storage_no_storage_accounts(self): storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = {} with ( @@ -34,6 +37,7 @@ class Test_storage_blob_versioning_is_enabled: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account" storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_account_blob_properties = None with ( mock.patch( @@ -83,6 +87,7 @@ class Test_storage_blob_versioning_is_enabled: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account" storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( "prowler.providers.common.provider.Provider.get_global_provider", @@ -141,7 +146,7 @@ class Test_storage_blob_versioning_is_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has blob versioning enabled." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has blob versioning enabled." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name @@ -152,6 +157,7 @@ class Test_storage_blob_versioning_is_enabled: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account" storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( "prowler.providers.common.provider.Provider.get_global_provider", @@ -210,7 +216,7 @@ class Test_storage_blob_versioning_is_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} does not have blob versioning enabled." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} does not have blob versioning enabled." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name diff --git a/tests/providers/azure/services/storage/storage_cross_tenant_replication_disabled/storage_cross_tenant_replication_disabled_test.py b/tests/providers/azure/services/storage/storage_cross_tenant_replication_disabled/storage_cross_tenant_replication_disabled_test.py index e90665d613..e9c433afb4 100644 --- a/tests/providers/azure/services/storage/storage_cross_tenant_replication_disabled/storage_cross_tenant_replication_disabled_test.py +++ b/tests/providers/azure/services/storage/storage_cross_tenant_replication_disabled/storage_cross_tenant_replication_disabled_test.py @@ -6,7 +6,9 @@ from prowler.providers.azure.services.storage.storage_service import ( NetworkRuleSet, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -14,6 +16,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_storage_cross_tenant_replication_disabled: def test_no_storage_accounts(self): storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = {} with ( @@ -38,6 +41,7 @@ class Test_storage_cross_tenant_replication_disabled: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account" storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ Account( @@ -80,7 +84,7 @@ class Test_storage_cross_tenant_replication_disabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has cross-tenant replication enabled." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has cross-tenant replication enabled." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name @@ -91,6 +95,7 @@ class Test_storage_cross_tenant_replication_disabled: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account" storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ Account( @@ -133,7 +138,7 @@ class Test_storage_cross_tenant_replication_disabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has cross-tenant replication disabled." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has cross-tenant replication disabled." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name diff --git a/tests/providers/azure/services/storage/storage_default_network_access_rule_is_denied/storage_default_network_access_rule_is_denied_test.py b/tests/providers/azure/services/storage/storage_default_network_access_rule_is_denied/storage_default_network_access_rule_is_denied_test.py index 9c667b372d..68be9d87c6 100644 --- a/tests/providers/azure/services/storage/storage_default_network_access_rule_is_denied/storage_default_network_access_rule_is_denied_test.py +++ b/tests/providers/azure/services/storage/storage_default_network_access_rule_is_denied/storage_default_network_access_rule_is_denied_test.py @@ -6,7 +6,9 @@ from prowler.providers.azure.services.storage.storage_service import ( NetworkRuleSet, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -14,6 +16,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_storage_default_network_access_rule_is_denied: def test_storage_no_storage_accounts(self): storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = {} with ( @@ -38,6 +41,7 @@ class Test_storage_default_network_access_rule_is_denied: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account" storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ Account( @@ -79,7 +83,7 @@ class Test_storage_default_network_access_rule_is_denied: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has network access rule set to Allow." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has network access rule set to Allow." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name @@ -90,6 +94,7 @@ class Test_storage_default_network_access_rule_is_denied: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account" storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ Account( @@ -131,7 +136,7 @@ class Test_storage_default_network_access_rule_is_denied: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has network access rule set to Deny." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has network access rule set to Deny." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name diff --git a/tests/providers/azure/services/storage/storage_default_to_entra_authorization_enabled/storage_default_to_entra_authorization_enabled_test.py b/tests/providers/azure/services/storage/storage_default_to_entra_authorization_enabled/storage_default_to_entra_authorization_enabled_test.py index 99b7874250..33b20f0900 100644 --- a/tests/providers/azure/services/storage/storage_default_to_entra_authorization_enabled/storage_default_to_entra_authorization_enabled_test.py +++ b/tests/providers/azure/services/storage/storage_default_to_entra_authorization_enabled/storage_default_to_entra_authorization_enabled_test.py @@ -6,7 +6,9 @@ from prowler.providers.azure.services.storage.storage_service import ( NetworkRuleSet, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -14,6 +16,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_storage_default_to_entra_authorization_enabled: def test_no_storage_accounts(self): storage_client = mock.MagicMock() + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = {} with ( @@ -38,6 +41,7 @@ class Test_storage_default_to_entra_authorization_enabled: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account Entra Auth Enabled" storage_client = mock.MagicMock() + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ Account( @@ -80,7 +84,7 @@ class Test_storage_default_to_entra_authorization_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Default to Microsoft Entra authorization is enabled for storage account {storage_account_name}." + == f"Default to Microsoft Entra authorization is enabled for storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name @@ -91,6 +95,7 @@ class Test_storage_default_to_entra_authorization_enabled: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account Entra Auth Disabled" storage_client = mock.MagicMock() + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ Account( @@ -133,7 +138,7 @@ class Test_storage_default_to_entra_authorization_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Default to Microsoft Entra authorization is not enabled for storage account {storage_account_name}." + == f"Default to Microsoft Entra authorization is not enabled for storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name diff --git a/tests/providers/azure/services/storage/storage_ensure_azure_services_are_trusted_to_access_is_enabled/storage_ensure_azure_services_are_trusted_to_access_is_enabled_test.py b/tests/providers/azure/services/storage/storage_ensure_azure_services_are_trusted_to_access_is_enabled/storage_ensure_azure_services_are_trusted_to_access_is_enabled_test.py index d65978c2ff..8b2c19f41d 100644 --- a/tests/providers/azure/services/storage/storage_ensure_azure_services_are_trusted_to_access_is_enabled/storage_ensure_azure_services_are_trusted_to_access_is_enabled_test.py +++ b/tests/providers/azure/services/storage/storage_ensure_azure_services_are_trusted_to_access_is_enabled/storage_ensure_azure_services_are_trusted_to_access_is_enabled_test.py @@ -6,7 +6,9 @@ from prowler.providers.azure.services.storage.storage_service import ( NetworkRuleSet, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -14,6 +16,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_storage_ensure_azure_services_are_trusted_to_access_is_enabled: def test_storage_no_storage_accounts(self): storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = {} with ( @@ -38,6 +41,7 @@ class Test_storage_ensure_azure_services_are_trusted_to_access_is_enabled: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account" storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ Account( @@ -79,7 +83,7 @@ class Test_storage_ensure_azure_services_are_trusted_to_access_is_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} does not allow trusted Microsoft services to access this storage account." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} does not allow trusted Microsoft services to access this storage account." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name @@ -90,6 +94,7 @@ class Test_storage_ensure_azure_services_are_trusted_to_access_is_enabled: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account" storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ Account( @@ -131,7 +136,7 @@ class Test_storage_ensure_azure_services_are_trusted_to_access_is_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} allows trusted Microsoft services to access this storage account." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} allows trusted Microsoft services to access this storage account." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name diff --git a/tests/providers/azure/services/storage/storage_ensure_encryption_with_customer_managed_keys/storage_ensure_encryption_with_customer_managed_keys_test.py b/tests/providers/azure/services/storage/storage_ensure_encryption_with_customer_managed_keys/storage_ensure_encryption_with_customer_managed_keys_test.py index 7f9803800c..305f840729 100644 --- a/tests/providers/azure/services/storage/storage_ensure_encryption_with_customer_managed_keys/storage_ensure_encryption_with_customer_managed_keys_test.py +++ b/tests/providers/azure/services/storage/storage_ensure_encryption_with_customer_managed_keys/storage_ensure_encryption_with_customer_managed_keys_test.py @@ -6,7 +6,9 @@ from prowler.providers.azure.services.storage.storage_service import ( NetworkRuleSet, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -14,6 +16,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_storage_ensure_encryption_with_customer_managed_keys: def test_storage_no_storage_accounts(self): storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = {} with ( @@ -38,6 +41,7 @@ class Test_storage_ensure_encryption_with_customer_managed_keys: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account" storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ Account( @@ -79,7 +83,7 @@ class Test_storage_ensure_encryption_with_customer_managed_keys: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} does not encrypt with CMKs." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} does not encrypt with CMKs." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name @@ -90,6 +94,7 @@ class Test_storage_ensure_encryption_with_customer_managed_keys: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account" storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ Account( @@ -131,7 +136,7 @@ class Test_storage_ensure_encryption_with_customer_managed_keys: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} encrypts with CMKs." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} encrypts with CMKs." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name diff --git a/tests/providers/azure/services/storage/storage_ensure_file_shares_soft_delete_is_enabled/storage_ensure_file_shares_soft_delete_is_enabled_test.py b/tests/providers/azure/services/storage/storage_ensure_file_shares_soft_delete_is_enabled/storage_ensure_file_shares_soft_delete_is_enabled_test.py index e2c97b7e2e..56517e9e05 100644 --- a/tests/providers/azure/services/storage/storage_ensure_file_shares_soft_delete_is_enabled/storage_ensure_file_shares_soft_delete_is_enabled_test.py +++ b/tests/providers/azure/services/storage/storage_ensure_file_shares_soft_delete_is_enabled/storage_ensure_file_shares_soft_delete_is_enabled_test.py @@ -9,7 +9,9 @@ from prowler.providers.azure.services.storage.storage_service import ( SMBProtocolSettings, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -17,6 +19,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_storage_ensure_file_shares_soft_delete_is_enabled: def test_no_storage_accounts(self): storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = {} with ( @@ -41,6 +44,7 @@ class Test_storage_ensure_file_shares_soft_delete_is_enabled: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account" storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ Account( @@ -85,6 +89,7 @@ class Test_storage_ensure_file_shares_soft_delete_is_enabled: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account" storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} retention_policy = DeleteRetentionPolicy(enabled=False, days=0) file_service_properties = FileServiceProperties( id=f"/subscriptions/{AZURE_SUBSCRIPTION_ID}/resourceGroups/prowler-resource-group/providers/Microsoft.Storage/storageAccounts/{storage_account_name}/fileServices/default", @@ -137,7 +142,7 @@ class Test_storage_ensure_file_shares_soft_delete_is_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"File share soft delete is not enabled for storage account {storage_account_name}." + == f"File share soft delete is not enabled for storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name @@ -148,6 +153,7 @@ class Test_storage_ensure_file_shares_soft_delete_is_enabled: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account" storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} retention_policy = DeleteRetentionPolicy(enabled=True, days=7) file_service_properties = FileServiceProperties( id=f"/subscriptions/{AZURE_SUBSCRIPTION_ID}/resourceGroups/prowler-resource-group/providers/Microsoft.Storage/storageAccounts/{storage_account_name}/fileServices/default", @@ -200,7 +206,7 @@ class Test_storage_ensure_file_shares_soft_delete_is_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"File share soft delete is enabled for storage account {storage_account_name} with a retention period of {retention_policy.days} days." + == f"File share soft delete is enabled for storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} with a retention period of {retention_policy.days} days." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name diff --git a/tests/providers/azure/services/storage/storage_ensure_minimum_tls_version_12/storage_ensure_minimum_tls_version_12_test.py b/tests/providers/azure/services/storage/storage_ensure_minimum_tls_version_12/storage_ensure_minimum_tls_version_12_test.py index 16ffe488bb..c3ea126e22 100644 --- a/tests/providers/azure/services/storage/storage_ensure_minimum_tls_version_12/storage_ensure_minimum_tls_version_12_test.py +++ b/tests/providers/azure/services/storage/storage_ensure_minimum_tls_version_12/storage_ensure_minimum_tls_version_12_test.py @@ -6,7 +6,9 @@ from prowler.providers.azure.services.storage.storage_service import ( NetworkRuleSet, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -14,6 +16,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_storage_ensure_minimum_tls_version_12: def test_storage_no_storage_accounts(self): storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = {} with ( @@ -38,6 +41,7 @@ class Test_storage_ensure_minimum_tls_version_12: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account" storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ Account( @@ -79,7 +83,7 @@ class Test_storage_ensure_minimum_tls_version_12: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} does not have TLS version set to 1.2." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} does not have TLS version set to 1.2." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name @@ -90,6 +94,7 @@ class Test_storage_ensure_minimum_tls_version_12: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account" storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ Account( @@ -131,7 +136,7 @@ class Test_storage_ensure_minimum_tls_version_12: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has TLS version set to 1.2." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has TLS version set to 1.2." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name diff --git a/tests/providers/azure/services/storage/storage_ensure_private_endpoints_in_storage_accounts/storage_ensure_private_endpoints_in_storage_accounts_test.py b/tests/providers/azure/services/storage/storage_ensure_private_endpoints_in_storage_accounts/storage_ensure_private_endpoints_in_storage_accounts_test.py index 2652085907..5f3d2581fd 100644 --- a/tests/providers/azure/services/storage/storage_ensure_private_endpoints_in_storage_accounts/storage_ensure_private_endpoints_in_storage_accounts_test.py +++ b/tests/providers/azure/services/storage/storage_ensure_private_endpoints_in_storage_accounts/storage_ensure_private_endpoints_in_storage_accounts_test.py @@ -7,7 +7,9 @@ from prowler.providers.azure.services.storage.storage_service import ( PrivateEndpointConnection, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -15,6 +17,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_storage_ensure_private_endpoints_in_storage_accounts: def test_storage_ensure_private_endpoints_in_storage_accounts(self): storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = {} with ( @@ -41,6 +44,7 @@ class Test_storage_ensure_private_endpoints_in_storage_accounts: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account" storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ Account( @@ -82,7 +86,7 @@ class Test_storage_ensure_private_endpoints_in_storage_accounts: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} does not have private endpoint connections." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} does not have private endpoint connections." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name @@ -95,6 +99,7 @@ class Test_storage_ensure_private_endpoints_in_storage_accounts: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account" storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ Account( @@ -142,7 +147,7 @@ class Test_storage_ensure_private_endpoints_in_storage_accounts: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has private endpoint connections." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has private endpoint connections." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name diff --git a/tests/providers/azure/services/storage/storage_ensure_soft_delete_is_enabled/storage_ensure_soft_delete_is_enabled_test.py b/tests/providers/azure/services/storage/storage_ensure_soft_delete_is_enabled/storage_ensure_soft_delete_is_enabled_test.py index acb5920815..c6f2d27e0f 100644 --- a/tests/providers/azure/services/storage/storage_ensure_soft_delete_is_enabled/storage_ensure_soft_delete_is_enabled_test.py +++ b/tests/providers/azure/services/storage/storage_ensure_soft_delete_is_enabled/storage_ensure_soft_delete_is_enabled_test.py @@ -8,7 +8,9 @@ from prowler.providers.azure.services.storage.storage_service import ( NetworkRuleSet, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -16,6 +18,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_storage_ensure_soft_delete_is_enabled: def test_storage_no_storage_accounts(self): storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = {} with ( @@ -40,6 +43,7 @@ class Test_storage_ensure_soft_delete_is_enabled: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account" storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_account_blob_properties = None storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ @@ -87,6 +91,7 @@ class Test_storage_ensure_soft_delete_is_enabled: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account" storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_account_blob_properties = BlobProperties( id="id", name="name", @@ -139,7 +144,7 @@ class Test_storage_ensure_soft_delete_is_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has soft delete disabled." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has soft delete disabled." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name @@ -152,6 +157,7 @@ class Test_storage_ensure_soft_delete_is_enabled: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account" storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_account_blob_properties = BlobProperties( id="id", name="name", @@ -204,7 +210,7 @@ class Test_storage_ensure_soft_delete_is_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has soft delete enabled." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has soft delete enabled." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name diff --git a/tests/providers/azure/services/storage/storage_geo_redundant_enabled/storage_geo_redundant_enabled_test.py b/tests/providers/azure/services/storage/storage_geo_redundant_enabled/storage_geo_redundant_enabled_test.py index cfe2f5a00b..cabf9bbd5c 100644 --- a/tests/providers/azure/services/storage/storage_geo_redundant_enabled/storage_geo_redundant_enabled_test.py +++ b/tests/providers/azure/services/storage/storage_geo_redundant_enabled/storage_geo_redundant_enabled_test.py @@ -6,7 +6,9 @@ from prowler.providers.azure.services.storage.storage_service import ( NetworkRuleSet, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -14,6 +16,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_storage_geo_redundant_enabled: def test_no_storage_accounts(self): storage_client = mock.MagicMock() + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = {} with ( @@ -38,6 +41,7 @@ class Test_storage_geo_redundant_enabled: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account GRS" storage_client = mock.MagicMock() + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} replication_setting = "Standard_GRS" storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ @@ -81,7 +85,7 @@ class Test_storage_geo_redundant_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has Geo-redundant storage {replication_setting} enabled." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has Geo-redundant storage {replication_setting} enabled." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name @@ -92,6 +96,7 @@ class Test_storage_geo_redundant_enabled: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account RAGRS" storage_client = mock.MagicMock() + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} replication_setting = "Standard_RAGRS" storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ @@ -135,7 +140,7 @@ class Test_storage_geo_redundant_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has Geo-redundant storage {replication_setting} enabled." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has Geo-redundant storage {replication_setting} enabled." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name @@ -146,6 +151,7 @@ class Test_storage_geo_redundant_enabled: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account GZRS" storage_client = mock.MagicMock() + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} replication_setting = "Standard_GZRS" storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ @@ -189,7 +195,7 @@ class Test_storage_geo_redundant_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has Geo-redundant storage {replication_setting} enabled." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has Geo-redundant storage {replication_setting} enabled." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name @@ -200,6 +206,7 @@ class Test_storage_geo_redundant_enabled: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account RAGZRS" storage_client = mock.MagicMock() + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} replication_setting = "Standard_RAGZRS" storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ @@ -243,7 +250,7 @@ class Test_storage_geo_redundant_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has Geo-redundant storage {replication_setting} enabled." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has Geo-redundant storage {replication_setting} enabled." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name @@ -254,6 +261,7 @@ class Test_storage_geo_redundant_enabled: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account LRS" storage_client = mock.MagicMock() + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} replication_setting = "Standard_LRS" storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ @@ -297,7 +305,7 @@ class Test_storage_geo_redundant_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} does not have Geo-redundant storage enabled, it has {replication_setting} instead." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} does not have Geo-redundant storage enabled, it has {replication_setting} instead." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name @@ -308,6 +316,7 @@ class Test_storage_geo_redundant_enabled: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account ZRS" storage_client = mock.MagicMock() + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} replication_setting = "Standard_ZRS" storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ @@ -351,7 +360,7 @@ class Test_storage_geo_redundant_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} does not have Geo-redundant storage enabled, it has {replication_setting} instead." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} does not have Geo-redundant storage enabled, it has {replication_setting} instead." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name @@ -362,6 +371,7 @@ class Test_storage_geo_redundant_enabled: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account Premium LRS" storage_client = mock.MagicMock() + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} replication_setting = "Premium_LRS" storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ @@ -405,7 +415,7 @@ class Test_storage_geo_redundant_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} does not have Geo-redundant storage enabled, it has {replication_setting} instead." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} does not have Geo-redundant storage enabled, it has {replication_setting} instead." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name @@ -416,6 +426,7 @@ class Test_storage_geo_redundant_enabled: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account Premium ZRS" storage_client = mock.MagicMock() + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} replication_setting = "Premium_ZRS" storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ @@ -459,7 +470,7 @@ class Test_storage_geo_redundant_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} does not have Geo-redundant storage enabled, it has {replication_setting} instead." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} does not have Geo-redundant storage enabled, it has {replication_setting} instead." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name diff --git a/tests/providers/azure/services/storage/storage_infrastructure_encryption_is_enabled/storage_infrastructure_encryption_is_enabled_test.py b/tests/providers/azure/services/storage/storage_infrastructure_encryption_is_enabled/storage_infrastructure_encryption_is_enabled_test.py index c66fe2dcfd..91a59f101f 100644 --- a/tests/providers/azure/services/storage/storage_infrastructure_encryption_is_enabled/storage_infrastructure_encryption_is_enabled_test.py +++ b/tests/providers/azure/services/storage/storage_infrastructure_encryption_is_enabled/storage_infrastructure_encryption_is_enabled_test.py @@ -6,7 +6,9 @@ from prowler.providers.azure.services.storage.storage_service import ( NetworkRuleSet, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -14,6 +16,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_storage_infrastructure_encryption_is_enabled: def test_storage_no_storage_accounts(self): storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = {} with ( @@ -38,6 +41,7 @@ class Test_storage_infrastructure_encryption_is_enabled: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account" storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ Account( @@ -79,7 +83,7 @@ class Test_storage_infrastructure_encryption_is_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has infrastructure encryption disabled." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has infrastructure encryption disabled." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name @@ -90,6 +94,7 @@ class Test_storage_infrastructure_encryption_is_enabled: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account" storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ Account( @@ -131,7 +136,7 @@ class Test_storage_infrastructure_encryption_is_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has infrastructure encryption enabled." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has infrastructure encryption enabled." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name diff --git a/tests/providers/azure/services/storage/storage_key_rotation_90_days/storage_key_rotation_90_days_test.py b/tests/providers/azure/services/storage/storage_key_rotation_90_days/storage_key_rotation_90_days_test.py index 480a0737dc..8f5df69f72 100644 --- a/tests/providers/azure/services/storage/storage_key_rotation_90_days/storage_key_rotation_90_days_test.py +++ b/tests/providers/azure/services/storage/storage_key_rotation_90_days/storage_key_rotation_90_days_test.py @@ -6,7 +6,9 @@ from prowler.providers.azure.services.storage.storage_service import ( NetworkRuleSet, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -14,6 +16,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_storage_key_rotation_90_dayss: def test_storage_no_storage_accounts(self): storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = {} with ( @@ -39,6 +42,7 @@ class Test_storage_key_rotation_90_dayss: storage_account_name = "Test Storage Account" expiration_days = 91 storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ Account( @@ -80,7 +84,7 @@ class Test_storage_key_rotation_90_dayss: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has an invalid key expiration period of {expiration_days} days." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has an invalid key expiration period of {expiration_days} days." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name @@ -92,6 +96,7 @@ class Test_storage_key_rotation_90_dayss: storage_account_name = "Test Storage Account" expiration_days = 90 storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ Account( @@ -133,7 +138,7 @@ class Test_storage_key_rotation_90_dayss: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has a key expiration period of {expiration_days} days." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has a key expiration period of {expiration_days} days." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name @@ -144,6 +149,7 @@ class Test_storage_key_rotation_90_dayss: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account" storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ Account( @@ -185,7 +191,7 @@ class Test_storage_key_rotation_90_dayss: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has no key expiration period set." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has no key expiration period set." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name diff --git a/tests/providers/azure/services/storage/storage_secure_transfer_required_is_enabled/storage_secure_transfer_required_is_enabled_test.py b/tests/providers/azure/services/storage/storage_secure_transfer_required_is_enabled/storage_secure_transfer_required_is_enabled_test.py index cd3c8ab408..0143153caf 100644 --- a/tests/providers/azure/services/storage/storage_secure_transfer_required_is_enabled/storage_secure_transfer_required_is_enabled_test.py +++ b/tests/providers/azure/services/storage/storage_secure_transfer_required_is_enabled/storage_secure_transfer_required_is_enabled_test.py @@ -6,7 +6,9 @@ from prowler.providers.azure.services.storage.storage_service import ( NetworkRuleSet, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -14,6 +16,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_storage_secure_transfer_required_is_enabled: def test_storage_no_storage_accounts(self): storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = {} with ( @@ -38,6 +41,7 @@ class Test_storage_secure_transfer_required_is_enabled: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account" storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ Account( @@ -79,7 +83,7 @@ class Test_storage_secure_transfer_required_is_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has secure transfer required disabled." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has secure transfer required disabled." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name @@ -90,6 +94,7 @@ class Test_storage_secure_transfer_required_is_enabled: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account" storage_client = mock.MagicMock + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ Account( @@ -131,7 +136,7 @@ class Test_storage_secure_transfer_required_is_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has secure transfer required enabled." + == f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has secure transfer required enabled." ) assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].resource_name == storage_account_name diff --git a/tests/providers/azure/services/storage/storage_smb_channel_encryption_with_secure_algorithm/storage_smb_channel_encryption_with_secure_algorithm_test.py b/tests/providers/azure/services/storage/storage_smb_channel_encryption_with_secure_algorithm/storage_smb_channel_encryption_with_secure_algorithm_test.py index db82c09df4..49bc32ba26 100644 --- a/tests/providers/azure/services/storage/storage_smb_channel_encryption_with_secure_algorithm/storage_smb_channel_encryption_with_secure_algorithm_test.py +++ b/tests/providers/azure/services/storage/storage_smb_channel_encryption_with_secure_algorithm/storage_smb_channel_encryption_with_secure_algorithm_test.py @@ -9,7 +9,9 @@ from prowler.providers.azure.services.storage.storage_service import ( SMBProtocolSettings, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -17,6 +19,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_storage_smb_channel_encryption_with_secure_algorithm: def test_no_storage_accounts(self): storage_client = mock.MagicMock() + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = {} with ( mock.patch( @@ -40,6 +43,7 @@ class Test_storage_smb_channel_encryption_with_secure_algorithm: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account" storage_client = mock.MagicMock() + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ Account( @@ -92,6 +96,7 @@ class Test_storage_smb_channel_encryption_with_secure_algorithm: ), ) storage_client = mock.MagicMock() + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ Account( @@ -132,7 +137,7 @@ class Test_storage_smb_channel_encryption_with_secure_algorithm: assert len(result) == 1 assert result[0].status == "FAIL" assert result[0].status_extended == ( - f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} does not have SMB channel encryption enabled for file shares." + f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} does not have SMB channel encryption enabled for file shares." ) def test_not_recommended_encryption(self): @@ -148,6 +153,7 @@ class Test_storage_smb_channel_encryption_with_secure_algorithm: ), ) storage_client = mock.MagicMock() + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ Account( @@ -188,7 +194,7 @@ class Test_storage_smb_channel_encryption_with_secure_algorithm: assert len(result) == 1 assert result[0].status == "FAIL" assert result[0].status_extended == ( - f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} does not have SMB channel encryption with a secure algorithm for file shares since it supports AES-128-GCM." + f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} does not have SMB channel encryption with a secure algorithm for file shares since it supports AES-128-GCM." ) def test_recommended_encryption(self): @@ -204,6 +210,7 @@ class Test_storage_smb_channel_encryption_with_secure_algorithm: ), ) storage_client = mock.MagicMock() + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ Account( @@ -244,5 +251,5 @@ class Test_storage_smb_channel_encryption_with_secure_algorithm: assert len(result) == 1 assert result[0].status == "PASS" assert result[0].status_extended == ( - f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} has a secure algorithm for SMB channel encryption (AES-256-GCM) enabled for file shares since it supports AES-256-GCM." + f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} has a secure algorithm for SMB channel encryption (AES-256-GCM) enabled for file shares since it supports AES-256-GCM." ) diff --git a/tests/providers/azure/services/storage/storage_smb_protocol_version_is_latest/storage_smb_protocol_version_is_latest_test.py b/tests/providers/azure/services/storage/storage_smb_protocol_version_is_latest/storage_smb_protocol_version_is_latest_test.py index 4194c7ae55..33b83fcca8 100644 --- a/tests/providers/azure/services/storage/storage_smb_protocol_version_is_latest/storage_smb_protocol_version_is_latest_test.py +++ b/tests/providers/azure/services/storage/storage_smb_protocol_version_is_latest/storage_smb_protocol_version_is_latest_test.py @@ -9,7 +9,9 @@ from prowler.providers.azure.services.storage.storage_service import ( SMBProtocolSettings, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -17,6 +19,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_storage_smb_protocol_version_is_latest: def test_no_storage_accounts(self): storage_client = mock.MagicMock() + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = {} with ( mock.patch( @@ -40,6 +43,7 @@ class Test_storage_smb_protocol_version_is_latest: storage_account_id = str(uuid4()) storage_account_name = "Test Storage Account" storage_client = mock.MagicMock() + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ Account( @@ -92,6 +96,7 @@ class Test_storage_smb_protocol_version_is_latest: ), ) storage_client = mock.MagicMock() + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ Account( @@ -132,7 +137,7 @@ class Test_storage_smb_protocol_version_is_latest: assert len(result) == 1 assert result[0].status == "PASS" assert ( - f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} allows only the latest SMB protocol version (SMB3.1.1) for file shares." + f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} allows only the latest SMB protocol version (SMB3.1.1) for file shares." in result[0].status_extended ) @@ -149,6 +154,7 @@ class Test_storage_smb_protocol_version_is_latest: ), ) storage_client = mock.MagicMock() + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ Account( @@ -189,7 +195,7 @@ class Test_storage_smb_protocol_version_is_latest: assert len(result) == 1 assert result[0].status == "FAIL" assert ( - f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} allows SMB protocol versions: SMB2.1, SMB3.1.1. Only the latest SMB protocol version (SMB3.1.1) should be allowed." + f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} allows SMB protocol versions: SMB2.1, SMB3.1.1. Only the latest SMB protocol version (SMB3.1.1) should be allowed." in result[0].status_extended ) @@ -206,6 +212,7 @@ class Test_storage_smb_protocol_version_is_latest: ), ) storage_client = mock.MagicMock() + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ Account( @@ -258,6 +265,7 @@ class Test_storage_smb_protocol_version_is_latest: ), ) storage_client = mock.MagicMock() + storage_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} storage_client.storage_accounts = { AZURE_SUBSCRIPTION_ID: [ Account( @@ -298,6 +306,6 @@ class Test_storage_smb_protocol_version_is_latest: assert len(result) == 1 assert result[0].status == "FAIL" assert ( - f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_ID} allows SMB protocol versions: SMB3.1.1, SMB3.0. Only the latest SMB protocol version (SMB3.1.1) should be allowed." + f"Storage account {storage_account_name} from subscription {AZURE_SUBSCRIPTION_DISPLAY} allows SMB protocol versions: SMB3.1.1, SMB3.0. Only the latest SMB protocol version (SMB3.1.1) should be allowed." in result[0].status_extended ) diff --git a/tests/providers/azure/services/vm/vm_backup_enabled/vm_backup_enabled_test.py b/tests/providers/azure/services/vm/vm_backup_enabled/vm_backup_enabled_test.py index a99be2ea54..0992055930 100644 --- a/tests/providers/azure/services/vm/vm_backup_enabled/vm_backup_enabled_test.py +++ b/tests/providers/azure/services/vm/vm_backup_enabled/vm_backup_enabled_test.py @@ -2,7 +2,9 @@ from unittest import mock from uuid import uuid4 from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -10,7 +12,9 @@ from tests.providers.azure.azure_fixtures import ( class Test_vm_backup_enabled: def test_vm_backup_enabled_no_subscriptions(self): vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} recovery_client = mock.MagicMock + recovery_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = {} recovery_client.vaults = {} @@ -38,8 +42,12 @@ class Test_vm_backup_enabled: def test_no_vms(self): mock_vm_client = mock.MagicMock() + mock_vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} mock_vm_client.virtual_machines = {AZURE_SUBSCRIPTION_ID: {}} mock_recovery_client = mock.MagicMock() + mock_recovery_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } mock_recovery_client.vaults = {AZURE_SUBSCRIPTION_ID: {}} with ( mock.patch( @@ -69,7 +77,11 @@ class Test_vm_backup_enabled: vault_id = str(uuid4()) vault_name = "vault1" mock_vm_client = mock.MagicMock() + mock_vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} mock_recovery_client = mock.MagicMock() + mock_recovery_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } with ( mock.patch( "prowler.providers.common.provider.Provider.get_global_provider", @@ -139,7 +151,7 @@ class Test_vm_backup_enabled: assert result[0].resource_id == vm_id assert ( result[0].status_extended - == f"VM {vm_name} in subscription {AZURE_SUBSCRIPTION_ID} is protected by Azure Backup (vault: {vault_name})." + == f"VM {vm_name} in subscription {AZURE_SUBSCRIPTION_DISPLAY} is protected by Azure Backup (vault: {vault_name})." ) def test_vm_not_protected_by_backup(self): @@ -148,7 +160,11 @@ class Test_vm_backup_enabled: vault_id = str(uuid4()) vault_name = "vault1" mock_vm_client = mock.MagicMock() + mock_vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} mock_recovery_client = mock.MagicMock() + mock_recovery_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } with ( mock.patch( "prowler.providers.common.provider.Provider.get_global_provider", @@ -218,7 +234,7 @@ class Test_vm_backup_enabled: assert result[0].resource_id == vm_id assert ( result[0].status_extended - == f"VM {vm_name} in subscription {AZURE_SUBSCRIPTION_ID} is not protected by Azure Backup." + == f"VM {vm_name} in subscription {AZURE_SUBSCRIPTION_DISPLAY} is not protected by Azure Backup." ) def test_vm_protected_by_backup_case_insensitive(self): @@ -227,7 +243,11 @@ class Test_vm_backup_enabled: vault_id = str(uuid4()) vault_name = "vault1" mock_vm_client = mock.MagicMock() + mock_vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} mock_recovery_client = mock.MagicMock() + mock_recovery_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } with ( mock.patch( "prowler.providers.common.provider.Provider.get_global_provider", @@ -297,7 +317,7 @@ class Test_vm_backup_enabled: assert result[0].resource_id == vm_id assert ( result[0].status_extended - == f"VM {vm_name} in subscription {AZURE_SUBSCRIPTION_ID} is protected by Azure Backup (vault: {vault_name})." + == f"VM {vm_name} in subscription {AZURE_SUBSCRIPTION_DISPLAY} is protected by Azure Backup (vault: {vault_name})." ) def test_vm_protected_by_backup_non_vm_workload(self): @@ -306,7 +326,11 @@ class Test_vm_backup_enabled: vault_id = str(uuid4()) vault_name = "vault1" mock_vm_client = mock.MagicMock() + mock_vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} mock_recovery_client = mock.MagicMock() + mock_recovery_client.subscriptions = { + AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME + } with ( mock.patch( "prowler.providers.common.provider.Provider.get_global_provider", @@ -376,5 +400,5 @@ class Test_vm_backup_enabled: assert result[0].resource_id == vm_id assert ( result[0].status_extended - == f"VM {vm_name} in subscription {AZURE_SUBSCRIPTION_ID} is not protected by Azure Backup." + == f"VM {vm_name} in subscription {AZURE_SUBSCRIPTION_DISPLAY} is not protected by Azure Backup." ) diff --git a/tests/providers/azure/services/vm/vm_desired_sku_size/vm_desired_sku_size_test.py b/tests/providers/azure/services/vm/vm_desired_sku_size/vm_desired_sku_size_test.py index 26f548bbc1..ca86d36b0e 100644 --- a/tests/providers/azure/services/vm/vm_desired_sku_size/vm_desired_sku_size_test.py +++ b/tests/providers/azure/services/vm/vm_desired_sku_size/vm_desired_sku_size_test.py @@ -8,7 +8,9 @@ from prowler.providers.azure.services.vm.vm_service import ( VirtualMachine, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -17,6 +19,7 @@ class Test_vm_desired_sku_size: def test_vm_no_subscriptions(self): """Test when there are no subscriptions.""" vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = {} vm_client.audit_config = {} @@ -41,6 +44,7 @@ class Test_vm_desired_sku_size: def test_vm_subscriptions_empty(self): """Test when subscriptions exist but have no VMs.""" vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = {AZURE_SUBSCRIPTION_ID: {}} vm_client.audit_config = {} @@ -66,6 +70,7 @@ class Test_vm_desired_sku_size: """Test VM using a SKU size that is in the default configuration.""" vm_id = str(uuid4()) vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = { AZURE_SUBSCRIPTION_ID: { vm_id: VirtualMachine( @@ -113,13 +118,14 @@ class Test_vm_desired_sku_size: assert result[0].resource_id == vm_id assert ( result[0].status_extended - == f"VM VMTest is using desired SKU size Standard_A8_v2 in subscription {AZURE_SUBSCRIPTION_ID}." + == f"VM VMTest is using desired SKU size Standard_A8_v2 in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_vm_using_desired_sku_size_custom_config(self): """Test VM using a SKU size that is in the custom configuration.""" vm_id = str(uuid4()) vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = { AZURE_SUBSCRIPTION_ID: { vm_id: VirtualMachine( @@ -169,13 +175,14 @@ class Test_vm_desired_sku_size: assert result[0].resource_id == vm_id assert ( result[0].status_extended - == f"VM VMTest is using desired SKU size Standard_B1s in subscription {AZURE_SUBSCRIPTION_ID}." + == f"VM VMTest is using desired SKU size Standard_B1s in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_vm_using_non_desired_sku_size_default_config(self): """Test VM using a SKU size that is not in the default configuration.""" vm_id = str(uuid4()) vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = { AZURE_SUBSCRIPTION_ID: { vm_id: VirtualMachine( @@ -223,13 +230,14 @@ class Test_vm_desired_sku_size: assert result[0].resource_id == vm_id assert ( result[0].status_extended - == f"VM VMTest is using Standard_B1s which is not a desired SKU size in subscription {AZURE_SUBSCRIPTION_ID}." + == f"VM VMTest is using Standard_B1s which is not a desired SKU size in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_vm_using_non_desired_sku_size_custom_config(self): """Test VM using a SKU size that is not in the custom configuration.""" vm_id = str(uuid4()) vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = { AZURE_SUBSCRIPTION_ID: { vm_id: VirtualMachine( @@ -279,13 +287,14 @@ class Test_vm_desired_sku_size: assert result[0].resource_id == vm_id assert ( result[0].status_extended - == f"VM VMTest is using Standard_A8_v2 which is not a desired SKU size in subscription {AZURE_SUBSCRIPTION_ID}." + == f"VM VMTest is using Standard_A8_v2 which is not a desired SKU size in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_vm_with_none_vm_size(self): """Test VM with None vm_size.""" vm_id = str(uuid4()) vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = { AZURE_SUBSCRIPTION_ID: { vm_id: VirtualMachine( @@ -333,7 +342,7 @@ class Test_vm_desired_sku_size: assert result[0].resource_id == vm_id assert ( result[0].status_extended - == f"VM VMTest is using None which is not a desired SKU size in subscription {AZURE_SUBSCRIPTION_ID}." + == f"VM VMTest is using None which is not a desired SKU size in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_multiple_vms_different_statuses(self): @@ -343,6 +352,7 @@ class Test_vm_desired_sku_size: vm_id_3 = str(uuid4()) vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = { AZURE_SUBSCRIPTION_ID: { vm_id_1: VirtualMachine( @@ -433,7 +443,7 @@ class Test_vm_desired_sku_size: assert pass_result.resource_id == vm_id_1 assert ( pass_result.status_extended - == f"VM VMApproved is using desired SKU size Standard_A8_v2 in subscription {AZURE_SUBSCRIPTION_ID}." + == f"VM VMApproved is using desired SKU size Standard_A8_v2 in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) # Find the FAIL result @@ -446,7 +456,7 @@ class Test_vm_desired_sku_size: assert fail_result.resource_id == vm_id_2 assert ( fail_result.status_extended - == f"VM VMNotApproved is using Standard_B1s which is not a desired SKU size in subscription {AZURE_SUBSCRIPTION_ID}." + == f"VM VMNotApproved is using Standard_B1s which is not a desired SKU size in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) # Find the second PASS result @@ -459,7 +469,7 @@ class Test_vm_desired_sku_size: assert pass_result_2.resource_id == vm_id_3 assert ( pass_result_2.status_extended - == f"VM VMAnotherApproved is using desired SKU size Standard_DS3_v2 in subscription {AZURE_SUBSCRIPTION_ID}." + == f"VM VMAnotherApproved is using desired SKU size Standard_DS3_v2 in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_multiple_subscriptions(self): @@ -469,6 +479,7 @@ class Test_vm_desired_sku_size: subscription_2 = "subscription-2" vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = { AZURE_SUBSCRIPTION_ID: { vm_id_1: VirtualMachine( @@ -553,6 +564,7 @@ class Test_vm_desired_sku_size: """Test when the desired SKU sizes configuration is empty.""" vm_id = str(uuid4()) vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = { AZURE_SUBSCRIPTION_ID: { vm_id: VirtualMachine( @@ -600,13 +612,14 @@ class Test_vm_desired_sku_size: assert result[0].resource_id == vm_id assert ( result[0].status_extended - == f"VM VMTest is using Standard_A8_v2 which is not a desired SKU size in subscription {AZURE_SUBSCRIPTION_ID}." + == f"VM VMTest is using Standard_A8_v2 which is not a desired SKU size in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_case_sensitive_sku_size_matching(self): """Test that SKU size matching is case sensitive.""" vm_id = str(uuid4()) vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = { AZURE_SUBSCRIPTION_ID: { vm_id: VirtualMachine( @@ -656,5 +669,5 @@ class Test_vm_desired_sku_size: assert result[0].resource_id == vm_id assert ( result[0].status_extended - == f"VM VMTest is using standard_a8_v2 which is not a desired SKU size in subscription {AZURE_SUBSCRIPTION_ID}." + == f"VM VMTest is using standard_a8_v2 which is not a desired SKU size in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) diff --git a/tests/providers/azure/services/vm/vm_ensure_attached_disks_encrypted_with_cmk/vm_ensure_attached_disks_encrypted_with_cmk_test.py b/tests/providers/azure/services/vm/vm_ensure_attached_disks_encrypted_with_cmk/vm_ensure_attached_disks_encrypted_with_cmk_test.py index 1eb8da64c4..98b14125bf 100644 --- a/tests/providers/azure/services/vm/vm_ensure_attached_disks_encrypted_with_cmk/vm_ensure_attached_disks_encrypted_with_cmk_test.py +++ b/tests/providers/azure/services/vm/vm_ensure_attached_disks_encrypted_with_cmk/vm_ensure_attached_disks_encrypted_with_cmk_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.services.vm.vm_service import Disk from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_vm_ensure_attached_disks_encrypted_with_cmk: def test_vm_no_subscriptions(self): vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.disks = {} with ( @@ -33,6 +36,7 @@ class Test_vm_ensure_attached_disks_encrypted_with_cmk: def test_vm_subscription_empty(self): vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.disks = {AZURE_SUBSCRIPTION_ID: {}} with ( @@ -57,6 +61,7 @@ class Test_vm_ensure_attached_disks_encrypted_with_cmk: disk_id = str(uuid4()) resource_id = str(uuid4()) vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.disks = { AZURE_SUBSCRIPTION_ID: { disk_id: Disk( @@ -93,13 +98,14 @@ class Test_vm_ensure_attached_disks_encrypted_with_cmk: assert result[0].location == "location" assert ( result[0].status_extended - == f"Disk '{disk_id}' is not encrypted with a customer-managed key in subscription {AZURE_SUBSCRIPTION_ID}." + == f"Disk '{disk_id}' is not encrypted with a customer-managed key in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_vm_subscription_one_disk_attached_encrypt_cmk(self): disk_id = str(uuid4()) resource_id = str(uuid4()) vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.disks = { AZURE_SUBSCRIPTION_ID: { disk_id: Disk( @@ -136,7 +142,7 @@ class Test_vm_ensure_attached_disks_encrypted_with_cmk: assert result[0].location == "location" assert ( result[0].status_extended - == f"Disk '{disk_id}' is encrypted with a customer-managed key in subscription {AZURE_SUBSCRIPTION_ID}." + == f"Disk '{disk_id}' is encrypted with a customer-managed key in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_vm_subscription_two_disk_attached_encrypt_cmk_and_pk(self): @@ -145,6 +151,7 @@ class Test_vm_ensure_attached_disks_encrypted_with_cmk: disk_id_2 = str(uuid4()) resource_id_2 = str(uuid4()) vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.disks = { AZURE_SUBSCRIPTION_ID: { disk_id_1: Disk( @@ -188,7 +195,7 @@ class Test_vm_ensure_attached_disks_encrypted_with_cmk: assert result[0].location == "location" assert ( result[0].status_extended - == f"Disk '{disk_id_1}' is not encrypted with a customer-managed key in subscription {AZURE_SUBSCRIPTION_ID}." + == f"Disk '{disk_id_1}' is not encrypted with a customer-managed key in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) assert result[1].status == "PASS" assert result[1].resource_id == resource_id_2 @@ -196,13 +203,14 @@ class Test_vm_ensure_attached_disks_encrypted_with_cmk: assert result[1].location == "location2" assert ( result[1].status_extended - == f"Disk '{disk_id_2}' is encrypted with a customer-managed key in subscription {AZURE_SUBSCRIPTION_ID}." + == f"Disk '{disk_id_2}' is encrypted with a customer-managed key in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_vm_unattached_disk_encrypt_cmk(self): disk_id = str(uuid4()) resource_id = str(uuid4()) vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.disks = { AZURE_SUBSCRIPTION_ID: { disk_id: Disk( diff --git a/tests/providers/azure/services/vm/vm_ensure_unattached_disks_encrypted_with_cmk/vm_ensure_unattached_disks_encrypted_with_cmk_test.py b/tests/providers/azure/services/vm/vm_ensure_unattached_disks_encrypted_with_cmk/vm_ensure_unattached_disks_encrypted_with_cmk_test.py index 78d7920666..1ac8b72500 100644 --- a/tests/providers/azure/services/vm/vm_ensure_unattached_disks_encrypted_with_cmk/vm_ensure_unattached_disks_encrypted_with_cmk_test.py +++ b/tests/providers/azure/services/vm/vm_ensure_unattached_disks_encrypted_with_cmk/vm_ensure_unattached_disks_encrypted_with_cmk_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.services.vm.vm_service import Disk from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_vm_ensure_unattached_disks_encrypted_with_cmk: def test_vm_no_subscriptions(self): vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.disks = {} with ( @@ -33,6 +36,7 @@ class Test_vm_ensure_unattached_disks_encrypted_with_cmk: def test_vm_subscription_empty(self): vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.disks = {AZURE_SUBSCRIPTION_ID: {}} with ( @@ -57,6 +61,7 @@ class Test_vm_ensure_unattached_disks_encrypted_with_cmk: disk_id = str(uuid4()) resource_id = str(uuid4()) vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.disks = { AZURE_SUBSCRIPTION_ID: { disk_id: Disk( @@ -93,13 +98,14 @@ class Test_vm_ensure_unattached_disks_encrypted_with_cmk: assert result[0].location == "location" assert ( result[0].status_extended - == f"Disk '{disk_id}' is not encrypted with a customer-managed key in subscription {AZURE_SUBSCRIPTION_ID}." + == f"Disk '{disk_id}' is not encrypted with a customer-managed key in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_vm_one_unattached_disk_encrypt_cmk(self): disk_id = str(uuid4()) resource_id = str(uuid4()) vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.disks = { AZURE_SUBSCRIPTION_ID: { disk_id: Disk( @@ -136,7 +142,7 @@ class Test_vm_ensure_unattached_disks_encrypted_with_cmk: assert result[0].location == "location" assert ( result[0].status_extended - == f"Disk '{disk_id}' is encrypted with a customer-managed key in subscription {AZURE_SUBSCRIPTION_ID}." + == f"Disk '{disk_id}' is encrypted with a customer-managed key in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_vm_subscription_two_unattached_disk_encrypt_cmk_and_pk(self): @@ -145,6 +151,7 @@ class Test_vm_ensure_unattached_disks_encrypted_with_cmk: disk_id_2 = str(uuid4()) resource_id_2 = str(uuid4()) vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.disks = { AZURE_SUBSCRIPTION_ID: { disk_id_1: Disk( @@ -188,7 +195,7 @@ class Test_vm_ensure_unattached_disks_encrypted_with_cmk: assert result[0].location == "location" assert ( result[0].status_extended - == f"Disk '{disk_id_1}' is not encrypted with a customer-managed key in subscription {AZURE_SUBSCRIPTION_ID}." + == f"Disk '{disk_id_1}' is not encrypted with a customer-managed key in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) assert result[1].status == "PASS" assert result[1].resource_id == resource_id_2 @@ -196,13 +203,14 @@ class Test_vm_ensure_unattached_disks_encrypted_with_cmk: assert result[1].location == "location2" assert ( result[1].status_extended - == f"Disk '{disk_id_2}' is encrypted with a customer-managed key in subscription {AZURE_SUBSCRIPTION_ID}." + == f"Disk '{disk_id_2}' is encrypted with a customer-managed key in subscription {AZURE_SUBSCRIPTION_DISPLAY}." ) def test_vm_attached_disk_encrypt_cmk(self): disk_id = str(uuid4()) resource_id = str(uuid4()) vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.disks = { AZURE_SUBSCRIPTION_ID: { disk_id: Disk( diff --git a/tests/providers/azure/services/vm/vm_ensure_using_approved_images/vm_ensure_using_approved_images_test.py b/tests/providers/azure/services/vm/vm_ensure_using_approved_images/vm_ensure_using_approved_images_test.py index 035ec5db3b..582e952374 100644 --- a/tests/providers/azure/services/vm/vm_ensure_using_approved_images/vm_ensure_using_approved_images_test.py +++ b/tests/providers/azure/services/vm/vm_ensure_using_approved_images/vm_ensure_using_approved_images_test.py @@ -3,7 +3,9 @@ from uuid import uuid4 from prowler.providers.azure.services.vm.vm_service import VirtualMachine from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -11,6 +13,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_vm_ensure_using_approved_images: def test_no_subscriptions(self): vm_client = mock.MagicMock() + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = {} with ( mock.patch( @@ -32,6 +35,7 @@ class Test_vm_ensure_using_approved_images: def test_empty_vms_in_subscription(self): vm_client = mock.MagicMock() + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = {AZURE_SUBSCRIPTION_ID: {}} with ( mock.patch( @@ -64,6 +68,7 @@ class Test_vm_ensure_using_approved_images: image_reference=approved_image_id, ) vm_client = mock.MagicMock() + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = {AZURE_SUBSCRIPTION_ID: {vm_id: vm}} with ( mock.patch( @@ -86,7 +91,7 @@ class Test_vm_ensure_using_approved_images: assert result[0].resource_name == "VMTestApproved" assert result[0].resource_id == vm_id assert result[0].subscription == AZURE_SUBSCRIPTION_ID - expected_status_extended = f"VM VMTestApproved in subscription {AZURE_SUBSCRIPTION_ID} is using an approved machine image: custom-image." + expected_status_extended = f"VM VMTestApproved in subscription {AZURE_SUBSCRIPTION_DISPLAY} is using an approved machine image: custom-image." assert result[0].status_extended == expected_status_extended def test_vm_with_not_approved_image(self): @@ -102,6 +107,7 @@ class Test_vm_ensure_using_approved_images: image_reference=not_approved_image_id, ) vm_client = mock.MagicMock() + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = {AZURE_SUBSCRIPTION_ID: {vm_id: vm}} with ( mock.patch( @@ -124,7 +130,7 @@ class Test_vm_ensure_using_approved_images: assert result[0].resource_name == "VMTestNotApproved" assert result[0].resource_id == vm_id assert result[0].subscription == AZURE_SUBSCRIPTION_ID - expected_status_extended = f"VM VMTestNotApproved in subscription {AZURE_SUBSCRIPTION_ID} is not using an approved machine image." + expected_status_extended = f"VM VMTestNotApproved in subscription {AZURE_SUBSCRIPTION_DISPLAY} is not using an approved machine image." assert result[0].status_extended == expected_status_extended def test_vm_with_missing_image_reference(self): @@ -139,6 +145,7 @@ class Test_vm_ensure_using_approved_images: image_reference=None, ) vm_client = mock.MagicMock() + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = {AZURE_SUBSCRIPTION_ID: {vm_id: vm}} with ( mock.patch( @@ -161,5 +168,5 @@ class Test_vm_ensure_using_approved_images: assert result[0].resource_name == "VMTestNoImageRef" assert result[0].resource_id == vm_id assert result[0].subscription == AZURE_SUBSCRIPTION_ID - expected_status_extended = f"VM VMTestNoImageRef in subscription {AZURE_SUBSCRIPTION_ID} is not using an approved machine image." + expected_status_extended = f"VM VMTestNoImageRef in subscription {AZURE_SUBSCRIPTION_DISPLAY} is not using an approved machine image." assert result[0].status_extended == expected_status_extended diff --git a/tests/providers/azure/services/vm/vm_ensure_using_managed_disks/vm_ensure_using_managed_disks_test.py b/tests/providers/azure/services/vm/vm_ensure_using_managed_disks/vm_ensure_using_managed_disks_test.py index 3c494d861c..46b15ac994 100644 --- a/tests/providers/azure/services/vm/vm_ensure_using_managed_disks/vm_ensure_using_managed_disks_test.py +++ b/tests/providers/azure/services/vm/vm_ensure_using_managed_disks/vm_ensure_using_managed_disks_test.py @@ -11,7 +11,9 @@ from prowler.providers.azure.services.vm.vm_service import ( VirtualMachine, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -19,6 +21,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_vm_ensure_using_managed_disks: def test_vm_no_subscriptions(self): vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = {} with ( @@ -41,6 +44,7 @@ class Test_vm_ensure_using_managed_disks: def test_vm_subscriptions(self): vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = {AZURE_SUBSCRIPTION_ID: {}} with ( @@ -64,6 +68,7 @@ class Test_vm_ensure_using_managed_disks: def test_vm_ensure_using_managed_disks(self): vm_id = str(uuid4()) vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = { AZURE_SUBSCRIPTION_ID: { vm_id: VirtualMachine( @@ -115,12 +120,13 @@ class Test_vm_ensure_using_managed_disks: assert result[0].resource_id == vm_id assert ( result[0].status_extended - == f"VM VMTest is using managed disks in subscription {AZURE_SUBSCRIPTION_ID}" + == f"VM VMTest is using managed disks in subscription {AZURE_SUBSCRIPTION_DISPLAY}" ) def test_vm_using_not_managed_os_disk(self): vm_id = str(uuid4()) vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = { AZURE_SUBSCRIPTION_ID: { vm_id: VirtualMachine( @@ -172,12 +178,13 @@ class Test_vm_ensure_using_managed_disks: assert result[0].location == "location" assert ( result[0].status_extended - == f"VM VMTest is not using managed disks in subscription {AZURE_SUBSCRIPTION_ID}" + == f"VM VMTest is not using managed disks in subscription {AZURE_SUBSCRIPTION_DISPLAY}" ) def test_vm_using_not_managed_data_disks(self): vm_id = str(uuid4()) vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = { AZURE_SUBSCRIPTION_ID: { vm_id: VirtualMachine( @@ -231,5 +238,5 @@ class Test_vm_ensure_using_managed_disks: assert result[0].location == "location" assert ( result[0].status_extended - == f"VM VMTest is not using managed disks in subscription {AZURE_SUBSCRIPTION_ID}" + == f"VM VMTest is not using managed disks in subscription {AZURE_SUBSCRIPTION_DISPLAY}" ) diff --git a/tests/providers/azure/services/vm/vm_jit_access_enabled/vm_jit_access_enabled_test.py b/tests/providers/azure/services/vm/vm_jit_access_enabled/vm_jit_access_enabled_test.py index 03991f8049..eb37546cec 100644 --- a/tests/providers/azure/services/vm/vm_jit_access_enabled/vm_jit_access_enabled_test.py +++ b/tests/providers/azure/services/vm/vm_jit_access_enabled/vm_jit_access_enabled_test.py @@ -5,6 +5,7 @@ from prowler.providers.azure.services.defender.defender_service import JITPolicy from prowler.providers.azure.services.vm.vm_service import VirtualMachine from tests.providers.azure.azure_fixtures import ( AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -12,8 +13,10 @@ from tests.providers.azure.azure_fixtures import ( class Test_vm_jit_access_enabled: def test_no_subscriptions(self): vm_client = mock.MagicMock() + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = {} defender_client = mock.MagicMock() + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.jit_policies = {} with ( mock.patch( @@ -39,8 +42,10 @@ class Test_vm_jit_access_enabled: def test_no_vms(self): vm_client = mock.MagicMock() + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = {AZURE_SUBSCRIPTION_ID: {}} defender_client = mock.MagicMock() + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} defender_client.jit_policies = {AZURE_SUBSCRIPTION_ID: {}} with ( mock.patch( @@ -77,8 +82,10 @@ class Test_vm_jit_access_enabled: storage_profile=None, ) vm_client = mock.MagicMock() + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = {AZURE_SUBSCRIPTION_ID: {vm_id: vm}} defender_client = mock.MagicMock() + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} jit_policy = JITPolicy( id="policy1", name="JITPolicy1", @@ -128,8 +135,10 @@ class Test_vm_jit_access_enabled: storage_profile=None, ) vm_client = mock.MagicMock() + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = {AZURE_SUBSCRIPTION_ID: {vm_id: vm}} defender_client = mock.MagicMock() + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} # JIT policy does not include this VM jit_policy = JITPolicy( id="policy1", @@ -184,8 +193,10 @@ class Test_vm_jit_access_enabled: storage_profile=None, ) vm_client = mock.MagicMock() + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = {AZURE_SUBSCRIPTION_ID: {upper_vm_id: vm}} defender_client = mock.MagicMock() + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} jit_policy = JITPolicy( id="policy1", name="JITPolicy1", @@ -240,10 +251,12 @@ class Test_vm_jit_access_enabled: storage_profile=None, ) vm_client = mock.MagicMock() + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = { AZURE_SUBSCRIPTION_ID: {vm_id_1: vm1, vm_id_2: vm2} } defender_client = mock.MagicMock() + defender_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} jit_policy_1 = JITPolicy( id="policy1", name="JITPolicy1", diff --git a/tests/providers/azure/services/vm/vm_linux_enforce_ssh_authentication/vm_linux_enforce_ssh_authentication_test.py b/tests/providers/azure/services/vm/vm_linux_enforce_ssh_authentication/vm_linux_enforce_ssh_authentication_test.py index 5d400ac7bf..428c6adc85 100644 --- a/tests/providers/azure/services/vm/vm_linux_enforce_ssh_authentication/vm_linux_enforce_ssh_authentication_test.py +++ b/tests/providers/azure/services/vm/vm_linux_enforce_ssh_authentication/vm_linux_enforce_ssh_authentication_test.py @@ -7,6 +7,7 @@ from prowler.providers.azure.services.vm.vm_service import ( ) from tests.providers.azure.azure_fixtures import ( AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -14,6 +15,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_vm_linux_enforce_ssh_authentication: def test_no_subscriptions(self): vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = {} with ( @@ -36,6 +38,7 @@ class Test_vm_linux_enforce_ssh_authentication: def test_empty_subscription(self): vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = {AZURE_SUBSCRIPTION_ID: {}} with ( @@ -59,6 +62,7 @@ class Test_vm_linux_enforce_ssh_authentication: def test_linux_vm_password_auth_disabled(self): vm_id = str(uuid4()) vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = { AZURE_SUBSCRIPTION_ID: { vm_id: VirtualMachine( @@ -100,6 +104,7 @@ class Test_vm_linux_enforce_ssh_authentication: def test_linux_vm_password_auth_enabled(self): vm_id = str(uuid4()) vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = { AZURE_SUBSCRIPTION_ID: { vm_id: VirtualMachine( @@ -141,6 +146,7 @@ class Test_vm_linux_enforce_ssh_authentication: def test_non_linux_vm(self): vm_id = str(uuid4()) vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = { AZURE_SUBSCRIPTION_ID: { vm_id: VirtualMachine( diff --git a/tests/providers/azure/services/vm/vm_scaleset_associated_with_load_balancer/vm_scaleset_associated_with_load_balancer_test.py b/tests/providers/azure/services/vm/vm_scaleset_associated_with_load_balancer/vm_scaleset_associated_with_load_balancer_test.py index 532e1b0b63..22dd59ce27 100644 --- a/tests/providers/azure/services/vm/vm_scaleset_associated_with_load_balancer/vm_scaleset_associated_with_load_balancer_test.py +++ b/tests/providers/azure/services/vm/vm_scaleset_associated_with_load_balancer/vm_scaleset_associated_with_load_balancer_test.py @@ -3,6 +3,7 @@ from uuid import uuid4 from prowler.providers.azure.services.vm.vm_service import VirtualMachineScaleSet from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, set_mocked_azure_provider, ) @@ -85,7 +86,7 @@ class Test_vm_scaleset_associated_with_load_balancer: assert result[0].resource_name == "compliant-vmss" assert result[0].location == "eastus" expected_status_extended = ( - f"Scale set 'compliant-vmss' in subscription '{AZURE_SUBSCRIPTION_ID}' " + f"Scale set 'compliant-vmss' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}' " f"is associated with load balancer backend pool(s): bepool." ) assert result[0].status_extended == expected_status_extended @@ -125,7 +126,7 @@ class Test_vm_scaleset_associated_with_load_balancer: assert result[0].resource_name == "noncompliant-vmss" assert result[0].location == "westeurope" expected_status_extended = ( - f"Scale set 'noncompliant-vmss' in subscription '{AZURE_SUBSCRIPTION_ID}' " + f"Scale set 'noncompliant-vmss' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}' " f"is not associated with any load balancer backend pool." ) assert result[0].status_extended == expected_status_extended @@ -172,14 +173,14 @@ class Test_vm_scaleset_associated_with_load_balancer: for r in result: if r.resource_name == "compliant-vmss": expected_status_extended = ( - f"Scale set 'compliant-vmss' in subscription '{AZURE_SUBSCRIPTION_ID}' " + f"Scale set 'compliant-vmss' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}' " f"is associated with load balancer backend pool(s): bepool." ) assert r.status == "PASS" assert r.status_extended == expected_status_extended elif r.resource_name == "noncompliant-vmss": expected_status_extended = ( - f"Scale set 'noncompliant-vmss' in subscription '{AZURE_SUBSCRIPTION_ID}' " + f"Scale set 'noncompliant-vmss' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}' " f"is not associated with any load balancer backend pool." ) assert r.status == "FAIL" @@ -216,6 +217,6 @@ class Test_vm_scaleset_associated_with_load_balancer: check = vm_scaleset_associated_with_load_balancer() result = check.execute() assert len(result) == 1 - expected_status_extended = f"Scale set '' in subscription '{AZURE_SUBSCRIPTION_ID}' is not associated with any load balancer backend pool." + expected_status_extended = f"Scale set '' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}' is not associated with any load balancer backend pool." assert result[0].status == "FAIL" assert result[0].status_extended == expected_status_extended diff --git a/tests/providers/azure/services/vm/vm_scaleset_not_empty/vm_scaleset_not_empty_test.py b/tests/providers/azure/services/vm/vm_scaleset_not_empty/vm_scaleset_not_empty_test.py index 27d36f0697..6d28175066 100644 --- a/tests/providers/azure/services/vm/vm_scaleset_not_empty/vm_scaleset_not_empty_test.py +++ b/tests/providers/azure/services/vm/vm_scaleset_not_empty/vm_scaleset_not_empty_test.py @@ -3,6 +3,7 @@ from uuid import uuid4 from prowler.providers.azure.services.vm.vm_service import VirtualMachineScaleSet from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, set_mocked_azure_provider, ) @@ -83,7 +84,7 @@ class Test_vm_scaleset_not_empty: assert result[0].resource_id == vmss_id assert result[0].resource_name == "empty-vmss" assert result[0].location == "eastus" - expected_status_extended = f"Scale set 'empty-vmss' in subscription '{AZURE_SUBSCRIPTION_ID}' is empty: no VM instances present." + expected_status_extended = f"Scale set 'empty-vmss' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}' is empty: no VM instances present." assert result[0].status_extended == expected_status_extended def test_scale_set_with_instances(self): @@ -121,7 +122,7 @@ class Test_vm_scaleset_not_empty: assert result[0].resource_id == vmss_id assert result[0].resource_name == "nonempty-vmss" assert result[0].location == "westeurope" - expected_status_extended = f"Scale set 'nonempty-vmss' in subscription '{AZURE_SUBSCRIPTION_ID}' has {len(instance_ids)} VM instances." + expected_status_extended = f"Scale set 'nonempty-vmss' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}' has {len(instance_ids)} VM instances." assert result[0].status_extended == expected_status_extended def test_multiple_scale_sets(self): @@ -165,10 +166,10 @@ class Test_vm_scaleset_not_empty: assert len(result) == 2 for r in result: if r.resource_name == "empty-vmss": - expected_status_extended = f"Scale set 'empty-vmss' in subscription '{AZURE_SUBSCRIPTION_ID}' is empty: no VM instances present." + expected_status_extended = f"Scale set 'empty-vmss' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}' is empty: no VM instances present." assert r.status == "FAIL" assert r.status_extended == expected_status_extended elif r.resource_name == "nonempty-vmss": - expected_status_extended = f"Scale set 'nonempty-vmss' in subscription '{AZURE_SUBSCRIPTION_ID}' has {len(instance_ids)} VM instances." + expected_status_extended = f"Scale set 'nonempty-vmss' in subscription '{AZURE_SUBSCRIPTION_DISPLAY}' has {len(instance_ids)} VM instances." assert r.status == "PASS" assert r.status_extended == expected_status_extended diff --git a/tests/providers/azure/services/vm/vm_sufficient_daily_backup_retention_period/vm_sufficient_daily_backup_retention_period_test.py b/tests/providers/azure/services/vm/vm_sufficient_daily_backup_retention_period/vm_sufficient_daily_backup_retention_period_test.py index 28aab1b38b..70b1cf638f 100644 --- a/tests/providers/azure/services/vm/vm_sufficient_daily_backup_retention_period/vm_sufficient_daily_backup_retention_period_test.py +++ b/tests/providers/azure/services/vm/vm_sufficient_daily_backup_retention_period/vm_sufficient_daily_backup_retention_period_test.py @@ -3,6 +3,7 @@ from uuid import uuid4 from tests.providers.azure.azure_fixtures import ( AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -10,7 +11,9 @@ from tests.providers.azure.azure_fixtures import ( class Test_vm_sufficient_daily_backup_retention_period: def test_no_subscriptions(self): vm_client = mock.MagicMock() + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} recovery_client = mock.MagicMock() + recovery_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = {} recovery_client.vaults = {} with ( @@ -37,7 +40,9 @@ class Test_vm_sufficient_daily_backup_retention_period: def test_no_vms(self): vm_client = mock.MagicMock() + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} recovery_client = mock.MagicMock() + recovery_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = {AZURE_SUBSCRIPTION_ID: {}} recovery_client.vaults = {AZURE_SUBSCRIPTION_ID: {}} with ( @@ -118,7 +123,9 @@ class Test_vm_sufficient_daily_backup_retention_period: backup_policies={policy_id: backup_policy}, ) vm_client = mock.MagicMock() + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} recovery_client = mock.MagicMock() + recovery_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = {AZURE_SUBSCRIPTION_ID: {vm_id: vm}} recovery_client.vaults = {AZURE_SUBSCRIPTION_ID: {vault_id: vault}} vm_client.audit_config = { @@ -212,7 +219,9 @@ class Test_vm_sufficient_daily_backup_retention_period: backup_policies={policy_id: backup_policy}, ) vm_client = mock.MagicMock() + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} recovery_client = mock.MagicMock() + recovery_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = {AZURE_SUBSCRIPTION_ID: {vm_id: vm}} recovery_client.vaults = {AZURE_SUBSCRIPTION_ID: {vault_id: vault}} vm_client.audit_config = { @@ -306,7 +315,9 @@ class Test_vm_sufficient_daily_backup_retention_period: backup_policies={policy_id: backup_policy}, ) vm_client = mock.MagicMock() + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} recovery_client = mock.MagicMock() + recovery_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = {AZURE_SUBSCRIPTION_ID: {vm_id: vm}} recovery_client.vaults = {AZURE_SUBSCRIPTION_ID: {vault_id: vault}} vm_client.audit_config = { @@ -391,7 +402,9 @@ class Test_vm_sufficient_daily_backup_retention_period: backup_policies={}, ) vm_client = mock.MagicMock() + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} recovery_client = mock.MagicMock() + recovery_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = {AZURE_SUBSCRIPTION_ID: {vm_id: vm}} recovery_client.vaults = {AZURE_SUBSCRIPTION_ID: {vault_id: vault}} with ( diff --git a/tests/providers/azure/services/vm/vm_trusted_launch_enabled/vm_trusted_launch_enabled_test.py b/tests/providers/azure/services/vm/vm_trusted_launch_enabled/vm_trusted_launch_enabled_test.py index 83ab63acce..364267fbed 100644 --- a/tests/providers/azure/services/vm/vm_trusted_launch_enabled/vm_trusted_launch_enabled_test.py +++ b/tests/providers/azure/services/vm/vm_trusted_launch_enabled/vm_trusted_launch_enabled_test.py @@ -10,7 +10,9 @@ from prowler.providers.azure.services.vm.vm_service import ( VirtualMachine, ) from tests.providers.azure.azure_fixtures import ( + AZURE_SUBSCRIPTION_DISPLAY, AZURE_SUBSCRIPTION_ID, + AZURE_SUBSCRIPTION_NAME, set_mocked_azure_provider, ) @@ -18,6 +20,7 @@ from tests.providers.azure.azure_fixtures import ( class Test_vm_trusted_launch_enabled: def test_vm_no_subscriptions(self): vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = {} with ( mock.patch( @@ -39,6 +42,7 @@ class Test_vm_trusted_launch_enabled: def test_vm_no_vm(self): vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} vm_client.virtual_machines = {AZURE_SUBSCRIPTION_ID: {}} with ( mock.patch( @@ -61,6 +65,7 @@ class Test_vm_trusted_launch_enabled: def test_vm_trusted_launch_enabled(self): vm_id = str(uuid4()) vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( "prowler.providers.common.provider.Provider.get_global_provider", @@ -111,12 +116,13 @@ class Test_vm_trusted_launch_enabled: assert result[0].resource_id == vm_id assert ( result[0].status_extended - == f"VM VMTest has trusted launch enabled in subscription {AZURE_SUBSCRIPTION_ID}" + == f"VM VMTest has trusted launch enabled in subscription {AZURE_SUBSCRIPTION_DISPLAY}" ) def test_vm_trusted_launch_disabled(self): vm_id = str(uuid4()) vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( "prowler.providers.common.provider.Provider.get_global_provider", @@ -168,12 +174,13 @@ class Test_vm_trusted_launch_enabled: assert result[0].resource_id == vm_id assert ( result[0].status_extended - == f"VM VMTest has trusted launch disabled in subscription {AZURE_SUBSCRIPTION_ID}" + == f"VM VMTest has trusted launch disabled in subscription {AZURE_SUBSCRIPTION_DISPLAY}" ) def test_vm_no_security_profile(self): vm_id = str(uuid4()) vm_client = mock.MagicMock + vm_client.subscriptions = {AZURE_SUBSCRIPTION_ID: AZURE_SUBSCRIPTION_NAME} with ( mock.patch( "prowler.providers.common.provider.Provider.get_global_provider", @@ -219,5 +226,5 @@ class Test_vm_trusted_launch_enabled: assert result[0].resource_id == vm_id assert ( result[0].status_extended - == f"VM VMTest has trusted launch disabled in subscription {AZURE_SUBSCRIPTION_ID}" + == f"VM VMTest has trusted launch disabled in subscription {AZURE_SUBSCRIPTION_DISPLAY}" )