fix(aws): Pass backup retention check if retention period is equal to minimum (#4593)

This commit is contained in:
cetteup
2024-07-31 13:25:53 +02:00
committed by GitHub
parent 4fd3405bbf
commit e050f44d63
4 changed files with 95 additions and 2 deletions
@@ -17,7 +17,7 @@ class documentdb_cluster_backup_enabled(Check):
report.status_extended = (
f"DocumentDB Cluster {cluster.id} does not have backup enabled."
)
if cluster.backup_retention_period > documentdb_client.audit_config.get(
if cluster.backup_retention_period >= documentdb_client.audit_config.get(
"minimum_backup_retention_period", 7
):
report.status = "PASS"
@@ -15,7 +15,7 @@ class neptune_cluster_backup_enabled(Check):
report.status_extended = (
f"Neptune Cluster {cluster.name} does not have backup enabled."
)
if cluster.backup_retention_period > neptune_client.audit_config.get(
if cluster.backup_retention_period >= neptune_client.audit_config.get(
"minimum_backup_retention_period", 7
):
report.status = "PASS"
@@ -108,6 +108,44 @@ class Test_documentdb_cluster_backup_enabled:
assert result[0].resource_id == DOC_DB_CLUSTER_NAME
assert result[0].resource_arn == DOC_DB_CLUSTER_ARN
def test_documentdb_cluster_with_backup_equal_to_recommended(self):
documentdb_client = mock.MagicMock
documentdb_client.db_clusters = {
DOC_DB_CLUSTER_ARN: DBCluster(
id=DOC_DB_CLUSTER_NAME,
arn=DOC_DB_CLUSTER_ARN,
engine="docdb",
status="available",
backup_retention_period=7,
encrypted=True,
cloudwatch_logs=[],
multi_az=True,
parameter_group="default.docdb3.6",
deletion_protection=True,
region=AWS_REGION,
tags=[],
)
}
documentdb_client.audit_config = {"minimum_backup_retention_period": 7}
with mock.patch(
"prowler.providers.aws.services.documentdb.documentdb_service.DocumentDB",
new=documentdb_client,
):
from prowler.providers.aws.services.documentdb.documentdb_cluster_backup_enabled.documentdb_cluster_backup_enabled import (
documentdb_cluster_backup_enabled,
)
check = documentdb_cluster_backup_enabled()
result = check.execute()
assert result[0].status == "PASS"
assert (
result[0].status_extended
== f"DocumentDB Cluster {DOC_DB_CLUSTER_NAME} has backup enabled with retention period 7 days."
)
assert result[0].region == AWS_REGION
assert result[0].resource_id == DOC_DB_CLUSTER_NAME
assert result[0].resource_arn == DOC_DB_CLUSTER_ARN
def test_documentdb_cluster_with_backup(self):
documentdb_client = mock.MagicMock
documentdb_client.db_clusters = {
@@ -169,6 +169,61 @@ class Test_neptune_cluster_backup_enabled:
)
assert result[0].resource_tags == []
@mock_aws
def test_neptune_cluster_with_backup_equal_to_recommended(self):
conn = client("neptune", region_name=AWS_REGION_US_EAST_1)
conn.create_db_parameter_group(
DBParameterGroupName="test",
DBParameterGroupFamily="default.neptune",
Description="test parameter group",
)
conn.create_db_cluster(
DBClusterIdentifier="db-cluster-1",
Engine="neptune",
DatabaseName="test-1",
DeletionProtection=True,
DBClusterParameterGroupName="test",
MasterUsername="test",
MasterUserPassword="password",
EnableIAMDatabaseAuthentication=True,
BackupRetentionPeriod=7,
StorageEncrypted=True,
Tags=[],
)
from prowler.providers.aws.services.neptune.neptune_service import Neptune
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
with mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
):
with mock.patch(
"prowler.providers.aws.services.neptune.neptune_cluster_backup_enabled.neptune_cluster_backup_enabled.neptune_client",
new=Neptune(aws_provider),
):
# Test Check
from prowler.providers.aws.services.neptune.neptune_cluster_backup_enabled.neptune_cluster_backup_enabled import (
neptune_cluster_backup_enabled,
)
check = neptune_cluster_backup_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
assert (
result[0].status_extended
== "Neptune Cluster db-cluster-1 has backup enabled with retention period 7 days."
)
assert result[0].resource_id == "db-cluster-1"
assert result[0].region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:cluster:db-cluster-1"
)
assert result[0].resource_tags == []
@mock_aws
def test_neptune_cluster_with_backup(self):
conn = client("neptune", region_name=AWS_REGION_US_EAST_1)