mirror of
https://github.com/prowler-cloud/prowler.git
synced 2026-07-04 19:21:51 +00:00
fix(aws): Pass backup retention check if retention period is equal to minimum (#4593)
This commit is contained in:
+1
-1
@@ -17,7 +17,7 @@ class documentdb_cluster_backup_enabled(Check):
|
||||
report.status_extended = (
|
||||
f"DocumentDB Cluster {cluster.id} does not have backup enabled."
|
||||
)
|
||||
if cluster.backup_retention_period > documentdb_client.audit_config.get(
|
||||
if cluster.backup_retention_period >= documentdb_client.audit_config.get(
|
||||
"minimum_backup_retention_period", 7
|
||||
):
|
||||
report.status = "PASS"
|
||||
|
||||
+1
-1
@@ -15,7 +15,7 @@ class neptune_cluster_backup_enabled(Check):
|
||||
report.status_extended = (
|
||||
f"Neptune Cluster {cluster.name} does not have backup enabled."
|
||||
)
|
||||
if cluster.backup_retention_period > neptune_client.audit_config.get(
|
||||
if cluster.backup_retention_period >= neptune_client.audit_config.get(
|
||||
"minimum_backup_retention_period", 7
|
||||
):
|
||||
report.status = "PASS"
|
||||
|
||||
+38
@@ -108,6 +108,44 @@ class Test_documentdb_cluster_backup_enabled:
|
||||
assert result[0].resource_id == DOC_DB_CLUSTER_NAME
|
||||
assert result[0].resource_arn == DOC_DB_CLUSTER_ARN
|
||||
|
||||
def test_documentdb_cluster_with_backup_equal_to_recommended(self):
|
||||
documentdb_client = mock.MagicMock
|
||||
documentdb_client.db_clusters = {
|
||||
DOC_DB_CLUSTER_ARN: DBCluster(
|
||||
id=DOC_DB_CLUSTER_NAME,
|
||||
arn=DOC_DB_CLUSTER_ARN,
|
||||
engine="docdb",
|
||||
status="available",
|
||||
backup_retention_period=7,
|
||||
encrypted=True,
|
||||
cloudwatch_logs=[],
|
||||
multi_az=True,
|
||||
parameter_group="default.docdb3.6",
|
||||
deletion_protection=True,
|
||||
region=AWS_REGION,
|
||||
tags=[],
|
||||
)
|
||||
}
|
||||
documentdb_client.audit_config = {"minimum_backup_retention_period": 7}
|
||||
with mock.patch(
|
||||
"prowler.providers.aws.services.documentdb.documentdb_service.DocumentDB",
|
||||
new=documentdb_client,
|
||||
):
|
||||
from prowler.providers.aws.services.documentdb.documentdb_cluster_backup_enabled.documentdb_cluster_backup_enabled import (
|
||||
documentdb_cluster_backup_enabled,
|
||||
)
|
||||
|
||||
check = documentdb_cluster_backup_enabled()
|
||||
result = check.execute()
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"DocumentDB Cluster {DOC_DB_CLUSTER_NAME} has backup enabled with retention period 7 days."
|
||||
)
|
||||
assert result[0].region == AWS_REGION
|
||||
assert result[0].resource_id == DOC_DB_CLUSTER_NAME
|
||||
assert result[0].resource_arn == DOC_DB_CLUSTER_ARN
|
||||
|
||||
def test_documentdb_cluster_with_backup(self):
|
||||
documentdb_client = mock.MagicMock
|
||||
documentdb_client.db_clusters = {
|
||||
|
||||
+55
@@ -169,6 +169,61 @@ class Test_neptune_cluster_backup_enabled:
|
||||
)
|
||||
assert result[0].resource_tags == []
|
||||
|
||||
@mock_aws
|
||||
def test_neptune_cluster_with_backup_equal_to_recommended(self):
|
||||
conn = client("neptune", region_name=AWS_REGION_US_EAST_1)
|
||||
conn.create_db_parameter_group(
|
||||
DBParameterGroupName="test",
|
||||
DBParameterGroupFamily="default.neptune",
|
||||
Description="test parameter group",
|
||||
)
|
||||
conn.create_db_cluster(
|
||||
DBClusterIdentifier="db-cluster-1",
|
||||
Engine="neptune",
|
||||
DatabaseName="test-1",
|
||||
DeletionProtection=True,
|
||||
DBClusterParameterGroupName="test",
|
||||
MasterUsername="test",
|
||||
MasterUserPassword="password",
|
||||
EnableIAMDatabaseAuthentication=True,
|
||||
BackupRetentionPeriod=7,
|
||||
StorageEncrypted=True,
|
||||
Tags=[],
|
||||
)
|
||||
from prowler.providers.aws.services.neptune.neptune_service import Neptune
|
||||
|
||||
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=aws_provider,
|
||||
):
|
||||
with mock.patch(
|
||||
"prowler.providers.aws.services.neptune.neptune_cluster_backup_enabled.neptune_cluster_backup_enabled.neptune_client",
|
||||
new=Neptune(aws_provider),
|
||||
):
|
||||
# Test Check
|
||||
from prowler.providers.aws.services.neptune.neptune_cluster_backup_enabled.neptune_cluster_backup_enabled import (
|
||||
neptune_cluster_backup_enabled,
|
||||
)
|
||||
|
||||
check = neptune_cluster_backup_enabled()
|
||||
result = check.execute()
|
||||
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== "Neptune Cluster db-cluster-1 has backup enabled with retention period 7 days."
|
||||
)
|
||||
assert result[0].resource_id == "db-cluster-1"
|
||||
assert result[0].region == AWS_REGION_US_EAST_1
|
||||
assert (
|
||||
result[0].resource_arn
|
||||
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:cluster:db-cluster-1"
|
||||
)
|
||||
assert result[0].resource_tags == []
|
||||
|
||||
@mock_aws
|
||||
def test_neptune_cluster_with_backup(self):
|
||||
conn = client("neptune", region_name=AWS_REGION_US_EAST_1)
|
||||
|
||||
Reference in New Issue
Block a user