mirror of
https://github.com/prowler-cloud/prowler.git
synced 2026-07-04 19:21:51 +00:00
537c3ea71e
Signed-off-by: Legin-ML <leginml2004@gmail.com>
196 lines
6.7 KiB
Python
196 lines
6.7 KiB
Python
from unittest.mock import MagicMock, patch
|
|
|
|
from prowler.providers.azure.services.aks.aks_service import AKS, Cluster
|
|
from tests.providers.azure.azure_fixtures import (
|
|
AZURE_SUBSCRIPTION_ID,
|
|
RESOURCE_GROUP,
|
|
RESOURCE_GROUP_LIST,
|
|
set_mocked_azure_provider,
|
|
)
|
|
|
|
|
|
def mock_aks_get_clusters(_):
|
|
return {
|
|
AZURE_SUBSCRIPTION_ID: {
|
|
"cluster_id-1": Cluster(
|
|
id="cluster_id-1",
|
|
name="cluster_name",
|
|
public_fqdn="public_fqdn",
|
|
private_fqdn="private_fqdn",
|
|
network_policy="network_policy",
|
|
agent_pool_profiles=[],
|
|
location="westeurope",
|
|
rbac_enabled=True,
|
|
)
|
|
}
|
|
}
|
|
|
|
|
|
@patch(
|
|
"prowler.providers.azure.services.aks.aks_service.AKS._get_clusters",
|
|
new=mock_aks_get_clusters,
|
|
)
|
|
class Test_AKS_Service:
|
|
def test_get_client(self):
|
|
aks = AKS(set_mocked_azure_provider())
|
|
assert (
|
|
aks.clients[AZURE_SUBSCRIPTION_ID].__class__.__name__
|
|
== "ContainerServiceClient"
|
|
)
|
|
|
|
def test__get_subscriptions__(self):
|
|
aks = AKS(set_mocked_azure_provider())
|
|
assert aks.subscriptions.__class__.__name__ == "dict"
|
|
|
|
def test_get_components(self):
|
|
aks = AKS(set_mocked_azure_provider())
|
|
assert len(aks.clusters) == 1
|
|
assert (
|
|
aks.clusters[AZURE_SUBSCRIPTION_ID]["cluster_id-1"].name == "cluster_name"
|
|
)
|
|
assert (
|
|
aks.clusters[AZURE_SUBSCRIPTION_ID]["cluster_id-1"].public_fqdn
|
|
== "public_fqdn"
|
|
)
|
|
assert (
|
|
aks.clusters[AZURE_SUBSCRIPTION_ID]["cluster_id-1"].private_fqdn
|
|
== "private_fqdn"
|
|
)
|
|
assert (
|
|
aks.clusters[AZURE_SUBSCRIPTION_ID]["cluster_id-1"].network_policy
|
|
== "network_policy"
|
|
)
|
|
assert (
|
|
aks.clusters[AZURE_SUBSCRIPTION_ID]["cluster_id-1"].agent_pool_profiles
|
|
== []
|
|
)
|
|
assert (
|
|
aks.clusters[AZURE_SUBSCRIPTION_ID]["cluster_id-1"].location == "westeurope"
|
|
)
|
|
assert aks.clusters[AZURE_SUBSCRIPTION_ID]["cluster_id-1"].rbac_enabled
|
|
|
|
|
|
class Test_AKS_get_clusters:
|
|
def test_get_clusters_no_resource_groups(self):
|
|
mock_cluster = MagicMock()
|
|
mock_cluster.id = "cluster_id-1"
|
|
mock_cluster.name = "cluster_name"
|
|
mock_cluster.fqdn = "public_fqdn"
|
|
mock_cluster.private_fqdn = "private_fqdn"
|
|
mock_cluster.location = "westeurope"
|
|
mock_cluster.kubernetes_version = "1.28.0"
|
|
mock_cluster.network_profile = None
|
|
mock_cluster.agent_pool_profiles = []
|
|
mock_cluster.enable_rbac = False
|
|
|
|
mock_client = MagicMock()
|
|
mock_client.managed_clusters.list.return_value = [mock_cluster]
|
|
|
|
with patch(
|
|
"prowler.providers.azure.services.aks.aks_service.AKS._get_clusters",
|
|
return_value={},
|
|
):
|
|
aks = AKS(set_mocked_azure_provider())
|
|
|
|
aks.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
|
aks.resource_groups = None
|
|
|
|
result = aks._get_clusters()
|
|
|
|
mock_client.managed_clusters.list.assert_called_once()
|
|
mock_client.managed_clusters.list_by_resource_group.assert_not_called()
|
|
assert AZURE_SUBSCRIPTION_ID in result
|
|
assert "cluster_id-1" in result[AZURE_SUBSCRIPTION_ID]
|
|
|
|
def test_get_clusters_with_resource_group(self):
|
|
mock_cluster = MagicMock()
|
|
mock_cluster.id = "cluster_id-1"
|
|
mock_cluster.name = "cluster_name"
|
|
mock_cluster.fqdn = "public_fqdn"
|
|
mock_cluster.private_fqdn = "private_fqdn"
|
|
mock_cluster.location = "westeurope"
|
|
mock_cluster.kubernetes_version = "1.28.0"
|
|
mock_cluster.network_profile = None
|
|
mock_cluster.agent_pool_profiles = []
|
|
mock_cluster.enable_rbac = False
|
|
|
|
mock_client = MagicMock()
|
|
mock_client.managed_clusters.list_by_resource_group.return_value = [
|
|
mock_cluster
|
|
]
|
|
|
|
with patch(
|
|
"prowler.providers.azure.services.aks.aks_service.AKS._get_clusters",
|
|
return_value={},
|
|
):
|
|
aks = AKS(set_mocked_azure_provider())
|
|
|
|
aks.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
|
aks.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
|
|
|
result = aks._get_clusters()
|
|
|
|
mock_client.managed_clusters.list_by_resource_group.assert_called_once_with(
|
|
resource_group_name=RESOURCE_GROUP
|
|
)
|
|
mock_client.managed_clusters.list.assert_not_called()
|
|
assert AZURE_SUBSCRIPTION_ID in result
|
|
assert "cluster_id-1" in result[AZURE_SUBSCRIPTION_ID]
|
|
|
|
def test_get_clusters_empty_resource_group_for_subscription(self):
|
|
mock_client = MagicMock()
|
|
|
|
with patch(
|
|
"prowler.providers.azure.services.aks.aks_service.AKS._get_clusters",
|
|
return_value={},
|
|
):
|
|
aks = AKS(set_mocked_azure_provider())
|
|
|
|
aks.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
|
aks.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
|
|
|
result = aks._get_clusters()
|
|
|
|
mock_client.managed_clusters.list_by_resource_group.assert_not_called()
|
|
mock_client.managed_clusters.list.assert_not_called()
|
|
assert result[AZURE_SUBSCRIPTION_ID] == {}
|
|
|
|
def test_get_clusters_with_multiple_resource_groups(self):
|
|
mock_client = MagicMock()
|
|
mock_client.managed_clusters = MagicMock()
|
|
mock_client.managed_clusters.list_by_resource_group.return_value = []
|
|
|
|
with patch(
|
|
"prowler.providers.azure.services.aks.aks_service.AKS._get_clusters",
|
|
return_value={},
|
|
):
|
|
aks = AKS(set_mocked_azure_provider())
|
|
|
|
aks.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
|
aks.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
|
|
|
result = aks._get_clusters()
|
|
|
|
assert mock_client.managed_clusters.list_by_resource_group.call_count == 2
|
|
assert AZURE_SUBSCRIPTION_ID in result
|
|
|
|
def test_get_clusters_with_mixed_case_resource_group(self):
|
|
mock_client = MagicMock()
|
|
mock_client.managed_clusters = MagicMock()
|
|
mock_client.managed_clusters.list_by_resource_group.return_value = []
|
|
|
|
with patch(
|
|
"prowler.providers.azure.services.aks.aks_service.AKS._get_clusters",
|
|
return_value={},
|
|
):
|
|
aks = AKS(set_mocked_azure_provider())
|
|
|
|
aks.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
|
aks.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
|
|
|
|
aks._get_clusters()
|
|
|
|
mock_client.managed_clusters.list_by_resource_group.assert_called_once_with(
|
|
resource_group_name="RG"
|
|
)
|