mirror of
https://github.com/prowler-cloud/prowler.git
synced 2026-07-04 19:21:51 +00:00
537c3ea71e
Signed-off-by: Legin-ML <leginml2004@gmail.com>
299 lines
12 KiB
Python
299 lines
12 KiB
Python
from unittest.mock import MagicMock, patch
|
|
from uuid import uuid4
|
|
|
|
from tests.providers.azure.azure_fixtures import (
|
|
AZURE_SUBSCRIPTION_ID,
|
|
RESOURCE_GROUP,
|
|
RESOURCE_GROUP_LIST,
|
|
set_mocked_azure_provider,
|
|
)
|
|
|
|
|
|
class TestContainerRegistryService:
|
|
def test_get_container_registry(self):
|
|
with (
|
|
patch(
|
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
|
return_value=set_mocked_azure_provider(),
|
|
),
|
|
patch(
|
|
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
|
new=MagicMock(),
|
|
),
|
|
):
|
|
from prowler.providers.azure.services.containerregistry.containerregistry_service import (
|
|
ContainerRegistryInfo,
|
|
)
|
|
|
|
# Initialize ContainerRegistry with the mocked provider
|
|
containerregistry_service = MagicMock()
|
|
registry_id = str(uuid4())
|
|
containerregistry_service.registries = {
|
|
AZURE_SUBSCRIPTION_ID: {
|
|
registry_id: ContainerRegistryInfo(
|
|
id=registry_id,
|
|
name="mock_registry",
|
|
location="westeurope",
|
|
resource_group="mock_resource_group",
|
|
sku="Basic",
|
|
login_server="mock_login_server.azurecr.io",
|
|
public_network_access=False,
|
|
admin_user_enabled=True,
|
|
private_endpoint_connections=[],
|
|
monitor_diagnostic_settings=[
|
|
{
|
|
"id": "id1/id1",
|
|
"logs": [
|
|
{
|
|
"category": "ContainerLogs",
|
|
"enabled": True,
|
|
},
|
|
{
|
|
"category": "AdminLogs",
|
|
"enabled": False,
|
|
},
|
|
],
|
|
"storage_account_name": "mock_storage_account",
|
|
"storage_account_id": "mock_storage_account_id",
|
|
"name": "mock_diagnostic_setting",
|
|
}
|
|
],
|
|
)
|
|
}
|
|
}
|
|
|
|
# Assertions to check the populated data in the registries
|
|
assert len(containerregistry_service.registries[AZURE_SUBSCRIPTION_ID]) == 1
|
|
|
|
registry_info = containerregistry_service.registries[AZURE_SUBSCRIPTION_ID][
|
|
registry_id
|
|
]
|
|
|
|
assert registry_info.id == registry_id
|
|
assert registry_info.name == "mock_registry"
|
|
assert registry_info.location == "westeurope"
|
|
assert registry_info.resource_group == "mock_resource_group"
|
|
assert registry_info.sku == "Basic"
|
|
assert registry_info.login_server == "mock_login_server.azurecr.io"
|
|
assert not registry_info.public_network_access
|
|
assert registry_info.admin_user_enabled is True
|
|
assert isinstance(registry_info.monitor_diagnostic_settings, list)
|
|
|
|
# Check the properties of monitor diagnostic settings
|
|
monitor_setting = registry_info.monitor_diagnostic_settings[0]
|
|
assert monitor_setting["id"] == "id1/id1" # Use dictionary access here
|
|
assert monitor_setting["storage_account_name"] == "mock_storage_account"
|
|
assert monitor_setting["storage_account_id"] == "mock_storage_account_id"
|
|
assert monitor_setting["name"] == "mock_diagnostic_setting"
|
|
assert len(monitor_setting["logs"]) == 2
|
|
|
|
assert monitor_setting["logs"][0]["category"] == "ContainerLogs"
|
|
assert monitor_setting["logs"][0]["enabled"] is True
|
|
assert monitor_setting["logs"][1]["category"] == "AdminLogs"
|
|
assert monitor_setting["logs"][1]["enabled"] is False
|
|
|
|
|
|
class Test_ContainerRegistry_get_registries:
|
|
def test_get_container_registries_no_resource_groups(self):
|
|
from unittest.mock import MagicMock, patch
|
|
|
|
mock_client = MagicMock()
|
|
mock_client.registries.list.return_value = []
|
|
|
|
mock_provider = MagicMock()
|
|
mock_provider.identity = MagicMock()
|
|
with (
|
|
patch(
|
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
|
return_value=mock_provider,
|
|
),
|
|
patch(
|
|
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
|
new=MagicMock(),
|
|
),
|
|
patch(
|
|
"prowler.providers.azure.services.containerregistry.containerregistry_service.ContainerRegistry._get_container_registries",
|
|
return_value={},
|
|
),
|
|
):
|
|
from prowler.providers.azure.services.containerregistry.containerregistry_service import (
|
|
ContainerRegistry,
|
|
)
|
|
|
|
cr = ContainerRegistry(set_mocked_azure_provider())
|
|
|
|
cr.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
|
cr.resource_groups = None
|
|
|
|
with patch(
|
|
"prowler.providers.azure.services.containerregistry.containerregistry_service.monitor_client"
|
|
):
|
|
result = cr._get_container_registries()
|
|
|
|
mock_client.registries.list.assert_called_once()
|
|
mock_client.registries.list_by_resource_group.assert_not_called()
|
|
assert AZURE_SUBSCRIPTION_ID in result
|
|
|
|
def test_get_container_registries_with_resource_group(self):
|
|
from unittest.mock import MagicMock, patch
|
|
|
|
mock_client = MagicMock()
|
|
mock_client.registries.list_by_resource_group.return_value = []
|
|
|
|
mock_provider = MagicMock()
|
|
mock_provider.identity = MagicMock()
|
|
with (
|
|
patch(
|
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
|
return_value=mock_provider,
|
|
),
|
|
patch(
|
|
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
|
new=MagicMock(),
|
|
),
|
|
patch(
|
|
"prowler.providers.azure.services.containerregistry.containerregistry_service.ContainerRegistry._get_container_registries",
|
|
return_value={},
|
|
),
|
|
):
|
|
from prowler.providers.azure.services.containerregistry.containerregistry_service import (
|
|
ContainerRegistry,
|
|
)
|
|
|
|
cr = ContainerRegistry(set_mocked_azure_provider())
|
|
|
|
cr.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
|
cr.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
|
|
|
with patch(
|
|
"prowler.providers.azure.services.containerregistry.containerregistry_service.monitor_client"
|
|
):
|
|
result = cr._get_container_registries()
|
|
|
|
mock_client.registries.list_by_resource_group.assert_called_once_with(
|
|
resource_group_name=RESOURCE_GROUP
|
|
)
|
|
mock_client.registries.list.assert_not_called()
|
|
assert AZURE_SUBSCRIPTION_ID in result
|
|
|
|
def test_get_container_registries_empty_resource_group_for_subscription(self):
|
|
from unittest.mock import MagicMock, patch
|
|
|
|
mock_client = MagicMock()
|
|
|
|
mock_provider = MagicMock()
|
|
mock_provider.identity = MagicMock()
|
|
with (
|
|
patch(
|
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
|
return_value=mock_provider,
|
|
),
|
|
patch(
|
|
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
|
new=MagicMock(),
|
|
),
|
|
patch(
|
|
"prowler.providers.azure.services.containerregistry.containerregistry_service.ContainerRegistry._get_container_registries",
|
|
return_value={},
|
|
),
|
|
):
|
|
from prowler.providers.azure.services.containerregistry.containerregistry_service import (
|
|
ContainerRegistry,
|
|
)
|
|
|
|
cr = ContainerRegistry(set_mocked_azure_provider())
|
|
|
|
cr.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
|
cr.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
|
|
|
with patch(
|
|
"prowler.providers.azure.services.containerregistry.containerregistry_service.monitor_client"
|
|
):
|
|
result = cr._get_container_registries()
|
|
|
|
mock_client.registries.list_by_resource_group.assert_not_called()
|
|
mock_client.registries.list.assert_not_called()
|
|
assert result[AZURE_SUBSCRIPTION_ID] == {}
|
|
|
|
def test_get_container_registries_with_multiple_resource_groups(self):
|
|
from unittest.mock import MagicMock, patch
|
|
|
|
mock_client = MagicMock()
|
|
mock_client.registries.list_by_resource_group.return_value = []
|
|
|
|
mock_provider = MagicMock()
|
|
mock_provider.identity = MagicMock()
|
|
with (
|
|
patch(
|
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
|
return_value=mock_provider,
|
|
),
|
|
patch(
|
|
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
|
new=MagicMock(),
|
|
),
|
|
patch(
|
|
"prowler.providers.azure.services.containerregistry.containerregistry_service.ContainerRegistry._get_container_registries",
|
|
return_value={},
|
|
),
|
|
):
|
|
from prowler.providers.azure.services.containerregistry.containerregistry_service import (
|
|
ContainerRegistry,
|
|
)
|
|
|
|
cr = ContainerRegistry(set_mocked_azure_provider())
|
|
|
|
cr.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
|
cr.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
|
|
|
|
with patch(
|
|
"prowler.providers.azure.services.containerregistry.containerregistry_service.monitor_client"
|
|
):
|
|
result = cr._get_container_registries()
|
|
|
|
assert mock_client.registries.list_by_resource_group.call_count == len(
|
|
RESOURCE_GROUP_LIST
|
|
)
|
|
mock_client.registries.list.assert_not_called()
|
|
assert AZURE_SUBSCRIPTION_ID in result
|
|
|
|
def test_get_container_registries_with_mixed_case_resource_group(self):
|
|
from unittest.mock import MagicMock, patch
|
|
|
|
mock_client = MagicMock()
|
|
mock_client.registries.list_by_resource_group.return_value = []
|
|
|
|
mock_provider = MagicMock()
|
|
mock_provider.identity = MagicMock()
|
|
with (
|
|
patch(
|
|
"prowler.providers.common.provider.Provider.get_global_provider",
|
|
return_value=mock_provider,
|
|
),
|
|
patch(
|
|
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
|
|
new=MagicMock(),
|
|
),
|
|
patch(
|
|
"prowler.providers.azure.services.containerregistry.containerregistry_service.ContainerRegistry._get_container_registries",
|
|
return_value={},
|
|
),
|
|
):
|
|
from prowler.providers.azure.services.containerregistry.containerregistry_service import (
|
|
ContainerRegistry,
|
|
)
|
|
|
|
cr = ContainerRegistry(set_mocked_azure_provider())
|
|
|
|
cr.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
|
cr.resource_groups = {AZURE_SUBSCRIPTION_ID: ["MyRegistry-RG"]}
|
|
|
|
with patch(
|
|
"prowler.providers.azure.services.containerregistry.containerregistry_service.monitor_client"
|
|
):
|
|
cr._get_container_registries()
|
|
|
|
mock_client.registries.list_by_resource_group.assert_called_once_with(
|
|
resource_group_name="MyRegistry-RG"
|
|
)
|