Files
prowler/tests/providers/azure/services/containerregistry/containerregistry_service_test.py
T
2026-07-02 10:27:53 +01:00

299 lines
12 KiB
Python

from unittest.mock import MagicMock, patch
from uuid import uuid4
from tests.providers.azure.azure_fixtures import (
AZURE_SUBSCRIPTION_ID,
RESOURCE_GROUP,
RESOURCE_GROUP_LIST,
set_mocked_azure_provider,
)
class TestContainerRegistryService:
def test_get_container_registry(self):
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_azure_provider(),
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
):
from prowler.providers.azure.services.containerregistry.containerregistry_service import (
ContainerRegistryInfo,
)
# Initialize ContainerRegistry with the mocked provider
containerregistry_service = MagicMock()
registry_id = str(uuid4())
containerregistry_service.registries = {
AZURE_SUBSCRIPTION_ID: {
registry_id: ContainerRegistryInfo(
id=registry_id,
name="mock_registry",
location="westeurope",
resource_group="mock_resource_group",
sku="Basic",
login_server="mock_login_server.azurecr.io",
public_network_access=False,
admin_user_enabled=True,
private_endpoint_connections=[],
monitor_diagnostic_settings=[
{
"id": "id1/id1",
"logs": [
{
"category": "ContainerLogs",
"enabled": True,
},
{
"category": "AdminLogs",
"enabled": False,
},
],
"storage_account_name": "mock_storage_account",
"storage_account_id": "mock_storage_account_id",
"name": "mock_diagnostic_setting",
}
],
)
}
}
# Assertions to check the populated data in the registries
assert len(containerregistry_service.registries[AZURE_SUBSCRIPTION_ID]) == 1
registry_info = containerregistry_service.registries[AZURE_SUBSCRIPTION_ID][
registry_id
]
assert registry_info.id == registry_id
assert registry_info.name == "mock_registry"
assert registry_info.location == "westeurope"
assert registry_info.resource_group == "mock_resource_group"
assert registry_info.sku == "Basic"
assert registry_info.login_server == "mock_login_server.azurecr.io"
assert not registry_info.public_network_access
assert registry_info.admin_user_enabled is True
assert isinstance(registry_info.monitor_diagnostic_settings, list)
# Check the properties of monitor diagnostic settings
monitor_setting = registry_info.monitor_diagnostic_settings[0]
assert monitor_setting["id"] == "id1/id1" # Use dictionary access here
assert monitor_setting["storage_account_name"] == "mock_storage_account"
assert monitor_setting["storage_account_id"] == "mock_storage_account_id"
assert monitor_setting["name"] == "mock_diagnostic_setting"
assert len(monitor_setting["logs"]) == 2
assert monitor_setting["logs"][0]["category"] == "ContainerLogs"
assert monitor_setting["logs"][0]["enabled"] is True
assert monitor_setting["logs"][1]["category"] == "AdminLogs"
assert monitor_setting["logs"][1]["enabled"] is False
class Test_ContainerRegistry_get_registries:
def test_get_container_registries_no_resource_groups(self):
from unittest.mock import MagicMock, patch
mock_client = MagicMock()
mock_client.registries.list.return_value = []
mock_provider = MagicMock()
mock_provider.identity = MagicMock()
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=mock_provider,
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
patch(
"prowler.providers.azure.services.containerregistry.containerregistry_service.ContainerRegistry._get_container_registries",
return_value={},
),
):
from prowler.providers.azure.services.containerregistry.containerregistry_service import (
ContainerRegistry,
)
cr = ContainerRegistry(set_mocked_azure_provider())
cr.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
cr.resource_groups = None
with patch(
"prowler.providers.azure.services.containerregistry.containerregistry_service.monitor_client"
):
result = cr._get_container_registries()
mock_client.registries.list.assert_called_once()
mock_client.registries.list_by_resource_group.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_container_registries_with_resource_group(self):
from unittest.mock import MagicMock, patch
mock_client = MagicMock()
mock_client.registries.list_by_resource_group.return_value = []
mock_provider = MagicMock()
mock_provider.identity = MagicMock()
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=mock_provider,
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
patch(
"prowler.providers.azure.services.containerregistry.containerregistry_service.ContainerRegistry._get_container_registries",
return_value={},
),
):
from prowler.providers.azure.services.containerregistry.containerregistry_service import (
ContainerRegistry,
)
cr = ContainerRegistry(set_mocked_azure_provider())
cr.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
cr.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
with patch(
"prowler.providers.azure.services.containerregistry.containerregistry_service.monitor_client"
):
result = cr._get_container_registries()
mock_client.registries.list_by_resource_group.assert_called_once_with(
resource_group_name=RESOURCE_GROUP
)
mock_client.registries.list.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_container_registries_empty_resource_group_for_subscription(self):
from unittest.mock import MagicMock, patch
mock_client = MagicMock()
mock_provider = MagicMock()
mock_provider.identity = MagicMock()
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=mock_provider,
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
patch(
"prowler.providers.azure.services.containerregistry.containerregistry_service.ContainerRegistry._get_container_registries",
return_value={},
),
):
from prowler.providers.azure.services.containerregistry.containerregistry_service import (
ContainerRegistry,
)
cr = ContainerRegistry(set_mocked_azure_provider())
cr.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
cr.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
with patch(
"prowler.providers.azure.services.containerregistry.containerregistry_service.monitor_client"
):
result = cr._get_container_registries()
mock_client.registries.list_by_resource_group.assert_not_called()
mock_client.registries.list.assert_not_called()
assert result[AZURE_SUBSCRIPTION_ID] == {}
def test_get_container_registries_with_multiple_resource_groups(self):
from unittest.mock import MagicMock, patch
mock_client = MagicMock()
mock_client.registries.list_by_resource_group.return_value = []
mock_provider = MagicMock()
mock_provider.identity = MagicMock()
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=mock_provider,
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
patch(
"prowler.providers.azure.services.containerregistry.containerregistry_service.ContainerRegistry._get_container_registries",
return_value={},
),
):
from prowler.providers.azure.services.containerregistry.containerregistry_service import (
ContainerRegistry,
)
cr = ContainerRegistry(set_mocked_azure_provider())
cr.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
cr.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
with patch(
"prowler.providers.azure.services.containerregistry.containerregistry_service.monitor_client"
):
result = cr._get_container_registries()
assert mock_client.registries.list_by_resource_group.call_count == len(
RESOURCE_GROUP_LIST
)
mock_client.registries.list.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_container_registries_with_mixed_case_resource_group(self):
from unittest.mock import MagicMock, patch
mock_client = MagicMock()
mock_client.registries.list_by_resource_group.return_value = []
mock_provider = MagicMock()
mock_provider.identity = MagicMock()
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=mock_provider,
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
patch(
"prowler.providers.azure.services.containerregistry.containerregistry_service.ContainerRegistry._get_container_registries",
return_value={},
),
):
from prowler.providers.azure.services.containerregistry.containerregistry_service import (
ContainerRegistry,
)
cr = ContainerRegistry(set_mocked_azure_provider())
cr.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
cr.resource_groups = {AZURE_SUBSCRIPTION_ID: ["MyRegistry-RG"]}
with patch(
"prowler.providers.azure.services.containerregistry.containerregistry_service.monitor_client"
):
cr._get_container_registries()
mock_client.registries.list_by_resource_group.assert_called_once_with(
resource_group_name="MyRegistry-RG"
)