Files
prowler/tests/providers/azure/services/iam/azure_iam_service_test.py
T
2026-07-02 10:27:53 +01:00

163 lines
5.5 KiB
Python

from unittest.mock import MagicMock, patch
from prowler.providers.azure.services.iam.iam_service import IAM
from tests.providers.azure.azure_fixtures import (
AZURE_SUBSCRIPTION_ID,
RESOURCE_GROUP,
set_mocked_azure_provider,
)
class Test_IAM_get_roles:
def test_get_roles_no_resource_groups(self):
mock_client = MagicMock()
mock_client.role_definitions.list.return_value = []
with (
patch(
"prowler.providers.azure.services.iam.iam_service.IAM._get_roles",
return_value=({}, {}),
),
patch(
"prowler.providers.azure.services.iam.iam_service.IAM._get_role_assignments",
return_value={},
),
):
iam = IAM(set_mocked_azure_provider())
iam.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
iam.resource_groups = None
builtin, custom = iam._get_roles()
mock_client.role_definitions.list.assert_called_once()
assert AZURE_SUBSCRIPTION_ID in builtin
assert AZURE_SUBSCRIPTION_ID in custom
def test_get_roles_with_resource_group(self):
mock_client = MagicMock()
mock_client.role_definitions.list.return_value = []
with (
patch(
"prowler.providers.azure.services.iam.iam_service.IAM._get_roles",
return_value=({}, {}),
),
patch(
"prowler.providers.azure.services.iam.iam_service.IAM._get_role_assignments",
return_value={},
),
):
iam = IAM(set_mocked_azure_provider())
iam.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
iam.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
builtin, custom = iam._get_roles()
mock_client.role_definitions.list.assert_called_once()
assert AZURE_SUBSCRIPTION_ID in builtin
assert AZURE_SUBSCRIPTION_ID in custom
def test_get_roles_empty_resource_group_for_subscription(self):
mock_client = MagicMock()
mock_client.role_definitions.list.return_value = []
with (
patch(
"prowler.providers.azure.services.iam.iam_service.IAM._get_roles",
return_value=({}, {}),
),
patch(
"prowler.providers.azure.services.iam.iam_service.IAM._get_role_assignments",
return_value={},
),
):
iam = IAM(set_mocked_azure_provider())
iam.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
iam.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
builtin, custom = iam._get_roles()
mock_client.role_definitions.list.assert_called_once()
assert AZURE_SUBSCRIPTION_ID in builtin
assert AZURE_SUBSCRIPTION_ID in custom
class Test_IAM_get_role_assignments:
def test_get_role_assignments_no_resource_groups(self):
mock_client = MagicMock()
mock_client.role_assignments = MagicMock()
mock_client.role_assignments.list_for_subscription.return_value = []
with (
patch(
"prowler.providers.azure.services.iam.iam_service.IAM._get_roles",
return_value=({}, {}),
),
patch(
"prowler.providers.azure.services.iam.iam_service.IAM._get_role_assignments",
return_value={},
),
):
iam = IAM(set_mocked_azure_provider())
iam.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
iam.resource_groups = None
result = iam._get_role_assignments()
mock_client.role_assignments.list_for_subscription.assert_called_once()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_role_assignments_with_resource_group(self):
mock_client = MagicMock()
mock_client.role_assignments = MagicMock()
mock_client.role_assignments.list_for_subscription.return_value = []
with (
patch(
"prowler.providers.azure.services.iam.iam_service.IAM._get_roles",
return_value=({}, {}),
),
patch(
"prowler.providers.azure.services.iam.iam_service.IAM._get_role_assignments",
return_value={},
),
):
iam = IAM(set_mocked_azure_provider())
iam.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
iam.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
result = iam._get_role_assignments()
mock_client.role_assignments.list_for_subscription.assert_called_once()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_role_assignments_empty_resource_group_for_subscription(self):
mock_client = MagicMock()
mock_client.role_assignments = MagicMock()
mock_client.role_assignments.list_for_subscription.return_value = []
with (
patch(
"prowler.providers.azure.services.iam.iam_service.IAM._get_roles",
return_value=({}, {}),
),
patch(
"prowler.providers.azure.services.iam.iam_service.IAM._get_role_assignments",
return_value={},
),
):
iam = IAM(set_mocked_azure_provider())
iam.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
iam.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
result = iam._get_role_assignments()
mock_client.role_assignments.list_for_subscription.assert_called_once()
assert AZURE_SUBSCRIPTION_ID in result