mirror of
https://github.com/prowler-cloud/prowler.git
synced 2026-07-04 19:21:51 +00:00
537c3ea71e
Signed-off-by: Legin-ML <leginml2004@gmail.com>
163 lines
5.5 KiB
Python
163 lines
5.5 KiB
Python
from unittest.mock import MagicMock, patch
|
|
|
|
from prowler.providers.azure.services.iam.iam_service import IAM
|
|
from tests.providers.azure.azure_fixtures import (
|
|
AZURE_SUBSCRIPTION_ID,
|
|
RESOURCE_GROUP,
|
|
set_mocked_azure_provider,
|
|
)
|
|
|
|
|
|
class Test_IAM_get_roles:
|
|
def test_get_roles_no_resource_groups(self):
|
|
mock_client = MagicMock()
|
|
mock_client.role_definitions.list.return_value = []
|
|
|
|
with (
|
|
patch(
|
|
"prowler.providers.azure.services.iam.iam_service.IAM._get_roles",
|
|
return_value=({}, {}),
|
|
),
|
|
patch(
|
|
"prowler.providers.azure.services.iam.iam_service.IAM._get_role_assignments",
|
|
return_value={},
|
|
),
|
|
):
|
|
iam = IAM(set_mocked_azure_provider())
|
|
|
|
iam.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
|
iam.resource_groups = None
|
|
|
|
builtin, custom = iam._get_roles()
|
|
|
|
mock_client.role_definitions.list.assert_called_once()
|
|
assert AZURE_SUBSCRIPTION_ID in builtin
|
|
assert AZURE_SUBSCRIPTION_ID in custom
|
|
|
|
def test_get_roles_with_resource_group(self):
|
|
mock_client = MagicMock()
|
|
mock_client.role_definitions.list.return_value = []
|
|
|
|
with (
|
|
patch(
|
|
"prowler.providers.azure.services.iam.iam_service.IAM._get_roles",
|
|
return_value=({}, {}),
|
|
),
|
|
patch(
|
|
"prowler.providers.azure.services.iam.iam_service.IAM._get_role_assignments",
|
|
return_value={},
|
|
),
|
|
):
|
|
iam = IAM(set_mocked_azure_provider())
|
|
|
|
iam.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
|
iam.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
|
|
|
builtin, custom = iam._get_roles()
|
|
|
|
mock_client.role_definitions.list.assert_called_once()
|
|
assert AZURE_SUBSCRIPTION_ID in builtin
|
|
assert AZURE_SUBSCRIPTION_ID in custom
|
|
|
|
def test_get_roles_empty_resource_group_for_subscription(self):
|
|
mock_client = MagicMock()
|
|
mock_client.role_definitions.list.return_value = []
|
|
|
|
with (
|
|
patch(
|
|
"prowler.providers.azure.services.iam.iam_service.IAM._get_roles",
|
|
return_value=({}, {}),
|
|
),
|
|
patch(
|
|
"prowler.providers.azure.services.iam.iam_service.IAM._get_role_assignments",
|
|
return_value={},
|
|
),
|
|
):
|
|
iam = IAM(set_mocked_azure_provider())
|
|
|
|
iam.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
|
iam.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
|
|
|
builtin, custom = iam._get_roles()
|
|
|
|
mock_client.role_definitions.list.assert_called_once()
|
|
assert AZURE_SUBSCRIPTION_ID in builtin
|
|
assert AZURE_SUBSCRIPTION_ID in custom
|
|
|
|
|
|
class Test_IAM_get_role_assignments:
|
|
def test_get_role_assignments_no_resource_groups(self):
|
|
mock_client = MagicMock()
|
|
mock_client.role_assignments = MagicMock()
|
|
mock_client.role_assignments.list_for_subscription.return_value = []
|
|
|
|
with (
|
|
patch(
|
|
"prowler.providers.azure.services.iam.iam_service.IAM._get_roles",
|
|
return_value=({}, {}),
|
|
),
|
|
patch(
|
|
"prowler.providers.azure.services.iam.iam_service.IAM._get_role_assignments",
|
|
return_value={},
|
|
),
|
|
):
|
|
iam = IAM(set_mocked_azure_provider())
|
|
|
|
iam.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
|
iam.resource_groups = None
|
|
|
|
result = iam._get_role_assignments()
|
|
|
|
mock_client.role_assignments.list_for_subscription.assert_called_once()
|
|
assert AZURE_SUBSCRIPTION_ID in result
|
|
|
|
def test_get_role_assignments_with_resource_group(self):
|
|
mock_client = MagicMock()
|
|
mock_client.role_assignments = MagicMock()
|
|
mock_client.role_assignments.list_for_subscription.return_value = []
|
|
|
|
with (
|
|
patch(
|
|
"prowler.providers.azure.services.iam.iam_service.IAM._get_roles",
|
|
return_value=({}, {}),
|
|
),
|
|
patch(
|
|
"prowler.providers.azure.services.iam.iam_service.IAM._get_role_assignments",
|
|
return_value={},
|
|
),
|
|
):
|
|
iam = IAM(set_mocked_azure_provider())
|
|
|
|
iam.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
|
iam.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
|
|
|
|
result = iam._get_role_assignments()
|
|
|
|
mock_client.role_assignments.list_for_subscription.assert_called_once()
|
|
assert AZURE_SUBSCRIPTION_ID in result
|
|
|
|
def test_get_role_assignments_empty_resource_group_for_subscription(self):
|
|
mock_client = MagicMock()
|
|
mock_client.role_assignments = MagicMock()
|
|
mock_client.role_assignments.list_for_subscription.return_value = []
|
|
|
|
with (
|
|
patch(
|
|
"prowler.providers.azure.services.iam.iam_service.IAM._get_roles",
|
|
return_value=({}, {}),
|
|
),
|
|
patch(
|
|
"prowler.providers.azure.services.iam.iam_service.IAM._get_role_assignments",
|
|
return_value={},
|
|
),
|
|
):
|
|
iam = IAM(set_mocked_azure_provider())
|
|
|
|
iam.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
|
|
iam.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
|
|
|
|
result = iam._get_role_assignments()
|
|
|
|
mock_client.role_assignments.list_for_subscription.assert_called_once()
|
|
assert AZURE_SUBSCRIPTION_ID in result
|