Files
prowler/tests/providers/azure/services/policy/policy_service_test.py
T
2026-07-02 10:27:53 +01:00

153 lines
5.4 KiB
Python

from unittest.mock import MagicMock, patch
from prowler.providers.azure.services.policy.policy_service import (
Policy,
PolicyAssigment,
)
from tests.providers.azure.azure_fixtures import (
AZURE_SUBSCRIPTION_ID,
RESOURCE_GROUP,
RESOURCE_GROUP_LIST,
set_mocked_azure_provider,
)
def mock_policy_assigments(_):
return {
AZURE_SUBSCRIPTION_ID: {
"policy-1": PolicyAssigment(
id="id-1", name="policy-1", enforcement_mode="Default"
)
}
}
@patch(
"prowler.providers.azure.services.policy.policy_service.Policy._get_policy_assigments",
new=mock_policy_assigments,
)
class Test_Policy_Service:
def test_get_client(self):
policy = Policy(set_mocked_azure_provider())
assert (
policy.clients[AZURE_SUBSCRIPTION_ID].__class__.__name__ == "PolicyClient"
)
def test__get_subscriptions__(self):
policy = Policy(set_mocked_azure_provider())
assert policy.subscriptions.__class__.__name__ == "dict"
def test_get_policy_assigments(self):
policy = Policy(set_mocked_azure_provider())
assert policy.policy_assigments.__class__.__name__ == "dict"
assert (
policy.policy_assigments[AZURE_SUBSCRIPTION_ID].__class__.__name__ == "dict"
)
assert (
policy.policy_assigments[AZURE_SUBSCRIPTION_ID][
"policy-1"
].__class__.__name__
== "PolicyAssigment"
)
assert policy.policy_assigments[AZURE_SUBSCRIPTION_ID]["policy-1"].id == "id-1"
assert (
policy.policy_assigments[AZURE_SUBSCRIPTION_ID]["policy-1"].enforcement_mode
== "Default"
)
class Test_Policy_get_policy_assigments:
def test_get_policy_assigments_no_resource_groups(self):
mock_client = MagicMock()
mock_client.policy_assignments.list.return_value = []
with patch(
"prowler.providers.azure.services.policy.policy_service.Policy._get_policy_assigments",
return_value={},
):
policy = Policy(set_mocked_azure_provider())
policy.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
policy.resource_groups = None
result = policy._get_policy_assigments()
mock_client.policy_assignments.list.assert_called_once()
mock_client.policy_assignments.list_for_resource_group.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_policy_assigments_with_resource_group(self):
mock_client = MagicMock()
mock_client.policy_assignments.list.return_value = []
with patch(
"prowler.providers.azure.services.policy.policy_service.Policy._get_policy_assigments",
return_value={},
):
policy = Policy(set_mocked_azure_provider())
policy.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
policy.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
result = policy._get_policy_assigments()
mock_client.policy_assignments.list.assert_called_once()
mock_client.policy_assignments.list_for_resource_group.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_policy_assigments_empty_resource_group_for_subscription(self):
mock_client = MagicMock()
mock_client.policy_assignments.list.return_value = []
with patch(
"prowler.providers.azure.services.policy.policy_service.Policy._get_policy_assigments",
return_value={},
):
policy = Policy(set_mocked_azure_provider())
policy.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
policy.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
result = policy._get_policy_assigments()
mock_client.policy_assignments.list.assert_called_once()
mock_client.policy_assignments.list_for_resource_group.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_policy_assigments_with_multiple_resource_groups(self):
mock_client = MagicMock()
mock_client.policy_assignments.list.return_value = []
with patch(
"prowler.providers.azure.services.policy.policy_service.Policy._get_policy_assigments",
return_value={},
):
policy = Policy(set_mocked_azure_provider())
policy.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
policy.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
result = policy._get_policy_assigments()
mock_client.policy_assignments.list.assert_called_once()
mock_client.policy_assignments.list_for_resource_group.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_policy_assigments_with_mixed_case_resource_group(self):
mock_client = MagicMock()
mock_client.policy_assignments.list.return_value = []
with patch(
"prowler.providers.azure.services.policy.policy_service.Policy._get_policy_assigments",
return_value={},
):
policy = Policy(set_mocked_azure_provider())
policy.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
policy.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
policy._get_policy_assigments()
mock_client.policy_assignments.list.assert_called_once()
mock_client.policy_assignments.list_for_resource_group.assert_not_called()