ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(arn): add missing ARNs to AWS Services (#2476)

Browse Source
This commit is contained in:
Sergio Garcia
2023-06-12 13:33:12 +02:00
committed by GitHub
parent 49b2a559ae
commit 01cd4bcb47
62 changed files with 249 additions and 102 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tests/providers/aws/services/apigateway/apigateway_authorizers_enabled/apigateway_authorizers_enabled_test.py
View File

@@ -120,7 +120,7 @@ class Test_apigateway_authorizers_enabled:
assert result[0].resource_id == "test-rest-api"
assert (
result[0].resource_arn
== f"arn:{current_audit_info.audited_partition}:apigateway:{AWS_REGION}::/apis/{rest_api['id']}"
== f"arn:{current_audit_info.audited_partition}:apigateway:{AWS_REGION}::/restapis/{rest_api['id']}"
)
@mock_apigateway
@@ -161,5 +161,5 @@ class Test_apigateway_authorizers_enabled:
assert result[0].resource_id == "test-rest-api"
assert (
result[0].resource_arn
== f"arn:{current_audit_info.audited_partition}:apigateway:{AWS_REGION}::/apis/{rest_api['id']}"
== f"arn:{current_audit_info.audited_partition}:apigateway:{AWS_REGION}::/restapis/{rest_api['id']}"
)

6
tests/providers/aws/services/apigateway/apigateway_client_certificate_enabled/apigateway_client_certificate_enabled_test.py
View File

@@ -130,7 +130,7 @@ class Test_apigateway_client_certificate_enabled:
assert result[0].resource_id == "test-rest-api"
assert (
result[0].resource_arn
== f"arn:{current_audit_info.audited_partition}:apigateway:{AWS_REGION}::/apis/{rest_api['id']}/stages/test"
== f"arn:{current_audit_info.audited_partition}:apigateway:{AWS_REGION}::/restapis/{rest_api['id']}/stages/test"
)
@mock_apigateway
@@ -162,7 +162,7 @@ class Test_apigateway_client_certificate_enabled:
service_client.rest_apis[0].stages.append(
Stage(
name="test",
arn=f"arn:{current_audit_info.audited_partition}:apigateway:{AWS_REGION}::/apis/test-rest-api/stages/test",
arn=f"arn:{current_audit_info.audited_partition}:apigateway:{AWS_REGION}::/restapis/test-rest-api/stages/test",
logging=True,
client_certificate=True,
waf=True,
@@ -181,5 +181,5 @@ class Test_apigateway_client_certificate_enabled:
assert result[0].resource_id == "test-rest-api"
assert (
result[0].resource_arn
== f"arn:{current_audit_info.audited_partition}:apigateway:{AWS_REGION}::/apis/test-rest-api/stages/test"
== f"arn:{current_audit_info.audited_partition}:apigateway:{AWS_REGION}::/restapis/test-rest-api/stages/test"
)

4
tests/providers/aws/services/apigateway/apigateway_endpoint_public/apigateway_endpoint_public_test.py
View File

@@ -101,7 +101,7 @@ class Test_apigateway_endpoint_public:
assert result[0].resource_id == "test-rest-api"
assert (
result[0].resource_arn
== f"arn:{current_audit_info.audited_partition}:apigateway:{AWS_REGION}::/apis/{rest_api['id']}"
== f"arn:{current_audit_info.audited_partition}:apigateway:{AWS_REGION}::/restapis/{rest_api['id']}"
)
@mock_apigateway
@@ -147,5 +147,5 @@ class Test_apigateway_endpoint_public:
assert result[0].resource_id == "test-rest-api"
assert (
result[0].resource_arn
== f"arn:{current_audit_info.audited_partition}:apigateway:{AWS_REGION}::/apis/{rest_api['id']}"
== f"arn:{current_audit_info.audited_partition}:apigateway:{AWS_REGION}::/restapis/{rest_api['id']}"
)

4
tests/providers/aws/services/apigateway/apigateway_logging_enabled/apigateway_logging_enabled_test.py
View File

@@ -133,7 +133,7 @@ class Test_apigateway_logging_enabled:
assert result[0].resource_id == "test-rest-api"
assert (
result[0].resource_arn
== f"arn:{current_audit_info.audited_partition}:apigateway:{AWS_REGION}::/apis/{rest_api['id']}/stages/test"
== f"arn:{current_audit_info.audited_partition}:apigateway:{AWS_REGION}::/restapis/{rest_api['id']}/stages/test"
)
@mock_apigateway
@@ -202,5 +202,5 @@ class Test_apigateway_logging_enabled:
assert result[0].resource_id == "test-rest-api"
assert (
result[0].resource_arn
== f"arn:{current_audit_info.audited_partition}:apigateway:{AWS_REGION}::/apis/{rest_api['id']}/stages/test"
== f"arn:{current_audit_info.audited_partition}:apigateway:{AWS_REGION}::/restapis/{rest_api['id']}/stages/test"
)

4
tests/providers/aws/services/apigateway/apigateway_waf_acl_attached/apigateway_waf_acl_attached_test.py
View File

@@ -139,7 +139,7 @@ class Test_apigateway_waf_acl_attached:
assert result[0].resource_id == "test-rest-api"
assert (
result[0].resource_arn
== f"arn:{current_audit_info.audited_partition}:apigateway:{AWS_REGION}::/apis/{rest_api['id']}/stages/test"
== f"arn:{current_audit_info.audited_partition}:apigateway:{AWS_REGION}::/restapis/{rest_api['id']}/stages/test"
)
@mock_apigateway
@@ -208,5 +208,5 @@ class Test_apigateway_waf_acl_attached:
assert result[0].resource_id == "test-rest-api"
assert (
result[0].resource_arn
== f"arn:{current_audit_info.audited_partition}:apigateway:{AWS_REGION}::/apis/{rest_api['id']}/stages/test"
== f"arn:{current_audit_info.audited_partition}:apigateway:{AWS_REGION}::/restapis/{rest_api['id']}/stages/test"
)

4
tests/providers/aws/services/glue/glue_database_connections_ssl_enabled/glue_database_connections_ssl_enabled_test.py
View File

@@ -38,6 +38,7 @@ class Test_glue_database_connections_ssl_enabled:
"CONNECTOR_CLASS_NAME": "test",
},
region=AWS_REGION,
arn="arn_test",
)
]
@@ -60,6 +61,7 @@ class Test_glue_database_connections_ssl_enabled:
result[0].status_extended,
)
assert result[0].resource_id == "test"
assert result[0].resource_arn == "arn_test"
def test_glue_table_with_SSL(self):
glue_client = mock.MagicMock
@@ -75,6 +77,7 @@ class Test_glue_database_connections_ssl_enabled:
"JDBC_ENFORCE_SSL": "true",
},
region=AWS_REGION,
arn="arn_test",
)
]
@@ -97,3 +100,4 @@ class Test_glue_database_connections_ssl_enabled:
result[0].status_extended,
)
assert result[0].resource_id == "test"
assert result[0].resource_arn == "arn_test"

6
tests/providers/aws/services/glue/glue_development_endpoints_cloudwatch_logs_encryption_enabled/glue_development_endpoints_cloudwatch_logs_encryption_enabled_test.py
View File

@@ -32,6 +32,7 @@ class Test_glue_development_endpoints_cloudwatch_logs_encryption_enabled:
name="test",
security="sec_config",
region=AWS_REGION,
arn="arn_test",
)
]
glue_client.security_configs = [
@@ -64,6 +65,7 @@ class Test_glue_development_endpoints_cloudwatch_logs_encryption_enabled:
result[0].status_extended,
)
assert result[0].resource_id == "test"
assert result[0].resource_arn == "arn_test"
def test_glue_unencrypted_endpoint(self):
glue_client = mock.MagicMock
@@ -72,6 +74,7 @@ class Test_glue_development_endpoints_cloudwatch_logs_encryption_enabled:
name="test",
security="sec_config",
region=AWS_REGION,
arn="arn_test",
)
]
glue_client.security_configs = [
@@ -103,6 +106,7 @@ class Test_glue_development_endpoints_cloudwatch_logs_encryption_enabled:
result[0].status_extended,
)
assert result[0].resource_id == "test"
assert result[0].resource_arn == "arn_test"
def test_glue_no_sec_configs(self):
glue_client = mock.MagicMock
@@ -111,6 +115,7 @@ class Test_glue_development_endpoints_cloudwatch_logs_encryption_enabled:
name="test",
security="sec_config",
region=AWS_REGION,
arn="arn_test",
)
]
glue_client.security_configs = []
@@ -134,3 +139,4 @@ class Test_glue_development_endpoints_cloudwatch_logs_encryption_enabled:
result[0].status_extended,
)
assert result[0].resource_id == "test"
assert result[0].resource_arn == "arn_test"

6
tests/providers/aws/services/glue/glue_development_endpoints_job_bookmark_encryption_enabled/glue_development_endpoints_job_bookmark_encryption_enabled_test.py
View File

@@ -32,6 +32,7 @@ class Test_glue_development_endpoints_job_bookmark_encryption_enabled:
name="test",
security="sec_config",
region=AWS_REGION,
arn="arn_test",
)
]
glue_client.security_configs = [
@@ -64,6 +65,7 @@ class Test_glue_development_endpoints_job_bookmark_encryption_enabled:
result[0].status_extended,
)
assert result[0].resource_id == "test"
assert result[0].resource_arn == "arn_test"
def test_glue_unencrypted_endpoint(self):
glue_client = mock.MagicMock
@@ -72,6 +74,7 @@ class Test_glue_development_endpoints_job_bookmark_encryption_enabled:
name="test",
security="sec_config",
region=AWS_REGION,
arn="arn_test",
)
]
glue_client.security_configs = [
@@ -103,6 +106,7 @@ class Test_glue_development_endpoints_job_bookmark_encryption_enabled:
result[0].status_extended,
)
assert result[0].resource_id == "test"
assert result[0].resource_arn == "arn_test"
def test_glue_no_sec_configs(self):
glue_client = mock.MagicMock
@@ -111,6 +115,7 @@ class Test_glue_development_endpoints_job_bookmark_encryption_enabled:
name="test",
security="sec_config",
region=AWS_REGION,
arn="arn_test",
)
]
glue_client.security_configs = []
@@ -134,3 +139,4 @@ class Test_glue_development_endpoints_job_bookmark_encryption_enabled:
result[0].status_extended,
)
assert result[0].resource_id == "test"
assert result[0].resource_arn == "arn_test"

6
tests/providers/aws/services/glue/glue_development_endpoints_s3_encryption_enabled/glue_development_endpoints_s3_encryption_enabled_test.py
View File

@@ -32,6 +32,7 @@ class Test_glue_development_endpoints_s3_encryption_enabled:
name="test",
security="sec_config",
region=AWS_REGION,
arn="arn_test",
)
]
glue_client.security_configs = [
@@ -64,6 +65,7 @@ class Test_glue_development_endpoints_s3_encryption_enabled:
result[0].status_extended,
)
assert result[0].resource_id == "test"
assert result[0].resource_arn == "arn_test"
def test_glue_unencrypted_endpoint(self):
glue_client = mock.MagicMock
@@ -72,6 +74,7 @@ class Test_glue_development_endpoints_s3_encryption_enabled:
name="test",
security="sec_config",
region=AWS_REGION,
arn="arn_test",
)
]
glue_client.security_configs = [
@@ -103,6 +106,7 @@ class Test_glue_development_endpoints_s3_encryption_enabled:
result[0].status_extended,
)
assert result[0].resource_id == "test"
assert result[0].resource_arn == "arn_test"
def test_glue_no_sec_configs(self):
glue_client = mock.MagicMock
@@ -111,6 +115,7 @@ class Test_glue_development_endpoints_s3_encryption_enabled:
name="test",
security="sec_config",
region=AWS_REGION,
arn="arn_test",
)
]
glue_client.security_configs = []
@@ -134,3 +139,4 @@ class Test_glue_development_endpoints_s3_encryption_enabled:
result[0].status_extended,
)
assert result[0].resource_id == "test"
assert result[0].resource_arn == "arn_test"

8
tests/providers/aws/services/glue/glue_etl_jobs_amazon_s3_encryption_enabled/glue_etl_jobs_amazon_s3_encryption_enabled_test.py
View File

@@ -33,6 +33,7 @@ class Test_glue_etl_jobs_amazon_s3_encryption_enabled:
security="sec_config",
arguments=None,
region=AWS_REGION,
arn="arn_test",
)
]
glue_client.security_configs = [
@@ -65,6 +66,7 @@ class Test_glue_etl_jobs_amazon_s3_encryption_enabled:
result[0].status_extended,
)
assert result[0].resource_id == "test"
assert result[0].resource_arn == "arn_test"
def test_glue_unencrypted_job(self):
glue_client = mock.MagicMock
@@ -74,6 +76,7 @@ class Test_glue_etl_jobs_amazon_s3_encryption_enabled:
security="sec_config",
arguments=None,
region=AWS_REGION,
arn="arn_test",
)
]
glue_client.security_configs = [
@@ -105,6 +108,7 @@ class Test_glue_etl_jobs_amazon_s3_encryption_enabled:
result[0].status_extended,
)
assert result[0].resource_id == "test"
assert result[0].resource_arn == "arn_test"
def test_glue_no_sec_configs(self):
glue_client = mock.MagicMock
@@ -113,6 +117,7 @@ class Test_glue_etl_jobs_amazon_s3_encryption_enabled:
name="test",
security="sec_config",
region=AWS_REGION,
arn="arn_test",
)
]
glue_client.security_configs = []
@@ -136,6 +141,7 @@ class Test_glue_etl_jobs_amazon_s3_encryption_enabled:
result[0].status_extended,
)
assert result[0].resource_id == "test"
assert result[0].resource_arn == "arn_test"
def test_glue_encrypted_job_with_argument(self):
glue_client = mock.MagicMock
@@ -148,6 +154,7 @@ class Test_glue_etl_jobs_amazon_s3_encryption_enabled:
"--enable-job-insights": "false",
},
region=AWS_REGION,
arn="arn_test",
)
]
glue_client.security_configs = []
@@ -171,3 +178,4 @@ class Test_glue_etl_jobs_amazon_s3_encryption_enabled:
result[0].status_extended,
)
assert result[0].resource_id == "test"
assert result[0].resource_arn == "arn_test"

6
tests/providers/aws/services/glue/glue_etl_jobs_cloudwatch_logs_encryption_enabled/glue_etl_jobs_cloudwatch_logs_encryption_enabled_test.py
View File

@@ -33,6 +33,7 @@ class Test_glue_etl_jobs_cloudwatch_logs_encryption_enabled:
security="sec_config",
arguments=None,
region=AWS_REGION,
arn="arn_test",
)
]
glue_client.security_configs = [
@@ -65,6 +66,7 @@ class Test_glue_etl_jobs_cloudwatch_logs_encryption_enabled:
result[0].status_extended,
)
assert result[0].resource_id == "test"
assert result[0].resource_arn == "arn_test"
def test_glue_unencrypted_job(self):
glue_client = mock.MagicMock
@@ -74,6 +76,7 @@ class Test_glue_etl_jobs_cloudwatch_logs_encryption_enabled:
security="sec_config",
arguments=None,
region=AWS_REGION,
arn="arn_test",
)
]
glue_client.security_configs = [
@@ -105,6 +108,7 @@ class Test_glue_etl_jobs_cloudwatch_logs_encryption_enabled:
result[0].status_extended,
)
assert result[0].resource_id == "test"
assert result[0].resource_arn == "arn_test"
def test_glue_no_sec_configs(self):
glue_client = mock.MagicMock
@@ -113,6 +117,7 @@ class Test_glue_etl_jobs_cloudwatch_logs_encryption_enabled:
name="test",
security="sec_config",
region=AWS_REGION,
arn="arn_test",
)
]
glue_client.security_configs = []
@@ -136,3 +141,4 @@ class Test_glue_etl_jobs_cloudwatch_logs_encryption_enabled:
result[0].status_extended,
)
assert result[0].resource_id == "test"
assert result[0].resource_arn == "arn_test"

6
tests/providers/aws/services/glue/glue_etl_jobs_job_bookmark_encryption_enabled/glue_etl_jobs_job_bookmark_encryption_enabled_test.py
View File

@@ -33,6 +33,7 @@ class Test_glue_etl_jobs_job_bookmark_encryption_enabled:
security="sec_config",
arguments=None,
region=AWS_REGION,
arn="arn_test",
)
]
glue_client.security_configs = [
@@ -65,6 +66,7 @@ class Test_glue_etl_jobs_job_bookmark_encryption_enabled:
result[0].status_extended,
)
assert result[0].resource_id == "test"
assert result[0].resource_arn == "arn_test"
def test_glue_unencrypted_job(self):
glue_client = mock.MagicMock
@@ -74,6 +76,7 @@ class Test_glue_etl_jobs_job_bookmark_encryption_enabled:
security="sec_config",
arguments=None,
region=AWS_REGION,
arn="arn_test",
)
]
glue_client.security_configs = [
@@ -105,6 +108,7 @@ class Test_glue_etl_jobs_job_bookmark_encryption_enabled:
result[0].status_extended,
)
assert result[0].resource_id == "test"
assert result[0].resource_arn == "arn_test"
def test_glue_no_sec_configs(self):
glue_client = mock.MagicMock
@@ -113,6 +117,7 @@ class Test_glue_etl_jobs_job_bookmark_encryption_enabled:
name="test",
security="sec_config",
region=AWS_REGION,
arn="arn_test",
)
]
glue_client.security_configs = []
@@ -136,3 +141,4 @@ class Test_glue_etl_jobs_job_bookmark_encryption_enabled:
result[0].status_extended,
)
assert result[0].resource_id == "test"
assert result[0].resource_arn == "arn_test"

16
tests/providers/aws/services/networkfirewall/networkfirewall_in_all_vpc/networkfirewall_in_all_vpc_test.py
View File

@@ -97,9 +97,11 @@ class Test_networkfirewall_in_all_vpc:
cidr_block="192.168.0.0/16",
flow_log=False,
region=AWS_REGION,
arn="arn_test",
subnets=[
VpcSubnet(
id="subnet-123456789",
arn="arn_test",
default=False,
vpc_id=VPC_ID_PROTECTED,
cidr_block="192.168.0.0/24",
@@ -146,7 +148,7 @@ class Test_networkfirewall_in_all_vpc:
assert result[0].region == AWS_REGION
assert result[0].resource_id == VPC_ID_PROTECTED
assert result[0].resource_tags == []
assert result[0].resource_arn == ""
assert result[0].resource_arn == "arn_test"
def test_vpcs_without_firewall(self):
networkfirewall_client = mock.MagicMock
@@ -161,9 +163,11 @@ class Test_networkfirewall_in_all_vpc:
cidr_block="192.168.0.0/16",
flow_log=False,
region=AWS_REGION,
arn="arn_test",
subnets=[
VpcSubnet(
id="subnet-123456789",
arn="arn_test",
default=False,
vpc_id=VPC_ID_UNPROTECTED,
cidr_block="192.168.0.0/24",
@@ -210,7 +214,7 @@ class Test_networkfirewall_in_all_vpc:
assert result[0].region == AWS_REGION
assert result[0].resource_id == VPC_ID_UNPROTECTED
assert result[0].resource_tags == []
assert result[0].resource_arn == ""
assert result[0].resource_arn == "arn_test"
def test_vpcs_with_and_without_firewall(self):
networkfirewall_client = mock.MagicMock
@@ -235,9 +239,11 @@ class Test_networkfirewall_in_all_vpc:
cidr_block="192.168.0.0/16",
flow_log=False,
region=AWS_REGION,
arn="arn_test",
subnets=[
VpcSubnet(
id="subnet-123456789",
arn="arn_test",
default=False,
vpc_id=VPC_ID_UNPROTECTED,
cidr_block="192.168.0.0/24",
@@ -257,9 +263,11 @@ class Test_networkfirewall_in_all_vpc:
cidr_block="192.168.0.0/16",
flow_log=False,
region=AWS_REGION,
arn="arn_test",
subnets=[
VpcSubnet(
id="subnet-123456789",
arn="arn_test",
default=False,
vpc_id=VPC_ID_PROTECTED,
cidr_block="192.168.0.0/24",
@@ -308,7 +316,7 @@ class Test_networkfirewall_in_all_vpc:
assert r.region == AWS_REGION
assert r.resource_id == VPC_ID_PROTECTED
assert r.resource_tags == []
assert r.resource_arn == ""
assert r.resource_arn == "arn_test"
if r.resource_id == VPC_ID_UNPROTECTED:
assert r.status == "FAIL"
assert (
@@ -318,4 +326,4 @@ class Test_networkfirewall_in_all_vpc:
assert r.region == AWS_REGION
assert r.resource_id == VPC_ID_UNPROTECTED
assert r.resource_tags == []
assert r.resource_arn == ""
assert r.resource_arn == "arn_test"

25
tests/providers/aws/services/sqs/sqs_queues_not_publicly_accessible/sqs_queues_not_publicly_accessible_test.py
View File

@@ -77,7 +77,12 @@ class Test_sqs_queues_not_publicly_accessible:
sqs_client = mock.MagicMock
sqs_client.queues = []
sqs_client.queues.append(
Queue(id=queue_id, region=AWS_REGION, policy=test_restricted_policy)
Queue(
id=queue_id,
region=AWS_REGION,
policy=test_restricted_policy,
arn="arn_test",
)
)
with mock.patch(
"prowler.providers.aws.services.sqs.sqs_service.SQS",
@@ -93,13 +98,18 @@ class Test_sqs_queues_not_publicly_accessible:
assert result[0].status == "PASS"
assert search("is not public", result[0].status_extended)
assert result[0].resource_id == queue_id
assert result[0].resource_arn == ""
assert result[0].resource_arn == "arn_test"
def test_queues_public(self):
sqs_client = mock.MagicMock
sqs_client.queues = []
sqs_client.queues.append(
Queue(id=queue_id, region=AWS_REGION, policy=test_public_policy)
Queue(
id=queue_id,
region=AWS_REGION,
policy=test_public_policy,
arn="arn_test",
)
)
with mock.patch(
"prowler.providers.aws.services.sqs.sqs_service.SQS",
@@ -115,14 +125,17 @@ class Test_sqs_queues_not_publicly_accessible:
assert result[0].status == "FAIL"
assert search("policy with public access", result[0].status_extended)
assert result[0].resource_id == queue_id
assert result[0].resource_arn == ""
assert result[0].resource_arn == "arn_test"
def test_queues_public_with_condition(self):
sqs_client = mock.MagicMock
sqs_client.queues = []
sqs_client.queues.append(
Queue(
id=queue_id, region=AWS_REGION, policy=test_public_policy_with_condition
id=queue_id,
region=AWS_REGION,
policy=test_public_policy_with_condition,
arn="arn_test",
)
)
with mock.patch(
@@ -142,4 +155,4 @@ class Test_sqs_queues_not_publicly_accessible:
result[0].status_extended,
)
assert result[0].resource_id == queue_id
assert result[0].resource_arn == ""
assert result[0].resource_arn == "arn_test"

12
tests/providers/aws/services/sqs/sqs_queues_server_side_encryption_enabled/sqs_queues_server_side_encryption_enabled_test.py
View File

@@ -32,7 +32,12 @@ class Test_sqs_queues_server_side_encryption_enabled:
sqs_client = mock.MagicMock
sqs_client.queues = []
sqs_client.queues.append(
Queue(id=queue_id, region=AWS_REGION, kms_key_id=test_kms_key_id)
Queue(
id=queue_id,
region=AWS_REGION,
kms_key_id=test_kms_key_id,
arn="arn_test",
)
)
with mock.patch(
"prowler.providers.aws.services.sqs.sqs_service.SQS",
@@ -48,7 +53,7 @@ class Test_sqs_queues_server_side_encryption_enabled:
assert result[0].status == "PASS"
assert search("is using Server Side Encryption", result[0].status_extended)
assert result[0].resource_id == queue_id
assert result[0].resource_arn == ""
assert result[0].resource_arn == "arn_test"
def test_queues_no_encryption(self):
sqs_client = mock.MagicMock
@@ -57,6 +62,7 @@ class Test_sqs_queues_server_side_encryption_enabled:
Queue(
id=queue_id,
region=AWS_REGION,
arn="arn_test",
)
)
with mock.patch(
@@ -75,4 +81,4 @@ class Test_sqs_queues_server_side_encryption_enabled:
"is not using Server Side Encryption", result[0].status_extended
)
assert result[0].resource_id == queue_id
assert result[0].resource_arn == ""
assert result[0].resource_arn == "arn_test"