mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-10 14:55:00 +00:00
test(azure): Defender service (#2669)
This commit is contained in:
Pepe Fagoaga
@@ -11,7 +11,7 @@ class defender_ensure_defender_for_arm_is_on(Check):
|
||||
report.status = "PASS"
|
||||
report.subscription = subscription
|
||||
report.resource_id = pricings["Arm"].resource_id
|
||||
report.resource_name = "Defender planARM"
|
||||
report.resource_name = "Defender plan ARM"
|
||||
report.status_extended = f"Defender plan Defender for ARM from subscription {subscription} is set to ON (pricing tier standard)"
|
||||
if pricings["Arm"].pricing_tier != "Standard":
|
||||
report.status = "FAIL"
|
||||
|
||||
@@ -11,11 +11,11 @@ class defender_ensure_defender_for_azure_sql_databases_is_on(Check):
|
||||
report.status = "PASS"
|
||||
report.subscription = subscription
|
||||
report.resource_id = pricings["SqlServers"].resource_id
|
||||
report.resource_name = "Defender plan Azure sql db servers"
|
||||
report.status_extended = f"Defender plan Defender for Azure sql db servers from subscription {subscription} is set to ON (pricing tier standard)"
|
||||
report.resource_name = "Defender plan Azure SQL DB Servers"
|
||||
report.status_extended = f"Defender plan Defender for Azure SQL DB Servers from subscription {subscription} is set to ON (pricing tier standard)"
|
||||
if pricings["SqlServers"].pricing_tier != "Standard":
|
||||
report.status = "FAIL"
|
||||
report.status_extended = f"Defender plan Defender for Azure sql db servers from subscription {subscription} is set to OFF (pricing tier not standard)"
|
||||
report.status_extended = f"Defender plan Defender for Azure SQL DB Servers from subscription {subscription} is set to OFF (pricing tier not standard)"
|
||||
|
||||
findings.append(report)
|
||||
return findings
|
||||
|
||||
@@ -16,6 +16,7 @@ class defender_ensure_defender_for_databases_is_on(Check):
|
||||
report.resource_name = "Defender plan Databases"
|
||||
report.subscription = subscription
|
||||
report.resource_id = pricings["SqlServers"].resource_id
|
||||
report.status = "PASS"
|
||||
report.status_extended = f"Defender plan Defender for Databases from subscription {subscription} is set to ON (pricing tier standard)"
|
||||
if (
|
||||
pricings["SqlServers"].pricing_tier != "Standard"
|
||||
|
||||
@@ -15,7 +15,7 @@ class defender_ensure_defender_for_keyvault_is_on(Check):
|
||||
report.status_extended = f"Defender plan Defender for KeyVaults from subscription {subscription} is set to ON (pricing tier standard)"
|
||||
if pricings["KeyVaults"].pricing_tier != "Standard":
|
||||
report.status = "FAIL"
|
||||
report.status_extended = f"Defender plan Defender for KeyVaults subscription from {subscription} is set to OFF (pricing tier not standard)"
|
||||
report.status_extended = f"Defender plan Defender for KeyVaults from subscription {subscription} is set to OFF (pricing tier not standard)"
|
||||
|
||||
findings.append(report)
|
||||
return findings
|
||||
|
||||
@@ -17,7 +17,7 @@ class defender_ensure_defender_for_os_relational_databases_is_on(Check):
|
||||
report.status_extended = f"Defender plan Defender for Open-Source Relational Databases from subscription {subscription} is set to ON (pricing tier standard)"
|
||||
if pricings["OpenSourceRelationalDatabases"].pricing_tier != "Standard":
|
||||
report.status = "FAIL"
|
||||
report.status_extended = f"Defender plan Defender for Open-Source Relational Databases from subscription {subscription} is set to OFF (pricing tier not standard)"
|
||||
report.status_extended = f"Defender plan Defender for Open-Source Relational Databases from subscription {subscription} is set to OFF (pricing tier not standard)"
|
||||
|
||||
findings.append(report)
|
||||
return findings
|
||||
|
||||
@@ -15,7 +15,7 @@ class defender_ensure_defender_for_server_is_on(Check):
|
||||
report.status_extended = f"Defender plan Defender for Servers from subscription {subscription} is set to ON (pricing tier standard)"
|
||||
if pricings["VirtualMachines"].pricing_tier != "Standard":
|
||||
report.status = "FAIL"
|
||||
report.status_extended = f"Defender plan Defender for Servers from subscription {subscription} is set to OFF (pricing tier not standard)"
|
||||
report.status_extended = f"Defender plan Defender for Servers from subscription {subscription} is set to OFF (pricing tier not standard)"
|
||||
|
||||
findings.append(report)
|
||||
return findings
|
||||
|
||||
@@ -15,7 +15,7 @@ class defender_ensure_defender_for_sql_servers_is_on(Check):
|
||||
report.status_extended = f"Defender plan Defender for SQL Server VMs from subscription {subscription} is set to ON (pricing tier standard)"
|
||||
if pricings["SqlServerVirtualMachines"].pricing_tier != "Standard":
|
||||
report.status = "FAIL"
|
||||
report.status_extended = f"Defender plan Defender for SQL Server VMs from subscription {subscription} is set to OFF (pricing tier not standard)"
|
||||
report.status_extended = f"Defender plan Defender for SQL Server VMs from subscription {subscription} is set to OFF (pricing tier not standard)"
|
||||
|
||||
findings.append(report)
|
||||
return findings
|
||||
|
||||
@@ -15,7 +15,7 @@ class defender_ensure_defender_for_storage_is_on(Check):
|
||||
report.status_extended = f"Defender plan Defender for Storage Accounts from subscription {subscription} is set to ON (pricing tier standard)"
|
||||
if pricings["StorageAccounts"].pricing_tier != "Standard":
|
||||
report.status = "FAIL"
|
||||
report.status_extended = f"Defender plan Defender for Storage Accounts from subscription {subscription} is set to OFF (pricing tier not standard)"
|
||||
report.status_extended = f"Defender plan Defender for Storage Accounts from subscription {subscription} is set to OFF (pricing tier not standard)"
|
||||
|
||||
findings.append(report)
|
||||
return findings
|
||||
|
||||
@@ -0,0 +1,90 @@
|
||||
from unittest import mock
|
||||
from uuid import uuid4
|
||||
|
||||
from prowler.providers.azure.services.defender.defender_service import Defender_Pricing
|
||||
|
||||
AZURE_SUSCRIPTION = str(uuid4())
|
||||
|
||||
|
||||
class Test_defender_ensure_defender_for_app_services_is_on:
|
||||
def test_defender_no_app_services(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_app_services_is_on.defender_ensure_defender_for_app_services_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_app_services_is_on.defender_ensure_defender_for_app_services_is_on import (
|
||||
defender_ensure_defender_for_app_services_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_app_services_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 0
|
||||
|
||||
def test_defender_app_services_pricing_tier_not_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"AppServices": Defender_Pricing(
|
||||
resource_id=resource_id,
|
||||
pricing_tier="Not Standard",
|
||||
free_trial_remaining_time=0,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_app_services_is_on.defender_ensure_defender_for_app_services_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_app_services_is_on.defender_ensure_defender_for_app_services_is_on import (
|
||||
defender_ensure_defender_for_app_services_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_app_services_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for App Services from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan App Services"
|
||||
assert result[0].resource_id == resource_id
|
||||
|
||||
def test_defender_app_services_pricing_tier_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"AppServices": Defender_Pricing(
|
||||
resource_id=resource_id,
|
||||
pricing_tier="Standard",
|
||||
free_trial_remaining_time=0,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_app_services_is_on.defender_ensure_defender_for_app_services_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_app_services_is_on.defender_ensure_defender_for_app_services_is_on import (
|
||||
defender_ensure_defender_for_app_services_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_app_services_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for App Services from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan App Services"
|
||||
assert result[0].resource_id == resource_id
|
||||
|
||||
@@ -0,0 +1,90 @@
|
||||
from unittest import mock
|
||||
from uuid import uuid4
|
||||
|
||||
from prowler.providers.azure.services.defender.defender_service import Defender_Pricing
|
||||
|
||||
AZURE_SUSCRIPTION = str(uuid4())
|
||||
|
||||
|
||||
class Test_defender_ensure_defender_for_arm_is_on:
|
||||
def test_defender_no_arm(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_arm_is_on.defender_ensure_defender_for_arm_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_arm_is_on.defender_ensure_defender_for_arm_is_on import (
|
||||
defender_ensure_defender_for_arm_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_arm_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 0
|
||||
|
||||
def test_defender_arm_pricing_tier_not_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"Arm": Defender_Pricing(
|
||||
resource_id=resource_id,
|
||||
pricing_tier="Not Standard",
|
||||
free_trial_remaining_time=0,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_arm_is_on.defender_ensure_defender_for_arm_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_arm_is_on.defender_ensure_defender_for_arm_is_on import (
|
||||
defender_ensure_defender_for_arm_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_arm_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for ARM from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan ARM"
|
||||
assert result[0].resource_id == resource_id
|
||||
|
||||
def test_defender_arm_pricing_tier_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"Arm": Defender_Pricing(
|
||||
resource_id=resource_id,
|
||||
pricing_tier="Standard",
|
||||
free_trial_remaining_time=0,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_arm_is_on.defender_ensure_defender_for_arm_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_arm_is_on.defender_ensure_defender_for_arm_is_on import (
|
||||
defender_ensure_defender_for_arm_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_arm_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for ARM from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan ARM"
|
||||
assert result[0].resource_id == resource_id
|
||||
|
||||
@@ -0,0 +1,90 @@
|
||||
from unittest import mock
|
||||
from uuid import uuid4
|
||||
|
||||
from prowler.providers.azure.services.defender.defender_service import Defender_Pricing
|
||||
|
||||
AZURE_SUSCRIPTION = str(uuid4())
|
||||
|
||||
|
||||
class Test_defender_ensure_defender_for_azure_sql_databases_is_on:
|
||||
def test_defender_no_sql_databases(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_azure_sql_databases_is_on.defender_ensure_defender_for_azure_sql_databases_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_azure_sql_databases_is_on.defender_ensure_defender_for_azure_sql_databases_is_on import (
|
||||
defender_ensure_defender_for_azure_sql_databases_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_azure_sql_databases_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 0
|
||||
|
||||
def test_defender_sql_databases_pricing_tier_not_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"SqlServers": Defender_Pricing(
|
||||
resource_id=resource_id,
|
||||
pricing_tier="Not Standard",
|
||||
free_trial_remaining_time=0,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_azure_sql_databases_is_on.defender_ensure_defender_for_azure_sql_databases_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_azure_sql_databases_is_on.defender_ensure_defender_for_azure_sql_databases_is_on import (
|
||||
defender_ensure_defender_for_azure_sql_databases_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_azure_sql_databases_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for Azure SQL DB Servers from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan Azure SQL DB Servers"
|
||||
assert result[0].resource_id == resource_id
|
||||
|
||||
def test_defender_sql_databases_pricing_tier_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"SqlServers": Defender_Pricing(
|
||||
resource_id=resource_id,
|
||||
pricing_tier="Standard",
|
||||
free_trial_remaining_time=0,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_azure_sql_databases_is_on.defender_ensure_defender_for_azure_sql_databases_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_azure_sql_databases_is_on.defender_ensure_defender_for_azure_sql_databases_is_on import (
|
||||
defender_ensure_defender_for_azure_sql_databases_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_azure_sql_databases_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for Azure SQL DB Servers from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan Azure SQL DB Servers"
|
||||
assert result[0].resource_id == resource_id
|
||||
|
||||
@@ -0,0 +1,90 @@
|
||||
from unittest import mock
|
||||
from uuid import uuid4
|
||||
|
||||
from prowler.providers.azure.services.defender.defender_service import Defender_Pricing
|
||||
|
||||
AZURE_SUSCRIPTION = str(uuid4())
|
||||
|
||||
|
||||
class Test_defender_ensure_defender_for_containers_is_on:
|
||||
def test_defender_no_container_registries(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_containers_is_on.defender_ensure_defender_for_containers_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_containers_is_on.defender_ensure_defender_for_containers_is_on import (
|
||||
defender_ensure_defender_for_containers_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_containers_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 0
|
||||
|
||||
def test_defender_container_registries_pricing_tier_not_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"Containers": Defender_Pricing(
|
||||
resource_id=resource_id,
|
||||
pricing_tier="Not Standard",
|
||||
free_trial_remaining_time=0,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_containers_is_on.defender_ensure_defender_for_containers_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_containers_is_on.defender_ensure_defender_for_containers_is_on import (
|
||||
defender_ensure_defender_for_containers_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_containers_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for Containers from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan Container Registries"
|
||||
assert result[0].resource_id == resource_id
|
||||
|
||||
def test_defender_container_registries_pricing_tier_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"Containers": Defender_Pricing(
|
||||
resource_id=resource_id,
|
||||
pricing_tier="Standard",
|
||||
free_trial_remaining_time=0,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_containers_is_on.defender_ensure_defender_for_containers_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_containers_is_on.defender_ensure_defender_for_containers_is_on import (
|
||||
defender_ensure_defender_for_containers_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_containers_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for Containers from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan Container Registries"
|
||||
assert result[0].resource_id == resource_id
|
||||
|
||||
@@ -0,0 +1,90 @@
|
||||
from unittest import mock
|
||||
from uuid import uuid4
|
||||
|
||||
from prowler.providers.azure.services.defender.defender_service import Defender_Pricing
|
||||
|
||||
AZURE_SUSCRIPTION = str(uuid4())
|
||||
|
||||
|
||||
class Test_defender_ensure_defender_for_cosmosdb_is_on:
|
||||
def test_defender_no_cosmosdb(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_cosmosdb_is_on.defender_ensure_defender_for_cosmosdb_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_cosmosdb_is_on.defender_ensure_defender_for_cosmosdb_is_on import (
|
||||
defender_ensure_defender_for_cosmosdb_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_cosmosdb_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 0
|
||||
|
||||
def test_defender_cosmosdb_pricing_tier_not_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"CosmosDbs": Defender_Pricing(
|
||||
resource_id=resource_id,
|
||||
pricing_tier="Not Standard",
|
||||
free_trial_remaining_time=0,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_cosmosdb_is_on.defender_ensure_defender_for_cosmosdb_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_cosmosdb_is_on.defender_ensure_defender_for_cosmosdb_is_on import (
|
||||
defender_ensure_defender_for_cosmosdb_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_cosmosdb_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for Cosmos DB from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan Cosmos DB"
|
||||
assert result[0].resource_id == resource_id
|
||||
|
||||
def test_defender_cosmosdb_pricing_tier_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"CosmosDbs": Defender_Pricing(
|
||||
resource_id=resource_id,
|
||||
pricing_tier="Standard",
|
||||
free_trial_remaining_time=0,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_cosmosdb_is_on.defender_ensure_defender_for_cosmosdb_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_cosmosdb_is_on.defender_ensure_defender_for_cosmosdb_is_on import (
|
||||
defender_ensure_defender_for_cosmosdb_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_cosmosdb_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for Cosmos DB from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan Cosmos DB"
|
||||
assert result[0].resource_id == resource_id
|
||||
|
||||
@@ -0,0 +1,220 @@
|
||||
from unittest import mock
|
||||
from uuid import uuid4
|
||||
|
||||
from prowler.providers.azure.services.defender.defender_service import Defender_Pricing
|
||||
|
||||
AZURE_SUSCRIPTION = str(uuid4())
|
||||
|
||||
|
||||
class Test_defender_ensure_defender_for_databases_is_on:
|
||||
def test_defender_no_databases(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_databases_is_on.defender_ensure_defender_for_databases_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_databases_is_on.defender_ensure_defender_for_databases_is_on import (
|
||||
defender_ensure_defender_for_databases_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_databases_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 0
|
||||
|
||||
def test_defender_databases_sql_servers(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"SqlServers": Defender_Pricing(
|
||||
resource_id=resource_id,
|
||||
pricing_tier="Standard",
|
||||
free_trial_remaining_time=0,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_databases_is_on.defender_ensure_defender_for_databases_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_databases_is_on.defender_ensure_defender_for_databases_is_on import (
|
||||
defender_ensure_defender_for_databases_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_databases_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 0
|
||||
|
||||
def test_defender_databases_sql_server_virtual_machines(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"SqlServerVirtualMachines": Defender_Pricing(
|
||||
resource_id=resource_id,
|
||||
pricing_tier="Standard",
|
||||
free_trial_remaining_time=0,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_databases_is_on.defender_ensure_defender_for_databases_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_databases_is_on.defender_ensure_defender_for_databases_is_on import (
|
||||
defender_ensure_defender_for_databases_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_databases_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 0
|
||||
|
||||
def test_defender_databases_open_source_relation_databases(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"OpenSourceRelationalDatabases": Defender_Pricing(
|
||||
resource_id=resource_id,
|
||||
pricing_tier="Standard",
|
||||
free_trial_remaining_time=0,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_databases_is_on.defender_ensure_defender_for_databases_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_databases_is_on.defender_ensure_defender_for_databases_is_on import (
|
||||
defender_ensure_defender_for_databases_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_databases_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 0
|
||||
|
||||
def test_defender_databases_cosmosdbs(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"CosmosDbs": Defender_Pricing(
|
||||
resource_id=resource_id,
|
||||
pricing_tier="Standard",
|
||||
free_trial_remaining_time=0,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_databases_is_on.defender_ensure_defender_for_databases_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_databases_is_on.defender_ensure_defender_for_databases_is_on import (
|
||||
defender_ensure_defender_for_databases_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_databases_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 0
|
||||
|
||||
def test_defender_databases_all_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"SqlServers": Defender_Pricing(
|
||||
resource_id=resource_id,
|
||||
pricing_tier="Standard",
|
||||
free_trial_remaining_time=0,
|
||||
),
|
||||
"SqlServerVirtualMachines": Defender_Pricing(
|
||||
resource_id=resource_id,
|
||||
pricing_tier="Standard",
|
||||
free_trial_remaining_time=0,
|
||||
),
|
||||
"OpenSourceRelationalDatabases": Defender_Pricing(
|
||||
resource_id=resource_id,
|
||||
pricing_tier="Standard",
|
||||
free_trial_remaining_time=0,
|
||||
),
|
||||
"CosmosDbs": Defender_Pricing(
|
||||
resource_id=resource_id,
|
||||
pricing_tier="Standard",
|
||||
free_trial_remaining_time=0,
|
||||
),
|
||||
},
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_databases_is_on.defender_ensure_defender_for_databases_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_databases_is_on.defender_ensure_defender_for_databases_is_on import (
|
||||
defender_ensure_defender_for_databases_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_databases_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for Databases from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan Databases"
|
||||
assert result[0].resource_id == resource_id
|
||||
|
||||
def test_defender_databases_cosmosdb_not_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"SqlServers": Defender_Pricing(
|
||||
resource_id=resource_id,
|
||||
pricing_tier="Standard",
|
||||
free_trial_remaining_time=0,
|
||||
),
|
||||
"SqlServerVirtualMachines": Defender_Pricing(
|
||||
resource_id=resource_id,
|
||||
pricing_tier="Standard",
|
||||
free_trial_remaining_time=0,
|
||||
),
|
||||
"OpenSourceRelationalDatabases": Defender_Pricing(
|
||||
resource_id=resource_id,
|
||||
pricing_tier="Standard",
|
||||
free_trial_remaining_time=0,
|
||||
),
|
||||
"CosmosDbs": Defender_Pricing(
|
||||
resource_id=resource_id,
|
||||
pricing_tier="Not Standard",
|
||||
free_trial_remaining_time=0,
|
||||
),
|
||||
},
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_databases_is_on.defender_ensure_defender_for_databases_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_databases_is_on.defender_ensure_defender_for_databases_is_on import (
|
||||
defender_ensure_defender_for_databases_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_databases_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for Databases from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan Databases"
|
||||
assert result[0].resource_id == resource_id
|
||||
|
||||
@@ -0,0 +1,90 @@
|
||||
from unittest import mock
|
||||
from uuid import uuid4
|
||||
|
||||
from prowler.providers.azure.services.defender.defender_service import Defender_Pricing
|
||||
|
||||
AZURE_SUSCRIPTION = str(uuid4())
|
||||
|
||||
|
||||
class Test_defender_ensure_defender_for_dns_is_on:
|
||||
def test_defender_no_dns(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_dns_is_on.defender_ensure_defender_for_dns_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_dns_is_on.defender_ensure_defender_for_dns_is_on import (
|
||||
defender_ensure_defender_for_dns_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_dns_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 0
|
||||
|
||||
def test_defender_dns_pricing_tier_not_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"Dns": Defender_Pricing(
|
||||
resource_id=resource_id,
|
||||
pricing_tier="Not Standard",
|
||||
free_trial_remaining_time=0,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_dns_is_on.defender_ensure_defender_for_dns_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_dns_is_on.defender_ensure_defender_for_dns_is_on import (
|
||||
defender_ensure_defender_for_dns_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_dns_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for DNS from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan DNS"
|
||||
assert result[0].resource_id == resource_id
|
||||
|
||||
def test_defender_dns_pricing_tier_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"Dns": Defender_Pricing(
|
||||
resource_id=resource_id,
|
||||
pricing_tier="Standard",
|
||||
free_trial_remaining_time=0,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_dns_is_on.defender_ensure_defender_for_dns_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_dns_is_on.defender_ensure_defender_for_dns_is_on import (
|
||||
defender_ensure_defender_for_dns_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_dns_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for DNS from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan DNS"
|
||||
assert result[0].resource_id == resource_id
|
||||
|
||||
@@ -0,0 +1,90 @@
|
||||
from unittest import mock
|
||||
from uuid import uuid4
|
||||
|
||||
from prowler.providers.azure.services.defender.defender_service import Defender_Pricing
|
||||
|
||||
AZURE_SUSCRIPTION = str(uuid4())
|
||||
|
||||
|
||||
class Test_defender_ensure_defender_for_keyvault_is_on:
|
||||
def test_defender_no_keyvaults(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_keyvault_is_on.defender_ensure_defender_for_keyvault_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_keyvault_is_on.defender_ensure_defender_for_keyvault_is_on import (
|
||||
defender_ensure_defender_for_keyvault_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_keyvault_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 0
|
||||
|
||||
def test_defender_keyvaults_pricing_tier_not_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"KeyVaults": Defender_Pricing(
|
||||
resource_id=resource_id,
|
||||
pricing_tier="Not Standard",
|
||||
free_trial_remaining_time=0,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_keyvault_is_on.defender_ensure_defender_for_keyvault_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_keyvault_is_on.defender_ensure_defender_for_keyvault_is_on import (
|
||||
defender_ensure_defender_for_keyvault_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_keyvault_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for KeyVaults from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan KeyVaults"
|
||||
assert result[0].resource_id == resource_id
|
||||
|
||||
def test_defender_keyvaults_pricing_tier_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"KeyVaults": Defender_Pricing(
|
||||
resource_id=resource_id,
|
||||
pricing_tier="Standard",
|
||||
free_trial_remaining_time=0,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_keyvault_is_on.defender_ensure_defender_for_keyvault_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_keyvault_is_on.defender_ensure_defender_for_keyvault_is_on import (
|
||||
defender_ensure_defender_for_keyvault_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_keyvault_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for KeyVaults from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan KeyVaults"
|
||||
assert result[0].resource_id == resource_id
|
||||
|
||||
@@ -0,0 +1,96 @@
|
||||
from unittest import mock
|
||||
from uuid import uuid4
|
||||
|
||||
from prowler.providers.azure.services.defender.defender_service import Defender_Pricing
|
||||
|
||||
AZURE_SUSCRIPTION = str(uuid4())
|
||||
|
||||
|
||||
class Test_defender_ensure_defender_for_os_relational_databases_is_on:
|
||||
def test_defender_no_os_relational_databases(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_os_relational_databases_is_on.defender_ensure_defender_for_os_relational_databases_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_os_relational_databases_is_on.defender_ensure_defender_for_os_relational_databases_is_on import (
|
||||
defender_ensure_defender_for_os_relational_databases_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_os_relational_databases_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 0
|
||||
|
||||
def test_defender_os_relational_databases_pricing_tier_not_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"OpenSourceRelationalDatabases": Defender_Pricing(
|
||||
resource_id=resource_id,
|
||||
pricing_tier="Not Standard",
|
||||
free_trial_remaining_time=0,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_os_relational_databases_is_on.defender_ensure_defender_for_os_relational_databases_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_os_relational_databases_is_on.defender_ensure_defender_for_os_relational_databases_is_on import (
|
||||
defender_ensure_defender_for_os_relational_databases_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_os_relational_databases_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for Open-Source Relational Databases from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert (
|
||||
result[0].resource_name
|
||||
== "Defender plan Open-Source Relational Databases"
|
||||
)
|
||||
assert result[0].resource_id == resource_id
|
||||
|
||||
def test_defender_os_relational_databases_pricing_tier_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"OpenSourceRelationalDatabases": Defender_Pricing(
|
||||
resource_id=resource_id,
|
||||
pricing_tier="Standard",
|
||||
free_trial_remaining_time=0,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_os_relational_databases_is_on.defender_ensure_defender_for_os_relational_databases_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_os_relational_databases_is_on.defender_ensure_defender_for_os_relational_databases_is_on import (
|
||||
defender_ensure_defender_for_os_relational_databases_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_os_relational_databases_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for Open-Source Relational Databases from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert (
|
||||
result[0].resource_name
|
||||
== "Defender plan Open-Source Relational Databases"
|
||||
)
|
||||
assert result[0].resource_id == resource_id
|
||||
|
||||
@@ -0,0 +1,90 @@
|
||||
from unittest import mock
|
||||
from uuid import uuid4
|
||||
|
||||
from prowler.providers.azure.services.defender.defender_service import Defender_Pricing
|
||||
|
||||
AZURE_SUSCRIPTION = str(uuid4())
|
||||
|
||||
|
||||
class Test_defender_ensure_defender_for_server_is_on:
|
||||
def test_defender_no_server(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_server_is_on.defender_ensure_defender_for_server_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_server_is_on.defender_ensure_defender_for_server_is_on import (
|
||||
defender_ensure_defender_for_server_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_server_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 0
|
||||
|
||||
def test_defender_server_pricing_tier_not_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"VirtualMachines": Defender_Pricing(
|
||||
resource_id=resource_id,
|
||||
pricing_tier="Not Standard",
|
||||
free_trial_remaining_time=0,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_server_is_on.defender_ensure_defender_for_server_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_server_is_on.defender_ensure_defender_for_server_is_on import (
|
||||
defender_ensure_defender_for_server_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_server_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for Servers from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan Servers"
|
||||
assert result[0].resource_id == resource_id
|
||||
|
||||
def test_defender_server_pricing_tier_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"VirtualMachines": Defender_Pricing(
|
||||
resource_id=resource_id,
|
||||
pricing_tier="Standard",
|
||||
free_trial_remaining_time=0,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_server_is_on.defender_ensure_defender_for_server_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_server_is_on.defender_ensure_defender_for_server_is_on import (
|
||||
defender_ensure_defender_for_server_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_server_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for Servers from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan Servers"
|
||||
assert result[0].resource_id == resource_id
|
||||
|
||||
@@ -0,0 +1,90 @@
|
||||
from unittest import mock
|
||||
from uuid import uuid4
|
||||
|
||||
from prowler.providers.azure.services.defender.defender_service import Defender_Pricing
|
||||
|
||||
AZURE_SUSCRIPTION = str(uuid4())
|
||||
|
||||
|
||||
class Test_defender_ensure_defender_for_sql_servers_is_on:
|
||||
def test_defender_no_server(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_sql_servers_is_on.defender_ensure_defender_for_sql_servers_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_sql_servers_is_on.defender_ensure_defender_for_sql_servers_is_on import (
|
||||
defender_ensure_defender_for_sql_servers_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_sql_servers_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 0
|
||||
|
||||
def test_defender_server_pricing_tier_not_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"SqlServerVirtualMachines": Defender_Pricing(
|
||||
resource_id=resource_id,
|
||||
pricing_tier="Not Standard",
|
||||
free_trial_remaining_time=0,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_sql_servers_is_on.defender_ensure_defender_for_sql_servers_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_sql_servers_is_on.defender_ensure_defender_for_sql_servers_is_on import (
|
||||
defender_ensure_defender_for_sql_servers_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_sql_servers_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for SQL Server VMs from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan SQL Server VMs"
|
||||
assert result[0].resource_id == resource_id
|
||||
|
||||
def test_defender_server_pricing_tier_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"SqlServerVirtualMachines": Defender_Pricing(
|
||||
resource_id=resource_id,
|
||||
pricing_tier="Standard",
|
||||
free_trial_remaining_time=0,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_sql_servers_is_on.defender_ensure_defender_for_sql_servers_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_sql_servers_is_on.defender_ensure_defender_for_sql_servers_is_on import (
|
||||
defender_ensure_defender_for_sql_servers_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_sql_servers_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for SQL Server VMs from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan SQL Server VMs"
|
||||
assert result[0].resource_id == resource_id
|
||||
|
||||
@@ -0,0 +1,90 @@
|
||||
from unittest import mock
|
||||
from uuid import uuid4
|
||||
|
||||
from prowler.providers.azure.services.defender.defender_service import Defender_Pricing
|
||||
|
||||
AZURE_SUSCRIPTION = str(uuid4())
|
||||
|
||||
|
||||
class Test_defender_ensure_defender_for_storage_is_on:
|
||||
def test_defender_no_server(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_storage_is_on.defender_ensure_defender_for_storage_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_storage_is_on.defender_ensure_defender_for_storage_is_on import (
|
||||
defender_ensure_defender_for_storage_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_storage_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 0
|
||||
|
||||
def test_defender_server_pricing_tier_not_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"StorageAccounts": Defender_Pricing(
|
||||
resource_id=resource_id,
|
||||
pricing_tier="Not Standard",
|
||||
free_trial_remaining_time=0,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_storage_is_on.defender_ensure_defender_for_storage_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_storage_is_on.defender_ensure_defender_for_storage_is_on import (
|
||||
defender_ensure_defender_for_storage_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_storage_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for Storage Accounts from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan Storage Accounts"
|
||||
assert result[0].resource_id == resource_id
|
||||
|
||||
def test_defender_server_pricing_tier_standard(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.pricings = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"StorageAccounts": Defender_Pricing(
|
||||
resource_id=resource_id,
|
||||
pricing_tier="Standard",
|
||||
free_trial_remaining_time=0,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_defender_for_storage_is_on.defender_ensure_defender_for_storage_is_on.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_defender_for_storage_is_on.defender_ensure_defender_for_storage_is_on import (
|
||||
defender_ensure_defender_for_storage_is_on,
|
||||
)
|
||||
|
||||
check = defender_ensure_defender_for_storage_is_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for Storage Accounts from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan Storage Accounts"
|
||||
assert result[0].resource_id == resource_id
|
||||
|
||||
Reference in New Issue
Block a user