diff --git a/prowler/providers/azure/services/defender/defender_ensure_defender_for_arm_is_on/defender_ensure_defender_for_arm_is_on.py b/prowler/providers/azure/services/defender/defender_ensure_defender_for_arm_is_on/defender_ensure_defender_for_arm_is_on.py index df3fd508..8e9e3ba6 100644 --- a/prowler/providers/azure/services/defender/defender_ensure_defender_for_arm_is_on/defender_ensure_defender_for_arm_is_on.py +++ b/prowler/providers/azure/services/defender/defender_ensure_defender_for_arm_is_on/defender_ensure_defender_for_arm_is_on.py @@ -11,7 +11,7 @@ class defender_ensure_defender_for_arm_is_on(Check): report.status = "PASS" report.subscription = subscription report.resource_id = pricings["Arm"].resource_id - report.resource_name = "Defender planARM" + report.resource_name = "Defender plan ARM" report.status_extended = f"Defender plan Defender for ARM from subscription {subscription} is set to ON (pricing tier standard)" if pricings["Arm"].pricing_tier != "Standard": report.status = "FAIL" diff --git a/prowler/providers/azure/services/defender/defender_ensure_defender_for_azure_sql_databases_is_on/defender_ensure_defender_for_azure_sql_databases_is_on.py b/prowler/providers/azure/services/defender/defender_ensure_defender_for_azure_sql_databases_is_on/defender_ensure_defender_for_azure_sql_databases_is_on.py index 6b88f73a..22dbafc5 100644 --- a/prowler/providers/azure/services/defender/defender_ensure_defender_for_azure_sql_databases_is_on/defender_ensure_defender_for_azure_sql_databases_is_on.py +++ b/prowler/providers/azure/services/defender/defender_ensure_defender_for_azure_sql_databases_is_on/defender_ensure_defender_for_azure_sql_databases_is_on.py @@ -11,11 +11,11 @@ class defender_ensure_defender_for_azure_sql_databases_is_on(Check): report.status = "PASS" report.subscription = subscription report.resource_id = pricings["SqlServers"].resource_id - report.resource_name = "Defender plan Azure sql db servers" - report.status_extended = f"Defender plan Defender for Azure sql db servers from subscription {subscription} is set to ON (pricing tier standard)" + report.resource_name = "Defender plan Azure SQL DB Servers" + report.status_extended = f"Defender plan Defender for Azure SQL DB Servers from subscription {subscription} is set to ON (pricing tier standard)" if pricings["SqlServers"].pricing_tier != "Standard": report.status = "FAIL" - report.status_extended = f"Defender plan Defender for Azure sql db servers from subscription {subscription} is set to OFF (pricing tier not standard)" + report.status_extended = f"Defender plan Defender for Azure SQL DB Servers from subscription {subscription} is set to OFF (pricing tier not standard)" findings.append(report) return findings diff --git a/prowler/providers/azure/services/defender/defender_ensure_defender_for_databases_is_on/defender_ensure_defender_for_databases_is_on.py b/prowler/providers/azure/services/defender/defender_ensure_defender_for_databases_is_on/defender_ensure_defender_for_databases_is_on.py index f495f3a5..5a147eaf 100644 --- a/prowler/providers/azure/services/defender/defender_ensure_defender_for_databases_is_on/defender_ensure_defender_for_databases_is_on.py +++ b/prowler/providers/azure/services/defender/defender_ensure_defender_for_databases_is_on/defender_ensure_defender_for_databases_is_on.py @@ -16,6 +16,7 @@ class defender_ensure_defender_for_databases_is_on(Check): report.resource_name = "Defender plan Databases" report.subscription = subscription report.resource_id = pricings["SqlServers"].resource_id + report.status = "PASS" report.status_extended = f"Defender plan Defender for Databases from subscription {subscription} is set to ON (pricing tier standard)" if ( pricings["SqlServers"].pricing_tier != "Standard" diff --git a/prowler/providers/azure/services/defender/defender_ensure_defender_for_keyvault_is_on/defender_ensure_defender_for_keyvault_is_on.py b/prowler/providers/azure/services/defender/defender_ensure_defender_for_keyvault_is_on/defender_ensure_defender_for_keyvault_is_on.py index 6fda3f2e..84950262 100644 --- a/prowler/providers/azure/services/defender/defender_ensure_defender_for_keyvault_is_on/defender_ensure_defender_for_keyvault_is_on.py +++ b/prowler/providers/azure/services/defender/defender_ensure_defender_for_keyvault_is_on/defender_ensure_defender_for_keyvault_is_on.py @@ -15,7 +15,7 @@ class defender_ensure_defender_for_keyvault_is_on(Check): report.status_extended = f"Defender plan Defender for KeyVaults from subscription {subscription} is set to ON (pricing tier standard)" if pricings["KeyVaults"].pricing_tier != "Standard": report.status = "FAIL" - report.status_extended = f"Defender plan Defender for KeyVaults subscription from {subscription} is set to OFF (pricing tier not standard)" + report.status_extended = f"Defender plan Defender for KeyVaults from subscription {subscription} is set to OFF (pricing tier not standard)" findings.append(report) return findings diff --git a/prowler/providers/azure/services/defender/defender_ensure_defender_for_os_relational_databases_is_on/defender_ensure_defender_for_os_relational_databases_is_on.py b/prowler/providers/azure/services/defender/defender_ensure_defender_for_os_relational_databases_is_on/defender_ensure_defender_for_os_relational_databases_is_on.py index 9dd6e799..b3cec63c 100644 --- a/prowler/providers/azure/services/defender/defender_ensure_defender_for_os_relational_databases_is_on/defender_ensure_defender_for_os_relational_databases_is_on.py +++ b/prowler/providers/azure/services/defender/defender_ensure_defender_for_os_relational_databases_is_on/defender_ensure_defender_for_os_relational_databases_is_on.py @@ -17,7 +17,7 @@ class defender_ensure_defender_for_os_relational_databases_is_on(Check): report.status_extended = f"Defender plan Defender for Open-Source Relational Databases from subscription {subscription} is set to ON (pricing tier standard)" if pricings["OpenSourceRelationalDatabases"].pricing_tier != "Standard": report.status = "FAIL" - report.status_extended = f"Defender plan Defender for Open-Source Relational Databases from subscription {subscription} is set to OFF (pricing tier not standard)" + report.status_extended = f"Defender plan Defender for Open-Source Relational Databases from subscription {subscription} is set to OFF (pricing tier not standard)" findings.append(report) return findings diff --git a/prowler/providers/azure/services/defender/defender_ensure_defender_for_server_is_on/defender_ensure_defender_for_server_is_on.py b/prowler/providers/azure/services/defender/defender_ensure_defender_for_server_is_on/defender_ensure_defender_for_server_is_on.py index 2a9fc1c8..f7d2769f 100644 --- a/prowler/providers/azure/services/defender/defender_ensure_defender_for_server_is_on/defender_ensure_defender_for_server_is_on.py +++ b/prowler/providers/azure/services/defender/defender_ensure_defender_for_server_is_on/defender_ensure_defender_for_server_is_on.py @@ -15,7 +15,7 @@ class defender_ensure_defender_for_server_is_on(Check): report.status_extended = f"Defender plan Defender for Servers from subscription {subscription} is set to ON (pricing tier standard)" if pricings["VirtualMachines"].pricing_tier != "Standard": report.status = "FAIL" - report.status_extended = f"Defender plan Defender for Servers from subscription {subscription} is set to OFF (pricing tier not standard)" + report.status_extended = f"Defender plan Defender for Servers from subscription {subscription} is set to OFF (pricing tier not standard)" findings.append(report) return findings diff --git a/prowler/providers/azure/services/defender/defender_ensure_defender_for_sql_servers_is_on/defender_ensure_defender_for_sql_servers_is_on.py b/prowler/providers/azure/services/defender/defender_ensure_defender_for_sql_servers_is_on/defender_ensure_defender_for_sql_servers_is_on.py index f08cfd8c..9c6e564b 100644 --- a/prowler/providers/azure/services/defender/defender_ensure_defender_for_sql_servers_is_on/defender_ensure_defender_for_sql_servers_is_on.py +++ b/prowler/providers/azure/services/defender/defender_ensure_defender_for_sql_servers_is_on/defender_ensure_defender_for_sql_servers_is_on.py @@ -15,7 +15,7 @@ class defender_ensure_defender_for_sql_servers_is_on(Check): report.status_extended = f"Defender plan Defender for SQL Server VMs from subscription {subscription} is set to ON (pricing tier standard)" if pricings["SqlServerVirtualMachines"].pricing_tier != "Standard": report.status = "FAIL" - report.status_extended = f"Defender plan Defender for SQL Server VMs from subscription {subscription} is set to OFF (pricing tier not standard)" + report.status_extended = f"Defender plan Defender for SQL Server VMs from subscription {subscription} is set to OFF (pricing tier not standard)" findings.append(report) return findings diff --git a/prowler/providers/azure/services/defender/defender_ensure_defender_for_storage_is_on/defender_ensure_defender_for_storage_is_on.py b/prowler/providers/azure/services/defender/defender_ensure_defender_for_storage_is_on/defender_ensure_defender_for_storage_is_on.py index c7f39ca4..0cfe9ef7 100644 --- a/prowler/providers/azure/services/defender/defender_ensure_defender_for_storage_is_on/defender_ensure_defender_for_storage_is_on.py +++ b/prowler/providers/azure/services/defender/defender_ensure_defender_for_storage_is_on/defender_ensure_defender_for_storage_is_on.py @@ -15,7 +15,7 @@ class defender_ensure_defender_for_storage_is_on(Check): report.status_extended = f"Defender plan Defender for Storage Accounts from subscription {subscription} is set to ON (pricing tier standard)" if pricings["StorageAccounts"].pricing_tier != "Standard": report.status = "FAIL" - report.status_extended = f"Defender plan Defender for Storage Accounts from subscription {subscription} is set to OFF (pricing tier not standard)" + report.status_extended = f"Defender plan Defender for Storage Accounts from subscription {subscription} is set to OFF (pricing tier not standard)" findings.append(report) return findings diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_app_services_is_on/defender_ensure_defender_for_app_services_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_app_services_is_on/defender_ensure_defender_for_app_services_is_on_test.py index e69de29b..d0b4e6c5 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_app_services_is_on/defender_ensure_defender_for_app_services_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_app_services_is_on/defender_ensure_defender_for_app_services_is_on_test.py @@ -0,0 +1,90 @@ +from unittest import mock +from uuid import uuid4 + +from prowler.providers.azure.services.defender.defender_service import Defender_Pricing + +AZURE_SUSCRIPTION = str(uuid4()) + + +class Test_defender_ensure_defender_for_app_services_is_on: + def test_defender_no_app_services(self): + defender_client = mock.MagicMock + defender_client.pricings = {} + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_app_services_is_on.defender_ensure_defender_for_app_services_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_app_services_is_on.defender_ensure_defender_for_app_services_is_on import ( + defender_ensure_defender_for_app_services_is_on, + ) + + check = defender_ensure_defender_for_app_services_is_on() + result = check.execute() + assert len(result) == 0 + + def test_defender_app_services_pricing_tier_not_standard(self): + resource_id = str(uuid4()) + defender_client = mock.MagicMock + defender_client.pricings = { + AZURE_SUSCRIPTION: { + "AppServices": Defender_Pricing( + resource_id=resource_id, + pricing_tier="Not Standard", + free_trial_remaining_time=0, + ) + } + } + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_app_services_is_on.defender_ensure_defender_for_app_services_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_app_services_is_on.defender_ensure_defender_for_app_services_is_on import ( + defender_ensure_defender_for_app_services_is_on, + ) + + check = defender_ensure_defender_for_app_services_is_on() + result = check.execute() + assert len(result) == 1 + assert result[0].status == "FAIL" + assert ( + result[0].status_extended + == f"Defender plan Defender for App Services from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)" + ) + assert result[0].subscription == AZURE_SUSCRIPTION + assert result[0].resource_name == "Defender plan App Services" + assert result[0].resource_id == resource_id + + def test_defender_app_services_pricing_tier_standard(self): + resource_id = str(uuid4()) + defender_client = mock.MagicMock + defender_client.pricings = { + AZURE_SUSCRIPTION: { + "AppServices": Defender_Pricing( + resource_id=resource_id, + pricing_tier="Standard", + free_trial_remaining_time=0, + ) + } + } + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_app_services_is_on.defender_ensure_defender_for_app_services_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_app_services_is_on.defender_ensure_defender_for_app_services_is_on import ( + defender_ensure_defender_for_app_services_is_on, + ) + + check = defender_ensure_defender_for_app_services_is_on() + result = check.execute() + assert len(result) == 1 + assert result[0].status == "PASS" + assert ( + result[0].status_extended + == f"Defender plan Defender for App Services from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)" + ) + assert result[0].subscription == AZURE_SUSCRIPTION + assert result[0].resource_name == "Defender plan App Services" + assert result[0].resource_id == resource_id diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_arm_is_on/defender_ensure_defender_for_arm_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_arm_is_on/defender_ensure_defender_for_arm_is_on_test.py index e69de29b..54369285 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_arm_is_on/defender_ensure_defender_for_arm_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_arm_is_on/defender_ensure_defender_for_arm_is_on_test.py @@ -0,0 +1,90 @@ +from unittest import mock +from uuid import uuid4 + +from prowler.providers.azure.services.defender.defender_service import Defender_Pricing + +AZURE_SUSCRIPTION = str(uuid4()) + + +class Test_defender_ensure_defender_for_arm_is_on: + def test_defender_no_arm(self): + defender_client = mock.MagicMock + defender_client.pricings = {} + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_arm_is_on.defender_ensure_defender_for_arm_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_arm_is_on.defender_ensure_defender_for_arm_is_on import ( + defender_ensure_defender_for_arm_is_on, + ) + + check = defender_ensure_defender_for_arm_is_on() + result = check.execute() + assert len(result) == 0 + + def test_defender_arm_pricing_tier_not_standard(self): + resource_id = str(uuid4()) + defender_client = mock.MagicMock + defender_client.pricings = { + AZURE_SUSCRIPTION: { + "Arm": Defender_Pricing( + resource_id=resource_id, + pricing_tier="Not Standard", + free_trial_remaining_time=0, + ) + } + } + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_arm_is_on.defender_ensure_defender_for_arm_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_arm_is_on.defender_ensure_defender_for_arm_is_on import ( + defender_ensure_defender_for_arm_is_on, + ) + + check = defender_ensure_defender_for_arm_is_on() + result = check.execute() + assert len(result) == 1 + assert result[0].status == "FAIL" + assert ( + result[0].status_extended + == f"Defender plan Defender for ARM from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)" + ) + assert result[0].subscription == AZURE_SUSCRIPTION + assert result[0].resource_name == "Defender plan ARM" + assert result[0].resource_id == resource_id + + def test_defender_arm_pricing_tier_standard(self): + resource_id = str(uuid4()) + defender_client = mock.MagicMock + defender_client.pricings = { + AZURE_SUSCRIPTION: { + "Arm": Defender_Pricing( + resource_id=resource_id, + pricing_tier="Standard", + free_trial_remaining_time=0, + ) + } + } + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_arm_is_on.defender_ensure_defender_for_arm_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_arm_is_on.defender_ensure_defender_for_arm_is_on import ( + defender_ensure_defender_for_arm_is_on, + ) + + check = defender_ensure_defender_for_arm_is_on() + result = check.execute() + assert len(result) == 1 + assert result[0].status == "PASS" + assert ( + result[0].status_extended + == f"Defender plan Defender for ARM from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)" + ) + assert result[0].subscription == AZURE_SUSCRIPTION + assert result[0].resource_name == "Defender plan ARM" + assert result[0].resource_id == resource_id diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_azure_sql_databases_is_on/defender_ensure_defender_for_azure_sql_databases_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_azure_sql_databases_is_on/defender_ensure_defender_for_azure_sql_databases_is_on_test.py index e69de29b..79ed3261 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_azure_sql_databases_is_on/defender_ensure_defender_for_azure_sql_databases_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_azure_sql_databases_is_on/defender_ensure_defender_for_azure_sql_databases_is_on_test.py @@ -0,0 +1,90 @@ +from unittest import mock +from uuid import uuid4 + +from prowler.providers.azure.services.defender.defender_service import Defender_Pricing + +AZURE_SUSCRIPTION = str(uuid4()) + + +class Test_defender_ensure_defender_for_azure_sql_databases_is_on: + def test_defender_no_sql_databases(self): + defender_client = mock.MagicMock + defender_client.pricings = {} + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_azure_sql_databases_is_on.defender_ensure_defender_for_azure_sql_databases_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_azure_sql_databases_is_on.defender_ensure_defender_for_azure_sql_databases_is_on import ( + defender_ensure_defender_for_azure_sql_databases_is_on, + ) + + check = defender_ensure_defender_for_azure_sql_databases_is_on() + result = check.execute() + assert len(result) == 0 + + def test_defender_sql_databases_pricing_tier_not_standard(self): + resource_id = str(uuid4()) + defender_client = mock.MagicMock + defender_client.pricings = { + AZURE_SUSCRIPTION: { + "SqlServers": Defender_Pricing( + resource_id=resource_id, + pricing_tier="Not Standard", + free_trial_remaining_time=0, + ) + } + } + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_azure_sql_databases_is_on.defender_ensure_defender_for_azure_sql_databases_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_azure_sql_databases_is_on.defender_ensure_defender_for_azure_sql_databases_is_on import ( + defender_ensure_defender_for_azure_sql_databases_is_on, + ) + + check = defender_ensure_defender_for_azure_sql_databases_is_on() + result = check.execute() + assert len(result) == 1 + assert result[0].status == "FAIL" + assert ( + result[0].status_extended + == f"Defender plan Defender for Azure SQL DB Servers from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)" + ) + assert result[0].subscription == AZURE_SUSCRIPTION + assert result[0].resource_name == "Defender plan Azure SQL DB Servers" + assert result[0].resource_id == resource_id + + def test_defender_sql_databases_pricing_tier_standard(self): + resource_id = str(uuid4()) + defender_client = mock.MagicMock + defender_client.pricings = { + AZURE_SUSCRIPTION: { + "SqlServers": Defender_Pricing( + resource_id=resource_id, + pricing_tier="Standard", + free_trial_remaining_time=0, + ) + } + } + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_azure_sql_databases_is_on.defender_ensure_defender_for_azure_sql_databases_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_azure_sql_databases_is_on.defender_ensure_defender_for_azure_sql_databases_is_on import ( + defender_ensure_defender_for_azure_sql_databases_is_on, + ) + + check = defender_ensure_defender_for_azure_sql_databases_is_on() + result = check.execute() + assert len(result) == 1 + assert result[0].status == "PASS" + assert ( + result[0].status_extended + == f"Defender plan Defender for Azure SQL DB Servers from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)" + ) + assert result[0].subscription == AZURE_SUSCRIPTION + assert result[0].resource_name == "Defender plan Azure SQL DB Servers" + assert result[0].resource_id == resource_id diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_containers_is_on/defender_ensure_defender_for_containers_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_containers_is_on/defender_ensure_defender_for_containers_is_on_test.py index e69de29b..c696cedf 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_containers_is_on/defender_ensure_defender_for_containers_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_containers_is_on/defender_ensure_defender_for_containers_is_on_test.py @@ -0,0 +1,90 @@ +from unittest import mock +from uuid import uuid4 + +from prowler.providers.azure.services.defender.defender_service import Defender_Pricing + +AZURE_SUSCRIPTION = str(uuid4()) + + +class Test_defender_ensure_defender_for_containers_is_on: + def test_defender_no_container_registries(self): + defender_client = mock.MagicMock + defender_client.pricings = {} + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_containers_is_on.defender_ensure_defender_for_containers_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_containers_is_on.defender_ensure_defender_for_containers_is_on import ( + defender_ensure_defender_for_containers_is_on, + ) + + check = defender_ensure_defender_for_containers_is_on() + result = check.execute() + assert len(result) == 0 + + def test_defender_container_registries_pricing_tier_not_standard(self): + resource_id = str(uuid4()) + defender_client = mock.MagicMock + defender_client.pricings = { + AZURE_SUSCRIPTION: { + "Containers": Defender_Pricing( + resource_id=resource_id, + pricing_tier="Not Standard", + free_trial_remaining_time=0, + ) + } + } + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_containers_is_on.defender_ensure_defender_for_containers_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_containers_is_on.defender_ensure_defender_for_containers_is_on import ( + defender_ensure_defender_for_containers_is_on, + ) + + check = defender_ensure_defender_for_containers_is_on() + result = check.execute() + assert len(result) == 1 + assert result[0].status == "FAIL" + assert ( + result[0].status_extended + == f"Defender plan Defender for Containers from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)" + ) + assert result[0].subscription == AZURE_SUSCRIPTION + assert result[0].resource_name == "Defender plan Container Registries" + assert result[0].resource_id == resource_id + + def test_defender_container_registries_pricing_tier_standard(self): + resource_id = str(uuid4()) + defender_client = mock.MagicMock + defender_client.pricings = { + AZURE_SUSCRIPTION: { + "Containers": Defender_Pricing( + resource_id=resource_id, + pricing_tier="Standard", + free_trial_remaining_time=0, + ) + } + } + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_containers_is_on.defender_ensure_defender_for_containers_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_containers_is_on.defender_ensure_defender_for_containers_is_on import ( + defender_ensure_defender_for_containers_is_on, + ) + + check = defender_ensure_defender_for_containers_is_on() + result = check.execute() + assert len(result) == 1 + assert result[0].status == "PASS" + assert ( + result[0].status_extended + == f"Defender plan Defender for Containers from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)" + ) + assert result[0].subscription == AZURE_SUSCRIPTION + assert result[0].resource_name == "Defender plan Container Registries" + assert result[0].resource_id == resource_id diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_cosmosdb_is_on/defender_ensure_defender_for_cosmosdb_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_cosmosdb_is_on/defender_ensure_defender_for_cosmosdb_is_on_test.py index e69de29b..0a948cd7 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_cosmosdb_is_on/defender_ensure_defender_for_cosmosdb_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_cosmosdb_is_on/defender_ensure_defender_for_cosmosdb_is_on_test.py @@ -0,0 +1,90 @@ +from unittest import mock +from uuid import uuid4 + +from prowler.providers.azure.services.defender.defender_service import Defender_Pricing + +AZURE_SUSCRIPTION = str(uuid4()) + + +class Test_defender_ensure_defender_for_cosmosdb_is_on: + def test_defender_no_cosmosdb(self): + defender_client = mock.MagicMock + defender_client.pricings = {} + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_cosmosdb_is_on.defender_ensure_defender_for_cosmosdb_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_cosmosdb_is_on.defender_ensure_defender_for_cosmosdb_is_on import ( + defender_ensure_defender_for_cosmosdb_is_on, + ) + + check = defender_ensure_defender_for_cosmosdb_is_on() + result = check.execute() + assert len(result) == 0 + + def test_defender_cosmosdb_pricing_tier_not_standard(self): + resource_id = str(uuid4()) + defender_client = mock.MagicMock + defender_client.pricings = { + AZURE_SUSCRIPTION: { + "CosmosDbs": Defender_Pricing( + resource_id=resource_id, + pricing_tier="Not Standard", + free_trial_remaining_time=0, + ) + } + } + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_cosmosdb_is_on.defender_ensure_defender_for_cosmosdb_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_cosmosdb_is_on.defender_ensure_defender_for_cosmosdb_is_on import ( + defender_ensure_defender_for_cosmosdb_is_on, + ) + + check = defender_ensure_defender_for_cosmosdb_is_on() + result = check.execute() + assert len(result) == 1 + assert result[0].status == "FAIL" + assert ( + result[0].status_extended + == f"Defender plan Defender for Cosmos DB from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)" + ) + assert result[0].subscription == AZURE_SUSCRIPTION + assert result[0].resource_name == "Defender plan Cosmos DB" + assert result[0].resource_id == resource_id + + def test_defender_cosmosdb_pricing_tier_standard(self): + resource_id = str(uuid4()) + defender_client = mock.MagicMock + defender_client.pricings = { + AZURE_SUSCRIPTION: { + "CosmosDbs": Defender_Pricing( + resource_id=resource_id, + pricing_tier="Standard", + free_trial_remaining_time=0, + ) + } + } + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_cosmosdb_is_on.defender_ensure_defender_for_cosmosdb_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_cosmosdb_is_on.defender_ensure_defender_for_cosmosdb_is_on import ( + defender_ensure_defender_for_cosmosdb_is_on, + ) + + check = defender_ensure_defender_for_cosmosdb_is_on() + result = check.execute() + assert len(result) == 1 + assert result[0].status == "PASS" + assert ( + result[0].status_extended + == f"Defender plan Defender for Cosmos DB from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)" + ) + assert result[0].subscription == AZURE_SUSCRIPTION + assert result[0].resource_name == "Defender plan Cosmos DB" + assert result[0].resource_id == resource_id diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_databases_is_on/defender_ensure_defender_for_databases_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_databases_is_on/defender_ensure_defender_for_databases_is_on_test.py index e69de29b..c951195a 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_databases_is_on/defender_ensure_defender_for_databases_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_databases_is_on/defender_ensure_defender_for_databases_is_on_test.py @@ -0,0 +1,220 @@ +from unittest import mock +from uuid import uuid4 + +from prowler.providers.azure.services.defender.defender_service import Defender_Pricing + +AZURE_SUSCRIPTION = str(uuid4()) + + +class Test_defender_ensure_defender_for_databases_is_on: + def test_defender_no_databases(self): + defender_client = mock.MagicMock + defender_client.pricings = {} + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_databases_is_on.defender_ensure_defender_for_databases_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_databases_is_on.defender_ensure_defender_for_databases_is_on import ( + defender_ensure_defender_for_databases_is_on, + ) + + check = defender_ensure_defender_for_databases_is_on() + result = check.execute() + assert len(result) == 0 + + def test_defender_databases_sql_servers(self): + resource_id = str(uuid4()) + defender_client = mock.MagicMock + defender_client.pricings = { + AZURE_SUSCRIPTION: { + "SqlServers": Defender_Pricing( + resource_id=resource_id, + pricing_tier="Standard", + free_trial_remaining_time=0, + ) + } + } + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_databases_is_on.defender_ensure_defender_for_databases_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_databases_is_on.defender_ensure_defender_for_databases_is_on import ( + defender_ensure_defender_for_databases_is_on, + ) + + check = defender_ensure_defender_for_databases_is_on() + result = check.execute() + assert len(result) == 0 + + def test_defender_databases_sql_server_virtual_machines(self): + resource_id = str(uuid4()) + defender_client = mock.MagicMock + defender_client.pricings = { + AZURE_SUSCRIPTION: { + "SqlServerVirtualMachines": Defender_Pricing( + resource_id=resource_id, + pricing_tier="Standard", + free_trial_remaining_time=0, + ) + } + } + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_databases_is_on.defender_ensure_defender_for_databases_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_databases_is_on.defender_ensure_defender_for_databases_is_on import ( + defender_ensure_defender_for_databases_is_on, + ) + + check = defender_ensure_defender_for_databases_is_on() + result = check.execute() + assert len(result) == 0 + + def test_defender_databases_open_source_relation_databases(self): + resource_id = str(uuid4()) + defender_client = mock.MagicMock + defender_client.pricings = { + AZURE_SUSCRIPTION: { + "OpenSourceRelationalDatabases": Defender_Pricing( + resource_id=resource_id, + pricing_tier="Standard", + free_trial_remaining_time=0, + ) + } + } + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_databases_is_on.defender_ensure_defender_for_databases_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_databases_is_on.defender_ensure_defender_for_databases_is_on import ( + defender_ensure_defender_for_databases_is_on, + ) + + check = defender_ensure_defender_for_databases_is_on() + result = check.execute() + assert len(result) == 0 + + def test_defender_databases_cosmosdbs(self): + resource_id = str(uuid4()) + defender_client = mock.MagicMock + defender_client.pricings = { + AZURE_SUSCRIPTION: { + "CosmosDbs": Defender_Pricing( + resource_id=resource_id, + pricing_tier="Standard", + free_trial_remaining_time=0, + ) + } + } + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_databases_is_on.defender_ensure_defender_for_databases_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_databases_is_on.defender_ensure_defender_for_databases_is_on import ( + defender_ensure_defender_for_databases_is_on, + ) + + check = defender_ensure_defender_for_databases_is_on() + result = check.execute() + assert len(result) == 0 + + def test_defender_databases_all_standard(self): + resource_id = str(uuid4()) + defender_client = mock.MagicMock + defender_client.pricings = { + AZURE_SUSCRIPTION: { + "SqlServers": Defender_Pricing( + resource_id=resource_id, + pricing_tier="Standard", + free_trial_remaining_time=0, + ), + "SqlServerVirtualMachines": Defender_Pricing( + resource_id=resource_id, + pricing_tier="Standard", + free_trial_remaining_time=0, + ), + "OpenSourceRelationalDatabases": Defender_Pricing( + resource_id=resource_id, + pricing_tier="Standard", + free_trial_remaining_time=0, + ), + "CosmosDbs": Defender_Pricing( + resource_id=resource_id, + pricing_tier="Standard", + free_trial_remaining_time=0, + ), + }, + } + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_databases_is_on.defender_ensure_defender_for_databases_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_databases_is_on.defender_ensure_defender_for_databases_is_on import ( + defender_ensure_defender_for_databases_is_on, + ) + + check = defender_ensure_defender_for_databases_is_on() + result = check.execute() + assert len(result) == 1 + assert result[0].status == "PASS" + assert ( + result[0].status_extended + == f"Defender plan Defender for Databases from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)" + ) + assert result[0].subscription == AZURE_SUSCRIPTION + assert result[0].resource_name == "Defender plan Databases" + assert result[0].resource_id == resource_id + + def test_defender_databases_cosmosdb_not_standard(self): + resource_id = str(uuid4()) + defender_client = mock.MagicMock + defender_client.pricings = { + AZURE_SUSCRIPTION: { + "SqlServers": Defender_Pricing( + resource_id=resource_id, + pricing_tier="Standard", + free_trial_remaining_time=0, + ), + "SqlServerVirtualMachines": Defender_Pricing( + resource_id=resource_id, + pricing_tier="Standard", + free_trial_remaining_time=0, + ), + "OpenSourceRelationalDatabases": Defender_Pricing( + resource_id=resource_id, + pricing_tier="Standard", + free_trial_remaining_time=0, + ), + "CosmosDbs": Defender_Pricing( + resource_id=resource_id, + pricing_tier="Not Standard", + free_trial_remaining_time=0, + ), + }, + } + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_databases_is_on.defender_ensure_defender_for_databases_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_databases_is_on.defender_ensure_defender_for_databases_is_on import ( + defender_ensure_defender_for_databases_is_on, + ) + + check = defender_ensure_defender_for_databases_is_on() + result = check.execute() + assert len(result) == 1 + assert result[0].status == "FAIL" + assert ( + result[0].status_extended + == f"Defender plan Defender for Databases from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)" + ) + assert result[0].subscription == AZURE_SUSCRIPTION + assert result[0].resource_name == "Defender plan Databases" + assert result[0].resource_id == resource_id diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_dns_is_on/defender_ensure_defender_for_dns_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_dns_is_on/defender_ensure_defender_for_dns_is_on_test.py index e69de29b..2e065d42 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_dns_is_on/defender_ensure_defender_for_dns_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_dns_is_on/defender_ensure_defender_for_dns_is_on_test.py @@ -0,0 +1,90 @@ +from unittest import mock +from uuid import uuid4 + +from prowler.providers.azure.services.defender.defender_service import Defender_Pricing + +AZURE_SUSCRIPTION = str(uuid4()) + + +class Test_defender_ensure_defender_for_dns_is_on: + def test_defender_no_dns(self): + defender_client = mock.MagicMock + defender_client.pricings = {} + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_dns_is_on.defender_ensure_defender_for_dns_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_dns_is_on.defender_ensure_defender_for_dns_is_on import ( + defender_ensure_defender_for_dns_is_on, + ) + + check = defender_ensure_defender_for_dns_is_on() + result = check.execute() + assert len(result) == 0 + + def test_defender_dns_pricing_tier_not_standard(self): + resource_id = str(uuid4()) + defender_client = mock.MagicMock + defender_client.pricings = { + AZURE_SUSCRIPTION: { + "Dns": Defender_Pricing( + resource_id=resource_id, + pricing_tier="Not Standard", + free_trial_remaining_time=0, + ) + } + } + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_dns_is_on.defender_ensure_defender_for_dns_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_dns_is_on.defender_ensure_defender_for_dns_is_on import ( + defender_ensure_defender_for_dns_is_on, + ) + + check = defender_ensure_defender_for_dns_is_on() + result = check.execute() + assert len(result) == 1 + assert result[0].status == "FAIL" + assert ( + result[0].status_extended + == f"Defender plan Defender for DNS from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)" + ) + assert result[0].subscription == AZURE_SUSCRIPTION + assert result[0].resource_name == "Defender plan DNS" + assert result[0].resource_id == resource_id + + def test_defender_dns_pricing_tier_standard(self): + resource_id = str(uuid4()) + defender_client = mock.MagicMock + defender_client.pricings = { + AZURE_SUSCRIPTION: { + "Dns": Defender_Pricing( + resource_id=resource_id, + pricing_tier="Standard", + free_trial_remaining_time=0, + ) + } + } + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_dns_is_on.defender_ensure_defender_for_dns_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_dns_is_on.defender_ensure_defender_for_dns_is_on import ( + defender_ensure_defender_for_dns_is_on, + ) + + check = defender_ensure_defender_for_dns_is_on() + result = check.execute() + assert len(result) == 1 + assert result[0].status == "PASS" + assert ( + result[0].status_extended + == f"Defender plan Defender for DNS from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)" + ) + assert result[0].subscription == AZURE_SUSCRIPTION + assert result[0].resource_name == "Defender plan DNS" + assert result[0].resource_id == resource_id diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_keyvault_is_on/defender_ensure_defender_for_keyvault_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_keyvault_is_on/defender_ensure_defender_for_keyvault_is_on_test.py index e69de29b..333e951b 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_keyvault_is_on/defender_ensure_defender_for_keyvault_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_keyvault_is_on/defender_ensure_defender_for_keyvault_is_on_test.py @@ -0,0 +1,90 @@ +from unittest import mock +from uuid import uuid4 + +from prowler.providers.azure.services.defender.defender_service import Defender_Pricing + +AZURE_SUSCRIPTION = str(uuid4()) + + +class Test_defender_ensure_defender_for_keyvault_is_on: + def test_defender_no_keyvaults(self): + defender_client = mock.MagicMock + defender_client.pricings = {} + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_keyvault_is_on.defender_ensure_defender_for_keyvault_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_keyvault_is_on.defender_ensure_defender_for_keyvault_is_on import ( + defender_ensure_defender_for_keyvault_is_on, + ) + + check = defender_ensure_defender_for_keyvault_is_on() + result = check.execute() + assert len(result) == 0 + + def test_defender_keyvaults_pricing_tier_not_standard(self): + resource_id = str(uuid4()) + defender_client = mock.MagicMock + defender_client.pricings = { + AZURE_SUSCRIPTION: { + "KeyVaults": Defender_Pricing( + resource_id=resource_id, + pricing_tier="Not Standard", + free_trial_remaining_time=0, + ) + } + } + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_keyvault_is_on.defender_ensure_defender_for_keyvault_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_keyvault_is_on.defender_ensure_defender_for_keyvault_is_on import ( + defender_ensure_defender_for_keyvault_is_on, + ) + + check = defender_ensure_defender_for_keyvault_is_on() + result = check.execute() + assert len(result) == 1 + assert result[0].status == "FAIL" + assert ( + result[0].status_extended + == f"Defender plan Defender for KeyVaults from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)" + ) + assert result[0].subscription == AZURE_SUSCRIPTION + assert result[0].resource_name == "Defender plan KeyVaults" + assert result[0].resource_id == resource_id + + def test_defender_keyvaults_pricing_tier_standard(self): + resource_id = str(uuid4()) + defender_client = mock.MagicMock + defender_client.pricings = { + AZURE_SUSCRIPTION: { + "KeyVaults": Defender_Pricing( + resource_id=resource_id, + pricing_tier="Standard", + free_trial_remaining_time=0, + ) + } + } + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_keyvault_is_on.defender_ensure_defender_for_keyvault_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_keyvault_is_on.defender_ensure_defender_for_keyvault_is_on import ( + defender_ensure_defender_for_keyvault_is_on, + ) + + check = defender_ensure_defender_for_keyvault_is_on() + result = check.execute() + assert len(result) == 1 + assert result[0].status == "PASS" + assert ( + result[0].status_extended + == f"Defender plan Defender for KeyVaults from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)" + ) + assert result[0].subscription == AZURE_SUSCRIPTION + assert result[0].resource_name == "Defender plan KeyVaults" + assert result[0].resource_id == resource_id diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_os_relational_databases_is_on/defender_ensure_defender_for_os_relational_databases_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_os_relational_databases_is_on/defender_ensure_defender_for_os_relational_databases_is_on_test.py index e69de29b..dd1389fe 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_os_relational_databases_is_on/defender_ensure_defender_for_os_relational_databases_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_os_relational_databases_is_on/defender_ensure_defender_for_os_relational_databases_is_on_test.py @@ -0,0 +1,96 @@ +from unittest import mock +from uuid import uuid4 + +from prowler.providers.azure.services.defender.defender_service import Defender_Pricing + +AZURE_SUSCRIPTION = str(uuid4()) + + +class Test_defender_ensure_defender_for_os_relational_databases_is_on: + def test_defender_no_os_relational_databases(self): + defender_client = mock.MagicMock + defender_client.pricings = {} + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_os_relational_databases_is_on.defender_ensure_defender_for_os_relational_databases_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_os_relational_databases_is_on.defender_ensure_defender_for_os_relational_databases_is_on import ( + defender_ensure_defender_for_os_relational_databases_is_on, + ) + + check = defender_ensure_defender_for_os_relational_databases_is_on() + result = check.execute() + assert len(result) == 0 + + def test_defender_os_relational_databases_pricing_tier_not_standard(self): + resource_id = str(uuid4()) + defender_client = mock.MagicMock + defender_client.pricings = { + AZURE_SUSCRIPTION: { + "OpenSourceRelationalDatabases": Defender_Pricing( + resource_id=resource_id, + pricing_tier="Not Standard", + free_trial_remaining_time=0, + ) + } + } + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_os_relational_databases_is_on.defender_ensure_defender_for_os_relational_databases_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_os_relational_databases_is_on.defender_ensure_defender_for_os_relational_databases_is_on import ( + defender_ensure_defender_for_os_relational_databases_is_on, + ) + + check = defender_ensure_defender_for_os_relational_databases_is_on() + result = check.execute() + assert len(result) == 1 + assert result[0].status == "FAIL" + assert ( + result[0].status_extended + == f"Defender plan Defender for Open-Source Relational Databases from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)" + ) + assert result[0].subscription == AZURE_SUSCRIPTION + assert ( + result[0].resource_name + == "Defender plan Open-Source Relational Databases" + ) + assert result[0].resource_id == resource_id + + def test_defender_os_relational_databases_pricing_tier_standard(self): + resource_id = str(uuid4()) + defender_client = mock.MagicMock + defender_client.pricings = { + AZURE_SUSCRIPTION: { + "OpenSourceRelationalDatabases": Defender_Pricing( + resource_id=resource_id, + pricing_tier="Standard", + free_trial_remaining_time=0, + ) + } + } + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_os_relational_databases_is_on.defender_ensure_defender_for_os_relational_databases_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_os_relational_databases_is_on.defender_ensure_defender_for_os_relational_databases_is_on import ( + defender_ensure_defender_for_os_relational_databases_is_on, + ) + + check = defender_ensure_defender_for_os_relational_databases_is_on() + result = check.execute() + assert len(result) == 1 + assert result[0].status == "PASS" + assert ( + result[0].status_extended + == f"Defender plan Defender for Open-Source Relational Databases from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)" + ) + assert result[0].subscription == AZURE_SUSCRIPTION + assert ( + result[0].resource_name + == "Defender plan Open-Source Relational Databases" + ) + assert result[0].resource_id == resource_id diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_server_is_on/defender_ensure_defender_for_server_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_server_is_on/defender_ensure_defender_for_server_is_on_test.py index e69de29b..f6abf0a4 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_server_is_on/defender_ensure_defender_for_server_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_server_is_on/defender_ensure_defender_for_server_is_on_test.py @@ -0,0 +1,90 @@ +from unittest import mock +from uuid import uuid4 + +from prowler.providers.azure.services.defender.defender_service import Defender_Pricing + +AZURE_SUSCRIPTION = str(uuid4()) + + +class Test_defender_ensure_defender_for_server_is_on: + def test_defender_no_server(self): + defender_client = mock.MagicMock + defender_client.pricings = {} + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_server_is_on.defender_ensure_defender_for_server_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_server_is_on.defender_ensure_defender_for_server_is_on import ( + defender_ensure_defender_for_server_is_on, + ) + + check = defender_ensure_defender_for_server_is_on() + result = check.execute() + assert len(result) == 0 + + def test_defender_server_pricing_tier_not_standard(self): + resource_id = str(uuid4()) + defender_client = mock.MagicMock + defender_client.pricings = { + AZURE_SUSCRIPTION: { + "VirtualMachines": Defender_Pricing( + resource_id=resource_id, + pricing_tier="Not Standard", + free_trial_remaining_time=0, + ) + } + } + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_server_is_on.defender_ensure_defender_for_server_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_server_is_on.defender_ensure_defender_for_server_is_on import ( + defender_ensure_defender_for_server_is_on, + ) + + check = defender_ensure_defender_for_server_is_on() + result = check.execute() + assert len(result) == 1 + assert result[0].status == "FAIL" + assert ( + result[0].status_extended + == f"Defender plan Defender for Servers from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)" + ) + assert result[0].subscription == AZURE_SUSCRIPTION + assert result[0].resource_name == "Defender plan Servers" + assert result[0].resource_id == resource_id + + def test_defender_server_pricing_tier_standard(self): + resource_id = str(uuid4()) + defender_client = mock.MagicMock + defender_client.pricings = { + AZURE_SUSCRIPTION: { + "VirtualMachines": Defender_Pricing( + resource_id=resource_id, + pricing_tier="Standard", + free_trial_remaining_time=0, + ) + } + } + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_server_is_on.defender_ensure_defender_for_server_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_server_is_on.defender_ensure_defender_for_server_is_on import ( + defender_ensure_defender_for_server_is_on, + ) + + check = defender_ensure_defender_for_server_is_on() + result = check.execute() + assert len(result) == 1 + assert result[0].status == "PASS" + assert ( + result[0].status_extended + == f"Defender plan Defender for Servers from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)" + ) + assert result[0].subscription == AZURE_SUSCRIPTION + assert result[0].resource_name == "Defender plan Servers" + assert result[0].resource_id == resource_id diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_sql_servers_is_on/defender_ensure_defender_for_sql_servers_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_sql_servers_is_on/defender_ensure_defender_for_sql_servers_is_on_test.py index e69de29b..f5c0f5fa 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_sql_servers_is_on/defender_ensure_defender_for_sql_servers_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_sql_servers_is_on/defender_ensure_defender_for_sql_servers_is_on_test.py @@ -0,0 +1,90 @@ +from unittest import mock +from uuid import uuid4 + +from prowler.providers.azure.services.defender.defender_service import Defender_Pricing + +AZURE_SUSCRIPTION = str(uuid4()) + + +class Test_defender_ensure_defender_for_sql_servers_is_on: + def test_defender_no_server(self): + defender_client = mock.MagicMock + defender_client.pricings = {} + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_sql_servers_is_on.defender_ensure_defender_for_sql_servers_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_sql_servers_is_on.defender_ensure_defender_for_sql_servers_is_on import ( + defender_ensure_defender_for_sql_servers_is_on, + ) + + check = defender_ensure_defender_for_sql_servers_is_on() + result = check.execute() + assert len(result) == 0 + + def test_defender_server_pricing_tier_not_standard(self): + resource_id = str(uuid4()) + defender_client = mock.MagicMock + defender_client.pricings = { + AZURE_SUSCRIPTION: { + "SqlServerVirtualMachines": Defender_Pricing( + resource_id=resource_id, + pricing_tier="Not Standard", + free_trial_remaining_time=0, + ) + } + } + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_sql_servers_is_on.defender_ensure_defender_for_sql_servers_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_sql_servers_is_on.defender_ensure_defender_for_sql_servers_is_on import ( + defender_ensure_defender_for_sql_servers_is_on, + ) + + check = defender_ensure_defender_for_sql_servers_is_on() + result = check.execute() + assert len(result) == 1 + assert result[0].status == "FAIL" + assert ( + result[0].status_extended + == f"Defender plan Defender for SQL Server VMs from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)" + ) + assert result[0].subscription == AZURE_SUSCRIPTION + assert result[0].resource_name == "Defender plan SQL Server VMs" + assert result[0].resource_id == resource_id + + def test_defender_server_pricing_tier_standard(self): + resource_id = str(uuid4()) + defender_client = mock.MagicMock + defender_client.pricings = { + AZURE_SUSCRIPTION: { + "SqlServerVirtualMachines": Defender_Pricing( + resource_id=resource_id, + pricing_tier="Standard", + free_trial_remaining_time=0, + ) + } + } + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_sql_servers_is_on.defender_ensure_defender_for_sql_servers_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_sql_servers_is_on.defender_ensure_defender_for_sql_servers_is_on import ( + defender_ensure_defender_for_sql_servers_is_on, + ) + + check = defender_ensure_defender_for_sql_servers_is_on() + result = check.execute() + assert len(result) == 1 + assert result[0].status == "PASS" + assert ( + result[0].status_extended + == f"Defender plan Defender for SQL Server VMs from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)" + ) + assert result[0].subscription == AZURE_SUSCRIPTION + assert result[0].resource_name == "Defender plan SQL Server VMs" + assert result[0].resource_id == resource_id diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_storage_is_on/defender_ensure_defender_for_storage_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_storage_is_on/defender_ensure_defender_for_storage_is_on_test.py index e69de29b..08d28b0f 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_storage_is_on/defender_ensure_defender_for_storage_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_storage_is_on/defender_ensure_defender_for_storage_is_on_test.py @@ -0,0 +1,90 @@ +from unittest import mock +from uuid import uuid4 + +from prowler.providers.azure.services.defender.defender_service import Defender_Pricing + +AZURE_SUSCRIPTION = str(uuid4()) + + +class Test_defender_ensure_defender_for_storage_is_on: + def test_defender_no_server(self): + defender_client = mock.MagicMock + defender_client.pricings = {} + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_storage_is_on.defender_ensure_defender_for_storage_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_storage_is_on.defender_ensure_defender_for_storage_is_on import ( + defender_ensure_defender_for_storage_is_on, + ) + + check = defender_ensure_defender_for_storage_is_on() + result = check.execute() + assert len(result) == 0 + + def test_defender_server_pricing_tier_not_standard(self): + resource_id = str(uuid4()) + defender_client = mock.MagicMock + defender_client.pricings = { + AZURE_SUSCRIPTION: { + "StorageAccounts": Defender_Pricing( + resource_id=resource_id, + pricing_tier="Not Standard", + free_trial_remaining_time=0, + ) + } + } + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_storage_is_on.defender_ensure_defender_for_storage_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_storage_is_on.defender_ensure_defender_for_storage_is_on import ( + defender_ensure_defender_for_storage_is_on, + ) + + check = defender_ensure_defender_for_storage_is_on() + result = check.execute() + assert len(result) == 1 + assert result[0].status == "FAIL" + assert ( + result[0].status_extended + == f"Defender plan Defender for Storage Accounts from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)" + ) + assert result[0].subscription == AZURE_SUSCRIPTION + assert result[0].resource_name == "Defender plan Storage Accounts" + assert result[0].resource_id == resource_id + + def test_defender_server_pricing_tier_standard(self): + resource_id = str(uuid4()) + defender_client = mock.MagicMock + defender_client.pricings = { + AZURE_SUSCRIPTION: { + "StorageAccounts": Defender_Pricing( + resource_id=resource_id, + pricing_tier="Standard", + free_trial_remaining_time=0, + ) + } + } + + with mock.patch( + "prowler.providers.azure.services.defender.defender_ensure_defender_for_storage_is_on.defender_ensure_defender_for_storage_is_on.defender_client", + new=defender_client, + ): + from prowler.providers.azure.services.defender.defender_ensure_defender_for_storage_is_on.defender_ensure_defender_for_storage_is_on import ( + defender_ensure_defender_for_storage_is_on, + ) + + check = defender_ensure_defender_for_storage_is_on() + result = check.execute() + assert len(result) == 1 + assert result[0].status == "PASS" + assert ( + result[0].status_extended + == f"Defender plan Defender for Storage Accounts from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)" + ) + assert result[0].subscription == AZURE_SUSCRIPTION + assert result[0].resource_name == "Defender plan Storage Accounts" + assert result[0].resource_id == resource_id