diff --git a/tests/providers/aws/services/glacier/glacier_service_test.py b/tests/providers/aws/services/glacier/glacier_service_test.py index 8c8a3f63..4c1a4c42 100644 --- a/tests/providers/aws/services/glacier/glacier_service_test.py +++ b/tests/providers/aws/services/glacier/glacier_service_test.py @@ -2,29 +2,27 @@ import json from unittest.mock import patch import botocore -from boto3 import session -from moto.core import DEFAULT_ACCOUNT_ID -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info from prowler.providers.aws.services.glacier.glacier_service import Glacier -from prowler.providers.common.models import Audit_Metadata - -# Mock Test Region -AWS_REGION = "eu-west-1" -AWS_ACCOUNT_NUMBER = "123456789012" +from tests.providers.aws.audit_info_utils import ( + AWS_ACCOUNT_NUMBER, + AWS_REGION_EU_WEST_1, + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, +) # Mocking Access Analyzer Calls make_api_call = botocore.client.BaseClient._make_api_call TEST_VAULT_ARN = ( - f"arn:aws:glacier:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:vaults/examplevault" + f"arn:aws:glacier:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:vaults/examplevault" ) vault_json_policy = { "Version": "2012-10-17", "Statement": [ { "Sid": "cross-account-upload", - "Principal": {"AWS": [f"arn:aws:iam::{DEFAULT_ACCOUNT_ID}:root"]}, + "Principal": {"AWS": [f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"]}, "Effect": "Allow", "Action": [ "glacier:UploadArchive", @@ -65,9 +63,11 @@ def mock_make_api_call(self, operation_name, kwarg): # Mock generate_regional_clients() def mock_generate_regional_clients(service, audit_info, _): - regional_client = audit_info.audit_session.client(service, region_name=AWS_REGION) - regional_client.region = AWS_REGION - return {AWS_REGION: regional_client} + regional_client = audit_info.audit_session.client( + service, region_name=AWS_REGION_EU_WEST_1 + ) + regional_client.region = AWS_REGION_EU_WEST_1 + return {AWS_REGION_EU_WEST_1: regional_client} # Patch every AWS call using Boto3 and generate_regional_clients to have 1 client @@ -77,76 +77,58 @@ def mock_generate_regional_clients(service, audit_info, _): new=mock_generate_regional_clients, ) class Test_Glacier_Service: - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - ), - audited_account=AWS_ACCOUNT_NUMBER, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region=None, - credentials=None, - assumed_role_info=None, - audited_regions=["us-east-1", "eu-west-1"], - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - - return audit_info - # Test Glacier Client def test__get_client__(self): - glacier = Glacier(self.set_mocked_audit_info()) - assert glacier.regional_clients[AWS_REGION].__class__.__name__ == "Glacier" + glacier = Glacier( + set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1]) + ) + assert ( + glacier.regional_clients[AWS_REGION_EU_WEST_1].__class__.__name__ + == "Glacier" + ) # Test Glacier Session def test__get_session__(self): - glacier = Glacier(self.set_mocked_audit_info()) + glacier = Glacier( + set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1]) + ) assert glacier.session.__class__.__name__ == "Session" # Test Glacier Service def test__get_service__(self): - glacier = Glacier(self.set_mocked_audit_info()) + glacier = Glacier( + set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1]) + ) assert glacier.service == "glacier" def test__list_vaults__(self): # Set partition for the service - glacier = Glacier(self.set_mocked_audit_info()) + glacier = Glacier( + set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1]) + ) vault_name = "examplevault" assert len(glacier.vaults) == 1 assert glacier.vaults[TEST_VAULT_ARN] assert glacier.vaults[TEST_VAULT_ARN].name == vault_name assert ( glacier.vaults[TEST_VAULT_ARN].arn - == f"arn:aws:glacier:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:vaults/examplevault" + == f"arn:aws:glacier:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:vaults/examplevault" ) - assert glacier.vaults[TEST_VAULT_ARN].region == AWS_REGION + assert glacier.vaults[TEST_VAULT_ARN].region == AWS_REGION_EU_WEST_1 assert glacier.vaults[TEST_VAULT_ARN].tags == [{"test": "test"}] def test__get_vault_access_policy__(self): # Set partition for the service - glacier = Glacier(self.set_mocked_audit_info()) + glacier = Glacier( + set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1]) + ) vault_name = "examplevault" assert len(glacier.vaults) == 1 assert glacier.vaults[TEST_VAULT_ARN] assert glacier.vaults[TEST_VAULT_ARN].name == vault_name assert ( glacier.vaults[TEST_VAULT_ARN].arn - == f"arn:aws:glacier:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:vaults/examplevault" + == f"arn:aws:glacier:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:vaults/examplevault" ) - assert glacier.vaults[TEST_VAULT_ARN].region == AWS_REGION + assert glacier.vaults[TEST_VAULT_ARN].region == AWS_REGION_EU_WEST_1 assert glacier.vaults[TEST_VAULT_ARN].access_policy == vault_json_policy diff --git a/tests/providers/aws/services/glacier/glacier_vaults_policy_public_access/glacier_vaults_policy_public_access_test.py b/tests/providers/aws/services/glacier/glacier_vaults_policy_public_access/glacier_vaults_policy_public_access_test.py index e5145fae..fe18b12a 100644 --- a/tests/providers/aws/services/glacier/glacier_vaults_policy_public_access/glacier_vaults_policy_public_access_test.py +++ b/tests/providers/aws/services/glacier/glacier_vaults_policy_public_access/glacier_vaults_policy_public_access_test.py @@ -1,10 +1,10 @@ from unittest import mock -from moto.core import DEFAULT_ACCOUNT_ID - from prowler.providers.aws.services.glacier.glacier_service import Vault - -AWS_REGION = "eu-west-1" +from tests.providers.aws.audit_info_utils import ( + AWS_ACCOUNT_NUMBER, + AWS_REGION_EU_WEST_1, +) class Test_glacier_vaults_policy_public_access: @@ -28,15 +28,13 @@ class Test_glacier_vaults_policy_public_access: def test_vault_no_policy(self): glacier_client = mock.MagicMock vault_name = "test-vault" - vault_arn = ( - f"arn:aws:glacier:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:vaults/examplevault" - ) + vault_arn = f"arn:aws:glacier:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:vaults/examplevault" glacier_client.vaults = { vault_name: Vault( name=vault_name, arn=vault_arn, access_policy={}, - region=AWS_REGION, + region=AWS_REGION_EU_WEST_1, ) } with mock.patch( @@ -52,7 +50,7 @@ class Test_glacier_vaults_policy_public_access: result = check.execute() assert len(result) == 1 - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_EU_WEST_1 assert result[0].resource_id == vault_name assert result[0].resource_arn == vault_arn assert result[0].status == "PASS" @@ -64,9 +62,7 @@ class Test_glacier_vaults_policy_public_access: def test_vault_policy_pricipal_aws_list_asterisk(self): glacier_client = mock.MagicMock vault_name = "test-vault" - vault_arn = ( - f"arn:aws:glacier:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:vaults/examplevault" - ) + vault_arn = f"arn:aws:glacier:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:vaults/examplevault" glacier_client.vaults = { vault_name: Vault( name=vault_name, @@ -76,7 +72,7 @@ class Test_glacier_vaults_policy_public_access: "Statement": [ { "Sid": "cross-account-upload", - "Principal": {"AWS": ["*", DEFAULT_ACCOUNT_ID]}, + "Principal": {"AWS": ["*", AWS_ACCOUNT_NUMBER]}, "Effect": "Allow", "Action": [ "glacier:UploadArchive", @@ -85,12 +81,12 @@ class Test_glacier_vaults_policy_public_access: "glacier:CompleteMultipartUpload", ], "Resource": [ - f"arn:aws:glacier:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:vaults/examplevault" + f"arn:aws:glacier:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:vaults/examplevault" ], } ], }, - region=AWS_REGION, + region=AWS_REGION_EU_WEST_1, ) } with mock.patch( @@ -106,7 +102,7 @@ class Test_glacier_vaults_policy_public_access: result = check.execute() assert len(result) == 1 - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_EU_WEST_1 assert result[0].resource_id == vault_name assert result[0].resource_arn == vault_arn assert result[0].status == "FAIL" @@ -118,9 +114,7 @@ class Test_glacier_vaults_policy_public_access: def test_vault_policy_pricipal_asterisk(self): glacier_client = mock.MagicMock vault_name = "test-vault" - vault_arn = ( - f"arn:aws:glacier:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:vaults/examplevault" - ) + vault_arn = f"arn:aws:glacier:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:vaults/examplevault" glacier_client.vaults = { vault_name: Vault( name=vault_name, @@ -139,12 +133,12 @@ class Test_glacier_vaults_policy_public_access: "glacier:CompleteMultipartUpload", ], "Resource": [ - f"arn:aws:glacier:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:vaults/examplevault" + f"arn:aws:glacier:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:vaults/examplevault" ], } ], }, - region=AWS_REGION, + region=AWS_REGION_EU_WEST_1, ) } with mock.patch( @@ -160,7 +154,7 @@ class Test_glacier_vaults_policy_public_access: result = check.execute() assert len(result) == 1 - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_EU_WEST_1 assert result[0].resource_id == vault_name assert result[0].resource_arn == vault_arn assert result[0].status == "FAIL" @@ -172,9 +166,7 @@ class Test_glacier_vaults_policy_public_access: def test_vault_policy_pricipal_canonical_user_asterisk(self): glacier_client = mock.MagicMock vault_name = "test-vault" - vault_arn = ( - f"arn:aws:glacier:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:vaults/examplevault" - ) + vault_arn = f"arn:aws:glacier:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:vaults/examplevault" glacier_client.vaults = { vault_name: Vault( name=vault_name, @@ -193,12 +185,12 @@ class Test_glacier_vaults_policy_public_access: "glacier:CompleteMultipartUpload", ], "Resource": [ - f"arn:aws:glacier:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:vaults/examplevault" + f"arn:aws:glacier:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:vaults/examplevault" ], } ], }, - region=AWS_REGION, + region=AWS_REGION_EU_WEST_1, ) } with mock.patch( @@ -214,7 +206,7 @@ class Test_glacier_vaults_policy_public_access: result = check.execute() assert len(result) == 1 - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_EU_WEST_1 assert result[0].resource_id == vault_name assert result[0].resource_arn == vault_arn assert result[0].status == "FAIL" @@ -226,9 +218,7 @@ class Test_glacier_vaults_policy_public_access: def test_vault_policy_private(self): glacier_client = mock.MagicMock vault_name = "test-vault" - vault_arn = ( - f"arn:aws:glacier:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:vaults/examplevault" - ) + vault_arn = f"arn:aws:glacier:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:vaults/examplevault" glacier_client.vaults = { vault_name: Vault( name=vault_name, @@ -240,7 +230,7 @@ class Test_glacier_vaults_policy_public_access: "Sid": "cross-account-upload", "Principal": { "CanonicalUser": [ - f"arn:aws:iam::{DEFAULT_ACCOUNT_ID}:root", + f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", ] }, "Effect": "Allow", @@ -251,12 +241,12 @@ class Test_glacier_vaults_policy_public_access: "glacier:CompleteMultipartUpload", ], "Resource": [ - f"arn:aws:glacier:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:vaults/examplevault" + f"arn:aws:glacier:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:vaults/examplevault" ], } ], }, - region=AWS_REGION, + region=AWS_REGION_EU_WEST_1, ) } with mock.patch( @@ -272,7 +262,7 @@ class Test_glacier_vaults_policy_public_access: result = check.execute() assert len(result) == 1 - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_EU_WEST_1 assert result[0].resource_id == vault_name assert result[0].resource_arn == vault_arn assert result[0].status == "PASS"