mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-10 06:45:08 +00:00
fix(azure): Status extended ends with a dot (#2725)
This commit is contained in:
Pepe Fagoaga
@@ -12,10 +12,10 @@ class defender_ensure_defender_for_app_services_is_on(Check):
|
||||
report.subscription = subscription
|
||||
report.resource_name = "Defender plan App Services"
|
||||
report.resource_id = pricings["AppServices"].resource_id
|
||||
report.status_extended = f"Defender plan Defender for App Services from subscription {subscription} is set to ON (pricing tier standard)"
|
||||
report.status_extended = f"Defender plan Defender for App Services from subscription {subscription} is set to ON (pricing tier standard)."
|
||||
if pricings["AppServices"].pricing_tier != "Standard":
|
||||
report.status = "FAIL"
|
||||
report.status_extended = f"Defender plan Defender for App Services from subscription {subscription} is set to OFF (pricing tier not standard)"
|
||||
report.status_extended = f"Defender plan Defender for App Services from subscription {subscription} is set to OFF (pricing tier not standard)."
|
||||
|
||||
findings.append(report)
|
||||
return findings
|
||||
|
||||
@@ -12,10 +12,10 @@ class defender_ensure_defender_for_arm_is_on(Check):
|
||||
report.subscription = subscription
|
||||
report.resource_id = pricings["Arm"].resource_id
|
||||
report.resource_name = "Defender plan ARM"
|
||||
report.status_extended = f"Defender plan Defender for ARM from subscription {subscription} is set to ON (pricing tier standard)"
|
||||
report.status_extended = f"Defender plan Defender for ARM from subscription {subscription} is set to ON (pricing tier standard)."
|
||||
if pricings["Arm"].pricing_tier != "Standard":
|
||||
report.status = "FAIL"
|
||||
report.status_extended = f"Defender plan Defender for ARM from subscription {subscription} is set to OFF (pricing tier not standard)"
|
||||
report.status_extended = f"Defender plan Defender for ARM from subscription {subscription} is set to OFF (pricing tier not standard)."
|
||||
|
||||
findings.append(report)
|
||||
return findings
|
||||
|
||||
@@ -12,10 +12,10 @@ class defender_ensure_defender_for_azure_sql_databases_is_on(Check):
|
||||
report.subscription = subscription
|
||||
report.resource_id = pricings["SqlServers"].resource_id
|
||||
report.resource_name = "Defender plan Azure SQL DB Servers"
|
||||
report.status_extended = f"Defender plan Defender for Azure SQL DB Servers from subscription {subscription} is set to ON (pricing tier standard)"
|
||||
report.status_extended = f"Defender plan Defender for Azure SQL DB Servers from subscription {subscription} is set to ON (pricing tier standard)."
|
||||
if pricings["SqlServers"].pricing_tier != "Standard":
|
||||
report.status = "FAIL"
|
||||
report.status_extended = f"Defender plan Defender for Azure SQL DB Servers from subscription {subscription} is set to OFF (pricing tier not standard)"
|
||||
report.status_extended = f"Defender plan Defender for Azure SQL DB Servers from subscription {subscription} is set to OFF (pricing tier not standard)."
|
||||
|
||||
findings.append(report)
|
||||
return findings
|
||||
|
||||
@@ -12,10 +12,10 @@ class defender_ensure_defender_for_containers_is_on(Check):
|
||||
report.subscription = subscription
|
||||
report.resource_id = pricings["Containers"].resource_id
|
||||
report.resource_name = "Defender plan Container Registries"
|
||||
report.status_extended = f"Defender plan Defender for Containers from subscription {subscription} is set to ON (pricing tier standard)"
|
||||
report.status_extended = f"Defender plan Defender for Containers from subscription {subscription} is set to ON (pricing tier standard)."
|
||||
if pricings["Containers"].pricing_tier != "Standard":
|
||||
report.status = "FAIL"
|
||||
report.status_extended = f"Defender plan Defender for Containers from subscription {subscription} is set to OFF (pricing tier not standard)"
|
||||
report.status_extended = f"Defender plan Defender for Containers from subscription {subscription} is set to OFF (pricing tier not standard)."
|
||||
|
||||
findings.append(report)
|
||||
return findings
|
||||
|
||||
@@ -12,10 +12,10 @@ class defender_ensure_defender_for_cosmosdb_is_on(Check):
|
||||
report.subscription = subscription
|
||||
report.resource_id = pricings["CosmosDbs"].resource_id
|
||||
report.resource_name = "Defender plan Cosmos DB"
|
||||
report.status_extended = f"Defender plan Defender for Cosmos DB from subscription {subscription} is set to ON (pricing tier standard)"
|
||||
report.status_extended = f"Defender plan Defender for Cosmos DB from subscription {subscription} is set to ON (pricing tier standard)."
|
||||
if pricings["CosmosDbs"].pricing_tier != "Standard":
|
||||
report.status = "FAIL"
|
||||
report.status_extended = f"Defender plan Defender for Cosmos DB from subscription {subscription} is set to OFF (pricing tier not standard)"
|
||||
report.status_extended = f"Defender plan Defender for Cosmos DB from subscription {subscription} is set to OFF (pricing tier not standard)."
|
||||
|
||||
findings.append(report)
|
||||
return findings
|
||||
|
||||
@@ -17,7 +17,7 @@ class defender_ensure_defender_for_databases_is_on(Check):
|
||||
report.subscription = subscription
|
||||
report.resource_id = pricings["SqlServers"].resource_id
|
||||
report.status = "PASS"
|
||||
report.status_extended = f"Defender plan Defender for Databases from subscription {subscription} is set to ON (pricing tier standard)"
|
||||
report.status_extended = f"Defender plan Defender for Databases from subscription {subscription} is set to ON (pricing tier standard)."
|
||||
if (
|
||||
pricings["SqlServers"].pricing_tier != "Standard"
|
||||
or pricings["SqlServerVirtualMachines"].pricing_tier != "Standard"
|
||||
@@ -26,7 +26,7 @@ class defender_ensure_defender_for_databases_is_on(Check):
|
||||
or pricings["CosmosDbs"].pricing_tier != "Standard"
|
||||
):
|
||||
report.status = "FAIL"
|
||||
report.status_extended = f"Defender plan Defender for Databases from subscription {subscription} is set to OFF (pricing tier not standard)"
|
||||
report.status_extended = f"Defender plan Defender for Databases from subscription {subscription} is set to OFF (pricing tier not standard)."
|
||||
|
||||
findings.append(report)
|
||||
return findings
|
||||
|
||||
@@ -12,10 +12,10 @@ class defender_ensure_defender_for_dns_is_on(Check):
|
||||
report.subscription = subscription
|
||||
report.resource_name = "Defender plan DNS"
|
||||
report.resource_id = pricings["Dns"].resource_id
|
||||
report.status_extended = f"Defender plan Defender for DNS from subscription {subscription} is set to ON (pricing tier standard)"
|
||||
report.status_extended = f"Defender plan Defender for DNS from subscription {subscription} is set to ON (pricing tier standard)."
|
||||
if pricings["Dns"].pricing_tier != "Standard":
|
||||
report.status = "FAIL"
|
||||
report.status_extended = f"Defender plan Defender for DNS from subscription {subscription} is set to OFF (pricing tier not standard)"
|
||||
report.status_extended = f"Defender plan Defender for DNS from subscription {subscription} is set to OFF (pricing tier not standard)."
|
||||
|
||||
findings.append(report)
|
||||
return findings
|
||||
|
||||
@@ -12,10 +12,10 @@ class defender_ensure_defender_for_keyvault_is_on(Check):
|
||||
report.subscription = subscription
|
||||
report.resource_name = "Defender plan KeyVaults"
|
||||
report.resource_id = pricings["KeyVaults"].resource_id
|
||||
report.status_extended = f"Defender plan Defender for KeyVaults from subscription {subscription} is set to ON (pricing tier standard)"
|
||||
report.status_extended = f"Defender plan Defender for KeyVaults from subscription {subscription} is set to ON (pricing tier standard)."
|
||||
if pricings["KeyVaults"].pricing_tier != "Standard":
|
||||
report.status = "FAIL"
|
||||
report.status_extended = f"Defender plan Defender for KeyVaults from subscription {subscription} is set to OFF (pricing tier not standard)"
|
||||
report.status_extended = f"Defender plan Defender for KeyVaults from subscription {subscription} is set to OFF (pricing tier not standard)."
|
||||
|
||||
findings.append(report)
|
||||
return findings
|
||||
|
||||
@@ -14,10 +14,10 @@ class defender_ensure_defender_for_os_relational_databases_is_on(Check):
|
||||
report.resource_id = pricings[
|
||||
"OpenSourceRelationalDatabases"
|
||||
].resource_id
|
||||
report.status_extended = f"Defender plan Defender for Open-Source Relational Databases from subscription {subscription} is set to ON (pricing tier standard)"
|
||||
report.status_extended = f"Defender plan Defender for Open-Source Relational Databases from subscription {subscription} is set to ON (pricing tier standard)."
|
||||
if pricings["OpenSourceRelationalDatabases"].pricing_tier != "Standard":
|
||||
report.status = "FAIL"
|
||||
report.status_extended = f"Defender plan Defender for Open-Source Relational Databases from subscription {subscription} is set to OFF (pricing tier not standard)"
|
||||
report.status_extended = f"Defender plan Defender for Open-Source Relational Databases from subscription {subscription} is set to OFF (pricing tier not standard)."
|
||||
|
||||
findings.append(report)
|
||||
return findings
|
||||
|
||||
@@ -12,10 +12,10 @@ class defender_ensure_defender_for_server_is_on(Check):
|
||||
report.subscription = subscription
|
||||
report.resource_name = "Defender plan Servers"
|
||||
report.resource_id = pricings["VirtualMachines"].resource_id
|
||||
report.status_extended = f"Defender plan Defender for Servers from subscription {subscription} is set to ON (pricing tier standard)"
|
||||
report.status_extended = f"Defender plan Defender for Servers from subscription {subscription} is set to ON (pricing tier standard)."
|
||||
if pricings["VirtualMachines"].pricing_tier != "Standard":
|
||||
report.status = "FAIL"
|
||||
report.status_extended = f"Defender plan Defender for Servers from subscription {subscription} is set to OFF (pricing tier not standard)"
|
||||
report.status_extended = f"Defender plan Defender for Servers from subscription {subscription} is set to OFF (pricing tier not standard)."
|
||||
|
||||
findings.append(report)
|
||||
return findings
|
||||
|
||||
@@ -12,10 +12,10 @@ class defender_ensure_defender_for_sql_servers_is_on(Check):
|
||||
report.subscription = subscription
|
||||
report.resource_name = "Defender plan SQL Server VMs"
|
||||
report.resource_id = pricings["SqlServerVirtualMachines"].resource_id
|
||||
report.status_extended = f"Defender plan Defender for SQL Server VMs from subscription {subscription} is set to ON (pricing tier standard)"
|
||||
report.status_extended = f"Defender plan Defender for SQL Server VMs from subscription {subscription} is set to ON (pricing tier standard)."
|
||||
if pricings["SqlServerVirtualMachines"].pricing_tier != "Standard":
|
||||
report.status = "FAIL"
|
||||
report.status_extended = f"Defender plan Defender for SQL Server VMs from subscription {subscription} is set to OFF (pricing tier not standard)"
|
||||
report.status_extended = f"Defender plan Defender for SQL Server VMs from subscription {subscription} is set to OFF (pricing tier not standard)."
|
||||
|
||||
findings.append(report)
|
||||
return findings
|
||||
|
||||
@@ -12,10 +12,10 @@ class defender_ensure_defender_for_storage_is_on(Check):
|
||||
report.subscription = subscription
|
||||
report.resource_name = "Defender plan Storage Accounts"
|
||||
report.resource_id = pricings["StorageAccounts"].resource_id
|
||||
report.status_extended = f"Defender plan Defender for Storage Accounts from subscription {subscription} is set to ON (pricing tier standard)"
|
||||
report.status_extended = f"Defender plan Defender for Storage Accounts from subscription {subscription} is set to ON (pricing tier standard)."
|
||||
if pricings["StorageAccounts"].pricing_tier != "Standard":
|
||||
report.status = "FAIL"
|
||||
report.status_extended = f"Defender plan Defender for Storage Accounts from subscription {subscription} is set to OFF (pricing tier not standard)"
|
||||
report.status_extended = f"Defender plan Defender for Storage Accounts from subscription {subscription} is set to OFF (pricing tier not standard)."
|
||||
|
||||
findings.append(report)
|
||||
return findings
|
||||
|
||||
@@ -14,14 +14,14 @@ class iam_subscription_roles_owner_custom_not_created(Check):
|
||||
report.resource_id = role.id
|
||||
report.resource_name = role.name
|
||||
report.status = "PASS"
|
||||
report.status_extended = f"Role {role.name} from subscription {subscription} is not a custom owner role"
|
||||
report.status_extended = f"Role {role.name} from subscription {subscription} is not a custom owner role."
|
||||
for scope in role.assignable_scopes:
|
||||
if search("^/.*", scope):
|
||||
for permission_item in role.permissions:
|
||||
for action in permission_item.actions:
|
||||
if action == "*":
|
||||
report.status = "FAIL"
|
||||
report.status_extended = f"Role {role.name} from subscription {subscription} is a custom owner role"
|
||||
report.status_extended = f"Role {role.name} from subscription {subscription} is a custom owner role."
|
||||
break
|
||||
|
||||
findings.append(report)
|
||||
|
||||
@@ -10,14 +10,14 @@ class sqlserver_auditing_enabled(Check):
|
||||
report = Check_Report_Azure(self.metadata())
|
||||
report.subscription = subscription
|
||||
report.status = "PASS"
|
||||
report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} has a auditing policy configured"
|
||||
report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} has a auditing policy configured."
|
||||
report.resource_name = sql_server.name
|
||||
report.resource_id = sql_server.id
|
||||
|
||||
for auditing_policy in sql_server.auditing_policies:
|
||||
if auditing_policy.state == "Disabled":
|
||||
report.status = "FAIL"
|
||||
report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} does not have any auditing policy configured"
|
||||
report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} does not have any auditing policy configured."
|
||||
break
|
||||
|
||||
findings.append(report)
|
||||
|
||||
@@ -10,7 +10,7 @@ class sqlserver_azuread_administrator_enabled(Check):
|
||||
report = Check_Report_Azure(self.metadata())
|
||||
report.subscription = subscription
|
||||
report.status = "PASS"
|
||||
report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} has an Active Directory administrator"
|
||||
report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} has an Active Directory administrator."
|
||||
report.resource_name = sql_server.name
|
||||
report.resource_id = sql_server.id
|
||||
|
||||
@@ -19,7 +19,7 @@ class sqlserver_azuread_administrator_enabled(Check):
|
||||
or sql_server.administrators.administrator_type != "ActiveDirectory"
|
||||
):
|
||||
report.status = "FAIL"
|
||||
report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} does not have an Active Directory administrator"
|
||||
report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} does not have an Active Directory administrator."
|
||||
|
||||
findings.append(report)
|
||||
|
||||
|
||||
@@ -10,7 +10,7 @@ class sqlserver_unrestricted_inbound_access(Check):
|
||||
report = Check_Report_Azure(self.metadata())
|
||||
report.subscription = subscription
|
||||
report.status = "PASS"
|
||||
report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} does not have firewall rules allowing 0.0.0.0-255.255.255.255"
|
||||
report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} does not have firewall rules allowing 0.0.0.0-255.255.255.255."
|
||||
report.resource_name = sql_server.name
|
||||
report.resource_id = sql_server.id
|
||||
|
||||
@@ -20,7 +20,7 @@ class sqlserver_unrestricted_inbound_access(Check):
|
||||
and firewall_rule.end_ip_address == "255.255.255.255"
|
||||
):
|
||||
report.status = "FAIL"
|
||||
report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} has firewall rules allowing 0.0.0.0-255.255.255.255"
|
||||
report.status_extended = f"SQL Server {sql_server.name} from subscription {subscription} has firewall rules allowing 0.0.0.0-255.255.255.255."
|
||||
break
|
||||
|
||||
findings.append(report)
|
||||
|
||||
@@ -10,12 +10,12 @@ class storage_blob_public_access_level_is_disabled(Check):
|
||||
report = Check_Report_Azure(self.metadata())
|
||||
report.subscription = subscription
|
||||
report.status = "FAIL"
|
||||
report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has allow blob public access enabled"
|
||||
report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has allow blob public access enabled."
|
||||
report.resource_name = storage_account.name
|
||||
report.resource_id = storage_account.id
|
||||
if not storage_account.allow_blob_public_access:
|
||||
report.status = "PASS"
|
||||
report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has allow blob public access disabled"
|
||||
report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has allow blob public access disabled."
|
||||
|
||||
findings.append(report)
|
||||
|
||||
|
||||
@@ -10,12 +10,12 @@ class storage_default_network_access_rule_is_denied(Check):
|
||||
report = Check_Report_Azure(self.metadata())
|
||||
report.subscription = subscription
|
||||
report.status = "PASS"
|
||||
report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has network access rule set to Deny"
|
||||
report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has network access rule set to Deny."
|
||||
report.resource_name = storage_account.name
|
||||
report.resource_id = storage_account.id
|
||||
if storage_account.network_rule_set.default_action == "Allow":
|
||||
report.status = "FAIL"
|
||||
report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has network access rule set to Allow"
|
||||
report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has network access rule set to Allow."
|
||||
|
||||
findings.append(report)
|
||||
|
||||
|
||||
@@ -10,12 +10,12 @@ class storage_ensure_azure_services_are_trusted_to_access_is_enabled(Check):
|
||||
report = Check_Report_Azure(self.metadata())
|
||||
report.subscription = subscription
|
||||
report.status = "PASS"
|
||||
report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} allows trusted Microsoft services to access this storage account"
|
||||
report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} allows trusted Microsoft services to access this storage account."
|
||||
report.resource_name = storage_account.name
|
||||
report.resource_id = storage_account.id
|
||||
if "AzureServices" not in storage_account.network_rule_set.bypass:
|
||||
report.status = "FAIL"
|
||||
report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} does not allow trusted Microsoft services to access this storage account"
|
||||
report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} does not allow trusted Microsoft services to access this storage account."
|
||||
|
||||
findings.append(report)
|
||||
|
||||
|
||||
@@ -10,12 +10,12 @@ class storage_ensure_encryption_with_customer_managed_keys(Check):
|
||||
report = Check_Report_Azure(self.metadata())
|
||||
report.subscription = subscription
|
||||
report.status = "PASS"
|
||||
report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} encrypts with CMKs"
|
||||
report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} encrypts with CMKs."
|
||||
report.resource_name = storage_account.name
|
||||
report.resource_id = storage_account.id
|
||||
if storage_account.encryption_type != "Microsoft.Keyvault":
|
||||
report.status = "FAIL"
|
||||
report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} does not encrypt with CMKs"
|
||||
report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} does not encrypt with CMKs."
|
||||
|
||||
findings.append(report)
|
||||
|
||||
|
||||
@@ -10,12 +10,12 @@ class storage_ensure_minimum_tls_version_12(Check):
|
||||
report = Check_Report_Azure(self.metadata())
|
||||
report.subscription = subscription
|
||||
report.status = "PASS"
|
||||
report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has TLS version set to 1.2"
|
||||
report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has TLS version set to 1.2."
|
||||
report.resource_name = storage_account.name
|
||||
report.resource_id = storage_account.id
|
||||
if storage_account.minimum_tls_version != "TLS1_2":
|
||||
report.status = "FAIL"
|
||||
report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} does not have TLS version set to 1.2"
|
||||
report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} does not have TLS version set to 1.2."
|
||||
|
||||
findings.append(report)
|
||||
|
||||
|
||||
@@ -10,12 +10,12 @@ class storage_infrastructure_encryption_is_enabled(Check):
|
||||
report = Check_Report_Azure(self.metadata())
|
||||
report.subscription = subscription
|
||||
report.status = "PASS"
|
||||
report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has infrastructure encryption enabled"
|
||||
report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has infrastructure encryption enabled."
|
||||
report.resource_name = storage_account.name
|
||||
report.resource_id = storage_account.id
|
||||
if not storage_account.infrastructure_encryption:
|
||||
report.status = "FAIL"
|
||||
report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has infrastructure encryption disabled"
|
||||
report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has infrastructure encryption disabled."
|
||||
|
||||
findings.append(report)
|
||||
|
||||
|
||||
@@ -10,12 +10,12 @@ class storage_secure_transfer_required_is_enabled(Check):
|
||||
report = Check_Report_Azure(self.metadata())
|
||||
report.subscription = subscription
|
||||
report.status = "PASS"
|
||||
report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has secure transfer required enabled"
|
||||
report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has secure transfer required enabled."
|
||||
report.resource_name = storage_account.name
|
||||
report.resource_id = storage_account.id
|
||||
if not storage_account.enable_https_traffic_only:
|
||||
report.status = "FAIL"
|
||||
report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has secure transfer required disabled"
|
||||
report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has secure transfer required disabled."
|
||||
|
||||
findings.append(report)
|
||||
|
||||
|
||||
@@ -50,7 +50,7 @@ class Test_defender_ensure_defender_for_app_services_is_on:
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for App Services from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)"
|
||||
== f"Defender plan Defender for App Services from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan App Services"
|
||||
@@ -83,7 +83,7 @@ class Test_defender_ensure_defender_for_app_services_is_on:
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for App Services from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)"
|
||||
== f"Defender plan Defender for App Services from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan App Services"
|
||||
|
||||
@@ -50,7 +50,7 @@ class Test_defender_ensure_defender_for_arm_is_on:
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for ARM from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)"
|
||||
== f"Defender plan Defender for ARM from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan ARM"
|
||||
@@ -83,7 +83,7 @@ class Test_defender_ensure_defender_for_arm_is_on:
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for ARM from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)"
|
||||
== f"Defender plan Defender for ARM from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan ARM"
|
||||
|
||||
@@ -50,7 +50,7 @@ class Test_defender_ensure_defender_for_azure_sql_databases_is_on:
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for Azure SQL DB Servers from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)"
|
||||
== f"Defender plan Defender for Azure SQL DB Servers from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan Azure SQL DB Servers"
|
||||
@@ -83,7 +83,7 @@ class Test_defender_ensure_defender_for_azure_sql_databases_is_on:
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for Azure SQL DB Servers from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)"
|
||||
== f"Defender plan Defender for Azure SQL DB Servers from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan Azure SQL DB Servers"
|
||||
|
||||
@@ -50,7 +50,7 @@ class Test_defender_ensure_defender_for_containers_is_on:
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for Containers from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)"
|
||||
== f"Defender plan Defender for Containers from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan Container Registries"
|
||||
@@ -83,7 +83,7 @@ class Test_defender_ensure_defender_for_containers_is_on:
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for Containers from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)"
|
||||
== f"Defender plan Defender for Containers from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan Container Registries"
|
||||
|
||||
@@ -50,7 +50,7 @@ class Test_defender_ensure_defender_for_cosmosdb_is_on:
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for Cosmos DB from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)"
|
||||
== f"Defender plan Defender for Cosmos DB from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan Cosmos DB"
|
||||
@@ -83,7 +83,7 @@ class Test_defender_ensure_defender_for_cosmosdb_is_on:
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for Cosmos DB from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)"
|
||||
== f"Defender plan Defender for Cosmos DB from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan Cosmos DB"
|
||||
|
||||
@@ -165,7 +165,7 @@ class Test_defender_ensure_defender_for_databases_is_on:
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for Databases from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)"
|
||||
== f"Defender plan Defender for Databases from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan Databases"
|
||||
@@ -213,7 +213,7 @@ class Test_defender_ensure_defender_for_databases_is_on:
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for Databases from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)"
|
||||
== f"Defender plan Defender for Databases from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan Databases"
|
||||
|
||||
@@ -50,7 +50,7 @@ class Test_defender_ensure_defender_for_dns_is_on:
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for DNS from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)"
|
||||
== f"Defender plan Defender for DNS from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan DNS"
|
||||
@@ -83,7 +83,7 @@ class Test_defender_ensure_defender_for_dns_is_on:
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for DNS from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)"
|
||||
== f"Defender plan Defender for DNS from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan DNS"
|
||||
|
||||
@@ -50,7 +50,7 @@ class Test_defender_ensure_defender_for_keyvault_is_on:
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for KeyVaults from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)"
|
||||
== f"Defender plan Defender for KeyVaults from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan KeyVaults"
|
||||
@@ -83,7 +83,7 @@ class Test_defender_ensure_defender_for_keyvault_is_on:
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for KeyVaults from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)"
|
||||
== f"Defender plan Defender for KeyVaults from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan KeyVaults"
|
||||
|
||||
@@ -50,7 +50,7 @@ class Test_defender_ensure_defender_for_os_relational_databases_is_on:
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for Open-Source Relational Databases from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)"
|
||||
== f"Defender plan Defender for Open-Source Relational Databases from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert (
|
||||
@@ -86,7 +86,7 @@ class Test_defender_ensure_defender_for_os_relational_databases_is_on:
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for Open-Source Relational Databases from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)"
|
||||
== f"Defender plan Defender for Open-Source Relational Databases from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert (
|
||||
|
||||
@@ -50,7 +50,7 @@ class Test_defender_ensure_defender_for_server_is_on:
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for Servers from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)"
|
||||
== f"Defender plan Defender for Servers from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan Servers"
|
||||
@@ -83,7 +83,7 @@ class Test_defender_ensure_defender_for_server_is_on:
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for Servers from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)"
|
||||
== f"Defender plan Defender for Servers from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan Servers"
|
||||
|
||||
@@ -50,7 +50,7 @@ class Test_defender_ensure_defender_for_sql_servers_is_on:
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for SQL Server VMs from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)"
|
||||
== f"Defender plan Defender for SQL Server VMs from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan SQL Server VMs"
|
||||
@@ -83,7 +83,7 @@ class Test_defender_ensure_defender_for_sql_servers_is_on:
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for SQL Server VMs from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)"
|
||||
== f"Defender plan Defender for SQL Server VMs from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan SQL Server VMs"
|
||||
|
||||
@@ -50,7 +50,7 @@ class Test_defender_ensure_defender_for_storage_is_on:
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for Storage Accounts from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)"
|
||||
== f"Defender plan Defender for Storage Accounts from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan Storage Accounts"
|
||||
@@ -83,7 +83,7 @@ class Test_defender_ensure_defender_for_storage_is_on:
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Defender plan Defender for Storage Accounts from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)"
|
||||
== f"Defender plan Defender for Storage Accounts from subscription {AZURE_SUSCRIPTION} is set to ON (pricing tier standard)."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "Defender plan Storage Accounts"
|
||||
|
||||
@@ -54,7 +54,7 @@ class Test_defender_ensure_defender_for_storage_is_on:
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Role {role_name} from subscription {AZURE_SUSCRIPTION} is a custom owner role"
|
||||
== f"Role {role_name} from subscription {AZURE_SUSCRIPTION} is a custom owner role."
|
||||
)
|
||||
|
||||
def test_iam_custom_owner_role_created_with_no_permissions(self):
|
||||
@@ -86,5 +86,5 @@ class Test_defender_ensure_defender_for_storage_is_on:
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Role {role_name} from subscription {AZURE_SUSCRIPTION} is not a custom owner role"
|
||||
== f"Role {role_name} from subscription {AZURE_SUSCRIPTION} is not a custom owner role."
|
||||
)
|
||||
|
||||
@@ -61,7 +61,7 @@ class Test_defender_ensure_defender_for_storage_is_on:
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"SQL Server {sql_server_name} from subscription {AZURE_SUSCRIPTION} does not have any auditing policy configured"
|
||||
== f"SQL Server {sql_server_name} from subscription {AZURE_SUSCRIPTION} does not have any auditing policy configured."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == sql_server_name
|
||||
@@ -99,7 +99,7 @@ class Test_defender_ensure_defender_for_storage_is_on:
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"SQL Server {sql_server_name} from subscription {AZURE_SUSCRIPTION} has a auditing policy configured"
|
||||
== f"SQL Server {sql_server_name} from subscription {AZURE_SUSCRIPTION} has a auditing policy configured."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == sql_server_name
|
||||
|
||||
@@ -57,7 +57,7 @@ class Test_defender_ensure_defender_for_storage_is_on:
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"SQL Server {sql_server_name} from subscription {AZURE_SUSCRIPTION} does not have an Active Directory administrator"
|
||||
== f"SQL Server {sql_server_name} from subscription {AZURE_SUSCRIPTION} does not have an Active Directory administrator."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == sql_server_name
|
||||
@@ -97,7 +97,7 @@ class Test_defender_ensure_defender_for_storage_is_on:
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"SQL Server {sql_server_name} from subscription {AZURE_SUSCRIPTION} does not have an Active Directory administrator"
|
||||
== f"SQL Server {sql_server_name} from subscription {AZURE_SUSCRIPTION} does not have an Active Directory administrator."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == sql_server_name
|
||||
@@ -137,7 +137,7 @@ class Test_defender_ensure_defender_for_storage_is_on:
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"SQL Server {sql_server_name} from subscription {AZURE_SUSCRIPTION} has an Active Directory administrator"
|
||||
== f"SQL Server {sql_server_name} from subscription {AZURE_SUSCRIPTION} has an Active Directory administrator."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == sql_server_name
|
||||
|
||||
@@ -61,7 +61,7 @@ class Test_defender_ensure_defender_for_storage_is_on:
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"SQL Server {sql_server_name} from subscription {AZURE_SUSCRIPTION} has firewall rules allowing 0.0.0.0-255.255.255.255"
|
||||
== f"SQL Server {sql_server_name} from subscription {AZURE_SUSCRIPTION} has firewall rules allowing 0.0.0.0-255.255.255.255."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == sql_server_name
|
||||
@@ -103,7 +103,7 @@ class Test_defender_ensure_defender_for_storage_is_on:
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"SQL Server {sql_server_name} from subscription {AZURE_SUSCRIPTION} does not have firewall rules allowing 0.0.0.0-255.255.255.255"
|
||||
== f"SQL Server {sql_server_name} from subscription {AZURE_SUSCRIPTION} does not have firewall rules allowing 0.0.0.0-255.255.255.255."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == sql_server_name
|
||||
|
||||
@@ -56,7 +56,7 @@ class Test_storage_blob_public_access_level_is_disabled:
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Storage account {storage_account_name} from subscription {AZURE_SUSCRIPTION} has allow blob public access enabled"
|
||||
== f"Storage account {storage_account_name} from subscription {AZURE_SUSCRIPTION} has allow blob public access enabled."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == storage_account_name
|
||||
@@ -95,7 +95,7 @@ class Test_storage_blob_public_access_level_is_disabled:
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Storage account {storage_account_name} from subscription {AZURE_SUSCRIPTION} has allow blob public access disabled"
|
||||
== f"Storage account {storage_account_name} from subscription {AZURE_SUSCRIPTION} has allow blob public access disabled."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == storage_account_name
|
||||
|
||||
@@ -58,7 +58,7 @@ class Test_storage_default_network_access_rule_is_denied:
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Storage account {storage_account_name} from subscription {AZURE_SUSCRIPTION} has network access rule set to Allow"
|
||||
== f"Storage account {storage_account_name} from subscription {AZURE_SUSCRIPTION} has network access rule set to Allow."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == storage_account_name
|
||||
@@ -97,7 +97,7 @@ class Test_storage_default_network_access_rule_is_denied:
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Storage account {storage_account_name} from subscription {AZURE_SUSCRIPTION} has network access rule set to Deny"
|
||||
== f"Storage account {storage_account_name} from subscription {AZURE_SUSCRIPTION} has network access rule set to Deny."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == storage_account_name
|
||||
|
||||
@@ -58,7 +58,7 @@ class Test_storage_ensure_azure_services_are_trusted_to_access_is_enabled:
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Storage account {storage_account_name} from subscription {AZURE_SUSCRIPTION} does not allow trusted Microsoft services to access this storage account"
|
||||
== f"Storage account {storage_account_name} from subscription {AZURE_SUSCRIPTION} does not allow trusted Microsoft services to access this storage account."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == storage_account_name
|
||||
@@ -97,7 +97,7 @@ class Test_storage_ensure_azure_services_are_trusted_to_access_is_enabled:
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Storage account {storage_account_name} from subscription {AZURE_SUSCRIPTION} allows trusted Microsoft services to access this storage account"
|
||||
== f"Storage account {storage_account_name} from subscription {AZURE_SUSCRIPTION} allows trusted Microsoft services to access this storage account."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == storage_account_name
|
||||
|
||||
@@ -56,7 +56,7 @@ class Test_storage_ensure_encryption_with_customer_managed_keys:
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Storage account {storage_account_name} from subscription {AZURE_SUSCRIPTION} does not encrypt with CMKs"
|
||||
== f"Storage account {storage_account_name} from subscription {AZURE_SUSCRIPTION} does not encrypt with CMKs."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == storage_account_name
|
||||
@@ -95,7 +95,7 @@ class Test_storage_ensure_encryption_with_customer_managed_keys:
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Storage account {storage_account_name} from subscription {AZURE_SUSCRIPTION} encrypts with CMKs"
|
||||
== f"Storage account {storage_account_name} from subscription {AZURE_SUSCRIPTION} encrypts with CMKs."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == storage_account_name
|
||||
|
||||
@@ -56,7 +56,7 @@ class Test_storage_ensure_minimum_tls_version_12:
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Storage account {storage_account_name} from subscription {AZURE_SUSCRIPTION} does not have TLS version set to 1.2"
|
||||
== f"Storage account {storage_account_name} from subscription {AZURE_SUSCRIPTION} does not have TLS version set to 1.2."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == storage_account_name
|
||||
@@ -95,7 +95,7 @@ class Test_storage_ensure_minimum_tls_version_12:
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Storage account {storage_account_name} from subscription {AZURE_SUSCRIPTION} has TLS version set to 1.2"
|
||||
== f"Storage account {storage_account_name} from subscription {AZURE_SUSCRIPTION} has TLS version set to 1.2."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == storage_account_name
|
||||
|
||||
@@ -56,7 +56,7 @@ class Test_storage_infrastructure_encryption_is_enabled:
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Storage account {storage_account_name} from subscription {AZURE_SUSCRIPTION} has infrastructure encryption disabled"
|
||||
== f"Storage account {storage_account_name} from subscription {AZURE_SUSCRIPTION} has infrastructure encryption disabled."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == storage_account_name
|
||||
@@ -95,7 +95,7 @@ class Test_storage_infrastructure_encryption_is_enabled:
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Storage account {storage_account_name} from subscription {AZURE_SUSCRIPTION} has infrastructure encryption enabled"
|
||||
== f"Storage account {storage_account_name} from subscription {AZURE_SUSCRIPTION} has infrastructure encryption enabled."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == storage_account_name
|
||||
|
||||
@@ -56,7 +56,7 @@ class Test_storage_secure_transfer_required_is_enabled:
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Storage account {storage_account_name} from subscription {AZURE_SUSCRIPTION} has secure transfer required disabled"
|
||||
== f"Storage account {storage_account_name} from subscription {AZURE_SUSCRIPTION} has secure transfer required disabled."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == storage_account_name
|
||||
@@ -95,7 +95,7 @@ class Test_storage_secure_transfer_required_is_enabled:
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Storage account {storage_account_name} from subscription {AZURE_SUSCRIPTION} has secure transfer required enabled"
|
||||
== f"Storage account {storage_account_name} from subscription {AZURE_SUSCRIPTION} has secure transfer required enabled."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == storage_account_name
|
||||
|
||||
Reference in New Issue
Block a user