ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 23:05:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(set_azure_audit_info): assign correct logging when no auth (#3063)

Browse Source
This commit is contained in:
Nacho Rivera
2023-11-27 11:00:22 +01:00
committed by GitHub
parent ed33fac337
commit 523605e3e7
4 changed files with 112 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
prowler/providers/azure/lib/exception/__init__.py Normal file
View File

11
prowler/providers/azure/lib/exception/exception.py Normal file
View File

@@ -0,0 +1,11 @@
class AzureException(Exception):
"""
Exception raised when dealing with Azure Provider/Azure audit info instance
Attributes:
message -- message to be displayed
"""
def __init__(self, message):
self.message = message
super().__init__(self.message)

5
prowler/providers/common/audit_info.py
View File

@@ -30,6 +30,7 @@ from prowler.providers.azure.lib.audit_info.models import (
Azure_Audit_Info,
Azure_Region_Config,
)
from prowler.providers.azure.lib.exception.exception import AzureException
from prowler.providers.gcp.gcp_provider import GCP_Provider
from prowler.providers.gcp.lib.audit_info.audit_info import gcp_audit_info
from prowler.providers.gcp.lib.audit_info.models import GCP_Audit_Info
@@ -295,11 +296,11 @@ Azure Identity Type: {Fore.YELLOW}[{audit_info.identity.identity_type}]{Style.RE
and not browser_auth
and not managed_entity_auth
):
raise Exception(
raise AzureException(
"Azure provider requires at least one authentication method set: [--az-cli-auth | --sp-env-auth | --browser-auth | --managed-identity-auth]"
)
if (not browser_auth and tenant_id) or (browser_auth and not tenant_id):
raise Exception(
raise AzureException(
"Azure Tenant ID (--tenant-id) is required only for browser authentication mode"
)

98
tests/providers/common/audit_info_test.py
View File

@@ -13,6 +13,7 @@ from prowler.providers.azure.lib.audit_info.models import (
Azure_Identity_Info,
Azure_Region_Config,
)
from prowler.providers.azure.lib.exception.exception import AzureException
from prowler.providers.common.audit_info import (
Audit_Info,
get_tagged_resources,
@@ -158,6 +159,103 @@ class Test_Set_Audit_Info:
audit_info = set_provider_audit_info(provider, arguments)
assert isinstance(audit_info, Azure_Audit_Info)
@patch(
"prowler.providers.common.audit_info.azure_audit_info",
new=mock_azure_audit_info,
)
@patch.object(Azure_Provider, "__get_credentials__", new=mock_set_azure_credentials)
@patch.object(Azure_Provider, "__get_identity_info__", new=mock_set_identity_info)
def test_set_azure_audit_info_not_auth_methods(self):
arguments = {
"profile": None,
"role": None,
"session_duration": None,
"external_id": None,
"regions": None,
"organizations_role": None,
"subscriptions": None,
# We need to set exactly one auth method
"az_cli_auth": None,
"sp_env_auth": None,
"browser_auth": None,
"managed_entity_auth": None,
"config_file": default_config_file_path,
"azure_region": "AzureCloud",
}
with pytest.raises(AzureException) as exception:
_ = Audit_Info().set_azure_audit_info(arguments)
assert exception.type == AzureException
assert (
exception.value.args[0]
== "Azure provider requires at least one authentication method set: [--az-cli-auth | --sp-env-auth | --browser-auth | --managed-identity-auth]"
)
@patch(
"prowler.providers.common.audit_info.azure_audit_info",
new=mock_azure_audit_info,
)
@patch.object(Azure_Provider, "__get_credentials__", new=mock_set_azure_credentials)
@patch.object(Azure_Provider, "__get_identity_info__", new=mock_set_identity_info)
def test_set_azure_audit_info_browser_auth_but_not_tenant_id(self):
arguments = {
"profile": None,
"role": None,
"session_duration": None,
"external_id": None,
"regions": None,
"organizations_role": None,
"subscriptions": None,
# We need to set exactly one auth method
"az_cli_auth": None,
"sp_env_auth": None,
"browser_auth": True,
"managed_entity_auth": None,
"config_file": default_config_file_path,
"azure_region": "AzureCloud",
}
with pytest.raises(AzureException) as exception:
_ = Audit_Info().set_azure_audit_info(arguments)
assert exception.type == AzureException
assert (
exception.value.args[0]
== "Azure Tenant ID (--tenant-id) is required only for browser authentication mode"
)
@patch(
"prowler.providers.common.audit_info.azure_audit_info",
new=mock_azure_audit_info,
)
@patch.object(Azure_Provider, "__get_credentials__", new=mock_set_azure_credentials)
@patch.object(Azure_Provider, "__get_identity_info__", new=mock_set_identity_info)
def test_set_azure_audit_info_tenant_id_but_no_browser_auth(self):
arguments = {
"profile": None,
"role": None,
"session_duration": None,
"external_id": None,
"regions": None,
"organizations_role": None,
"subscriptions": None,
# We need to set exactly one auth method
"az_cli_auth": True,
"sp_env_auth": None,
"browser_auth": None,
"managed_entity_auth": None,
"config_file": default_config_file_path,
"azure_region": "AzureCloud",
"tenant_id": "test-tenant-id",
}
with pytest.raises(AzureException) as exception:
_ = Audit_Info().set_azure_audit_info(arguments)
assert exception.type == AzureException
assert (
exception.value.args[0]
== "Azure Tenant ID (--tenant-id) is required only for browser authentication mode"
)
@patch.object(GCP_Provider, "__set_credentials__", new=mock_set_gcp_credentials)
@patch.object(GCP_Provider, "get_project_ids", new=mock_get_project_ids)
@patch.object(Audit_Info, "print_gcp_credentials", new=mock_print_audit_credentials)