From 523605e3e721eda87df9925a822bcb4b9e6ae0d4 Mon Sep 17 00:00:00 2001
From: Nacho Rivera <nachor1992@gmail.com>
Date: Mon, 27 Nov 2023 11:00:22 +0100
Subject: [PATCH] fix(set_azure_audit_info): assign correct logging when no
 auth (#3063)

---
 .../providers/azure/lib/exception/__init__.py |  0
 .../azure/lib/exception/exception.py          | 11 +++
 prowler/providers/common/audit_info.py        |  5 +-
 tests/providers/common/audit_info_test.py     | 98 +++++++++++++++++++
 4 files changed, 112 insertions(+), 2 deletions(-)
 create mode 100644 prowler/providers/azure/lib/exception/__init__.py
 create mode 100644 prowler/providers/azure/lib/exception/exception.py

diff --git a/prowler/providers/azure/lib/exception/__init__.py b/prowler/providers/azure/lib/exception/__init__.py
new file mode 100644
index 00000000..e69de29b
diff --git a/prowler/providers/azure/lib/exception/exception.py b/prowler/providers/azure/lib/exception/exception.py
new file mode 100644
index 00000000..51fe95d0
--- /dev/null
+++ b/prowler/providers/azure/lib/exception/exception.py
@@ -0,0 +1,11 @@
+class AzureException(Exception):
+    """
+    Exception raised when dealing with Azure Provider/Azure audit info instance
+
+    Attributes:
+        message -- message to be displayed
+    """
+
+    def __init__(self, message):
+        self.message = message
+        super().__init__(self.message)
diff --git a/prowler/providers/common/audit_info.py b/prowler/providers/common/audit_info.py
index 6ec6b429..ec8b302b 100644
--- a/prowler/providers/common/audit_info.py
+++ b/prowler/providers/common/audit_info.py
@@ -30,6 +30,7 @@ from prowler.providers.azure.lib.audit_info.models import (
     Azure_Audit_Info,
     Azure_Region_Config,
 )
+from prowler.providers.azure.lib.exception.exception import AzureException
 from prowler.providers.gcp.gcp_provider import GCP_Provider
 from prowler.providers.gcp.lib.audit_info.audit_info import gcp_audit_info
 from prowler.providers.gcp.lib.audit_info.models import GCP_Audit_Info
@@ -295,11 +296,11 @@ Azure Identity Type: {Fore.YELLOW}[{audit_info.identity.identity_type}]{Style.RE
             and not browser_auth
             and not managed_entity_auth
         ):
-            raise Exception(
+            raise AzureException(
                 "Azure provider requires at least one authentication method set: [--az-cli-auth | --sp-env-auth | --browser-auth | --managed-identity-auth]"
             )
         if (not browser_auth and tenant_id) or (browser_auth and not tenant_id):
-            raise Exception(
+            raise AzureException(
                 "Azure Tenant ID (--tenant-id) is required only for browser authentication mode"
             )
 
diff --git a/tests/providers/common/audit_info_test.py b/tests/providers/common/audit_info_test.py
index 4ce4fb0c..2f09c986 100644
--- a/tests/providers/common/audit_info_test.py
+++ b/tests/providers/common/audit_info_test.py
@@ -13,6 +13,7 @@ from prowler.providers.azure.lib.audit_info.models import (
     Azure_Identity_Info,
     Azure_Region_Config,
 )
+from prowler.providers.azure.lib.exception.exception import AzureException
 from prowler.providers.common.audit_info import (
     Audit_Info,
     get_tagged_resources,
@@ -158,6 +159,103 @@ class Test_Set_Audit_Info:
         audit_info = set_provider_audit_info(provider, arguments)
         assert isinstance(audit_info, Azure_Audit_Info)
 
+    @patch(
+        "prowler.providers.common.audit_info.azure_audit_info",
+        new=mock_azure_audit_info,
+    )
+    @patch.object(Azure_Provider, "__get_credentials__", new=mock_set_azure_credentials)
+    @patch.object(Azure_Provider, "__get_identity_info__", new=mock_set_identity_info)
+    def test_set_azure_audit_info_not_auth_methods(self):
+        arguments = {
+            "profile": None,
+            "role": None,
+            "session_duration": None,
+            "external_id": None,
+            "regions": None,
+            "organizations_role": None,
+            "subscriptions": None,
+            # We need to set exactly one auth method
+            "az_cli_auth": None,
+            "sp_env_auth": None,
+            "browser_auth": None,
+            "managed_entity_auth": None,
+            "config_file": default_config_file_path,
+            "azure_region": "AzureCloud",
+        }
+
+        with pytest.raises(AzureException) as exception:
+            _ = Audit_Info().set_azure_audit_info(arguments)
+        assert exception.type == AzureException
+        assert (
+            exception.value.args[0]
+            == "Azure provider requires at least one authentication method set: [--az-cli-auth | --sp-env-auth | --browser-auth | --managed-identity-auth]"
+        )
+
+    @patch(
+        "prowler.providers.common.audit_info.azure_audit_info",
+        new=mock_azure_audit_info,
+    )
+    @patch.object(Azure_Provider, "__get_credentials__", new=mock_set_azure_credentials)
+    @patch.object(Azure_Provider, "__get_identity_info__", new=mock_set_identity_info)
+    def test_set_azure_audit_info_browser_auth_but_not_tenant_id(self):
+        arguments = {
+            "profile": None,
+            "role": None,
+            "session_duration": None,
+            "external_id": None,
+            "regions": None,
+            "organizations_role": None,
+            "subscriptions": None,
+            # We need to set exactly one auth method
+            "az_cli_auth": None,
+            "sp_env_auth": None,
+            "browser_auth": True,
+            "managed_entity_auth": None,
+            "config_file": default_config_file_path,
+            "azure_region": "AzureCloud",
+        }
+
+        with pytest.raises(AzureException) as exception:
+            _ = Audit_Info().set_azure_audit_info(arguments)
+        assert exception.type == AzureException
+        assert (
+            exception.value.args[0]
+            == "Azure Tenant ID (--tenant-id) is required only for browser authentication mode"
+        )
+
+    @patch(
+        "prowler.providers.common.audit_info.azure_audit_info",
+        new=mock_azure_audit_info,
+    )
+    @patch.object(Azure_Provider, "__get_credentials__", new=mock_set_azure_credentials)
+    @patch.object(Azure_Provider, "__get_identity_info__", new=mock_set_identity_info)
+    def test_set_azure_audit_info_tenant_id_but_no_browser_auth(self):
+        arguments = {
+            "profile": None,
+            "role": None,
+            "session_duration": None,
+            "external_id": None,
+            "regions": None,
+            "organizations_role": None,
+            "subscriptions": None,
+            # We need to set exactly one auth method
+            "az_cli_auth": True,
+            "sp_env_auth": None,
+            "browser_auth": None,
+            "managed_entity_auth": None,
+            "config_file": default_config_file_path,
+            "azure_region": "AzureCloud",
+            "tenant_id": "test-tenant-id",
+        }
+
+        with pytest.raises(AzureException) as exception:
+            _ = Audit_Info().set_azure_audit_info(arguments)
+        assert exception.type == AzureException
+        assert (
+            exception.value.args[0]
+            == "Azure Tenant ID (--tenant-id) is required only for browser authentication mode"
+        )
+
     @patch.object(GCP_Provider, "__set_credentials__", new=mock_set_gcp_credentials)
     @patch.object(GCP_Provider, "get_project_ids", new=mock_get_project_ids)
     @patch.object(Audit_Info, "print_gcp_credentials", new=mock_print_audit_credentials)