feat(aws): Added AWS role session name parameter (#3234)

Co-authored-by: Sergio Garcia <sergargar1@gmail.com>
2026-02-10 14:55:00 +00:00 · 2024-01-08 13:49:13 +02:00
parent 9522d0c733
commit 558b7a54c7
9 changed files with 88 additions and 7 deletions
--- a/tests/lib/cli/parser_test.py
+++ b/tests/lib/cli/parser_test.py
@@ -5,7 +5,10 @@ import pytest
 from mock import patch

 from prowler.lib.cli.parser import ProwlerArgumentParser
-from prowler.providers.aws.lib.arguments.arguments import validate_bucket
+from prowler.providers.aws.lib.arguments.arguments import (
+    validate_bucket,
+    validate_role_session_name,
+)
 from prowler.providers.azure.lib.arguments.arguments import validate_azure_region

 prowler_command = "prowler"
@@ -1012,6 +1015,13 @@ class Test_Parser:
        parsed = self.parser.parse(command)
        assert parsed.sts_endpoint_region == sts_endpoint_region

+    def test_aws_parser_role_session_name(self):
+        argument = "--role-session-name"
+        role_session_name = "ProwlerAssessmentSession"
+        command = [prowler_command, argument, role_session_name]
+        parsed = self.parser.parse(command)
+        assert parsed.role_session_name == role_session_name
+
    def test_parser_azure_auth_sp(self):
        argument = "--sp-env-auth"
        command = [prowler_command, "azure", argument]
@@ -1164,3 +1174,25 @@ class Test_Parser:
        valid_bucket_names = ["bucket-name" "test" "test-test-test"]
        for bucket_name in valid_bucket_names:
            assert validate_bucket(bucket_name) == bucket_name
+
+    def test_validate_role_session_name_invalid_role_names(self):
+        bad_role_names = [
+            "role name",
+            "adasD*",
+            "test#",
+            "role-name?",
+        ]
+        for role_name in bad_role_names:
+            with pytest.raises(ArgumentTypeError) as argument_error:
+                validate_role_session_name(role_name)
+
+            assert argument_error.type == ArgumentTypeError
+            assert (
+                argument_error.value.args[0]
+                == "Role Session Name must be 2-64 characters long and consist only of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-"
+            )
+
+    def test_validate_role_session_name_valid_role_names(self):
+        valid_role_names = ["prowler-role" "test@" "test=test+test,."]
+        for role_name in valid_role_names:
+            assert validate_role_session_name(role_name) == role_name