ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 23:05:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(new check): add accessanalyzer_enabled check (#1864)

Browse Source 
Co-authored-by: sergargar <sergargar@users.noreply.github.com>
This commit is contained in:
Sergio Garcia
2023-02-08 17:39:25 +01:00
committed by GitHub
parent 7d2ce7e6ab
commit 5b9db9795d
8 changed files with 224 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

140
tests/providers/aws/services/accessanalyzer/accessanalyzer_enabled/accessanalyzer_enabled_test.py Normal file
View File

@@ -0,0 +1,140 @@
from unittest import mock
from prowler.providers.aws.services.accessanalyzer.accessanalyzer_service import (
Analyzer,
)
class Test_accessanalyzer_enabled:
def test_no_analyzers(self):
accessanalyzer_client = mock.MagicMock
accessanalyzer_client.analyzers = []
with mock.patch(
"prowler.providers.aws.services.accessanalyzer.accessanalyzer_service.AccessAnalyzer",
new=accessanalyzer_client,
):
# Test Check
from prowler.providers.aws.services.accessanalyzer.accessanalyzer_enabled.accessanalyzer_enabled import (
accessanalyzer_enabled,
)
check = accessanalyzer_enabled()
result = check.execute()
assert len(result) == 0
def test_one_analyzer_not_available(self):
# Include analyzers to check
accessanalyzer_client = mock.MagicMock
accessanalyzer_client.analyzers = [
Analyzer(
arn="",
name="012345678910",
status="NOT_AVAILABLE",
tags="",
type="",
region="eu-west-1",
)
]
with mock.patch(
"prowler.providers.aws.services.accessanalyzer.accessanalyzer_service.AccessAnalyzer",
accessanalyzer_client,
):
from prowler.providers.aws.services.accessanalyzer.accessanalyzer_enabled.accessanalyzer_enabled import (
accessanalyzer_enabled,
)
check = accessanalyzer_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert (
result[0].status_extended
== "IAM Access Analyzer in account 012345678910 is not enabled"
)
assert result[0].resource_id == "012345678910"
def test_two_analyzers(self):
accessanalyzer_client = mock.MagicMock
accessanalyzer_client.analyzers = [
Analyzer(
arn="",
name="012345678910",
status="NOT_AVAILABLE",
tags="",
type="",
region="eu-west-1",
),
Analyzer(
arn="",
name="Test Analyzer",
status="ACTIVE",
tags="",
type="",
region="eu-west-2",
),
]
# Patch AccessAnalyzer Client
with mock.patch(
"prowler.providers.aws.services.accessanalyzer.accessanalyzer_service.AccessAnalyzer",
new=accessanalyzer_client,
):
# Test Check
from prowler.providers.aws.services.accessanalyzer.accessanalyzer_enabled.accessanalyzer_enabled import (
accessanalyzer_enabled,
)
check = accessanalyzer_enabled()
result = check.execute()
assert len(result) == 2
assert result[0].status == "FAIL"
assert (
result[0].status_extended
== "IAM Access Analyzer in account 012345678910 is not enabled"
)
assert result[0].resource_id == "012345678910"
assert result[0].region == "eu-west-1"
assert result[1].status == "PASS"
assert (
result[1].status_extended
== "IAM Access Analyzer Test Analyzer is enabled"
)
assert result[1].resource_id == "Test Analyzer"
assert result[1].region == "eu-west-2"
def test_one_active_analyzer(self):
accessanalyzer_client = mock.MagicMock
accessanalyzer_client.analyzers = [
Analyzer(
arn="",
name="Test Analyzer",
status="ACTIVE",
tags="",
type="",
region="eu-west-2",
)
]
with mock.patch(
"prowler.providers.aws.services.accessanalyzer.accessanalyzer_service.AccessAnalyzer",
new=accessanalyzer_client,
):
# Test Check
from prowler.providers.aws.services.accessanalyzer.accessanalyzer_enabled.accessanalyzer_enabled import (
accessanalyzer_enabled,
)
check = accessanalyzer_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
assert (
result[0].status_extended
== "IAM Access Analyzer Test Analyzer is enabled"
)
assert result[0].resource_id == "Test Analyzer"
assert result[0].region == "eu-west-2"

18
tests/providers/aws/services/accessanalyzer/accessanalyzer_enabled_without_findings/accessanalyzer_enabled_without_findings_test.py
View File

@@ -30,7 +30,7 @@ class Test_accessanalyzer_enabled_without_findings:
accessanalyzer_client.analyzers = [
Analyzer(
arn="",
name="Test Analyzer",
name="012345678910",
status="NOT_AVAILABLE",
tags="",
type="",
@@ -52,16 +52,16 @@ class Test_accessanalyzer_enabled_without_findings:
assert result[0].status == "FAIL"
assert (
result[0].status_extended
== "IAM Access Analyzer Test Analyzer is not enabled"
== "IAM Access Analyzer in account 012345678910 is not enabled"
)
assert result[0].resource_id == "Test Analyzer"
assert result[0].resource_id == "012345678910"
def test_two_analyzers(self):
accessanalyzer_client = mock.MagicMock
accessanalyzer_client.analyzers = [
Analyzer(
arn="",
name="Test Analyzer",
name="012345678910",
status="NOT_AVAILABLE",
tags="",
type="",
@@ -104,9 +104,9 @@ class Test_accessanalyzer_enabled_without_findings:
assert result[0].status == "FAIL"
assert (
result[0].status_extended
== "IAM Access Analyzer Test Analyzer is not enabled"
== "IAM Access Analyzer in account 012345678910 is not enabled"
)
assert result[0].resource_id == "Test Analyzer"
assert result[0].resource_id == "012345678910"
assert result[0].region == "eu-west-1"
assert result[1].status == "FAIL"
assert (
@@ -155,7 +155,7 @@ class Test_accessanalyzer_enabled_without_findings:
accessanalyzer_client.analyzers = [
Analyzer(
arn="",
name="Test Analyzer",
name="012345678910",
status="NOT_AVAILABLE",
tags="",
type="",
@@ -179,7 +179,7 @@ class Test_accessanalyzer_enabled_without_findings:
assert result[0].status == "FAIL"
assert (
result[0].status_extended
== "IAM Access Analyzer Test Analyzer is not enabled"
== "IAM Access Analyzer in account 012345678910 is not enabled"
)
assert result[0].resource_id == "Test Analyzer"
assert result[0].resource_id == "012345678910"
assert result[0].region == "eu-west-1"