From 5c3e3dbda3106ee2d91c2431adc5c1ab76b73813 Mon Sep 17 00:00:00 2001 From: Pepe Fagoaga Date: Tue, 12 Mar 2024 10:13:17 +0100 Subject: [PATCH] fix(glue): Add mocked ARN (#3515) --- ...ction_passwords_encryption_enabled_test.py | 31 +++++++++++++------ ...talogs_metadata_encryption_enabled_test.py | 27 +++++++++------- 2 files changed, 37 insertions(+), 21 deletions(-) diff --git a/tests/providers/aws/services/glue/glue_data_catalogs_connection_passwords_encryption_enabled/glue_data_catalogs_connection_passwords_encryption_enabled_test.py b/tests/providers/aws/services/glue/glue_data_catalogs_connection_passwords_encryption_enabled/glue_data_catalogs_connection_passwords_encryption_enabled_test.py index b6f4c990..4ece5b91 100644 --- a/tests/providers/aws/services/glue/glue_data_catalogs_connection_passwords_encryption_enabled/glue_data_catalogs_connection_passwords_encryption_enabled_test.py +++ b/tests/providers/aws/services/glue/glue_data_catalogs_connection_passwords_encryption_enabled/glue_data_catalogs_connection_passwords_encryption_enabled_test.py @@ -2,6 +2,8 @@ from unittest import mock from prowler.providers.aws.services.glue.glue_service import CatalogEncryptionSetting from tests.providers.aws.audit_info_utils import ( + AWS_ACCOUNT_NUMBER, + AWS_COMMERCIAL_PARTITION, AWS_REGION_US_EAST_1, set_mocked_aws_audit_info, ) @@ -40,8 +42,8 @@ class Test_glue_data_catalogs_connection_passwords_encryption_enabled: password_kms_id=None, ) ] - glue_client.audited_account = "12345678912" - glue_client.audited_partition = "aws" + glue_client.audited_account = AWS_ACCOUNT_NUMBER + glue_client.audited_partition = AWS_COMMERCIAL_PARTITION glue_client.region = AWS_REGION_US_EAST_1 glue_client.data_catalog_arn_template = f"arn:{glue_client.audited_partition}:glue:{glue_client.region}:{glue_client.audited_account}:data-catalog" glue_client.__get_data_catalog_arn_template__ = mock.MagicMock( @@ -65,7 +67,8 @@ class Test_glue_data_catalogs_connection_passwords_encryption_enabled: result[0].status_extended == "Glue data catalog connection password is not encrypted." ) - assert result[0].resource_id == "12345678912" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER + assert result[0].resource_arn == glue_client.data_catalog_arn_template assert result[0].region == AWS_REGION_US_EAST_1 def test_glue_catalog_password_unencrypted_ignoring(self): @@ -81,8 +84,8 @@ class Test_glue_data_catalogs_connection_passwords_encryption_enabled: password_kms_id=None, ) ] - glue_client.audited_account = "12345678912" - glue_client.audited_partition = "aws" + glue_client.audited_account = AWS_ACCOUNT_NUMBER + glue_client.audited_partition = AWS_COMMERCIAL_PARTITION glue_client.region = AWS_REGION_US_EAST_1 glue_client.data_catalog_arn_template = f"arn:{glue_client.audited_partition}:glue:{glue_client.region}:{glue_client.audited_account}:data-catalog" glue_client.__get_data_catalog_arn_template__ = mock.MagicMock( @@ -116,9 +119,9 @@ class Test_glue_data_catalogs_connection_passwords_encryption_enabled: password_kms_id=None, ) ] - glue_client.audited_account = "12345678912" - glue_client.audited_partition = "aws" + glue_client.audited_partition = AWS_COMMERCIAL_PARTITION glue_client.region = AWS_REGION_US_EAST_1 + glue_client.audited_account = AWS_ACCOUNT_NUMBER glue_client.data_catalog_arn_template = f"arn:{glue_client.audited_partition}:glue:{glue_client.region}:{glue_client.audited_account}:data-catalog" glue_client.__get_data_catalog_arn_template__ = mock.MagicMock( return_value=glue_client.data_catalog_arn_template @@ -142,7 +145,8 @@ class Test_glue_data_catalogs_connection_passwords_encryption_enabled: result[0].status_extended == "Glue data catalog connection password is not encrypted." ) - assert result[0].resource_id == "12345678912" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER + assert result[0].resource_arn == glue_client.data_catalog_arn_template assert result[0].region == AWS_REGION_US_EAST_1 def test_glue_catalog_encrypted(self): @@ -157,7 +161,13 @@ class Test_glue_data_catalogs_connection_passwords_encryption_enabled: password_kms_id="kms-key", ) ] - glue_client.audited_account = "12345678912" + glue_client.audited_partition = AWS_COMMERCIAL_PARTITION + glue_client.region = AWS_REGION_US_EAST_1 + glue_client.audited_account = AWS_ACCOUNT_NUMBER + glue_client.data_catalog_arn_template = f"arn:{glue_client.audited_partition}:glue:{glue_client.region}:{glue_client.audited_account}:data-catalog" + glue_client.__get_data_catalog_arn_template__ = mock.MagicMock( + return_value=glue_client.data_catalog_arn_template + ) with mock.patch( "prowler.providers.aws.services.glue.glue_service.Glue", @@ -177,5 +187,6 @@ class Test_glue_data_catalogs_connection_passwords_encryption_enabled: result[0].status_extended == "Glue data catalog connection password is encrypted with KMS key kms-key." ) - assert result[0].resource_id == "12345678912" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER + assert result[0].resource_arn == glue_client.data_catalog_arn_template assert result[0].region == AWS_REGION_US_EAST_1 diff --git a/tests/providers/aws/services/glue/glue_data_catalogs_metadata_encryption_enabled/glue_data_catalogs_metadata_encryption_enabled_test.py b/tests/providers/aws/services/glue/glue_data_catalogs_metadata_encryption_enabled/glue_data_catalogs_metadata_encryption_enabled_test.py index ccb3d589..23315cf5 100644 --- a/tests/providers/aws/services/glue/glue_data_catalogs_metadata_encryption_enabled/glue_data_catalogs_metadata_encryption_enabled_test.py +++ b/tests/providers/aws/services/glue/glue_data_catalogs_metadata_encryption_enabled/glue_data_catalogs_metadata_encryption_enabled_test.py @@ -3,6 +3,8 @@ from unittest import mock from prowler.providers.aws.services.glue.glue_service import CatalogEncryptionSetting from tests.providers.aws.audit_info_utils import ( + AWS_ACCOUNT_NUMBER, + AWS_COMMERCIAL_PARTITION, AWS_REGION_US_EAST_1, set_mocked_aws_audit_info, ) @@ -41,9 +43,9 @@ class Test_glue_data_catalogs_metadata_encryption_enabled: password_kms_id=None, ) ] - glue_client.audited_account = "12345678912" - glue_client.audited_partition = "aws" glue_client.region = AWS_REGION_US_EAST_1 + glue_client.audited_account = AWS_ACCOUNT_NUMBER + glue_client.audited_partition = AWS_COMMERCIAL_PARTITION glue_client.data_catalog_arn_template = f"arn:{glue_client.audited_partition}:glue:{glue_client.region}:{glue_client.audited_account}:data-catalog" glue_client.__get_data_catalog_arn_template__ = mock.MagicMock( return_value=glue_client.data_catalog_arn_template @@ -66,7 +68,8 @@ class Test_glue_data_catalogs_metadata_encryption_enabled: result[0].status_extended == "Glue data catalog settings have metadata encryption disabled." ) - assert result[0].resource_id == "12345678912" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER + assert result[0].resource_arn == glue_client.data_catalog_arn_template assert result[0].region == AWS_REGION_US_EAST_1 def test_glue_catalog_unencrypted_ignoring(self): @@ -82,10 +85,10 @@ class Test_glue_data_catalogs_metadata_encryption_enabled: password_kms_id=None, ) ] - glue_client.audited_account = "12345678912" glue_client.audit_info.ignore_unused_services = True - glue_client.audited_partition = "aws" glue_client.region = AWS_REGION_US_EAST_1 + glue_client.audited_account = AWS_ACCOUNT_NUMBER + glue_client.audited_partition = AWS_COMMERCIAL_PARTITION glue_client.data_catalog_arn_template = f"arn:{glue_client.audited_partition}:glue:{glue_client.region}:{glue_client.audited_account}:data-catalog" glue_client.__get_data_catalog_arn_template__ = mock.MagicMock( return_value=glue_client.data_catalog_arn_template @@ -117,10 +120,10 @@ class Test_glue_data_catalogs_metadata_encryption_enabled: password_kms_id=None, ) ] - glue_client.audited_account = "12345678912" glue_client.audit_info.ignore_unused_services = True - glue_client.audited_partition = "aws" glue_client.region = AWS_REGION_US_EAST_1 + glue_client.audited_account = AWS_ACCOUNT_NUMBER + glue_client.audited_partition = AWS_COMMERCIAL_PARTITION glue_client.data_catalog_arn_template = f"arn:{glue_client.audited_partition}:glue:{glue_client.region}:{glue_client.audited_account}:data-catalog" glue_client.__get_data_catalog_arn_template__ = mock.MagicMock( return_value=glue_client.data_catalog_arn_template @@ -143,7 +146,8 @@ class Test_glue_data_catalogs_metadata_encryption_enabled: "Glue data catalog settings have metadata encryption disabled.", result[0].status_extended, ) - assert result[0].resource_id == "12345678912" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER + assert result[0].resource_arn == glue_client.data_catalog_arn_template assert result[0].region == AWS_REGION_US_EAST_1 def test_glue_catalog_encrypted(self): @@ -159,9 +163,9 @@ class Test_glue_data_catalogs_metadata_encryption_enabled: password_kms_id=None, ) ] - glue_client.audited_account = "12345678912" - glue_client.audited_partition = "aws" glue_client.region = AWS_REGION_US_EAST_1 + glue_client.audited_account = AWS_ACCOUNT_NUMBER + glue_client.audited_partition = AWS_COMMERCIAL_PARTITION glue_client.data_catalog_arn_template = f"arn:{glue_client.audited_partition}:glue:{glue_client.region}:{glue_client.audited_account}:data-catalog" glue_client.__get_data_catalog_arn_template__ = mock.MagicMock( return_value=glue_client.data_catalog_arn_template @@ -184,5 +188,6 @@ class Test_glue_data_catalogs_metadata_encryption_enabled: result[0].status_extended == "Glue data catalog settings have metadata encryption enabled with KMS key kms-key." ) - assert result[0].resource_id == "12345678912" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER + assert result[0].resource_arn == glue_client.data_catalog_arn_template assert result[0].region == AWS_REGION_US_EAST_1