test(iam_user_two_active_access_key_test): Create unit tests (#1354)

Co-authored-by: sergargar <sergio@verica.io>

.github/workflows/pull-request.yml

@@ -0,0 +1,41 @@
+name: Lint & Test
+
+on:
+  push:
+    branches:
+      - 'prowler-3.0-dev'
+  pull_request:
+    branches:
+      - 'prowler-3.0-dev'
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.9"]
+
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v4
+        with:
+          python-version: ${{ matrix.python-version }}
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install pipenv
+          pipenv install
+      - name: Bandit
+        run: |
+          pipenv run bandit -q -lll -x '*_test.py,./contrib/' -r .
+      - name: Safety
+        run: |
+          pipenv run safety check
+      - name: Vulture
+        run: |
+          pipenv run vulture --exclude "contrib" --min-confidence 100 .
+      - name: Test with pytest
+        run: |
+          pipenv run pytest -n auto

.pre-commit-config.yaml

@@ -45,7 +45,7 @@ repos:
     hooks:
       - id: pytest-check
         name: pytest-check
-        entry: bash -c 'pytest'
+        entry: bash -c 'pytest -n auto'
         language: system
 
       - id: bandit

Makefile

@@ -1,7 +1,7 @@
 .DEFAULT_GOAL:=help
 
 test:   ## Test with pytest
-	pytest -v
+	pytest -n auto -vvv -s
 
 coverage: ## Show Test Coverage
 	coverage run --skip-covered -m pytest -v && \

Pipfile

@@ -16,6 +16,7 @@ safety = "1.10.3"
 vulture = "2.4"
 coverage = "6.4.1"
 pytest = "7.1.2"
+pytest-xdist = "2.5.0"
 
 [dev-packages]
 

Pipfile.lock

@@ -1,7 +1,7 @@
 {
   "_meta": {
     "hash": {
-      "sha256": "e77c8b5d556b7e3c336616485fe5c853f203896df85be049b89a4618bef8fab7"
+      "sha256": "be3fc654afc3da2914e7e3a61647d0f90cc468b4f2327568178440fca9adb9fe"
     },
     "pipfile-spec": 6,
     "requires": {
@@ -42,19 +42,19 @@
     },
     "boto3": {
       "hashes": [
-        "sha256:b72496c7eaa45afbdfa48a7c648c3211342582d91c8c1b7330d09c18242132d1",
-        "sha256:ec1aa3f4c2b68da1a9c01e175086f5f6b1b8b67780fa569ab8875be5bb3fd5ae"
+        "sha256:0e6ef4b5e47b6073887961028201ecfc2024198125f20fbe5f5c00234f124543",
+        "sha256:719bfafbe4e076055aa1a51269ffdbe9c61446679b67f31d61c237976661154c"
       ],
       "index": "pypi",
-      "version": "==1.24.61"
+      "version": "==1.24.63"
     },
     "botocore": {
       "hashes": [
-        "sha256:535c8e97ed28a38fd09dd8f4735195e761bbee54e4c6021f3a709a97b1287dd6",
-        "sha256:99012965e2409665c7d86706862c5a141e01e1c4d2c81cb9409a44200ee59631"
+        "sha256:8567dee549430a53210c6b898dea3a8fc8ee9d7934ec1df7545c547cacbb2b8f",
+        "sha256:b97e17c930a7f45b50f94956a4474c1cd7b828e3dcd8a84dd0e3306ca6189335"
       ],
       "index": "pypi",
-      "version": "==1.27.61"
+      "version": "==1.27.63"
     },
     "certifi": {
       "hashes": [
@@ -249,6 +249,14 @@
       "markers": "python_version >= '3.5'",
       "version": "==0.5.2"
     },
+    "execnet": {
+      "hashes": [
+        "sha256:8f694f3ba9cc92cab508b152dcfe322153975c29bda272e2fd7f3f00f36e47c5",
+        "sha256:a295f7cc774947aac58dde7fdc85f4aa00c42adf5d8f5468fc630c1acf30a142"
+      ],
+      "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'",
+      "version": "==1.9.0"
+    },
     "gitdb": {
       "hashes": [
         "sha256:8033ad4e853066ba6ca92050b9df2f89301b8fc8bf7e9324d412a63f8bf1a8fd",
@@ -402,44 +410,45 @@
     },
     "pydantic": {
       "hashes": [
-        "sha256:1061c6ee6204f4f5a27133126854948e3b3d51fcc16ead2e5d04378c199b2f44",
-        "sha256:19b5686387ea0d1ea52ecc4cffb71abb21702c5e5b2ac626fd4dbaa0834aa49d",
-        "sha256:2bd446bdb7755c3a94e56d7bdfd3ee92396070efa8ef3a34fab9579fe6aa1d84",
-        "sha256:328558c9f2eed77bd8fffad3cef39dbbe3edc7044517f4625a769d45d4cf7555",
-        "sha256:32e0b4fb13ad4db4058a7c3c80e2569adbd810c25e6ca3bbd8b2a9cc2cc871d7",
-        "sha256:3ee0d69b2a5b341fc7927e92cae7ddcfd95e624dfc4870b32a85568bd65e6131",
-        "sha256:4aafd4e55e8ad5bd1b19572ea2df546ccace7945853832bb99422a79c70ce9b8",
-        "sha256:4b3946f87e5cef3ba2e7bd3a4eb5a20385fe36521d6cc1ebf3c08a6697c6cfb3",
-        "sha256:4de71c718c9756d679420c69f216776c2e977459f77e8f679a4a961dc7304a56",
-        "sha256:5565a49effe38d51882cb7bac18bda013cdb34d80ac336428e8908f0b72499b0",
-        "sha256:5803ad846cdd1ed0d97eb00292b870c29c1f03732a010e66908ff48a762f20e4",
-        "sha256:5da164119602212a3fe7e3bc08911a89db4710ae51444b4224c2382fd09ad453",
-        "sha256:615661bfc37e82ac677543704437ff737418e4ea04bef9cf11c6d27346606044",
-        "sha256:78a4d6bdfd116a559aeec9a4cfe77dda62acc6233f8b56a716edad2651023e5e",
-        "sha256:7d0f183b305629765910eaad707800d2f47c6ac5bcfb8c6397abdc30b69eeb15",
-        "sha256:7ead3cd020d526f75b4188e0a8d71c0dbbe1b4b6b5dc0ea775a93aca16256aeb",
-        "sha256:84d76ecc908d917f4684b354a39fd885d69dd0491be175f3465fe4b59811c001",
-        "sha256:8cb0bc509bfb71305d7a59d00163d5f9fc4530f0881ea32c74ff4f74c85f3d3d",
-        "sha256:91089b2e281713f3893cd01d8e576771cd5bfdfbff5d0ed95969f47ef6d676c3",
-        "sha256:9c9e04a6cdb7a363d7cb3ccf0efea51e0abb48e180c0d31dca8d247967d85c6e",
-        "sha256:a8c5360a0297a713b4123608a7909e6869e1b56d0e96eb0d792c27585d40757f",
-        "sha256:afacf6d2a41ed91fc631bade88b1d319c51ab5418870802cedb590b709c5ae3c",
-        "sha256:b34ba24f3e2d0b39b43f0ca62008f7ba962cff51efa56e64ee25c4af6eed987b",
-        "sha256:bd67cb2c2d9602ad159389c29e4ca964b86fa2f35c2faef54c3eb28b4efd36c8",
-        "sha256:c0f5e142ef8217019e3eef6ae1b6b55f09a7a15972958d44fbd228214cede567",
-        "sha256:cdb4272678db803ddf94caa4f94f8672e9a46bae4a44f167095e4d06fec12979",
-        "sha256:d70916235d478404a3fa8c997b003b5f33aeac4686ac1baa767234a0f8ac2326",
-        "sha256:d8ce3fb0841763a89322ea0432f1f59a2d3feae07a63ea2c958b2315e1ae8adb",
-        "sha256:e0b214e57623a535936005797567231a12d0da0c29711eb3514bc2b3cd008d0f",
-        "sha256:e631c70c9280e3129f071635b81207cad85e6c08e253539467e4ead0e5b219aa",
-        "sha256:e78578f0c7481c850d1c969aca9a65405887003484d24f6110458fb02cca7747",
-        "sha256:f0ca86b525264daa5f6b192f216a0d1e860b7383e3da1c65a1908f9c02f42801",
-        "sha256:f1a68f4f65a9ee64b6ccccb5bf7e17db07caebd2730109cb8a95863cfa9c4e55",
-        "sha256:fafe841be1103f340a24977f61dee76172e4ae5f647ab9e7fd1e1fca51524f08",
-        "sha256:ff68fc85355532ea77559ede81f35fff79a6a5543477e168ab3a381887caea76"
+        "sha256:026427be4e251f876e7519a63af37ae5ebb8b593ca8b02180bdc6becd1ea4ef4",
+        "sha256:134b4fd805737496ce4efd24ce2f8da0e08c66dcfc054fee1a19673eec780f2c",
+        "sha256:158f1479367da20914961b5406ac3b29dfe1d858ae2af96c444f73543defcf0c",
+        "sha256:172aaeeaff8fc3ac326fb8a2934a063ca0938586c5fe8848285052de83a240f7",
+        "sha256:1856bc6640aced42886f7ee48f5ed1fa5adf35e34064b5f9532b52d5a3b8a0d3",
+        "sha256:1b5212604aaf5954e9a7cea8f0c60d6dbef996aa7b41edefd329e6b5011ce8cf",
+        "sha256:1f99b4de6936a0f9fe255d1c7fdc447700ddd027c9ad38a612d453ed5fc7d6d0",
+        "sha256:22206c152f9b86c0ee169928f9c24e1c0c566edb2462600b298ccb04860961aa",
+        "sha256:231b19c010288bfbfdcd3f79df38b5ff893c6547cd8c7d006203435790b22815",
+        "sha256:39212b3853eea165a3cda11075d5b7d09d4291fcbc3c0ecefd23797ee21b29e9",
+        "sha256:3a3a60fcb5ce08cab593b7978d02db67b8d153e9d582adab7c0b69d7200d78be",
+        "sha256:45a6d0a9fdaad2a27ea69aec4659705ed8f60a5664e892c73e2b977d8f5166cc",
+        "sha256:4af55f33ae5be6cccecd4fa462630daffef1f161f60c3f194b24eca705d50748",
+        "sha256:4d2b9258f5bd2d129bd4cf2d31f9d40094b9ed6ef64896e2f7a70729b2d599ea",
+        "sha256:645b83297a9428a675c98c1f69a7237a381900e34f23245c0ea73d74e454bf68",
+        "sha256:652727f9e1d3ae30bd8a4dfbebcafd50df45277b97f3deabbbfedcf731f94aa5",
+        "sha256:7e34e46dd08dafd4c75b8378efe3eae7d8e5212950fcd894d86c1df2dcfb80fe",
+        "sha256:8e796f915762dec4678fafc89b1f0441ab9209517a8a682ddb3f988f7ffe0827",
+        "sha256:9500586151cd56a20bacb8f1082df1b4489000120d1c7ddc44c8b20870e8adbd",
+        "sha256:95ab3f31f35dc4f8fc85b04d13569e5fdc9de2d3050ae64c1fdc3430dfe7d92d",
+        "sha256:a0ba8710bfdaddb7424c05ad2dc1da04796003751eac6ad30c218ac1d68a174e",
+        "sha256:a1192c17667d21652ab93b5eecd1a776cd0a4e384ea8c331bb830c9d130293af",
+        "sha256:af669da39ede365069dbc5de56564b011e3353f801acdbdd7145002a78abc3d9",
+        "sha256:b3e3aed33fbd9518cf508d5415a58af683743d53dc5e58953973d73605774f34",
+        "sha256:b549eebe8de4e50fc3b4f8c1f9cc2f731d91787fc3f7d031561668377b8679bc",
+        "sha256:c4c76af6ad47bc46cf16bd0e4a5e536a7a2bec0dec14ea08b712daa6645bf293",
+        "sha256:d1dffae1f219d06a997ec78d1d2daafdbfecf243ad8eb36bfbcbc73e30e17385",
+        "sha256:d484fbbe6267b6c936a6d005d5170ab553f3f4367348c7e88d3e17f0a7179981",
+        "sha256:d73ae7e210929a1b7d288034835dd787e5b0597192d58ab7342bacbeec0f33df",
+        "sha256:d8e5c5a50821c55b76dcf422610225cb7e44685cdd81832d0d504fa8c9343f35",
+        "sha256:d8ef840ef803ef17a7bd52480eb85faca0eed728d70233fd560f7d1066330247",
+        "sha256:e03402b0a6b23a2d0b9ee31e45d80612c95562b5af8b5c900171b9d9015ddc5f",
+        "sha256:e13788fcad1baf5eb3236856b2a9a74f7dac6b3ea7ca1f60a4ad8bad4239cf4c",
+        "sha256:e290915a0ed53d3c59d6071fc7d2c843ed04c33affcd752dd1f3daa859b44a76",
+        "sha256:ed4e5c18cac70fadd4cf339f444c4f1795f0876dfd5b70cf0a841890b52f0001",
+        "sha256:f0985ba95af937389c9ce8d747138417303569cb736bd12469646ef53cd66e1c"
       ],
       "index": "pypi",
-      "version": "==1.9.2"
+      "version": "==1.10.0"
     },
     "pyparsing": {
       "hashes": [
@@ -457,6 +466,22 @@
       "index": "pypi",
       "version": "==7.1.2"
     },
+    "pytest-forked": {
+      "hashes": [
+        "sha256:8b67587c8f98cbbadfdd804539ed5455b6ed03802203485dd2f53c1422d7440e",
+        "sha256:bbbb6717efc886b9d64537b41fb1497cfaf3c9601276be8da2cccfea5a3c8ad8"
+      ],
+      "markers": "python_version >= '3.6'",
+      "version": "==1.4.0"
+    },
+    "pytest-xdist": {
+      "hashes": [
+        "sha256:4580deca3ff04ddb2ac53eba39d76cb5dd5edeac050cb6fbc768b0dd712b4edf",
+        "sha256:6fe5c74fec98906deb8f2d2b616b5c782022744978e7bd4695d39c8f42d0ce65"
+      ],
+      "index": "pypi",
+      "version": "==2.5.0"
+    },
     "python-dateutil": {
       "hashes": [
         "sha256:0123cacc1627ae19ddf3c27a5de5bd67ee4586fbdd6440d9748f8abb483d3e86",

lib/check/check.py

@@ -151,7 +151,11 @@ def recover_checks_from_provider(provider: str, service: str = None) -> list:
         # Format: "providers.{provider}.services.{service}.{check_name}.{check_name}"
         check_name = module_name.name
         # We need to exclude common shared libraries in services
-        if check_name.count(".") == 5 and "lib" not in check_name:
+        if (
+            check_name.count(".") == 5
+            and "lib" not in check_name
+            and "test" not in check_name
+        ):
             checks.append(check_name)
     return checks
 

providers/aws/services/iam/iam_user_two_active_access_key/iam_user_two_active_access_key.py

@@ -1,29 +1,33 @@
 from lib.check.models import Check, Check_Report
+from lib.logger import logger
 from providers.aws.services.iam.iam_client import iam_client
 
 
 class iam_user_two_active_access_key(Check):
     def execute(self) -> Check_Report:
-        findings = []
-        response = iam_client.credential_report
-        for user in response:
-            report = Check_Report(self.metadata)
-            report.resource_id = user["user"]
-            report.resource_arn = user["arn"]
-            report.region = iam_client.region
-            if (
-                user["access_key_1_active"] == "true"
-                and user["access_key_2_active"] == "true"
-            ):
-                report.status = "FAIL"
-                report.status_extended = (
-                    f"User {user['user']} has 2 active access keys."
-                )
-            else:
-                report.status = "PASS"
-                report.status_extended = (
-                    f"User {user['user']} has not 2 active access keys."
-                )
-            findings.append(report)
-
-        return findings
+        try:
+            findings = []
+            response = iam_client.credential_report
+            for user in response:
+                report = Check_Report(self.metadata)
+                report.resource_id = user["user"]
+                report.resource_arn = user["arn"]
+                report.region = iam_client.region
+                if (
+                    user["access_key_1_active"] == "true"
+                    and user["access_key_2_active"] == "true"
+                ):
+                    report.status = "FAIL"
+                    report.status_extended = (
+                        f"User {user['user']} has 2 active access keys."
+                    )
+                else:
+                    report.status = "PASS"
+                    report.status_extended = (
+                        f"User {user['user']} has not 2 active access keys."
+                    )
+                findings.append(report)
+        except Exception as error:
+            logger.error(f"{error.__class__.__name__} -- {error}")
+        finally:
+            return findings

providers/aws/services/iam/iam_user_two_active_access_key/iam_user_two_active_access_key_test.py

@@ -0,0 +1,113 @@
+from unittest import mock
+
+from boto3 import client
+from moto import mock_iam
+
+from providers.aws.lib.audit_info.audit_info import current_audit_info
+from providers.aws.services.iam.iam_service import IAM
+
+
+class Test_iam_user_two_active_access_key:
+    @mock_iam
+    def test_iam_user_two_active_access_key(self):
+        # Create IAM Mocked Resources
+        iam_client = client("iam")
+        user = "test1"
+        iam_client.create_user(UserName=user)
+        # Create Access Key 1
+        iam_client.create_access_key(UserName=user)
+        # Create Access Key 2
+        iam_client.create_access_key(UserName=user)
+
+        with mock.patch(
+            "providers.aws.services.iam.iam_user_two_active_access_key.iam_user_two_active_access_key.iam_client",
+            new=IAM(current_audit_info),
+        ):
+            # Test Check
+            from providers.aws.services.iam.iam_user_two_active_access_key.iam_user_two_active_access_key import (
+                iam_user_two_active_access_key,
+            )
+
+            check = iam_user_two_active_access_key()
+            result = check.execute()
+
+            assert len(result) == 1
+            assert result[0].status == "FAIL"
+
+    @mock_iam
+    def test_iam_user_one_active_access_key(self):
+        # Create IAM User
+        iam_client = client("iam")
+        user = "test1"
+        iam_client.create_user(UserName=user)
+        # Create Access Key 1
+        iam_client.create_access_key(UserName=user)
+        with mock.patch(
+            "providers.aws.services.iam.iam_user_two_active_access_key.iam_user_two_active_access_key.iam_client",
+            new=IAM(current_audit_info),
+        ):
+            # Test Check
+            from providers.aws.services.iam.iam_user_two_active_access_key.iam_user_two_active_access_key import (
+                iam_user_two_active_access_key,
+            )
+
+            check = iam_user_two_active_access_key()
+            result = check.execute()
+
+            assert len(result) == 1
+            assert result[0].status == "PASS"
+
+    @mock_iam
+    def test_iam_user_without_active_access_key(self):
+        # Create IAM User
+        iam_client = client("iam")
+        user = "test1"
+        iam_client.create_user(UserName=user)
+        with mock.patch(
+            "providers.aws.services.iam.iam_user_two_active_access_key.iam_user_two_active_access_key.iam_client",
+            new=IAM(current_audit_info),
+        ):
+            # Test Check
+            from providers.aws.services.iam.iam_user_two_active_access_key.iam_user_two_active_access_key import (
+                iam_user_two_active_access_key,
+            )
+
+            check = iam_user_two_active_access_key()
+            result = check.execute()
+
+            assert len(result) == 1
+            assert result[0].status == "PASS"
+
+    @mock_iam
+    def test_iam_no_users(self):
+        with mock.patch(
+            "providers.aws.services.iam.iam_user_two_active_access_key.iam_user_two_active_access_key.iam_client",
+            new=IAM(current_audit_info),
+        ):
+            # Test Check
+            from providers.aws.services.iam.iam_user_two_active_access_key.iam_user_two_active_access_key import (
+                iam_user_two_active_access_key,
+            )
+
+            check = iam_user_two_active_access_key()
+            result = check.execute()
+
+            assert len(result) == 0
+
+    @mock_iam
+    def test_bad_response(self):
+        mock_client = mock.MagicMock()
+        mock_client.credential_report = None
+        with mock.patch(
+            "providers.aws.services.iam.iam_user_two_active_access_key.iam_user_two_active_access_key.iam_client",
+            new=mock_client,
+        ):
+            # Test Check
+            from providers.aws.services.iam.iam_user_two_active_access_key.iam_user_two_active_access_key import (
+                iam_user_two_active_access_key,
+            )
+
+            check = iam_user_two_active_access_key()
+            result = check.execute()
+
+            assert len(result) == 0