ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 06:45:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

test(iam_user_two_active_access_key_test): Create unit tests (#1354)

Browse Source 
Co-authored-by: sergargar <sergio@verica.io>
This commit is contained in:
Pepe Fagoaga
2022-09-01 13:35:00 +02:00
committed by GitHub
parent f40c8f2dc5
commit 7388cb33d4
8 changed files with 257 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
providers/aws/services/iam/iam_user_two_active_access_key/iam_user_two_active_access_key.py
View File

@@ -1,29 +1,33 @@
from lib.check.models import Check, Check_Report
from lib.logger import logger
from providers.aws.services.iam.iam_client import iam_client
class iam_user_two_active_access_key(Check):
def execute(self) -> Check_Report:
findings = []
response = iam_client.credential_report
for user in response:
report = Check_Report(self.metadata)
report.resource_id = user["user"]
report.resource_arn = user["arn"]
report.region = iam_client.region
if (
user["access_key_1_active"] == "true"
and user["access_key_2_active"] == "true"
):
report.status = "FAIL"
report.status_extended = (
f"User {user['user']} has 2 active access keys."
)
else:
report.status = "PASS"
report.status_extended = (
f"User {user['user']} has not 2 active access keys."
)
findings.append(report)
return findings
try:
findings = []
response = iam_client.credential_report
for user in response:
report = Check_Report(self.metadata)
report.resource_id = user["user"]
report.resource_arn = user["arn"]
report.region = iam_client.region
if (
user["access_key_1_active"] == "true"
and user["access_key_2_active"] == "true"
):
report.status = "FAIL"
report.status_extended = (
f"User {user['user']} has 2 active access keys."
)
else:
report.status = "PASS"
report.status_extended = (
f"User {user['user']} has not 2 active access keys."
)
findings.append(report)
except Exception as error:
logger.error(f"{error.__class__.__name__} -- {error}")
finally:
return findings

113
providers/aws/services/iam/iam_user_two_active_access_key/iam_user_two_active_access_key_test.py Normal file
View File

@@ -0,0 +1,113 @@
from unittest import mock
from boto3 import client
from moto import mock_iam
from providers.aws.lib.audit_info.audit_info import current_audit_info
from providers.aws.services.iam.iam_service import IAM
class Test_iam_user_two_active_access_key:
@mock_iam
def test_iam_user_two_active_access_key(self):
# Create IAM Mocked Resources
iam_client = client("iam")
user = "test1"
iam_client.create_user(UserName=user)
# Create Access Key 1
iam_client.create_access_key(UserName=user)
# Create Access Key 2
iam_client.create_access_key(UserName=user)
with mock.patch(
"providers.aws.services.iam.iam_user_two_active_access_key.iam_user_two_active_access_key.iam_client",
new=IAM(current_audit_info),
):
# Test Check
from providers.aws.services.iam.iam_user_two_active_access_key.iam_user_two_active_access_key import (
iam_user_two_active_access_key,
)
check = iam_user_two_active_access_key()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
@mock_iam
def test_iam_user_one_active_access_key(self):
# Create IAM User
iam_client = client("iam")
user = "test1"
iam_client.create_user(UserName=user)
# Create Access Key 1
iam_client.create_access_key(UserName=user)
with mock.patch(
"providers.aws.services.iam.iam_user_two_active_access_key.iam_user_two_active_access_key.iam_client",
new=IAM(current_audit_info),
):
# Test Check
from providers.aws.services.iam.iam_user_two_active_access_key.iam_user_two_active_access_key import (
iam_user_two_active_access_key,
)
check = iam_user_two_active_access_key()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
@mock_iam
def test_iam_user_without_active_access_key(self):
# Create IAM User
iam_client = client("iam")
user = "test1"
iam_client.create_user(UserName=user)
with mock.patch(
"providers.aws.services.iam.iam_user_two_active_access_key.iam_user_two_active_access_key.iam_client",
new=IAM(current_audit_info),
):
# Test Check
from providers.aws.services.iam.iam_user_two_active_access_key.iam_user_two_active_access_key import (
iam_user_two_active_access_key,
)
check = iam_user_two_active_access_key()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
@mock_iam
def test_iam_no_users(self):
with mock.patch(
"providers.aws.services.iam.iam_user_two_active_access_key.iam_user_two_active_access_key.iam_client",
new=IAM(current_audit_info),
):
# Test Check
from providers.aws.services.iam.iam_user_two_active_access_key.iam_user_two_active_access_key import (
iam_user_two_active_access_key,
)
check = iam_user_two_active_access_key()
result = check.execute()
assert len(result) == 0
@mock_iam
def test_bad_response(self):
mock_client = mock.MagicMock()
mock_client.credential_report = None
with mock.patch(
"providers.aws.services.iam.iam_user_two_active_access_key.iam_user_two_active_access_key.iam_client",
new=mock_client,
):
# Test Check
from providers.aws.services.iam.iam_user_two_active_access_key.iam_user_two_active_access_key import (
iam_user_two_active_access_key,
)
check = iam_user_two_active_access_key()
result = check.execute()
assert len(result) == 0