ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(efs): Include resource ARN and handle from input (#2452)

Browse Source
This commit is contained in:
Pepe Fagoaga
2023-06-06 14:29:58 +02:00
committed by GitHub
parent ab12c201b4
commit 86cf2cd233
8 changed files with 45 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
tests/providers/aws/services/efs/efs_encryption_at_rest_enabled/efs_encryption_at_rest_enabled_test.py
View File

@@ -15,9 +15,11 @@ backup_valid_policy_status = "ENABLED"
class Test_efs_encryption_at_rest_enabled:
def test_efs_encryption_enabled(self):
efs_client = mock.MagicMock
efs_arn = f"arn:aws:elasticfilesystem:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:file-system/{file_system_id}"
efs_client.filesystems = [
FileSystem(
id=file_system_id,
arn=efs_arn,
region=AWS_REGION,
policy=None,
backup_policy=backup_valid_policy_status,
@@ -38,13 +40,15 @@ class Test_efs_encryption_at_rest_enabled:
assert result[0].status == "PASS"
assert search("has encryption at rest enabled", result[0].status_extended)
assert result[0].resource_id == file_system_id
assert result[0].resource_arn == ""
assert result[0].resource_arn == efs_arn
def test_efs_encryption_disabled(self):
efs_client = mock.MagicMock
efs_arn = f"arn:aws:elasticfilesystem:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:file-system/{file_system_id}"
efs_client.filesystems = [
FileSystem(
id=file_system_id,
arn=efs_arn,
region=AWS_REGION,
policy=None,
backup_policy=backup_valid_policy_status,
@@ -67,4 +71,4 @@ class Test_efs_encryption_at_rest_enabled:
"does not have encryption at rest enabled", result[0].status_extended
)
assert result[0].resource_id == file_system_id
assert result[0].resource_arn == ""
assert result[0].resource_arn == efs_arn

12
tests/providers/aws/services/efs/efs_have_backup_enabled/efs_have_backup_enabled_test.py
View File

@@ -17,9 +17,11 @@ backup_valid_invalid_policy_status_2 = "DISABLED"
class Test_efs_have_backup_enabled:
def test_efs_valid_backup_policy(self):
efs_client = mock.MagicMock
efs_arn = f"arn:aws:elasticfilesystem:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:file-system/{file_system_id}"
efs_client.filesystems = [
FileSystem(
id=file_system_id,
arn=efs_arn,
region=AWS_REGION,
policy=None,
backup_policy=backup_valid_policy_status,
@@ -40,13 +42,15 @@ class Test_efs_have_backup_enabled:
assert result[0].status == "PASS"
assert search("has backup enabled", result[0].status_extended)
assert result[0].resource_id == file_system_id
assert result[0].resource_arn == ""
assert result[0].resource_arn == efs_arn
def test_efs_invalid_policy_backup_1(self):
efs_client = mock.MagicMock
efs_arn = f"arn:aws:elasticfilesystem:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:file-system/{file_system_id}"
efs_client.filesystems = [
FileSystem(
id=file_system_id,
arn=efs_arn,
region=AWS_REGION,
policy=None,
backup_policy=backup_valid_invalid_policy_status_1,
@@ -67,13 +71,15 @@ class Test_efs_have_backup_enabled:
assert result[0].status == "FAIL"
assert search("does not have backup enabled", result[0].status_extended)
assert result[0].resource_id == file_system_id
assert result[0].resource_arn == ""
assert result[0].resource_arn == efs_arn
def test_efs_invalid_policy_backup_2(self):
efs_client = mock.MagicMock
efs_arn = f"arn:aws:elasticfilesystem:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:file-system/{file_system_id}"
efs_client.filesystems = [
FileSystem(
id=file_system_id,
arn=efs_arn,
region=AWS_REGION,
policy=None,
backup_policy=backup_valid_invalid_policy_status_2,
@@ -94,4 +100,4 @@ class Test_efs_have_backup_enabled:
assert result[0].status == "FAIL"
assert search("does not have backup enabled", result[0].status_extended)
assert result[0].resource_id == file_system_id
assert result[0].resource_arn == ""
assert result[0].resource_arn == efs_arn

18
tests/providers/aws/services/efs/efs_not_publicly_accessible/efs_not_publicly_accessible_test.py
View File

@@ -36,9 +36,11 @@ filesystem_invalid_policy = {
class Test_efs_not_publicly_accessible:
def test_efs_valid_policy(self):
efs_client = mock.MagicMock
efs_arn = f"arn:aws:elasticfilesystem:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:file-system/{file_system_id}"
efs_client.filesystems = [
FileSystem(
id=file_system_id,
arn=efs_arn,
region=AWS_REGION,
policy=filesystem_policy,
backup_policy=None,
@@ -58,17 +60,20 @@ class Test_efs_not_publicly_accessible:
assert len(result) == 1
assert result[0].status == "PASS"
assert search(
"has policy which does not allow access to everyone",
"has a policy which does not allow access to everyone",
result[0].status_extended,
)
assert result[0].resource_id == file_system_id
assert result[0].resource_arn == ""
assert result[0].resource_arn == efs_arn
def test_efs_invalid_policy(self):
efs_client = mock.MagicMock
efs_arn = f"arn:aws:elasticfilesystem:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:file-system/{file_system_id}"
efs_client.filesystems = [
FileSystem(
id=file_system_id,
arn=efs_arn,
region=AWS_REGION,
policy=filesystem_invalid_policy,
backup_policy=None,
@@ -88,16 +93,19 @@ class Test_efs_not_publicly_accessible:
assert len(result) == 1
assert result[0].status == "FAIL"
assert search(
"has policy which allows access to everyone", result[0].status_extended
"has a policy which allows access to everyone",
result[0].status_extended,
)
assert result[0].resource_id == file_system_id
assert result[0].resource_arn == ""
assert result[0].resource_arn == efs_arn
def test_efs_no_policy(self):
efs_client = mock.MagicMock
efs_arn = f"arn:aws:elasticfilesystem:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:file-system/{file_system_id}"
efs_client.filesystems = [
FileSystem(
id=file_system_id,
arn=efs_arn,
region=AWS_REGION,
policy=None,
backup_policy=None,
@@ -121,4 +129,4 @@ class Test_efs_not_publicly_accessible:
result[0].status_extended,
)
assert result[0].resource_id == file_system_id
assert result[0].resource_arn == ""
assert result[0].resource_arn == efs_arn