ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 23:05:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(kms): handle empty principal error (#2192)

Browse Source
This commit is contained in:
Sergio Garcia
2023-04-11 16:59:29 +02:00
committed by GitHub
parent e75022763c
commit 9104d2e89e
2 changed files with 52 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
tests/providers/aws/services/kms/kms_key_not_publicly_accessible/kms_key_not_publicly_accessible_test.py
View File

@@ -108,3 +108,50 @@ class Test_kms_key_not_publicly_accessible:
)
assert result[0].resource_id == key["KeyId"]
assert result[0].resource_arn == key["Arn"]
@mock_kms
def test_kms_key_empty_principal(self):
# Generate KMS Client
kms_client = client("kms", region_name=AWS_REGION)
# Creaty KMS key with public policy
key = kms_client.create_key(
Policy=json.dumps(
{
"Version": "2012-10-17",
"Id": "key-default-1",
"Statement": [
{
"Sid": "Enable IAM User Permissions",
"Effect": "Allow",
"Action": "kms:*",
"Resource": "*",
}
],
}
)
)["KeyMetadata"]
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.kms.kms_service import KMS
current_audit_info.audited_partition = "aws"
with mock.patch(
"prowler.providers.aws.services.kms.kms_key_not_publicly_accessible.kms_key_not_publicly_accessible.kms_client",
new=KMS(current_audit_info),
):
# Test Check
from prowler.providers.aws.services.kms.kms_key_not_publicly_accessible.kms_key_not_publicly_accessible import (
kms_key_not_publicly_accessible,
)
check = kms_key_not_publicly_accessible()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
assert (
result[0].status_extended
== f"KMS key {key['KeyId']} is not exposed to Public."
)
assert result[0].resource_id == key["KeyId"]
assert result[0].resource_arn == key["Arn"]