ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-11 07:15:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

test(audit_info): refactor workspaces (#3112)

Browse Source
This commit is contained in:
Nacho Rivera
2023-12-05 09:32:13 +01:00
committed by GitHub
parent d26c1405ce
commit 9b6d6c3a42
3 changed files with 57 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
tests/providers/aws/services/workspaces/workspaces_service_test.py
View File

@@ -2,15 +2,12 @@ from unittest.mock import patch
from uuid import uuid4
import botocore
from boto3 import session
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
from prowler.providers.aws.services.workspaces.workspaces_service import WorkSpaces
from prowler.providers.common.models import Audit_Metadata
AWS_ACCOUNT_NUMBER = "123456789012"
AWS_REGION = "eu-west-1"
from tests.providers.aws.audit_info_utils import (
AWS_REGION_EU_WEST_1,
set_mocked_aws_audit_info,
)
workspace_id = str(uuid4())
@@ -39,9 +36,11 @@ def mock_make_api_call(self, operation_name, kwarg):
def mock_generate_regional_clients(service, audit_info, _):
regional_client = audit_info.audit_session.client(service, region_name=AWS_REGION)
regional_client.region = AWS_REGION
return {AWS_REGION: regional_client}
regional_client = audit_info.audit_session.client(
service, region_name=AWS_REGION_EU_WEST_1
)
regional_client.region = AWS_REGION_EU_WEST_1
return {AWS_REGION_EU_WEST_1: regional_client}
@patch("botocore.client.BaseClient._make_api_call", new=mock_make_api_call)
@@ -50,63 +49,33 @@ def mock_generate_regional_clients(service, audit_info, _):
new=mock_generate_regional_clients,
)
class Test_WorkSpaces_Service:
# Mocked Audit Info
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=session.Session(
profile_name=None,
botocore_session=None,
),
audited_account=AWS_ACCOUNT_NUMBER,
audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root",
audited_user_id=None,
audited_partition="aws",
audited_identity_arn=None,
profile=None,
profile_region=None,
credentials=None,
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
return audit_info
# Test WorkSpaces Service
def test_service(self):
audit_info = self.set_mocked_audit_info()
audit_info = set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1])
workspaces = WorkSpaces(audit_info)
assert workspaces.service == "workspaces"
# Test WorkSpaces client
def test_client(self):
audit_info = self.set_mocked_audit_info()
audit_info = set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1])
workspaces = WorkSpaces(audit_info)
for reg_client in workspaces.regional_clients.values():
assert reg_client.__class__.__name__ == "WorkSpaces"
# Test WorkSpaces session
def test__get_session__(self):
audit_info = self.set_mocked_audit_info()
audit_info = set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1])
workspaces = WorkSpaces(audit_info)
assert workspaces.session.__class__.__name__ == "Session"
# Test WorkSpaces describe workspaces
def test__describe_workspaces__(self):
audit_info = self.set_mocked_audit_info()
audit_info = set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1])
workspaces = WorkSpaces(audit_info)
assert len(workspaces.workspaces) == 1
assert workspaces.workspaces[0].id == workspace_id
assert workspaces.workspaces[0].region == AWS_REGION
assert workspaces.workspaces[0].region == AWS_REGION_EU_WEST_1
assert workspaces.workspaces[0].tags == [
{"Key": "test", "Value": "test"},
]

28
tests/providers/aws/services/workspaces/workspaces_volume_encryption_enabled/workspaces_volume_encryption_enabled_test.py
View File

@@ -3,14 +3,14 @@ from unittest import mock
from uuid import uuid4
from prowler.providers.aws.services.workspaces.workspaces_service import WorkSpace
AWS_REGION = "eu-west-1"
AWS_ACCOUNT_NUMBER = "123456789012"
WORKSPACE_ID = str(uuid4())
WORKSPACE_ARN = (
f"arn:aws:workspaces:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:workspace/{WORKSPACE_ID}"
from tests.providers.aws.audit_info_utils import (
AWS_ACCOUNT_NUMBER,
AWS_REGION_EU_WEST_1,
)
WORKSPACE_ID = str(uuid4())
WORKSPACE_ARN = f"arn:aws:workspaces:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:workspace/{WORKSPACE_ID}"
class Test_workspaces_volume_encryption_enabled:
def test_no_workspaces(self):
@@ -38,7 +38,7 @@ class Test_workspaces_volume_encryption_enabled:
WorkSpace(
id=WORKSPACE_ID,
arn=WORKSPACE_ARN,
region=AWS_REGION,
region=AWS_REGION_EU_WEST_1,
user_volume_encryption_enabled=True,
root_volume_encryption_enabled=True,
subnet_id="subnet-12345678",
@@ -64,7 +64,7 @@ class Test_workspaces_volume_encryption_enabled:
)
assert result[0].resource_id == WORKSPACE_ID
assert result[0].resource_arn == WORKSPACE_ARN
assert result[0].region == AWS_REGION
assert result[0].region == AWS_REGION_EU_WEST_1
def test_workspaces_user_not_encrypted(self):
workspaces_client = mock.MagicMock
@@ -73,7 +73,7 @@ class Test_workspaces_volume_encryption_enabled:
WorkSpace(
id=WORKSPACE_ID,
arn=WORKSPACE_ARN,
region=AWS_REGION,
region=AWS_REGION_EU_WEST_1,
user_volume_encryption_enabled=False,
root_volume_encryption_enabled=True,
subnet_id="subnet-12345678",
@@ -97,7 +97,7 @@ class Test_workspaces_volume_encryption_enabled:
assert search("user unencrypted volumes", result[0].status_extended)
assert result[0].resource_id == WORKSPACE_ID
assert result[0].resource_arn == WORKSPACE_ARN
assert result[0].region == AWS_REGION
assert result[0].region == AWS_REGION_EU_WEST_1
def test_workspaces_root_not_encrypted(self):
workspaces_client = mock.MagicMock
@@ -106,7 +106,7 @@ class Test_workspaces_volume_encryption_enabled:
WorkSpace(
id=WORKSPACE_ID,
arn=WORKSPACE_ARN,
region=AWS_REGION,
region=AWS_REGION_EU_WEST_1,
user_volume_encryption_enabled=True,
root_volume_encryption_enabled=False,
subnet_id="subnet-12345678",
@@ -130,7 +130,7 @@ class Test_workspaces_volume_encryption_enabled:
assert search("root unencrypted volumes", result[0].status_extended)
assert result[0].resource_id == WORKSPACE_ID
assert result[0].resource_arn == WORKSPACE_ARN
assert result[0].region == AWS_REGION
assert result[0].region == AWS_REGION_EU_WEST_1
def test_workspaces_user_and_root_not_encrypted(self):
workspaces_client = mock.MagicMock
@@ -139,7 +139,7 @@ class Test_workspaces_volume_encryption_enabled:
WorkSpace(
id=WORKSPACE_ID,
arn=WORKSPACE_ARN,
region=AWS_REGION,
region=AWS_REGION_EU_WEST_1,
user_volume_encryption_enabled=False,
root_volume_encryption_enabled=False,
subnet_id="subnet-12345678",
@@ -165,4 +165,4 @@ class Test_workspaces_volume_encryption_enabled:
)
assert result[0].resource_id == WORKSPACE_ID
assert result[0].resource_arn == WORKSPACE_ARN
assert result[0].region == AWS_REGION
assert result[0].region == AWS_REGION_EU_WEST_1

58
tests/providers/aws/services/workspaces/workspaces_vpc_2private_1public_subnets_nat/workspaces_vpc_2private_1public_subnets_nat_test.py
View File

@@ -8,14 +8,14 @@ from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
from prowler.providers.aws.services.vpc.vpc_service import VPC
from prowler.providers.aws.services.workspaces.workspaces_service import WorkSpace
from prowler.providers.common.models import Audit_Metadata
AWS_REGION = "eu-west-1"
AWS_ACCOUNT_NUMBER = "123456789012"
WORKSPACE_ID = str(uuid4())
WORKSPACE_ARN = (
f"arn:aws:workspaces:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:workspace/{WORKSPACE_ID}"
from tests.providers.aws.audit_info_utils import (
AWS_ACCOUNT_NUMBER,
AWS_REGION_EU_WEST_1,
)
WORKSPACE_ID = str(uuid4())
WORKSPACE_ARN = f"arn:aws:workspaces:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:workspace/{WORKSPACE_ID}"
class Test_workspaces_vpc_2private_1public_subnets_nat:
def set_mocked_audit_info(self):
@@ -78,7 +78,7 @@ class Test_workspaces_vpc_2private_1public_subnets_nat:
WorkSpace(
id=WORKSPACE_ID,
arn=WORKSPACE_ARN,
region=AWS_REGION,
region=AWS_REGION_EU_WEST_1,
user_volume_encryption_enabled=True,
root_volume_encryption_enabled=True,
)
@@ -112,12 +112,12 @@ class Test_workspaces_vpc_2private_1public_subnets_nat:
)
assert result[0].resource_id == WORKSPACE_ID
assert result[0].resource_arn == WORKSPACE_ARN
assert result[0].region == AWS_REGION
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_ec2
def test_workspaces_vpc_one_private_subnet(self):
# EC2 Client
ec2_client = client("ec2", region_name=AWS_REGION)
ec2_client = client("ec2", region_name=AWS_REGION_EU_WEST_1)
vpc = ec2_client.create_vpc(
CidrBlock="172.28.7.0/24", InstanceTenancy="default"
)
@@ -125,7 +125,7 @@ class Test_workspaces_vpc_2private_1public_subnets_nat:
subnet_private = ec2_client.create_subnet(
VpcId=vpc["Vpc"]["VpcId"],
CidrBlock="172.28.7.0/26",
AvailabilityZone=f"{AWS_REGION}a",
AvailabilityZone=f"{AWS_REGION_EU_WEST_1}a",
)
route_table_private = ec2_client.create_route_table(
VpcId=vpc["Vpc"]["VpcId"],
@@ -145,7 +145,7 @@ class Test_workspaces_vpc_2private_1public_subnets_nat:
WorkSpace(
id=WORKSPACE_ID,
arn=WORKSPACE_ARN,
region=AWS_REGION,
region=AWS_REGION_EU_WEST_1,
user_volume_encryption_enabled=True,
root_volume_encryption_enabled=True,
subnet_id=subnet_private["Subnet"]["SubnetId"],
@@ -180,12 +180,12 @@ class Test_workspaces_vpc_2private_1public_subnets_nat:
)
assert result[0].resource_id == WORKSPACE_ID
assert result[0].resource_arn == WORKSPACE_ARN
assert result[0].region == AWS_REGION
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_ec2
def test_workspaces_vpc_two_private_subnet(self):
# EC2 Client
ec2_client = client("ec2", region_name=AWS_REGION)
ec2_client = client("ec2", region_name=AWS_REGION_EU_WEST_1)
vpc = ec2_client.create_vpc(
CidrBlock="172.28.7.0/24", InstanceTenancy="default"
)
@@ -193,7 +193,7 @@ class Test_workspaces_vpc_2private_1public_subnets_nat:
subnet_private = ec2_client.create_subnet(
VpcId=vpc["Vpc"]["VpcId"],
CidrBlock="172.28.7.0/26",
AvailabilityZone=f"{AWS_REGION}a",
AvailabilityZone=f"{AWS_REGION_EU_WEST_1}a",
)
route_table_private = ec2_client.create_route_table(
VpcId=vpc["Vpc"]["VpcId"],
@@ -210,7 +210,7 @@ class Test_workspaces_vpc_2private_1public_subnets_nat:
subnet_private_2 = ec2_client.create_subnet(
VpcId=vpc["Vpc"]["VpcId"],
CidrBlock="172.28.7.64/26",
AvailabilityZone=f"{AWS_REGION}a",
AvailabilityZone=f"{AWS_REGION_EU_WEST_1}a",
)
route_table_private_2 = ec2_client.create_route_table(
VpcId=vpc["Vpc"]["VpcId"],
@@ -230,7 +230,7 @@ class Test_workspaces_vpc_2private_1public_subnets_nat:
WorkSpace(
id=WORKSPACE_ID,
arn=WORKSPACE_ARN,
region=AWS_REGION,
region=AWS_REGION_EU_WEST_1,
user_volume_encryption_enabled=True,
root_volume_encryption_enabled=True,
subnet_id=subnet_private["Subnet"]["SubnetId"],
@@ -265,12 +265,12 @@ class Test_workspaces_vpc_2private_1public_subnets_nat:
)
assert result[0].resource_id == WORKSPACE_ID
assert result[0].resource_arn == WORKSPACE_ARN
assert result[0].region == AWS_REGION
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_ec2
def test_workspaces_vpc_two_private_subnet_one_public(self):
# EC2 Client
ec2_client = client("ec2", region_name=AWS_REGION)
ec2_client = client("ec2", region_name=AWS_REGION_EU_WEST_1)
vpc = ec2_client.create_vpc(
CidrBlock="172.28.7.0/24", InstanceTenancy="default"
)
@@ -278,7 +278,7 @@ class Test_workspaces_vpc_2private_1public_subnets_nat:
subnet_private = ec2_client.create_subnet(
VpcId=vpc["Vpc"]["VpcId"],
CidrBlock="172.28.7.0/26",
AvailabilityZone=f"{AWS_REGION}a",
AvailabilityZone=f"{AWS_REGION_EU_WEST_1}a",
)
route_table_private = ec2_client.create_route_table(
VpcId=vpc["Vpc"]["VpcId"],
@@ -295,7 +295,7 @@ class Test_workspaces_vpc_2private_1public_subnets_nat:
subnet_private_2 = ec2_client.create_subnet(
VpcId=vpc["Vpc"]["VpcId"],
CidrBlock="172.28.7.64/26",
AvailabilityZone=f"{AWS_REGION}a",
AvailabilityZone=f"{AWS_REGION_EU_WEST_1}a",
)
route_table_private_2 = ec2_client.create_route_table(
VpcId=vpc["Vpc"]["VpcId"],
@@ -312,7 +312,7 @@ class Test_workspaces_vpc_2private_1public_subnets_nat:
subnet_public = ec2_client.create_subnet(
VpcId=vpc["Vpc"]["VpcId"],
CidrBlock="172.28.7.192/26",
AvailabilityZone=f"{AWS_REGION}a",
AvailabilityZone=f"{AWS_REGION_EU_WEST_1}a",
)
route_table_public = ec2_client.create_route_table(
VpcId=vpc["Vpc"]["VpcId"],
@@ -334,7 +334,7 @@ class Test_workspaces_vpc_2private_1public_subnets_nat:
WorkSpace(
id=WORKSPACE_ID,
arn=WORKSPACE_ARN,
region=AWS_REGION,
region=AWS_REGION_EU_WEST_1,
user_volume_encryption_enabled=True,
root_volume_encryption_enabled=True,
subnet_id=subnet_private["Subnet"]["SubnetId"],
@@ -369,12 +369,12 @@ class Test_workspaces_vpc_2private_1public_subnets_nat:
)
assert result[0].resource_id == WORKSPACE_ID
assert result[0].resource_arn == WORKSPACE_ARN
assert result[0].region == AWS_REGION
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_ec2
def test_workspaces_vpc_two_private_subnet_one_public_and_nat(self):
# EC2 Client
ec2_client = client("ec2", region_name=AWS_REGION)
ec2_client = client("ec2", region_name=AWS_REGION_EU_WEST_1)
vpc = ec2_client.create_vpc(
CidrBlock="172.28.7.0/24", InstanceTenancy="default"
)
@@ -382,7 +382,7 @@ class Test_workspaces_vpc_2private_1public_subnets_nat:
subnet_private = ec2_client.create_subnet(
VpcId=vpc["Vpc"]["VpcId"],
CidrBlock="172.28.7.0/26",
AvailabilityZone=f"{AWS_REGION}a",
AvailabilityZone=f"{AWS_REGION_EU_WEST_1}a",
)
route_table_private = ec2_client.create_route_table(
VpcId=vpc["Vpc"]["VpcId"],
@@ -399,7 +399,7 @@ class Test_workspaces_vpc_2private_1public_subnets_nat:
subnet_private_2 = ec2_client.create_subnet(
VpcId=vpc["Vpc"]["VpcId"],
CidrBlock="172.28.7.64/26",
AvailabilityZone=f"{AWS_REGION}a",
AvailabilityZone=f"{AWS_REGION_EU_WEST_1}a",
)
route_table_private_2 = ec2_client.create_route_table(
VpcId=vpc["Vpc"]["VpcId"],
@@ -424,7 +424,7 @@ class Test_workspaces_vpc_2private_1public_subnets_nat:
subnet_public = ec2_client.create_subnet(
VpcId=vpc["Vpc"]["VpcId"],
CidrBlock="172.28.7.192/26",
AvailabilityZone=f"{AWS_REGION}a",
AvailabilityZone=f"{AWS_REGION_EU_WEST_1}a",
)
route_table_public = ec2_client.create_route_table(
VpcId=vpc["Vpc"]["VpcId"],
@@ -446,7 +446,7 @@ class Test_workspaces_vpc_2private_1public_subnets_nat:
WorkSpace(
id=WORKSPACE_ID,
arn=WORKSPACE_ARN,
region=AWS_REGION,
region=AWS_REGION_EU_WEST_1,
user_volume_encryption_enabled=True,
root_volume_encryption_enabled=True,
subnet_id=subnet_private["Subnet"]["SubnetId"],
@@ -481,4 +481,4 @@ class Test_workspaces_vpc_2private_1public_subnets_nat:
)
assert result[0].resource_id == WORKSPACE_ID
assert result[0].resource_arn == WORKSPACE_ARN
assert result[0].region == AWS_REGION
assert result[0].region == AWS_REGION_EU_WEST_1