From 9b6d6c3a4252bce8fc61dd3f2c5dc2fe4d0d2626 Mon Sep 17 00:00:00 2001 From: Nacho Rivera Date: Tue, 5 Dec 2023 09:32:13 +0100 Subject: [PATCH] test(audit_info): refactor workspaces (#3112) --- .../workspaces/workspaces_service_test.py | 59 +++++-------------- ...rkspaces_volume_encryption_enabled_test.py | 28 ++++----- ...s_vpc_2private_1public_subnets_nat_test.py | 58 +++++++++--------- 3 files changed, 57 insertions(+), 88 deletions(-) diff --git a/tests/providers/aws/services/workspaces/workspaces_service_test.py b/tests/providers/aws/services/workspaces/workspaces_service_test.py index 347d18ff..c5cd07f0 100644 --- a/tests/providers/aws/services/workspaces/workspaces_service_test.py +++ b/tests/providers/aws/services/workspaces/workspaces_service_test.py @@ -2,15 +2,12 @@ from unittest.mock import patch from uuid import uuid4 import botocore -from boto3 import session -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info from prowler.providers.aws.services.workspaces.workspaces_service import WorkSpaces -from prowler.providers.common.models import Audit_Metadata - -AWS_ACCOUNT_NUMBER = "123456789012" -AWS_REGION = "eu-west-1" - +from tests.providers.aws.audit_info_utils import ( + AWS_REGION_EU_WEST_1, + set_mocked_aws_audit_info, +) workspace_id = str(uuid4()) @@ -39,9 +36,11 @@ def mock_make_api_call(self, operation_name, kwarg): def mock_generate_regional_clients(service, audit_info, _): - regional_client = audit_info.audit_session.client(service, region_name=AWS_REGION) - regional_client.region = AWS_REGION - return {AWS_REGION: regional_client} + regional_client = audit_info.audit_session.client( + service, region_name=AWS_REGION_EU_WEST_1 + ) + regional_client.region = AWS_REGION_EU_WEST_1 + return {AWS_REGION_EU_WEST_1: regional_client} @patch("botocore.client.BaseClient._make_api_call", new=mock_make_api_call) @@ -50,63 +49,33 @@ def mock_generate_regional_clients(service, audit_info, _): new=mock_generate_regional_clients, ) class Test_WorkSpaces_Service: - # Mocked Audit Info - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - ), - audited_account=AWS_ACCOUNT_NUMBER, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region=None, - credentials=None, - assumed_role_info=None, - audited_regions=None, - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - return audit_info # Test WorkSpaces Service def test_service(self): - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1]) workspaces = WorkSpaces(audit_info) assert workspaces.service == "workspaces" # Test WorkSpaces client def test_client(self): - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1]) workspaces = WorkSpaces(audit_info) for reg_client in workspaces.regional_clients.values(): assert reg_client.__class__.__name__ == "WorkSpaces" # Test WorkSpaces session def test__get_session__(self): - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1]) workspaces = WorkSpaces(audit_info) assert workspaces.session.__class__.__name__ == "Session" # Test WorkSpaces describe workspaces def test__describe_workspaces__(self): - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1]) workspaces = WorkSpaces(audit_info) assert len(workspaces.workspaces) == 1 assert workspaces.workspaces[0].id == workspace_id - assert workspaces.workspaces[0].region == AWS_REGION + assert workspaces.workspaces[0].region == AWS_REGION_EU_WEST_1 assert workspaces.workspaces[0].tags == [ {"Key": "test", "Value": "test"}, ] diff --git a/tests/providers/aws/services/workspaces/workspaces_volume_encryption_enabled/workspaces_volume_encryption_enabled_test.py b/tests/providers/aws/services/workspaces/workspaces_volume_encryption_enabled/workspaces_volume_encryption_enabled_test.py index d92d40db..5ae74c3f 100644 --- a/tests/providers/aws/services/workspaces/workspaces_volume_encryption_enabled/workspaces_volume_encryption_enabled_test.py +++ b/tests/providers/aws/services/workspaces/workspaces_volume_encryption_enabled/workspaces_volume_encryption_enabled_test.py @@ -3,14 +3,14 @@ from unittest import mock from uuid import uuid4 from prowler.providers.aws.services.workspaces.workspaces_service import WorkSpace - -AWS_REGION = "eu-west-1" -AWS_ACCOUNT_NUMBER = "123456789012" -WORKSPACE_ID = str(uuid4()) -WORKSPACE_ARN = ( - f"arn:aws:workspaces:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:workspace/{WORKSPACE_ID}" +from tests.providers.aws.audit_info_utils import ( + AWS_ACCOUNT_NUMBER, + AWS_REGION_EU_WEST_1, ) +WORKSPACE_ID = str(uuid4()) +WORKSPACE_ARN = f"arn:aws:workspaces:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:workspace/{WORKSPACE_ID}" + class Test_workspaces_volume_encryption_enabled: def test_no_workspaces(self): @@ -38,7 +38,7 @@ class Test_workspaces_volume_encryption_enabled: WorkSpace( id=WORKSPACE_ID, arn=WORKSPACE_ARN, - region=AWS_REGION, + region=AWS_REGION_EU_WEST_1, user_volume_encryption_enabled=True, root_volume_encryption_enabled=True, subnet_id="subnet-12345678", @@ -64,7 +64,7 @@ class Test_workspaces_volume_encryption_enabled: ) assert result[0].resource_id == WORKSPACE_ID assert result[0].resource_arn == WORKSPACE_ARN - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_EU_WEST_1 def test_workspaces_user_not_encrypted(self): workspaces_client = mock.MagicMock @@ -73,7 +73,7 @@ class Test_workspaces_volume_encryption_enabled: WorkSpace( id=WORKSPACE_ID, arn=WORKSPACE_ARN, - region=AWS_REGION, + region=AWS_REGION_EU_WEST_1, user_volume_encryption_enabled=False, root_volume_encryption_enabled=True, subnet_id="subnet-12345678", @@ -97,7 +97,7 @@ class Test_workspaces_volume_encryption_enabled: assert search("user unencrypted volumes", result[0].status_extended) assert result[0].resource_id == WORKSPACE_ID assert result[0].resource_arn == WORKSPACE_ARN - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_EU_WEST_1 def test_workspaces_root_not_encrypted(self): workspaces_client = mock.MagicMock @@ -106,7 +106,7 @@ class Test_workspaces_volume_encryption_enabled: WorkSpace( id=WORKSPACE_ID, arn=WORKSPACE_ARN, - region=AWS_REGION, + region=AWS_REGION_EU_WEST_1, user_volume_encryption_enabled=True, root_volume_encryption_enabled=False, subnet_id="subnet-12345678", @@ -130,7 +130,7 @@ class Test_workspaces_volume_encryption_enabled: assert search("root unencrypted volumes", result[0].status_extended) assert result[0].resource_id == WORKSPACE_ID assert result[0].resource_arn == WORKSPACE_ARN - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_EU_WEST_1 def test_workspaces_user_and_root_not_encrypted(self): workspaces_client = mock.MagicMock @@ -139,7 +139,7 @@ class Test_workspaces_volume_encryption_enabled: WorkSpace( id=WORKSPACE_ID, arn=WORKSPACE_ARN, - region=AWS_REGION, + region=AWS_REGION_EU_WEST_1, user_volume_encryption_enabled=False, root_volume_encryption_enabled=False, subnet_id="subnet-12345678", @@ -165,4 +165,4 @@ class Test_workspaces_volume_encryption_enabled: ) assert result[0].resource_id == WORKSPACE_ID assert result[0].resource_arn == WORKSPACE_ARN - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_EU_WEST_1 diff --git a/tests/providers/aws/services/workspaces/workspaces_vpc_2private_1public_subnets_nat/workspaces_vpc_2private_1public_subnets_nat_test.py b/tests/providers/aws/services/workspaces/workspaces_vpc_2private_1public_subnets_nat/workspaces_vpc_2private_1public_subnets_nat_test.py index 4633c500..3181467b 100644 --- a/tests/providers/aws/services/workspaces/workspaces_vpc_2private_1public_subnets_nat/workspaces_vpc_2private_1public_subnets_nat_test.py +++ b/tests/providers/aws/services/workspaces/workspaces_vpc_2private_1public_subnets_nat/workspaces_vpc_2private_1public_subnets_nat_test.py @@ -8,14 +8,14 @@ from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info from prowler.providers.aws.services.vpc.vpc_service import VPC from prowler.providers.aws.services.workspaces.workspaces_service import WorkSpace from prowler.providers.common.models import Audit_Metadata - -AWS_REGION = "eu-west-1" -AWS_ACCOUNT_NUMBER = "123456789012" -WORKSPACE_ID = str(uuid4()) -WORKSPACE_ARN = ( - f"arn:aws:workspaces:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:workspace/{WORKSPACE_ID}" +from tests.providers.aws.audit_info_utils import ( + AWS_ACCOUNT_NUMBER, + AWS_REGION_EU_WEST_1, ) +WORKSPACE_ID = str(uuid4()) +WORKSPACE_ARN = f"arn:aws:workspaces:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:workspace/{WORKSPACE_ID}" + class Test_workspaces_vpc_2private_1public_subnets_nat: def set_mocked_audit_info(self): @@ -78,7 +78,7 @@ class Test_workspaces_vpc_2private_1public_subnets_nat: WorkSpace( id=WORKSPACE_ID, arn=WORKSPACE_ARN, - region=AWS_REGION, + region=AWS_REGION_EU_WEST_1, user_volume_encryption_enabled=True, root_volume_encryption_enabled=True, ) @@ -112,12 +112,12 @@ class Test_workspaces_vpc_2private_1public_subnets_nat: ) assert result[0].resource_id == WORKSPACE_ID assert result[0].resource_arn == WORKSPACE_ARN - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_EU_WEST_1 @mock_ec2 def test_workspaces_vpc_one_private_subnet(self): # EC2 Client - ec2_client = client("ec2", region_name=AWS_REGION) + ec2_client = client("ec2", region_name=AWS_REGION_EU_WEST_1) vpc = ec2_client.create_vpc( CidrBlock="172.28.7.0/24", InstanceTenancy="default" ) @@ -125,7 +125,7 @@ class Test_workspaces_vpc_2private_1public_subnets_nat: subnet_private = ec2_client.create_subnet( VpcId=vpc["Vpc"]["VpcId"], CidrBlock="172.28.7.0/26", - AvailabilityZone=f"{AWS_REGION}a", + AvailabilityZone=f"{AWS_REGION_EU_WEST_1}a", ) route_table_private = ec2_client.create_route_table( VpcId=vpc["Vpc"]["VpcId"], @@ -145,7 +145,7 @@ class Test_workspaces_vpc_2private_1public_subnets_nat: WorkSpace( id=WORKSPACE_ID, arn=WORKSPACE_ARN, - region=AWS_REGION, + region=AWS_REGION_EU_WEST_1, user_volume_encryption_enabled=True, root_volume_encryption_enabled=True, subnet_id=subnet_private["Subnet"]["SubnetId"], @@ -180,12 +180,12 @@ class Test_workspaces_vpc_2private_1public_subnets_nat: ) assert result[0].resource_id == WORKSPACE_ID assert result[0].resource_arn == WORKSPACE_ARN - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_EU_WEST_1 @mock_ec2 def test_workspaces_vpc_two_private_subnet(self): # EC2 Client - ec2_client = client("ec2", region_name=AWS_REGION) + ec2_client = client("ec2", region_name=AWS_REGION_EU_WEST_1) vpc = ec2_client.create_vpc( CidrBlock="172.28.7.0/24", InstanceTenancy="default" ) @@ -193,7 +193,7 @@ class Test_workspaces_vpc_2private_1public_subnets_nat: subnet_private = ec2_client.create_subnet( VpcId=vpc["Vpc"]["VpcId"], CidrBlock="172.28.7.0/26", - AvailabilityZone=f"{AWS_REGION}a", + AvailabilityZone=f"{AWS_REGION_EU_WEST_1}a", ) route_table_private = ec2_client.create_route_table( VpcId=vpc["Vpc"]["VpcId"], @@ -210,7 +210,7 @@ class Test_workspaces_vpc_2private_1public_subnets_nat: subnet_private_2 = ec2_client.create_subnet( VpcId=vpc["Vpc"]["VpcId"], CidrBlock="172.28.7.64/26", - AvailabilityZone=f"{AWS_REGION}a", + AvailabilityZone=f"{AWS_REGION_EU_WEST_1}a", ) route_table_private_2 = ec2_client.create_route_table( VpcId=vpc["Vpc"]["VpcId"], @@ -230,7 +230,7 @@ class Test_workspaces_vpc_2private_1public_subnets_nat: WorkSpace( id=WORKSPACE_ID, arn=WORKSPACE_ARN, - region=AWS_REGION, + region=AWS_REGION_EU_WEST_1, user_volume_encryption_enabled=True, root_volume_encryption_enabled=True, subnet_id=subnet_private["Subnet"]["SubnetId"], @@ -265,12 +265,12 @@ class Test_workspaces_vpc_2private_1public_subnets_nat: ) assert result[0].resource_id == WORKSPACE_ID assert result[0].resource_arn == WORKSPACE_ARN - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_EU_WEST_1 @mock_ec2 def test_workspaces_vpc_two_private_subnet_one_public(self): # EC2 Client - ec2_client = client("ec2", region_name=AWS_REGION) + ec2_client = client("ec2", region_name=AWS_REGION_EU_WEST_1) vpc = ec2_client.create_vpc( CidrBlock="172.28.7.0/24", InstanceTenancy="default" ) @@ -278,7 +278,7 @@ class Test_workspaces_vpc_2private_1public_subnets_nat: subnet_private = ec2_client.create_subnet( VpcId=vpc["Vpc"]["VpcId"], CidrBlock="172.28.7.0/26", - AvailabilityZone=f"{AWS_REGION}a", + AvailabilityZone=f"{AWS_REGION_EU_WEST_1}a", ) route_table_private = ec2_client.create_route_table( VpcId=vpc["Vpc"]["VpcId"], @@ -295,7 +295,7 @@ class Test_workspaces_vpc_2private_1public_subnets_nat: subnet_private_2 = ec2_client.create_subnet( VpcId=vpc["Vpc"]["VpcId"], CidrBlock="172.28.7.64/26", - AvailabilityZone=f"{AWS_REGION}a", + AvailabilityZone=f"{AWS_REGION_EU_WEST_1}a", ) route_table_private_2 = ec2_client.create_route_table( VpcId=vpc["Vpc"]["VpcId"], @@ -312,7 +312,7 @@ class Test_workspaces_vpc_2private_1public_subnets_nat: subnet_public = ec2_client.create_subnet( VpcId=vpc["Vpc"]["VpcId"], CidrBlock="172.28.7.192/26", - AvailabilityZone=f"{AWS_REGION}a", + AvailabilityZone=f"{AWS_REGION_EU_WEST_1}a", ) route_table_public = ec2_client.create_route_table( VpcId=vpc["Vpc"]["VpcId"], @@ -334,7 +334,7 @@ class Test_workspaces_vpc_2private_1public_subnets_nat: WorkSpace( id=WORKSPACE_ID, arn=WORKSPACE_ARN, - region=AWS_REGION, + region=AWS_REGION_EU_WEST_1, user_volume_encryption_enabled=True, root_volume_encryption_enabled=True, subnet_id=subnet_private["Subnet"]["SubnetId"], @@ -369,12 +369,12 @@ class Test_workspaces_vpc_2private_1public_subnets_nat: ) assert result[0].resource_id == WORKSPACE_ID assert result[0].resource_arn == WORKSPACE_ARN - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_EU_WEST_1 @mock_ec2 def test_workspaces_vpc_two_private_subnet_one_public_and_nat(self): # EC2 Client - ec2_client = client("ec2", region_name=AWS_REGION) + ec2_client = client("ec2", region_name=AWS_REGION_EU_WEST_1) vpc = ec2_client.create_vpc( CidrBlock="172.28.7.0/24", InstanceTenancy="default" ) @@ -382,7 +382,7 @@ class Test_workspaces_vpc_2private_1public_subnets_nat: subnet_private = ec2_client.create_subnet( VpcId=vpc["Vpc"]["VpcId"], CidrBlock="172.28.7.0/26", - AvailabilityZone=f"{AWS_REGION}a", + AvailabilityZone=f"{AWS_REGION_EU_WEST_1}a", ) route_table_private = ec2_client.create_route_table( VpcId=vpc["Vpc"]["VpcId"], @@ -399,7 +399,7 @@ class Test_workspaces_vpc_2private_1public_subnets_nat: subnet_private_2 = ec2_client.create_subnet( VpcId=vpc["Vpc"]["VpcId"], CidrBlock="172.28.7.64/26", - AvailabilityZone=f"{AWS_REGION}a", + AvailabilityZone=f"{AWS_REGION_EU_WEST_1}a", ) route_table_private_2 = ec2_client.create_route_table( VpcId=vpc["Vpc"]["VpcId"], @@ -424,7 +424,7 @@ class Test_workspaces_vpc_2private_1public_subnets_nat: subnet_public = ec2_client.create_subnet( VpcId=vpc["Vpc"]["VpcId"], CidrBlock="172.28.7.192/26", - AvailabilityZone=f"{AWS_REGION}a", + AvailabilityZone=f"{AWS_REGION_EU_WEST_1}a", ) route_table_public = ec2_client.create_route_table( VpcId=vpc["Vpc"]["VpcId"], @@ -446,7 +446,7 @@ class Test_workspaces_vpc_2private_1public_subnets_nat: WorkSpace( id=WORKSPACE_ID, arn=WORKSPACE_ARN, - region=AWS_REGION, + region=AWS_REGION_EU_WEST_1, user_volume_encryption_enabled=True, root_volume_encryption_enabled=True, subnet_id=subnet_private["Subnet"]["SubnetId"], @@ -481,4 +481,4 @@ class Test_workspaces_vpc_2private_1public_subnets_nat: ) assert result[0].resource_id == WORKSPACE_ID assert result[0].resource_arn == WORKSPACE_ARN - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_EU_WEST_1