From a81cbbc32523f7667f4d45b7bba884055e3838b9 Mon Sep 17 00:00:00 2001 From: Nacho Rivera Date: Tue, 5 Dec 2023 15:59:53 +0100 Subject: [PATCH] test(audit_info): refactor iam (#3163) --- .../iam_administrator_access_with_mfa_test.py | 53 ++---- .../iam_avoid_root_usage_test.py | 56 ++----- ...olicy_no_administrative_privileges_test.py | 47 +----- .../iam_check_saml_providers_sts_test.py | 45 +----- ...olicy_no_administrative_privileges_test.py | 47 +----- ...olicy_no_administrative_privileges_test.py | 47 +----- ...olicy_no_administrative_privileges_test.py | 90 ++++------- ..._policy_permissive_role_assumption_test.py | 53 ++---- ...expired_server_certificates_stored_test.py | 47 +----- .../iam_no_root_access_key_test.py | 51 ++---- ...s_passwords_within_90_days_or_less_test.py | 57 ++----- .../iam_password_policy_lowercase_test.py | 53 ++---- ..._password_policy_minimum_length_14_test.py | 62 +++---- .../iam_password_policy_number_test.py | 58 ++----- .../iam_password_policy_reuse_24_test.py | 58 ++----- .../iam_password_policy_symbol_test.py | 58 ++----- .../iam_password_policy_uppercase_test.py | 58 ++----- ...policy_allows_privilege_escalation_test.py | 151 +++++++----------- ...cy_attached_only_to_group_or_roles_test.py | 61 ++----- ...olicy_no_full_access_to_cloudtrail_test.py | 45 +----- .../iam_policy_no_full_access_to_kms_test.py | 45 +----- ...am_role_administratoraccess_policy_test.py | 51 ++---- ...ross_account_readonlyaccess_policy_test.py | 51 ++---- ...service_confused_deputy_prevention_test.py | 53 ++---- .../iam_root_hardware_mfa_enabled_test.py | 50 ++---- .../iam_root_mfa_enabled_test.py | 48 ++---- .../iam_rotate_access_key_90_days_test.py | 64 ++------ .../iam_securityaudit_role_created_test.py | 45 +----- .../aws/services/iam/iam_service_test.py | 88 ++++------ .../iam_support_role_created_test.py | 48 ++---- .../iam_user_accesskey_unused_test.py | 71 +++----- .../iam_user_console_access_unused_test.py | 59 ++----- .../iam_user_hardware_mfa_enabled_test.py | 50 ++---- ...am_user_mfa_enabled_console_access_test.py | 53 ++---- ...m_user_no_setup_initial_access_key_test.py | 51 ++---- .../iam_user_two_active_access_key_test.py | 52 ++---- ...am_user_with_temporary_credentials_test.py | 29 ++-- 37 files changed, 551 insertions(+), 1554 deletions(-) diff --git a/tests/providers/aws/services/iam/iam_administrator_access_with_mfa/iam_administrator_access_with_mfa_test.py b/tests/providers/aws/services/iam/iam_administrator_access_with_mfa/iam_administrator_access_with_mfa_test.py index 90a01b10..371672b7 100644 --- a/tests/providers/aws/services/iam/iam_administrator_access_with_mfa/iam_administrator_access_with_mfa_test.py +++ b/tests/providers/aws/services/iam/iam_administrator_access_with_mfa/iam_administrator_access_with_mfa_test.py @@ -2,49 +2,16 @@ from json import dumps from re import search from unittest import mock -from boto3 import client, session +from boto3 import client from moto import mock_iam -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info -from prowler.providers.common.models import Audit_Metadata - -AWS_ACCOUNT_NUMBER = "123456789012" -AWS_REGION = "us-east-1" +from tests.providers.aws.audit_info_utils import ( + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, +) class Test_iam_administrator_access_with_mfa_test: - # Mocked Audit Info - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - region_name=AWS_REGION, - ), - audited_account=AWS_ACCOUNT_NUMBER, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region=AWS_REGION, - credentials=None, - assumed_role_info=None, - audited_regions=None, - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - return audit_info - @mock_iam def test_group_with_no_policies(self): iam = client("iam") @@ -54,7 +21,7 @@ class Test_iam_administrator_access_with_mfa_test: from prowler.providers.aws.services.iam.iam_service import IAM - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -97,7 +64,7 @@ class Test_iam_administrator_access_with_mfa_test: from prowler.providers.aws.services.iam.iam_service import IAM - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -135,7 +102,7 @@ class Test_iam_administrator_access_with_mfa_test: from prowler.providers.aws.services.iam.iam_service import IAM - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -175,7 +142,7 @@ class Test_iam_administrator_access_with_mfa_test: from prowler.providers.aws.services.iam.iam_service import IAM - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -239,7 +206,7 @@ class Test_iam_administrator_access_with_mfa_test: from prowler.providers.aws.services.iam.iam_service import IAM - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", diff --git a/tests/providers/aws/services/iam/iam_avoid_root_usage/iam_avoid_root_usage_test.py b/tests/providers/aws/services/iam/iam_avoid_root_usage/iam_avoid_root_usage_test.py index 6af56972..16b24b6f 100644 --- a/tests/providers/aws/services/iam/iam_avoid_root_usage/iam_avoid_root_usage_test.py +++ b/tests/providers/aws/services/iam/iam_avoid_root_usage/iam_avoid_root_usage_test.py @@ -3,49 +3,15 @@ from csv import DictReader from re import search from unittest import mock -from boto3 import session from moto import mock_iam -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info -from prowler.providers.common.models import Audit_Metadata - -AWS_ACCOUNT_NUMBER = "123456789012" -AWS_REGION = "us-east-1" +from tests.providers.aws.audit_info_utils import ( + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, +) class Test_iam_avoid_root_usage: - # Mocked Audit Info - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - region_name=AWS_REGION, - ), - audited_account=AWS_ACCOUNT_NUMBER, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region=AWS_REGION, - credentials=None, - assumed_role_info=None, - audited_regions=None, - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - return audit_info - @mock_iam def test_root_not_used(self): raw_credential_report = r"""user,arn,user_creation_time,password_enabled,password_last_used,password_last_changed,password_next_rotation,mfa_active,access_key_1_active,access_key_1_last_rotated,access_key_1_last_used_date,access_key_1_last_used_region,access_key_1_last_used_service,access_key_2_active,access_key_2_last_rotated,access_key_2_last_used_date,access_key_2_last_used_region,access_key_2_last_used_service,cert_1_active,cert_1_last_rotated,cert_2_active,cert_2_last_rotated @@ -56,7 +22,7 @@ class Test_iam_avoid_root_usage: from prowler.providers.aws.services.iam.iam_service import IAM - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -96,7 +62,7 @@ class Test_iam_avoid_root_usage: from prowler.providers.aws.services.iam.iam_service import IAM - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -136,7 +102,7 @@ class Test_iam_avoid_root_usage: from prowler.providers.aws.services.iam.iam_service import IAM - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -176,7 +142,7 @@ class Test_iam_avoid_root_usage: from prowler.providers.aws.services.iam.iam_service import IAM - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -216,7 +182,7 @@ class Test_iam_avoid_root_usage: from prowler.providers.aws.services.iam.iam_service import IAM - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -256,7 +222,7 @@ class Test_iam_avoid_root_usage: from prowler.providers.aws.services.iam.iam_service import IAM - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -296,7 +262,7 @@ class Test_iam_avoid_root_usage: from prowler.providers.aws.services.iam.iam_service import IAM - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", diff --git a/tests/providers/aws/services/iam/iam_aws_attached_policy_no_administrative_privileges/iam_aws_attached_policy_no_administrative_privileges_test.py b/tests/providers/aws/services/iam/iam_aws_attached_policy_no_administrative_privileges/iam_aws_attached_policy_no_administrative_privileges_test.py index 54c0a704..b563ca1d 100644 --- a/tests/providers/aws/services/iam/iam_aws_attached_policy_no_administrative_privileges/iam_aws_attached_policy_no_administrative_privileges_test.py +++ b/tests/providers/aws/services/iam/iam_aws_attached_policy_no_administrative_privileges/iam_aws_attached_policy_no_administrative_privileges_test.py @@ -1,47 +1,16 @@ from re import search from unittest import mock -from boto3 import client, session +from boto3 import client from moto import mock_iam -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info -from prowler.providers.common.models import Audit_Metadata - -AWS_ACCOUNT_NUMBER = "123456789012" +from tests.providers.aws.audit_info_utils import ( + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, +) class Test_iam_aws_attached_policy_no_administrative_privileges_test: - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - ), - audited_account=AWS_ACCOUNT_NUMBER, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region=None, - credentials=None, - assumed_role_info=None, - audited_regions=["us-east-1", "eu-west-1"], - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - - return audit_info - @mock_iam def test_policy_with_administrative_privileges(self): iam_client = client("iam") @@ -52,7 +21,7 @@ class Test_iam_aws_attached_policy_no_administrative_privileges_test: iam_client.attach_role_policy( PolicyArn="arn:aws:iam::aws:policy/AdministratorAccess", RoleName="my-role" ) - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( @@ -91,7 +60,7 @@ class Test_iam_aws_attached_policy_no_administrative_privileges_test: PolicyArn="arn:aws:iam::aws:policy/IAMUserChangePassword", RoleName="my-role", ) - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( @@ -133,7 +102,7 @@ class Test_iam_aws_attached_policy_no_administrative_privileges_test: PolicyArn="arn:aws:iam::aws:policy/IAMUserChangePassword", RoleName="my-role", ) - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( diff --git a/tests/providers/aws/services/iam/iam_check_saml_providers_sts/iam_check_saml_providers_sts_test.py b/tests/providers/aws/services/iam/iam_check_saml_providers_sts/iam_check_saml_providers_sts_test.py index 3f6d22cb..4ce086ad 100644 --- a/tests/providers/aws/services/iam/iam_check_saml_providers_sts/iam_check_saml_providers_sts_test.py +++ b/tests/providers/aws/services/iam/iam_check_saml_providers_sts/iam_check_saml_providers_sts_test.py @@ -1,48 +1,15 @@ from unittest import mock -from boto3 import client, session +from boto3 import client from moto import mock_iam -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info -from prowler.providers.common.models import Audit_Metadata - -AWS_ACCOUNT_NUMBER = "123456789012" -AWS_REGION = "us-east-1" +from tests.providers.aws.audit_info_utils import ( + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, +) class Test_iam_check_saml_providers_sts: - # Mocked Audit Info - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - region_name=AWS_REGION, - ), - audited_account=AWS_ACCOUNT_NUMBER, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region=AWS_REGION, - credentials=None, - assumed_role_info=None, - audited_regions=None, - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - return audit_info - @mock_iam def test_iam_check_saml_providers_sts(self): iam_client = client("iam") @@ -81,7 +48,7 @@ nTTxU4a7x1naFxzYXK1iQ1vMARKMjDb19QEJIEJKZlDK4uS7yMlf1nFS from prowler.providers.aws.services.iam.iam_service import IAM - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", diff --git a/tests/providers/aws/services/iam/iam_customer_attached_policy_no_administrative_privileges/iam_customer_attached_policy_no_administrative_privileges_test.py b/tests/providers/aws/services/iam/iam_customer_attached_policy_no_administrative_privileges/iam_customer_attached_policy_no_administrative_privileges_test.py index f7abda8f..7d5f6491 100644 --- a/tests/providers/aws/services/iam/iam_customer_attached_policy_no_administrative_privileges/iam_customer_attached_policy_no_administrative_privileges_test.py +++ b/tests/providers/aws/services/iam/iam_customer_attached_policy_no_administrative_privileges/iam_customer_attached_policy_no_administrative_privileges_test.py @@ -2,47 +2,16 @@ from json import dumps from re import search from unittest import mock -from boto3 import client, session +from boto3 import client from moto import mock_iam -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info -from prowler.providers.common.models import Audit_Metadata - -AWS_ACCOUNT_NUMBER = "123456789012" +from tests.providers.aws.audit_info_utils import ( + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, +) class Test_iam_customer_attached_policy_no_administrative_privileges_test: - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - ), - audited_account=AWS_ACCOUNT_NUMBER, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region=None, - credentials=None, - assumed_role_info=None, - audited_regions=["us-east-1", "eu-west-1"], - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - - return audit_info - @mock_iam def test_policy_administrative(self): iam_client = client("iam") @@ -60,7 +29,7 @@ class Test_iam_customer_attached_policy_no_administrative_privileges_test: PolicyName=policy_name, PolicyDocument=dumps(policy_document) )["Policy"]["Arn"] iam_client.attach_role_policy(PolicyArn=arn, RoleName="my-role") - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( @@ -102,7 +71,7 @@ class Test_iam_customer_attached_policy_no_administrative_privileges_test: PolicyName=policy_name, PolicyDocument=dumps(policy_document) )["Policy"]["Arn"] iam_client.attach_role_policy(PolicyArn=arn, RoleName="my-role") - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( @@ -159,7 +128,7 @@ class Test_iam_customer_attached_policy_no_administrative_privileges_test: PolicyArn=arn_non_administrative, RoleName="my-role" ) iam_client.attach_role_policy(PolicyArn=arn_administrative, RoleName="my-role") - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( diff --git a/tests/providers/aws/services/iam/iam_customer_unattached_policy_no_administrative_privileges/iam_customer_unattached_policy_no_administrative_privileges_test.py b/tests/providers/aws/services/iam/iam_customer_unattached_policy_no_administrative_privileges/iam_customer_unattached_policy_no_administrative_privileges_test.py index 3f1bdfd3..5f243638 100644 --- a/tests/providers/aws/services/iam/iam_customer_unattached_policy_no_administrative_privileges/iam_customer_unattached_policy_no_administrative_privileges_test.py +++ b/tests/providers/aws/services/iam/iam_customer_unattached_policy_no_administrative_privileges/iam_customer_unattached_policy_no_administrative_privileges_test.py @@ -2,47 +2,16 @@ from json import dumps from re import search from unittest import mock -from boto3 import client, session +from boto3 import client from moto import mock_iam -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info -from prowler.providers.common.models import Audit_Metadata - -AWS_ACCOUNT_NUMBER = "123456789012" +from tests.providers.aws.audit_info_utils import ( + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, +) class Test_iam_customer_unattached_policy_no_administrative_privileges_test: - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - ), - audited_account=AWS_ACCOUNT_NUMBER, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region=None, - credentials=None, - assumed_role_info=None, - audited_regions=["us-east-1", "eu-west-1"], - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - - return audit_info - @mock_iam def test_policy_administrative(self): iam_client = client("iam") @@ -57,7 +26,7 @@ class Test_iam_customer_unattached_policy_no_administrative_privileges_test: PolicyName=policy_name, PolicyDocument=dumps(policy_document) )["Policy"]["Arn"] - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( @@ -96,7 +65,7 @@ class Test_iam_customer_unattached_policy_no_administrative_privileges_test: PolicyName=policy_name, PolicyDocument=dumps(policy_document) )["Policy"]["Arn"] - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( @@ -147,7 +116,7 @@ class Test_iam_customer_unattached_policy_no_administrative_privileges_test: PolicyDocument=dumps(policy_document_administrative), )["Policy"]["Arn"] - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( diff --git a/tests/providers/aws/services/iam/iam_inline_policy_no_administrative_privileges/iam_inline_policy_no_administrative_privileges_test.py b/tests/providers/aws/services/iam/iam_inline_policy_no_administrative_privileges/iam_inline_policy_no_administrative_privileges_test.py index f60b0f74..e49b1b91 100644 --- a/tests/providers/aws/services/iam/iam_inline_policy_no_administrative_privileges/iam_inline_policy_no_administrative_privileges_test.py +++ b/tests/providers/aws/services/iam/iam_inline_policy_no_administrative_privileges/iam_inline_policy_no_administrative_privileges_test.py @@ -1,14 +1,14 @@ from json import dumps from unittest import mock -from boto3 import client, session +from boto3 import client from moto import mock_iam -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info -from prowler.providers.common.models import Audit_Metadata - -AWS_ACCOUNT_NUMBER = "123456789012" -AWS_REGION = "us-east-1" +from tests.providers.aws.audit_info_utils import ( + AWS_ACCOUNT_NUMBER, + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, +) INLINE_POLICY_ADMIN = { "Version": "2012-10-17", @@ -32,36 +32,6 @@ ASSUME_ROLE_POLICY_DOCUMENT = { class Test_iam_inline_policy_no_administrative_privileges: - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - ), - audited_account=AWS_ACCOUNT_NUMBER, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region=None, - credentials=None, - assumed_role_info=None, - audited_regions=[AWS_REGION], - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - - return audit_info # Groups @mock_iam @@ -73,7 +43,7 @@ class Test_iam_inline_policy_no_administrative_privileges: _ = iam_client.create_group(GroupName=group_name) # Audit Info - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM @@ -108,7 +78,7 @@ class Test_iam_inline_policy_no_administrative_privileges: PolicyDocument=dumps(INLINE_POLICY_ADMIN), ) # Audit Info - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM @@ -126,7 +96,7 @@ class Test_iam_inline_policy_no_administrative_privileges: check = iam_inline_policy_no_administrative_privileges() results = check.execute() assert len(results) == 1 - assert results[0].region == AWS_REGION + assert results[0].region == AWS_REGION_US_EAST_1 assert results[0].resource_arn == group_arn assert results[0].resource_id == f"{group_name}/{policy_name}" assert results[0].resource_tags == [] @@ -152,7 +122,7 @@ class Test_iam_inline_policy_no_administrative_privileges: PolicyDocument=dumps(INLINE_POLICY_NOT_ADMIN), ) # Audit Info - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM @@ -170,7 +140,7 @@ class Test_iam_inline_policy_no_administrative_privileges: check = iam_inline_policy_no_administrative_privileges() results = check.execute() assert len(results) == 1 - assert results[0].region == AWS_REGION + assert results[0].region == AWS_REGION_US_EAST_1 assert results[0].resource_arn == group_arn assert results[0].resource_id == f"{group_name}/{policy_name}" assert results[0].resource_tags == [] @@ -204,7 +174,7 @@ class Test_iam_inline_policy_no_administrative_privileges: PolicyDocument=dumps(INLINE_POLICY_ADMIN), ) # Audit Info - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM @@ -224,7 +194,7 @@ class Test_iam_inline_policy_no_administrative_privileges: assert len(results) == 2 for result in results: if result.resource_id == policy_name_admin: - assert result.region == AWS_REGION + assert result.region == AWS_REGION_US_EAST_1 assert result.resource_arn == group_arn assert result.resource_id == policy_name_admin assert result.resource_tags == [] @@ -235,7 +205,7 @@ class Test_iam_inline_policy_no_administrative_privileges: ) elif result.resource_id == policy_name_not_admin: - assert result.region == AWS_REGION + assert result.region == AWS_REGION_US_EAST_1 assert result.resource_arn == group_arn assert result.resource_id == policy_name_not_admin assert result.resource_tags == [] @@ -258,7 +228,7 @@ class Test_iam_inline_policy_no_administrative_privileges: ) # Audit Info - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM @@ -296,7 +266,7 @@ class Test_iam_inline_policy_no_administrative_privileges: PolicyDocument=dumps(INLINE_POLICY_ADMIN), ) # Audit Info - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM @@ -314,7 +284,7 @@ class Test_iam_inline_policy_no_administrative_privileges: check = iam_inline_policy_no_administrative_privileges() results = check.execute() assert len(results) == 1 - assert results[0].region == AWS_REGION + assert results[0].region == AWS_REGION_US_EAST_1 assert results[0].resource_arn == role_arn assert results[0].resource_id == f"{role_name}/{policy_name}" assert results[0].resource_tags == [] @@ -343,7 +313,7 @@ class Test_iam_inline_policy_no_administrative_privileges: PolicyDocument=dumps(INLINE_POLICY_NOT_ADMIN), ) # Audit Info - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM @@ -361,7 +331,7 @@ class Test_iam_inline_policy_no_administrative_privileges: check = iam_inline_policy_no_administrative_privileges() results = check.execute() assert len(results) == 1 - assert results[0].region == AWS_REGION + assert results[0].region == AWS_REGION_US_EAST_1 assert results[0].resource_arn == role_arn assert results[0].resource_id == f"{role_name}/{policy_name}" assert results[0].resource_tags == [] @@ -397,7 +367,7 @@ class Test_iam_inline_policy_no_administrative_privileges: PolicyDocument=dumps(INLINE_POLICY_ADMIN), ) # Audit Info - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM @@ -417,7 +387,7 @@ class Test_iam_inline_policy_no_administrative_privileges: assert len(results) == 2 for result in results: if result.resource_id == policy_name_admin: - assert result.region == AWS_REGION + assert result.region == AWS_REGION_US_EAST_1 assert result.resource_arn == role_arn assert result.resource_id == policy_name_admin assert result.resource_tags == [] @@ -428,7 +398,7 @@ class Test_iam_inline_policy_no_administrative_privileges: ) elif result.resource_id == policy_name_not_admin: - assert result.region == AWS_REGION + assert result.region == AWS_REGION_US_EAST_1 assert result.resource_arn == role_arn assert result.resource_id == policy_name_not_admin assert result.resource_tags == [] @@ -450,7 +420,7 @@ class Test_iam_inline_policy_no_administrative_privileges: ) # Audit Info - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM @@ -487,7 +457,7 @@ class Test_iam_inline_policy_no_administrative_privileges: PolicyDocument=dumps(INLINE_POLICY_ADMIN), ) # Audit Info - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM @@ -505,7 +475,7 @@ class Test_iam_inline_policy_no_administrative_privileges: check = iam_inline_policy_no_administrative_privileges() results = check.execute() assert len(results) == 1 - assert results[0].region == AWS_REGION + assert results[0].region == AWS_REGION_US_EAST_1 assert results[0].resource_arn == user_arn assert results[0].resource_id == f"{user_name}/{policy_name}" assert results[0].resource_tags == [] @@ -533,7 +503,7 @@ class Test_iam_inline_policy_no_administrative_privileges: PolicyDocument=dumps(INLINE_POLICY_NOT_ADMIN), ) # Audit Info - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM @@ -551,7 +521,7 @@ class Test_iam_inline_policy_no_administrative_privileges: check = iam_inline_policy_no_administrative_privileges() results = check.execute() assert len(results) == 1 - assert results[0].region == AWS_REGION + assert results[0].region == AWS_REGION_US_EAST_1 assert results[0].resource_arn == user_arn assert results[0].resource_id == f"{user_name}/{policy_name}" assert results[0].resource_tags == [] @@ -586,7 +556,7 @@ class Test_iam_inline_policy_no_administrative_privileges: PolicyDocument=dumps(INLINE_POLICY_ADMIN), ) # Audit Info - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM @@ -606,7 +576,7 @@ class Test_iam_inline_policy_no_administrative_privileges: assert len(results) == 2 for result in results: if result.resource_id == policy_name_admin: - assert result.region == AWS_REGION + assert result.region == AWS_REGION_US_EAST_1 assert result.resource_arn == user_arn assert result.resource_id == policy_name_admin assert result.resource_tags == [] @@ -617,7 +587,7 @@ class Test_iam_inline_policy_no_administrative_privileges: ) elif result.resource_id == policy_name_not_admin: - assert result.region == AWS_REGION + assert result.region == AWS_REGION_US_EAST_1 assert result.resource_arn == user_arn assert result.resource_id == policy_name_not_admin assert result.resource_tags == [] diff --git a/tests/providers/aws/services/iam/iam_no_custom_policy_permissive_role_assumption/iam_no_custom_policy_permissive_role_assumption_test.py b/tests/providers/aws/services/iam/iam_no_custom_policy_permissive_role_assumption/iam_no_custom_policy_permissive_role_assumption_test.py index bc1b0202..6898b2e7 100644 --- a/tests/providers/aws/services/iam/iam_no_custom_policy_permissive_role_assumption/iam_no_custom_policy_permissive_role_assumption_test.py +++ b/tests/providers/aws/services/iam/iam_no_custom_policy_permissive_role_assumption/iam_no_custom_policy_permissive_role_assumption_test.py @@ -2,49 +2,16 @@ from json import dumps from re import search from unittest import mock -from boto3 import client, session +from boto3 import client from moto import mock_iam -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info -from prowler.providers.common.models import Audit_Metadata - -AWS_ACCOUNT_NUMBER = "123456789012" -AWS_REGION = "us-east-1" +from tests.providers.aws.audit_info_utils import ( + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, +) class Test_iam_no_custom_policy_permissive_role_assumption: - # Mocked Audit Info - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - region_name=AWS_REGION, - ), - audited_account=AWS_ACCOUNT_NUMBER, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region=AWS_REGION, - credentials=None, - assumed_role_info=None, - audited_regions=None, - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - return audit_info - @mock_iam def test_policy_allows_permissive_role_assumption_wildcard(self): iam_client = client("iam") @@ -61,7 +28,7 @@ class Test_iam_no_custom_policy_permissive_role_assumption: from prowler.providers.aws.services.iam.iam_service import IAM - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -101,7 +68,7 @@ class Test_iam_no_custom_policy_permissive_role_assumption: from prowler.providers.aws.services.iam.iam_service import IAM - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -145,7 +112,7 @@ class Test_iam_no_custom_policy_permissive_role_assumption: from prowler.providers.aws.services.iam.iam_service import IAM - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -185,7 +152,7 @@ class Test_iam_no_custom_policy_permissive_role_assumption: from prowler.providers.aws.services.iam.iam_service import IAM - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -237,7 +204,7 @@ class Test_iam_no_custom_policy_permissive_role_assumption: from prowler.providers.aws.services.iam.iam_service import IAM - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", diff --git a/tests/providers/aws/services/iam/iam_no_expired_server_certificates_stored/iam_no_expired_server_certificates_stored_test.py b/tests/providers/aws/services/iam/iam_no_expired_server_certificates_stored/iam_no_expired_server_certificates_stored_test.py index 368a4863..7a83b551 100644 --- a/tests/providers/aws/services/iam/iam_no_expired_server_certificates_stored/iam_no_expired_server_certificates_stored_test.py +++ b/tests/providers/aws/services/iam/iam_no_expired_server_certificates_stored/iam_no_expired_server_certificates_stored_test.py @@ -1,54 +1,21 @@ from re import search from unittest import mock -from boto3 import client, session +from boto3 import client from moto import mock_iam -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info -from prowler.providers.common.models import Audit_Metadata - -AWS_ACCOUNT_NUMBER = "123456789012" -AWS_REGION = "us-east-1" +from tests.providers.aws.audit_info_utils import ( + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, +) class Test_iam_no_expired_server_certificates_stored_test: - # Mocked Audit Info - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - region_name=AWS_REGION, - ), - audited_account=AWS_ACCOUNT_NUMBER, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region=AWS_REGION, - credentials=None, - assumed_role_info=None, - audited_regions=None, - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - return audit_info - @mock_iam def test_no_certificates(self): from prowler.providers.aws.services.iam.iam_service import IAM - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -79,7 +46,7 @@ class Test_iam_no_expired_server_certificates_stored_test: from prowler.providers.aws.services.iam.iam_service import IAM - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", diff --git a/tests/providers/aws/services/iam/iam_no_root_access_key/iam_no_root_access_key_test.py b/tests/providers/aws/services/iam/iam_no_root_access_key/iam_no_root_access_key_test.py index 87e83e21..1887ed10 100644 --- a/tests/providers/aws/services/iam/iam_no_root_access_key/iam_no_root_access_key_test.py +++ b/tests/providers/aws/services/iam/iam_no_root_access_key/iam_no_root_access_key_test.py @@ -1,49 +1,16 @@ from re import search from unittest import mock -from boto3 import client, session +from boto3 import client from moto import mock_iam -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info -from prowler.providers.common.models import Audit_Metadata - -AWS_ACCOUNT_NUMBER = "123456789012" -AWS_REGION = "us-east-1" +from tests.providers.aws.audit_info_utils import ( + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, +) class Test_iam_no_root_access_key_test: - # Mocked Audit Info - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - region_name=AWS_REGION, - ), - audited_account=AWS_ACCOUNT_NUMBER, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region=AWS_REGION, - credentials=None, - assumed_role_info=None, - audited_regions=None, - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - return audit_info - @mock_iam def test_iam_root_no_access_keys(self): iam_client = client("iam") @@ -52,7 +19,7 @@ class Test_iam_no_root_access_key_test: from prowler.providers.aws.services.iam.iam_service import IAM - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -95,7 +62,7 @@ class Test_iam_no_root_access_key_test: from prowler.providers.aws.services.iam.iam_service import IAM - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -138,7 +105,7 @@ class Test_iam_no_root_access_key_test: from prowler.providers.aws.services.iam.iam_service import IAM - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -181,7 +148,7 @@ class Test_iam_no_root_access_key_test: from prowler.providers.aws.services.iam.iam_service import IAM - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", diff --git a/tests/providers/aws/services/iam/iam_password_policy_expires_passwords_within_90_days_or_less/iam_password_policy_expires_passwords_within_90_days_or_less_test.py b/tests/providers/aws/services/iam/iam_password_policy_expires_passwords_within_90_days_or_less/iam_password_policy_expires_passwords_within_90_days_or_less_test.py index cd0cc930..46425973 100644 --- a/tests/providers/aws/services/iam/iam_password_policy_expires_passwords_within_90_days_or_less/iam_password_policy_expires_passwords_within_90_days_or_less_test.py +++ b/tests/providers/aws/services/iam/iam_password_policy_expires_passwords_within_90_days_or_less/iam_password_policy_expires_passwords_within_90_days_or_less_test.py @@ -1,55 +1,22 @@ from re import search from unittest import mock -from boto3 import session from moto import mock_iam -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info -from prowler.providers.common.models import Audit_Metadata - -AWS_ACCOUNT_NUMBER = "123456789012" -AWS_REGION = "us-east-1" -AWS_ACCOUNT_ARN = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" +from tests.providers.aws.audit_info_utils import ( + AWS_ACCOUNT_ARN, + AWS_ACCOUNT_NUMBER, + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, +) class Test_iam_password_policy_expires_passwords_within_90_days_or_less: - # Mocked Audit Info - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - region_name=AWS_REGION, - ), - audited_account=AWS_ACCOUNT_NUMBER, - audited_account_arn=AWS_ACCOUNT_ARN, - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region=AWS_REGION, - credentials=None, - assumed_role_info=None, - audited_regions=None, - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - return audit_info - @mock_iam def test_password_expiration_lower_90(self): from prowler.providers.aws.services.iam.iam_service import IAM, PasswordPolicy - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -81,7 +48,7 @@ class Test_iam_password_policy_expires_passwords_within_90_days_or_less: assert result[0].status == "PASS" assert result[0].resource_id == AWS_ACCOUNT_NUMBER assert result[0].resource_arn == AWS_ACCOUNT_ARN - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 assert search( "Password expiration is set lower than 90 days", result[0].status_extended, @@ -91,7 +58,7 @@ class Test_iam_password_policy_expires_passwords_within_90_days_or_less: def test_password_expiration_greater_90(self): from prowler.providers.aws.services.iam.iam_service import IAM, PasswordPolicy - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -123,7 +90,7 @@ class Test_iam_password_policy_expires_passwords_within_90_days_or_less: assert result[0].status == "FAIL" assert result[0].resource_id == AWS_ACCOUNT_NUMBER assert result[0].resource_arn == AWS_ACCOUNT_ARN - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 assert search( "Password expiration is set greater than 90 days", result[0].status_extended, @@ -133,7 +100,7 @@ class Test_iam_password_policy_expires_passwords_within_90_days_or_less: def test_password_expiration_just_90(self): from prowler.providers.aws.services.iam.iam_service import IAM, PasswordPolicy - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -165,7 +132,7 @@ class Test_iam_password_policy_expires_passwords_within_90_days_or_less: assert result[0].status == "PASS" assert result[0].resource_id == AWS_ACCOUNT_NUMBER assert result[0].resource_arn == AWS_ACCOUNT_ARN - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 assert search( "Password expiration is set lower than 90 days", result[0].status_extended, diff --git a/tests/providers/aws/services/iam/iam_password_policy_lowercase/iam_password_policy_lowercase_test.py b/tests/providers/aws/services/iam/iam_password_policy_lowercase/iam_password_policy_lowercase_test.py index 547f82da..e1b3eb40 100644 --- a/tests/providers/aws/services/iam/iam_password_policy_lowercase/iam_password_policy_lowercase_test.py +++ b/tests/providers/aws/services/iam/iam_password_policy_lowercase/iam_password_policy_lowercase_test.py @@ -1,49 +1,18 @@ from re import search from unittest import mock -from boto3 import client, session +from boto3 import client from moto import mock_iam -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info -from prowler.providers.common.models import Audit_Metadata - -AWS_ACCOUNT_NUMBER = "123456789012" -AWS_REGION = "us-east-1" -AWS_ACCOUNT_ARN = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" +from tests.providers.aws.audit_info_utils import ( + AWS_ACCOUNT_ARN, + AWS_ACCOUNT_NUMBER, + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, +) class Test_iam_password_policy_lowercase: - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - ), - audited_account=AWS_ACCOUNT_NUMBER, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region=None, - credentials=None, - assumed_role_info=None, - audited_regions=["us-east-1", "eu-west-1"], - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - - return audit_info - @mock_iam def test_iam_password_policy_no_lowercase_flag(self): iam_client = client("iam") @@ -52,7 +21,7 @@ class Test_iam_password_policy_lowercase: from prowler.providers.aws.services.iam.iam_service import IAM - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -76,7 +45,7 @@ class Test_iam_password_policy_lowercase: ) assert result[0].resource_id == AWS_ACCOUNT_NUMBER assert result[0].resource_arn == AWS_ACCOUNT_ARN - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 @mock_iam def test_iam_password_policy_lowercase_flag(self): @@ -86,7 +55,7 @@ class Test_iam_password_policy_lowercase: from prowler.providers.aws.services.iam.iam_service import IAM - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -110,4 +79,4 @@ class Test_iam_password_policy_lowercase: ) assert result[0].resource_id == AWS_ACCOUNT_NUMBER assert result[0].resource_arn == AWS_ACCOUNT_ARN - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 diff --git a/tests/providers/aws/services/iam/iam_password_policy_minimum_length_14/iam_password_policy_minimum_length_14_test.py b/tests/providers/aws/services/iam/iam_password_policy_minimum_length_14/iam_password_policy_minimum_length_14_test.py index 6f6a4727..f59d18ae 100644 --- a/tests/providers/aws/services/iam/iam_password_policy_minimum_length_14/iam_password_policy_minimum_length_14_test.py +++ b/tests/providers/aws/services/iam/iam_password_policy_minimum_length_14/iam_password_policy_minimum_length_14_test.py @@ -1,48 +1,24 @@ from re import search from unittest import mock -from boto3 import client, session +from boto3 import client from moto import mock_iam -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info -from prowler.providers.common.models import Audit_Metadata - -AWS_ACCOUNT_NUMBER = "123456789012" -AWS_REGION = "us-east-1" -AWS_ACCOUNT_ARN = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" +from tests.providers.aws.audit_info_utils import ( + AWS_ACCOUNT_ARN, + AWS_ACCOUNT_NUMBER, + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, +) class Test_iam_password_policy_minimum_length_14: - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - ), - audited_account=AWS_ACCOUNT_NUMBER, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region=None, - credentials=None, - assumed_role_info=None, - audited_regions=["us-east-1", "eu-west-1"], - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - - return audit_info + from tests.providers.aws.audit_info_utils import ( + AWS_ACCOUNT_ARN, + AWS_ACCOUNT_NUMBER, + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, + ) @mock_iam def test_iam_password_policy_minimum_length_equal_14(self): @@ -52,7 +28,7 @@ class Test_iam_password_policy_minimum_length_14: from prowler.providers.aws.services.iam.iam_service import IAM - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -76,7 +52,7 @@ class Test_iam_password_policy_minimum_length_14: ) assert result[0].resource_id == AWS_ACCOUNT_NUMBER assert result[0].resource_arn == AWS_ACCOUNT_ARN - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 @mock_iam def test_iam_password_policy_minimum_length_greater_14(self): @@ -86,7 +62,7 @@ class Test_iam_password_policy_minimum_length_14: from prowler.providers.aws.services.iam.iam_service import IAM - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -110,7 +86,7 @@ class Test_iam_password_policy_minimum_length_14: ) assert result[0].resource_id == AWS_ACCOUNT_NUMBER assert result[0].resource_arn == AWS_ACCOUNT_ARN - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 @mock_iam def test_iam_password_policy_minimum_length_less_14(self): @@ -120,7 +96,7 @@ class Test_iam_password_policy_minimum_length_14: from prowler.providers.aws.services.iam.iam_service import IAM - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -144,4 +120,4 @@ class Test_iam_password_policy_minimum_length_14: ) assert result[0].resource_id == AWS_ACCOUNT_NUMBER assert result[0].resource_arn == AWS_ACCOUNT_ARN - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 diff --git a/tests/providers/aws/services/iam/iam_password_policy_number/iam_password_policy_number_test.py b/tests/providers/aws/services/iam/iam_password_policy_number/iam_password_policy_number_test.py index 2b3b1770..e3e81219 100644 --- a/tests/providers/aws/services/iam/iam_password_policy_number/iam_password_policy_number_test.py +++ b/tests/providers/aws/services/iam/iam_password_policy_number/iam_password_policy_number_test.py @@ -1,48 +1,24 @@ from re import search from unittest import mock -from boto3 import client, session +from boto3 import client from moto import mock_iam -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info -from prowler.providers.common.models import Audit_Metadata - -AWS_ACCOUNT_NUMBER = "123456789012" -AWS_REGION = "us-east-1" -AWS_ACCOUNT_ARN = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" +from tests.providers.aws.audit_info_utils import ( + AWS_ACCOUNT_ARN, + AWS_ACCOUNT_NUMBER, + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, +) class Test_iam_password_policy_number: - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - ), - audited_account=AWS_ACCOUNT_NUMBER, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region=None, - credentials=None, - assumed_role_info=None, - audited_regions=["us-east-1", "eu-west-1"], - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - - return audit_info + from tests.providers.aws.audit_info_utils import ( + AWS_ACCOUNT_ARN, + AWS_ACCOUNT_NUMBER, + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, + ) @mock_iam def test_iam_password_policy_no_number_flag(self): @@ -52,7 +28,7 @@ class Test_iam_password_policy_number: from prowler.providers.aws.services.iam.iam_service import IAM - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -76,7 +52,7 @@ class Test_iam_password_policy_number: ) assert result[0].resource_id == AWS_ACCOUNT_NUMBER assert result[0].resource_arn == AWS_ACCOUNT_ARN - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 @mock_iam def test_iam_password_policy_number_flag(self): @@ -86,7 +62,7 @@ class Test_iam_password_policy_number: from prowler.providers.aws.services.iam.iam_service import IAM - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -110,4 +86,4 @@ class Test_iam_password_policy_number: ) assert result[0].resource_id == AWS_ACCOUNT_NUMBER assert result[0].resource_arn == AWS_ACCOUNT_ARN - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 diff --git a/tests/providers/aws/services/iam/iam_password_policy_reuse_24/iam_password_policy_reuse_24_test.py b/tests/providers/aws/services/iam/iam_password_policy_reuse_24/iam_password_policy_reuse_24_test.py index 33bc631a..b1ac96b2 100644 --- a/tests/providers/aws/services/iam/iam_password_policy_reuse_24/iam_password_policy_reuse_24_test.py +++ b/tests/providers/aws/services/iam/iam_password_policy_reuse_24/iam_password_policy_reuse_24_test.py @@ -1,47 +1,23 @@ from unittest import mock -from boto3 import client, session +from boto3 import client from moto import mock_iam -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info -from prowler.providers.common.models import Audit_Metadata - -AWS_ACCOUNT_NUMBER = "123456789012" -AWS_REGION = "us-east-1" -AWS_ACCOUNT_ARN = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" +from tests.providers.aws.audit_info_utils import ( + AWS_ACCOUNT_ARN, + AWS_ACCOUNT_NUMBER, + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, +) class Test_iam_password_policy_reuse_24: - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - ), - audited_account=AWS_ACCOUNT_NUMBER, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region=None, - credentials=None, - assumed_role_info=None, - audited_regions=["us-east-1", "eu-west-1"], - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - - return audit_info + from tests.providers.aws.audit_info_utils import ( + AWS_ACCOUNT_ARN, + AWS_ACCOUNT_NUMBER, + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, + ) @mock_iam def test_iam_password_policy_reuse_prevention_equal_24(self): @@ -49,7 +25,7 @@ class Test_iam_password_policy_reuse_24: # update password policy iam_client.update_account_password_policy(PasswordReusePrevention=24) - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( @@ -74,7 +50,7 @@ class Test_iam_password_policy_reuse_24: ) assert result[0].resource_id == AWS_ACCOUNT_NUMBER assert result[0].resource_arn == AWS_ACCOUNT_ARN - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 @mock_iam def test_iam_password_policy_reuse_prevention_less_24(self): @@ -82,7 +58,7 @@ class Test_iam_password_policy_reuse_24: # update password policy iam_client.update_account_password_policy(PasswordReusePrevention=20) - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( @@ -107,4 +83,4 @@ class Test_iam_password_policy_reuse_24: ) assert result[0].resource_id == AWS_ACCOUNT_NUMBER assert result[0].resource_arn == AWS_ACCOUNT_ARN - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 diff --git a/tests/providers/aws/services/iam/iam_password_policy_symbol/iam_password_policy_symbol_test.py b/tests/providers/aws/services/iam/iam_password_policy_symbol/iam_password_policy_symbol_test.py index b652ab6f..35ece164 100644 --- a/tests/providers/aws/services/iam/iam_password_policy_symbol/iam_password_policy_symbol_test.py +++ b/tests/providers/aws/services/iam/iam_password_policy_symbol/iam_password_policy_symbol_test.py @@ -1,48 +1,24 @@ from re import search from unittest import mock -from boto3 import client, session +from boto3 import client from moto import mock_iam -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info -from prowler.providers.common.models import Audit_Metadata - -AWS_ACCOUNT_NUMBER = "123456789012" -AWS_REGION = "us-east-1" -AWS_ACCOUNT_ARN = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" +from tests.providers.aws.audit_info_utils import ( + AWS_ACCOUNT_ARN, + AWS_ACCOUNT_NUMBER, + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, +) class Test_iam_password_policy_symbol: - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - ), - audited_account=AWS_ACCOUNT_NUMBER, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region=None, - credentials=None, - assumed_role_info=None, - audited_regions=["us-east-1", "eu-west-1"], - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - - return audit_info + from tests.providers.aws.audit_info_utils import ( + AWS_ACCOUNT_ARN, + AWS_ACCOUNT_NUMBER, + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, + ) @mock_iam def test_iam_password_policy_no_symbol_flag(self): @@ -52,7 +28,7 @@ class Test_iam_password_policy_symbol: from prowler.providers.aws.services.iam.iam_service import IAM - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -76,7 +52,7 @@ class Test_iam_password_policy_symbol: ) assert result[0].resource_id == AWS_ACCOUNT_NUMBER assert result[0].resource_arn == AWS_ACCOUNT_ARN - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 @mock_iam def test_iam_password_policy_symbol_flag(self): @@ -86,7 +62,7 @@ class Test_iam_password_policy_symbol: from prowler.providers.aws.services.iam.iam_service import IAM - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -110,4 +86,4 @@ class Test_iam_password_policy_symbol: ) assert result[0].resource_id == AWS_ACCOUNT_NUMBER assert result[0].resource_arn == AWS_ACCOUNT_ARN - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 diff --git a/tests/providers/aws/services/iam/iam_password_policy_uppercase/iam_password_policy_uppercase_test.py b/tests/providers/aws/services/iam/iam_password_policy_uppercase/iam_password_policy_uppercase_test.py index 767c46e4..7403202b 100644 --- a/tests/providers/aws/services/iam/iam_password_policy_uppercase/iam_password_policy_uppercase_test.py +++ b/tests/providers/aws/services/iam/iam_password_policy_uppercase/iam_password_policy_uppercase_test.py @@ -1,47 +1,23 @@ from unittest import mock -from boto3 import client, session +from boto3 import client from moto import mock_iam -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info -from prowler.providers.common.models import Audit_Metadata - -AWS_ACCOUNT_NUMBER = "123456789012" -AWS_REGION = "us-east-1" -AWS_ACCOUNT_ARN = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" +from tests.providers.aws.audit_info_utils import ( + AWS_ACCOUNT_ARN, + AWS_ACCOUNT_NUMBER, + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, +) class Test_iam_password_policy_uppercase: - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - ), - audited_account=AWS_ACCOUNT_NUMBER, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region=None, - credentials=None, - assumed_role_info=None, - audited_regions=["us-east-1", "eu-west-1"], - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - - return audit_info + from tests.providers.aws.audit_info_utils import ( + AWS_ACCOUNT_ARN, + AWS_ACCOUNT_NUMBER, + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, + ) @mock_iam def test_iam_password_policy_no_uppercase_flag(self): @@ -49,7 +25,7 @@ class Test_iam_password_policy_uppercase: # update password policy iam_client.update_account_password_policy(RequireUppercaseCharacters=False) - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( @@ -74,7 +50,7 @@ class Test_iam_password_policy_uppercase: ) assert result[0].resource_id == AWS_ACCOUNT_NUMBER assert result[0].resource_arn == AWS_ACCOUNT_ARN - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 @mock_iam def test_iam_password_policy_uppercase_flag(self): @@ -82,7 +58,7 @@ class Test_iam_password_policy_uppercase: # update password policy iam_client.update_account_password_policy(RequireUppercaseCharacters=True) - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( @@ -107,4 +83,4 @@ class Test_iam_password_policy_uppercase: ) assert result[0].resource_id == AWS_ACCOUNT_NUMBER assert result[0].resource_arn == AWS_ACCOUNT_ARN - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 diff --git a/tests/providers/aws/services/iam/iam_policy_allows_privilege_escalation/iam_policy_allows_privilege_escalation_test.py b/tests/providers/aws/services/iam/iam_policy_allows_privilege_escalation/iam_policy_allows_privilege_escalation_test.py index 1b32aabd..4f1fe1ef 100644 --- a/tests/providers/aws/services/iam/iam_policy_allows_privilege_escalation/iam_policy_allows_privilege_escalation_test.py +++ b/tests/providers/aws/services/iam/iam_policy_allows_privilege_escalation/iam_policy_allows_privilege_escalation_test.py @@ -2,14 +2,14 @@ from json import dumps from re import search from unittest import mock -from boto3 import client, session +from boto3 import client from moto import mock_iam -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info -from prowler.providers.common.models import Audit_Metadata - -AWS_REGION = "us-east-1" -AWS_ACCOUNT_NUMBER = "123456789012" +from tests.providers.aws.audit_info_utils import ( + AWS_ACCOUNT_NUMBER, + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, +) # Keep this up-to-date with the check's actions that allows for privilege escalation privilege_escalation_policies_combination = { @@ -84,40 +84,16 @@ privilege_escalation_policies_combination = { class Test_iam_policy_allows_privilege_escalation: - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - ), - audited_account=AWS_ACCOUNT_NUMBER, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region=None, - credentials=None, - assumed_role_info=None, - audited_regions=["us-east-1", "eu-west-1"], - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - - return audit_info + from tests.providers.aws.audit_info_utils import ( + AWS_ACCOUNT_ARN, + AWS_ACCOUNT_NUMBER, + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, + ) # @mock_iam # def test_iam_policy_allows_privilege_escalation_sts(self): - # iam_client = client("iam", region_name=AWS_REGION) + # iam_client = client("iam", region_name=AWS_REGION_US_EAST_1) # policy_name = "policy1" # policy_document = { # "Version": "2012-10-17", @@ -128,10 +104,8 @@ class Test_iam_policy_allows_privilege_escalation: # policy_arn = iam_client.create_policy( # PolicyName=policy_name, PolicyDocument=dumps(policy_document) # )["Policy"]["Arn"] - - # current_audit_info = self.set_mocked_audit_info() + # set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) # from prowler.providers.aws.services.iam.iam_service import IAM - # with mock.patch( # "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", # new=current_audit_info, @@ -143,7 +117,6 @@ class Test_iam_policy_allows_privilege_escalation: # from prowler.providers.aws.services.iam.iam_policy_allows_privilege_escalation.iam_policy_allows_privilege_escalation import ( # iam_policy_allows_privilege_escalation, # ) - # check = iam_policy_allows_privilege_escalation() # result = check.execute() # assert len(result) == 1 @@ -157,7 +130,7 @@ class Test_iam_policy_allows_privilege_escalation: @mock_iam def test_iam_policy_not_allows_privilege_escalation(self): - iam_client = client("iam", region_name=AWS_REGION) + iam_client = client("iam", region_name=AWS_REGION_US_EAST_1) policy_name = "policy1" policy_document = { "Version": "2012-10-17", @@ -171,7 +144,7 @@ class Test_iam_policy_allows_privilege_escalation: PolicyName=policy_name, PolicyDocument=dumps(policy_document) )["Policy"]["Arn"] - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( @@ -196,12 +169,12 @@ class Test_iam_policy_allows_privilege_escalation: ) assert result[0].resource_id == policy_name assert result[0].resource_arn == policy_arn - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 assert result[0].resource_tags == [] @mock_iam def test_iam_policy_not_allows_privilege_escalation_glue_GetDevEndpoints(self): - iam_client = client("iam", region_name=AWS_REGION) + iam_client = client("iam", region_name=AWS_REGION_US_EAST_1) policy_name = "policy1" policy_document = { "Version": "2012-10-17", @@ -219,7 +192,7 @@ class Test_iam_policy_allows_privilege_escalation: PolicyName=policy_name, PolicyDocument=dumps(policy_document) )["Policy"]["Arn"] - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( @@ -244,12 +217,12 @@ class Test_iam_policy_allows_privilege_escalation: ) assert result[0].resource_id == policy_name assert result[0].resource_arn == policy_arn - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 assert result[0].resource_tags == [] @mock_iam def test_iam_policy_not_allows_privilege_escalation_dynamodb_PutItem(self): - iam_client = client("iam", region_name=AWS_REGION) + iam_client = client("iam", region_name=AWS_REGION_US_EAST_1) policy_name = "policy1" policy_document = { "Version": "2012-10-17", @@ -278,7 +251,7 @@ class Test_iam_policy_allows_privilege_escalation: PolicyName=policy_name, PolicyDocument=dumps(policy_document) )["Policy"]["Arn"] - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( @@ -303,14 +276,14 @@ class Test_iam_policy_allows_privilege_escalation: ) assert result[0].resource_id == policy_name assert result[0].resource_arn == policy_arn - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 assert result[0].resource_tags == [] @mock_iam def test_iam_policy_allows_privilege_escalation_iam_all_and_ec2_RunInstances( self, ): - iam_client = client("iam", region_name=AWS_REGION) + iam_client = client("iam", region_name=AWS_REGION_US_EAST_1) policy_name = "policy1" policy_document = { "Version": "2012-10-17", @@ -333,7 +306,7 @@ class Test_iam_policy_allows_privilege_escalation: PolicyName=policy_name, PolicyDocument=dumps(policy_document) )["Policy"]["Arn"] - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( @@ -354,7 +327,7 @@ class Test_iam_policy_allows_privilege_escalation: assert result[0].status == "FAIL" assert result[0].resource_id == policy_name assert result[0].resource_arn == policy_arn - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 assert result[0].resource_tags == [] assert search( @@ -368,7 +341,7 @@ class Test_iam_policy_allows_privilege_escalation: def test_iam_policy_allows_privilege_escalation_iam_PassRole( self, ): - iam_client = client("iam", region_name=AWS_REGION) + iam_client = client("iam", region_name=AWS_REGION_US_EAST_1) policy_name = "policy1" policy_document = { "Version": "2012-10-17", @@ -384,7 +357,7 @@ class Test_iam_policy_allows_privilege_escalation: PolicyName=policy_name, PolicyDocument=dumps(policy_document) )["Policy"]["Arn"] - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( @@ -405,7 +378,7 @@ class Test_iam_policy_allows_privilege_escalation: assert result[0].status == "FAIL" assert result[0].resource_id == policy_name assert result[0].resource_arn == policy_arn - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 assert result[0].resource_tags == [] assert search( @@ -418,7 +391,7 @@ class Test_iam_policy_allows_privilege_escalation: def test_iam_policy_allows_privilege_escalation_two_combinations( self, ): - iam_client = client("iam", region_name=AWS_REGION) + iam_client = client("iam", region_name=AWS_REGION_US_EAST_1) policy_name = "policy1" policy_document = { "Version": "2012-10-17", @@ -453,7 +426,7 @@ class Test_iam_policy_allows_privilege_escalation: PolicyName=policy_name, PolicyDocument=dumps(policy_document) )["Policy"]["Arn"] - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( @@ -474,7 +447,7 @@ class Test_iam_policy_allows_privilege_escalation: assert result[0].status == "FAIL" assert result[0].resource_id == policy_name assert result[0].resource_arn == policy_arn - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 assert result[0].resource_tags == [] assert search( @@ -490,7 +463,7 @@ class Test_iam_policy_allows_privilege_escalation: def test_iam_policy_allows_privilege_escalation_iam_PassRole_and_other_actions( self, ): - iam_client = client("iam", region_name=AWS_REGION) + iam_client = client("iam", region_name=AWS_REGION_US_EAST_1) policy_name = "policy1" policy_document = { "Version": "2012-10-17", @@ -511,7 +484,7 @@ class Test_iam_policy_allows_privilege_escalation: PolicyName=policy_name, PolicyDocument=dumps(policy_document) )["Policy"]["Arn"] - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( @@ -532,7 +505,7 @@ class Test_iam_policy_allows_privilege_escalation: assert result[0].status == "FAIL" assert result[0].resource_id == policy_name assert result[0].resource_arn == policy_arn - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 assert result[0].resource_tags == [] assert search( @@ -545,8 +518,8 @@ class Test_iam_policy_allows_privilege_escalation: def test_iam_policy_allows_privilege_escalation_policies_combination( self, ): - current_audit_info = self.set_mocked_audit_info() - iam_client = client("iam", region_name=AWS_REGION) + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) + iam_client = client("iam", region_name=AWS_REGION_US_EAST_1) policy_name = "privileged_policy" for values in privilege_escalation_policies_combination.values(): print(list(values)) @@ -585,7 +558,7 @@ class Test_iam_policy_allows_privilege_escalation: assert result[0].status == "FAIL" assert result[0].resource_id == policy_name assert result[0].resource_arn == policy_arn - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 assert result[0].resource_tags == [] assert search( @@ -604,8 +577,8 @@ class Test_iam_policy_allows_privilege_escalation: def test_iam_policy_allows_privilege_escalation_two_policies_one_good_one_bad( self, ): - current_audit_info = self.set_mocked_audit_info() - iam_client = client("iam", region_name=AWS_REGION) + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) + iam_client = client("iam", region_name=AWS_REGION_US_EAST_1) policy_name_1 = "privileged_policy_1" policy_document_1 = { "Version": "2012-10-17", @@ -672,7 +645,7 @@ class Test_iam_policy_allows_privilege_escalation: assert finding.status == "PASS" assert finding.resource_id == policy_name_1 assert finding.resource_arn == policy_arn_1 - assert finding.region == AWS_REGION + assert finding.region == AWS_REGION_US_EAST_1 assert finding.resource_tags == [] assert ( finding.status_extended @@ -683,7 +656,7 @@ class Test_iam_policy_allows_privilege_escalation: assert finding.status == "FAIL" assert finding.resource_id == policy_name_2 assert finding.resource_arn == policy_arn_2 - assert finding.region == AWS_REGION + assert finding.region == AWS_REGION_US_EAST_1 assert finding.resource_tags == [] assert search( f"Custom Policy {policy_arn_2} allows privilege escalation using the following actions: ", @@ -697,8 +670,8 @@ class Test_iam_policy_allows_privilege_escalation: def test_iam_policy_allows_privilege_escalation_two_bad_policies( self, ): - current_audit_info = self.set_mocked_audit_info() - iam_client = client("iam", region_name=AWS_REGION) + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) + iam_client = client("iam", region_name=AWS_REGION_US_EAST_1) policy_name_1 = "privileged_policy_1" policy_document_1 = { "Version": "2012-10-17", @@ -772,7 +745,7 @@ class Test_iam_policy_allows_privilege_escalation: assert finding.status == "FAIL" assert finding.resource_id == policy_name_1 assert finding.resource_arn == policy_arn_1 - assert finding.region == AWS_REGION + assert finding.region == AWS_REGION_US_EAST_1 assert finding.resource_tags == [] assert search( @@ -787,7 +760,7 @@ class Test_iam_policy_allows_privilege_escalation: assert finding.status == "FAIL" assert finding.resource_id == policy_name_2 assert finding.resource_arn == policy_arn_2 - assert finding.region == AWS_REGION + assert finding.region == AWS_REGION_US_EAST_1 assert finding.resource_tags == [] assert search( @@ -802,8 +775,8 @@ class Test_iam_policy_allows_privilege_escalation: def test_iam_policy_allows_privilege_escalation_over_permissive_policy( self, ): - current_audit_info = self.set_mocked_audit_info() - iam_client = client("iam", region_name=AWS_REGION) + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) + iam_client = client("iam", region_name=AWS_REGION_US_EAST_1) policy_name_1 = "privileged_policy_1" policy_document_1 = { "Version": "2012-10-17", @@ -853,7 +826,7 @@ class Test_iam_policy_allows_privilege_escalation: assert finding.status == "FAIL" assert finding.resource_id == policy_name_1 assert finding.resource_arn == policy_arn_1 - assert finding.region == AWS_REGION + assert finding.region == AWS_REGION_US_EAST_1 assert finding.resource_tags == [] assert search( @@ -868,8 +841,8 @@ class Test_iam_policy_allows_privilege_escalation: def test_iam_policy_allows_privilege_escalation_administrator_policy( self, ): - current_audit_info = self.set_mocked_audit_info() - iam_client = client("iam", region_name=AWS_REGION) + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) + iam_client = client("iam", region_name=AWS_REGION_US_EAST_1) policy_name_1 = "privileged_policy_1" policy_document_1 = { "Version": "2012-10-17", @@ -909,7 +882,7 @@ class Test_iam_policy_allows_privilege_escalation: assert finding.status == "FAIL" assert finding.resource_id == policy_name_1 assert finding.resource_arn == policy_arn_1 - assert finding.region == AWS_REGION + assert finding.region == AWS_REGION_US_EAST_1 assert finding.resource_tags == [] assert search( f"Custom Policy {policy_arn_1} allows privilege escalation using the following actions:", @@ -926,8 +899,8 @@ class Test_iam_policy_allows_privilege_escalation: def test_iam_policy_allows_privilege_escalation_iam_put( self, ): - current_audit_info = self.set_mocked_audit_info() - iam_client = client("iam", region_name=AWS_REGION) + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) + iam_client = client("iam", region_name=AWS_REGION_US_EAST_1) policy_name_1 = "privileged_policy_1" policy_document_1 = { "Version": "2012-10-17", @@ -967,7 +940,7 @@ class Test_iam_policy_allows_privilege_escalation: assert finding.status == "FAIL" assert finding.resource_id == policy_name_1 assert finding.resource_arn == policy_arn_1 - assert finding.region == AWS_REGION + assert finding.region == AWS_REGION_US_EAST_1 assert finding.resource_tags == [] assert search( f"Custom Policy {policy_arn_1} allows privilege escalation using the following actions:", @@ -979,8 +952,8 @@ class Test_iam_policy_allows_privilege_escalation: def test_iam_policy_allows_privilege_escalation_iam_wildcard( self, ): - current_audit_info = self.set_mocked_audit_info() - iam_client = client("iam", region_name=AWS_REGION) + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) + iam_client = client("iam", region_name=AWS_REGION_US_EAST_1) policy_name_1 = "privileged_policy_1" policy_document_1 = { "Version": "2012-10-17", @@ -1020,7 +993,7 @@ class Test_iam_policy_allows_privilege_escalation: assert finding.status == "FAIL" assert finding.resource_id == policy_name_1 assert finding.resource_arn == policy_arn_1 - assert finding.region == AWS_REGION + assert finding.region == AWS_REGION_US_EAST_1 assert finding.resource_tags == [] assert search( f"Custom Policy {policy_arn_1} allows privilege escalation using the following actions:", @@ -1032,8 +1005,8 @@ class Test_iam_policy_allows_privilege_escalation: def test_iam_policy_not_allows_privilege_escalation_custom_policy( self, ): - current_audit_info = self.set_mocked_audit_info() - iam_client = client("iam", region_name=AWS_REGION) + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) + iam_client = client("iam", region_name=AWS_REGION_US_EAST_1) policy_name_1 = "privileged_policy_1" policy_document_1 = { "Version": "2012-10-17", @@ -1048,7 +1021,7 @@ class Test_iam_policy_allows_privilege_escalation: "Sid": "", "Effect": "Allow", "Action": "es:*", - "Resource": f"arn:aws:es:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:domain/test/*", + "Resource": f"arn:aws:es:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:domain/test/*", }, ], } @@ -1079,7 +1052,7 @@ class Test_iam_policy_allows_privilege_escalation: assert finding.status == "PASS" assert finding.resource_id == policy_name_1 assert finding.resource_arn == policy_arn_1 - assert finding.region == AWS_REGION + assert finding.region == AWS_REGION_US_EAST_1 assert finding.resource_tags == [] assert ( finding.status_extended diff --git a/tests/providers/aws/services/iam/iam_policy_attached_only_to_group_or_roles/iam_policy_attached_only_to_group_or_roles_test.py b/tests/providers/aws/services/iam/iam_policy_attached_only_to_group_or_roles/iam_policy_attached_only_to_group_or_roles_test.py index ef45039a..78ddf0ed 100644 --- a/tests/providers/aws/services/iam/iam_policy_attached_only_to_group_or_roles/iam_policy_attached_only_to_group_or_roles_test.py +++ b/tests/providers/aws/services/iam/iam_policy_attached_only_to_group_or_roles/iam_policy_attached_only_to_group_or_roles_test.py @@ -1,48 +1,17 @@ from json import dumps from unittest import mock -from boto3 import client, session +from boto3 import client from moto import mock_iam -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info -from prowler.providers.common.models import Audit_Metadata - -AWS_ACCOUNT_NUMBER = "123456789012" -AWS_REGION = "eu-west-1" +from tests.providers.aws.audit_info_utils import ( + AWS_ACCOUNT_NUMBER, + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, +) class Test_iam_policy_attached_only_to_group_or_roles: - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - ), - audited_account=AWS_ACCOUNT_NUMBER, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region=None, - credentials=None, - assumed_role_info=None, - audited_regions=[AWS_REGION], - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - - return audit_info - @mock_iam def test_iam_user_attached_policy(self): result = [] @@ -61,7 +30,7 @@ class Test_iam_policy_attached_only_to_group_or_roles: )["Policy"]["Arn"] iam_client.attach_user_policy(UserName=user, PolicyArn=policyArn) - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( @@ -82,7 +51,7 @@ class Test_iam_policy_attached_only_to_group_or_roles: result[0].status_extended == f"User {user} has the policy {policy_name} attached." ) - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 assert result[0].resource_id == f"{user}/{policy_name}" assert ( result[0].resource_arn @@ -110,7 +79,7 @@ class Test_iam_policy_attached_only_to_group_or_roles: )["Policy"]["Arn"] iam_client.attach_user_policy(UserName=user, PolicyArn=policyArn) - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( @@ -132,7 +101,7 @@ class Test_iam_policy_attached_only_to_group_or_roles: result[0].status_extended == f"User {user} has the policy {policyName} attached." ) - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 assert result[0].resource_id == f"{user}/{policyName}" assert result[0].status == "FAIL" @@ -140,7 +109,7 @@ class Test_iam_policy_attached_only_to_group_or_roles: result[0].status_extended == f"User {user} has the policy {policyName} attached." ) - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 assert result[0].resource_id == f"{user}/{policyName}" assert ( result[0].resource_arn @@ -164,7 +133,7 @@ class Test_iam_policy_attached_only_to_group_or_roles: UserName=user, PolicyName=policyName, PolicyDocument=dumps(policyDocument) ) - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( @@ -185,7 +154,7 @@ class Test_iam_policy_attached_only_to_group_or_roles: result[0].status_extended == f"User {user} has the inline policy {policyName} attached." ) - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 assert result[0].resource_id == f"{user}/{policyName}" assert ( result[0].resource_arn @@ -199,7 +168,7 @@ class Test_iam_policy_attached_only_to_group_or_roles: user = "test_no_policies" iam_client.create_user(UserName=user) - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( @@ -220,7 +189,7 @@ class Test_iam_policy_attached_only_to_group_or_roles: result[0].status_extended == f"User {user} has no inline or attached policies." ) - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 assert result[0].resource_id == user assert ( result[0].resource_arn diff --git a/tests/providers/aws/services/iam/iam_policy_no_full_access_to_cloudtrail/iam_policy_no_full_access_to_cloudtrail_test.py b/tests/providers/aws/services/iam/iam_policy_no_full_access_to_cloudtrail/iam_policy_no_full_access_to_cloudtrail_test.py index 8d7515c1..1cda8583 100644 --- a/tests/providers/aws/services/iam/iam_policy_no_full_access_to_cloudtrail/iam_policy_no_full_access_to_cloudtrail_test.py +++ b/tests/providers/aws/services/iam/iam_policy_no_full_access_to_cloudtrail/iam_policy_no_full_access_to_cloudtrail_test.py @@ -1,49 +1,20 @@ from json import dumps from unittest import mock -from boto3 import client, session +from boto3 import client from moto import mock_iam -from prowler.providers.aws.lib.audit_info.audit_info import AWS_Audit_Info from prowler.providers.aws.services.iam.iam_service import IAM -from prowler.providers.common.models import Audit_Metadata +from tests.providers.aws.audit_info_utils import ( + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, +) class Test_iam_policy_no_full_access_to_cloudtrail: - # Mocked Audit Info - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - ), - audited_account=None, - audited_account_arn=None, - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region="us-east-1", - credentials=None, - assumed_role_info=None, - audited_regions=None, - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - return audit_info - @mock_iam def test_policy_full_access_to_cloudtrail(self): - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) iam_client = client("iam") policy_name = "policy_cloudtrail_full" policy_document_full_access = { @@ -82,7 +53,7 @@ class Test_iam_policy_no_full_access_to_cloudtrail: @mock_iam def test_policy_no_full_access_to_cloudtrail(self): - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) iam_client = client("iam") policy_name = "policy_no_cloudtrail_full" policy_document_full_access = { @@ -121,7 +92,7 @@ class Test_iam_policy_no_full_access_to_cloudtrail: @mock_iam def test_policy_mixed(self): - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) iam_client = client("iam") policy_name = "policy_mixed" policy_document_full_access = { diff --git a/tests/providers/aws/services/iam/iam_policy_no_full_access_to_kms/iam_policy_no_full_access_to_kms_test.py b/tests/providers/aws/services/iam/iam_policy_no_full_access_to_kms/iam_policy_no_full_access_to_kms_test.py index 80fdb406..3287117b 100644 --- a/tests/providers/aws/services/iam/iam_policy_no_full_access_to_kms/iam_policy_no_full_access_to_kms_test.py +++ b/tests/providers/aws/services/iam/iam_policy_no_full_access_to_kms/iam_policy_no_full_access_to_kms_test.py @@ -1,49 +1,20 @@ from json import dumps from unittest import mock -from boto3 import client, session +from boto3 import client from moto import mock_iam -from prowler.providers.aws.lib.audit_info.audit_info import AWS_Audit_Info from prowler.providers.aws.services.iam.iam_service import IAM -from prowler.providers.common.models import Audit_Metadata +from tests.providers.aws.audit_info_utils import ( + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, +) class Test_iam_policy_no_full_access_to_kms: - # Mocked Audit Info - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - ), - audited_account=None, - audited_account_arn=None, - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region="us-east-1", - credentials=None, - assumed_role_info=None, - audited_regions=None, - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - return audit_info - @mock_iam def test_policy_full_access_to_kms(self): - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) iam_client = client("iam") policy_name = "policy_kms_full" policy_document_full_access = { @@ -82,7 +53,7 @@ class Test_iam_policy_no_full_access_to_kms: @mock_iam def test_policy_no_full_access_to_kms(self): - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) iam_client = client("iam") policy_name = "policy_no_kms_full" policy_document_full_access = { @@ -121,7 +92,7 @@ class Test_iam_policy_no_full_access_to_kms: @mock_iam def test_policy_mixed(self): - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) iam_client = client("iam") policy_name = "policy_mixed" policy_document_full_access = { diff --git a/tests/providers/aws/services/iam/iam_role_administratoraccess_policy/iam_role_administratoraccess_policy_test.py b/tests/providers/aws/services/iam/iam_role_administratoraccess_policy/iam_role_administratoraccess_policy_test.py index 2ccf1086..ac024f14 100644 --- a/tests/providers/aws/services/iam/iam_role_administratoraccess_policy/iam_role_administratoraccess_policy_test.py +++ b/tests/providers/aws/services/iam/iam_role_administratoraccess_policy/iam_role_administratoraccess_policy_test.py @@ -1,54 +1,25 @@ from json import dumps from unittest import mock -from boto3 import client, session +from boto3 import client from moto import mock_iam -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info from prowler.providers.aws.services.iam.iam_service import Role -from prowler.providers.common.models import Audit_Metadata +from tests.providers.aws.audit_info_utils import ( + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, +) AWS_REGION = "us-east-1" AWS_ACCOUNT_ID = "123456789012" class Test_iam_role_administratoraccess_policy: - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - ), - audited_account=AWS_ACCOUNT_ID, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:root", - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region=None, - credentials=None, - assumed_role_info=None, - audited_regions=["us-east-1", "eu-west-1"], - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - - return audit_info - @mock_iam def test_no_roles(self): from prowler.providers.aws.services.iam.iam_service import IAM - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", new=current_audit_info, @@ -83,7 +54,7 @@ class Test_iam_role_administratoraccess_policy: AssumeRolePolicyDocument=dumps(assume_role_policy_document), ) - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( @@ -132,7 +103,7 @@ class Test_iam_role_administratoraccess_policy: PolicyArn="arn:aws:iam::aws:policy/SecurityAudit", ) - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( @@ -181,7 +152,7 @@ class Test_iam_role_administratoraccess_policy: PolicyArn="arn:aws:iam::aws:policy/AdministratorAccess", ) - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( @@ -230,7 +201,7 @@ class Test_iam_role_administratoraccess_policy: PolicyArn="arn:aws:iam::aws:policy/AdministratorAccess", ) - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( @@ -279,7 +250,7 @@ class Test_iam_role_administratoraccess_policy: ) ) - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", diff --git a/tests/providers/aws/services/iam/iam_role_cross_account_readonlyaccess_policy/iam_role_cross_account_readonlyaccess_policy_test.py b/tests/providers/aws/services/iam/iam_role_cross_account_readonlyaccess_policy/iam_role_cross_account_readonlyaccess_policy_test.py index 4d4da908..27fa273d 100644 --- a/tests/providers/aws/services/iam/iam_role_cross_account_readonlyaccess_policy/iam_role_cross_account_readonlyaccess_policy_test.py +++ b/tests/providers/aws/services/iam/iam_role_cross_account_readonlyaccess_policy/iam_role_cross_account_readonlyaccess_policy_test.py @@ -1,54 +1,25 @@ from json import dumps from unittest import mock -from boto3 import client, session +from boto3 import client from moto import mock_iam -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info from prowler.providers.aws.services.iam.iam_service import Role -from prowler.providers.common.models import Audit_Metadata +from tests.providers.aws.audit_info_utils import ( + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, +) AWS_REGION = "us-east-1" AWS_ACCOUNT_ID = "123456789012" class Test_iam_role_cross_account_readonlyaccess_policy: - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - ), - audited_account=AWS_ACCOUNT_ID, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:root", - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region=None, - credentials=None, - assumed_role_info=None, - audited_regions=["us-east-1", "eu-west-1"], - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - - return audit_info - @mock_iam def test_no_roles(self): from prowler.providers.aws.services.iam.iam_service import IAM - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", new=current_audit_info, @@ -83,7 +54,7 @@ class Test_iam_role_cross_account_readonlyaccess_policy: AssumeRolePolicyDocument=dumps(assume_role_policy_document), ) - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( @@ -132,7 +103,7 @@ class Test_iam_role_cross_account_readonlyaccess_policy: PolicyArn="arn:aws:iam::aws:policy/ReadOnlyAccess", ) - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( @@ -181,7 +152,7 @@ class Test_iam_role_cross_account_readonlyaccess_policy: PolicyArn="arn:aws:iam::aws:policy/ReadOnlyAccess", ) - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( @@ -230,7 +201,7 @@ class Test_iam_role_cross_account_readonlyaccess_policy: PolicyArn="arn:aws:iam::aws:policy/ReadOnlyAccess", ) - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( @@ -279,7 +250,7 @@ class Test_iam_role_cross_account_readonlyaccess_policy: ) ) - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", diff --git a/tests/providers/aws/services/iam/iam_role_cross_service_confused_deputy_prevention/iam_role_cross_service_confused_deputy_prevention_test.py b/tests/providers/aws/services/iam/iam_role_cross_service_confused_deputy_prevention/iam_role_cross_service_confused_deputy_prevention_test.py index bc707dc0..fa5122b6 100644 --- a/tests/providers/aws/services/iam/iam_role_cross_service_confused_deputy_prevention/iam_role_cross_service_confused_deputy_prevention_test.py +++ b/tests/providers/aws/services/iam/iam_role_cross_service_confused_deputy_prevention/iam_role_cross_service_confused_deputy_prevention_test.py @@ -1,54 +1,25 @@ from json import dumps from unittest import mock -from boto3 import client, session +from boto3 import client from moto import mock_iam -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info from prowler.providers.aws.services.iam.iam_service import Role -from prowler.providers.common.models import Audit_Metadata +from tests.providers.aws.audit_info_utils import ( + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, +) AWS_REGION = "us-east-1" AWS_ACCOUNT_ID = "123456789012" class Test_iam_role_cross_service_confused_deputy_prevention: - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - ), - audited_account=AWS_ACCOUNT_ID, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:root", - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region=None, - credentials=None, - assumed_role_info=None, - audited_regions=["us-east-1", "eu-west-1"], - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - - return audit_info - @mock_iam def test_no_roles(self): from prowler.providers.aws.services.iam.iam_service import IAM - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) current_audit_info.audited_account = AWS_ACCOUNT_ID with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -88,7 +59,7 @@ class Test_iam_role_cross_service_confused_deputy_prevention: ) ) - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) current_audit_info.audited_account = AWS_ACCOUNT_ID with mock.patch( @@ -127,7 +98,7 @@ class Test_iam_role_cross_service_confused_deputy_prevention: from prowler.providers.aws.services.iam.iam_service import IAM - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) current_audit_info.audited_account = AWS_ACCOUNT_ID with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -175,7 +146,7 @@ class Test_iam_role_cross_service_confused_deputy_prevention: from prowler.providers.aws.services.iam.iam_service import IAM - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) current_audit_info.audited_account = AWS_ACCOUNT_ID with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -225,7 +196,7 @@ class Test_iam_role_cross_service_confused_deputy_prevention: from prowler.providers.aws.services.iam.iam_service import IAM - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) current_audit_info.audited_account = AWS_ACCOUNT_ID with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -275,7 +246,7 @@ class Test_iam_role_cross_service_confused_deputy_prevention: from prowler.providers.aws.services.iam.iam_service import IAM - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) current_audit_info.audited_account = AWS_ACCOUNT_ID with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -325,7 +296,7 @@ class Test_iam_role_cross_service_confused_deputy_prevention: from prowler.providers.aws.services.iam.iam_service import IAM - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) current_audit_info.audited_account = AWS_ACCOUNT_ID with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", diff --git a/tests/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled_test.py b/tests/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled_test.py index d0e69821..047a5529 100644 --- a/tests/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled_test.py +++ b/tests/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled_test.py @@ -1,46 +1,22 @@ from re import search from unittest import mock -from boto3 import client, session +from boto3 import client from moto import mock_iam -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info -from prowler.providers.common.models import Audit_Metadata - -AWS_ACCOUNT_NUMBER = "123456789012" +from tests.providers.aws.audit_info_utils import ( + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, +) class Test_iam_root_hardware_mfa_enabled_test: - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - ), - audited_account=AWS_ACCOUNT_NUMBER, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region=None, - credentials=None, - assumed_role_info=None, - audited_regions=["us-east-1", "eu-west-1"], - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - - return audit_info + from tests.providers.aws.audit_info_utils import ( + AWS_ACCOUNT_ARN, + AWS_ACCOUNT_NUMBER, + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, + ) @mock_iam def test_root_hardware_virtual_mfa_enabled(self): @@ -50,7 +26,7 @@ class Test_iam_root_hardware_mfa_enabled_test: from prowler.providers.aws.services.iam.iam_service import IAM - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -83,7 +59,7 @@ class Test_iam_root_hardware_mfa_enabled_test: from prowler.providers.aws.services.iam.iam_service import IAM - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", diff --git a/tests/providers/aws/services/iam/iam_root_mfa_enabled/iam_root_mfa_enabled_test.py b/tests/providers/aws/services/iam/iam_root_mfa_enabled/iam_root_mfa_enabled_test.py index 36964460..d20640d9 100644 --- a/tests/providers/aws/services/iam/iam_root_mfa_enabled/iam_root_mfa_enabled_test.py +++ b/tests/providers/aws/services/iam/iam_root_mfa_enabled/iam_root_mfa_enabled_test.py @@ -1,46 +1,24 @@ from re import search from unittest import mock -from boto3 import client, session +from boto3 import client from moto import mock_iam -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info -from prowler.providers.common.models import Audit_Metadata +from tests.providers.aws.audit_info_utils import ( + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, +) AWS_ACCOUNT_NUMBER = "123456789012" class Test_iam_root_mfa_enabled_test: - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - ), - audited_account=AWS_ACCOUNT_NUMBER, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region=None, - credentials=None, - assumed_role_info=None, - audited_regions=["us-east-1", "eu-west-1"], - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - - return audit_info + from tests.providers.aws.audit_info_utils import ( + AWS_ACCOUNT_ARN, + AWS_ACCOUNT_NUMBER, + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, + ) @mock_iam def test_root_mfa_not_enabled(self): @@ -48,7 +26,7 @@ class Test_iam_root_mfa_enabled_test: user = "test-user" iam_client.create_user(UserName=user)["User"]["Arn"] - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( @@ -83,7 +61,7 @@ class Test_iam_root_mfa_enabled_test: user = "test-user" iam_client.create_user(UserName=user)["User"]["Arn"] - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( diff --git a/tests/providers/aws/services/iam/iam_rotate_access_key_90_days/iam_rotate_access_key_90_days_test.py b/tests/providers/aws/services/iam/iam_rotate_access_key_90_days/iam_rotate_access_key_90_days_test.py index 5c92d109..0d14823c 100644 --- a/tests/providers/aws/services/iam/iam_rotate_access_key_90_days/iam_rotate_access_key_90_days_test.py +++ b/tests/providers/aws/services/iam/iam_rotate_access_key_90_days/iam_rotate_access_key_90_days_test.py @@ -1,48 +1,16 @@ import datetime from unittest import mock -from boto3 import client, session +from boto3 import client from moto import mock_iam -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info -from prowler.providers.common.models import Audit_Metadata - -AWS_ACCOUNT_NUMBER = "123456789012" -AWS_REGION = "us-east-1" +from tests.providers.aws.audit_info_utils import ( + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, +) class Test_iam_rotate_access_key_90_days_test: - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - ), - audited_account=AWS_ACCOUNT_NUMBER, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region=AWS_REGION, - credentials=None, - assumed_role_info=None, - audited_regions=["us-east-1", "eu-west-1"], - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - - return audit_info - @mock_iam def test_user_no_access_keys(self): iam_client = client("iam") @@ -51,7 +19,7 @@ class Test_iam_rotate_access_key_90_days_test: from prowler.providers.aws.services.iam.iam_service import IAM - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -76,7 +44,7 @@ class Test_iam_rotate_access_key_90_days_test: ) assert result[0].resource_id == user assert result[0].resource_arn == arn - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 @mock_iam def test_user_access_key_1_not_rotated(self): @@ -89,7 +57,7 @@ class Test_iam_rotate_access_key_90_days_test: from prowler.providers.aws.services.iam.iam_service import IAM - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -117,7 +85,7 @@ class Test_iam_rotate_access_key_90_days_test: ) assert result[0].resource_id == user assert result[0].resource_arn == arn - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 @mock_iam def test_user_access_key_2_not_rotated(self): @@ -130,7 +98,7 @@ class Test_iam_rotate_access_key_90_days_test: from prowler.providers.aws.services.iam.iam_service import IAM - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -158,7 +126,7 @@ class Test_iam_rotate_access_key_90_days_test: ) assert result[0].resource_id == user assert result[0].resource_arn == arn - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 @mock_iam def test_user_both_access_keys_not_rotated(self): @@ -171,7 +139,7 @@ class Test_iam_rotate_access_key_90_days_test: from prowler.providers.aws.services.iam.iam_service import IAM - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -204,7 +172,7 @@ class Test_iam_rotate_access_key_90_days_test: ) assert result[0].resource_id == user assert result[0].resource_arn == arn - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 assert result[1].status == "FAIL" assert ( result[1].status_extended @@ -212,7 +180,7 @@ class Test_iam_rotate_access_key_90_days_test: ) assert result[1].resource_id == user assert result[1].resource_arn == arn - assert result[1].region == AWS_REGION + assert result[1].region == AWS_REGION_US_EAST_1 @mock_iam def test_user_both_access_keys_rotated(self): @@ -225,7 +193,7 @@ class Test_iam_rotate_access_key_90_days_test: from prowler.providers.aws.services.iam.iam_service import IAM - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -259,4 +227,4 @@ class Test_iam_rotate_access_key_90_days_test: ) assert result[0].resource_id == user assert result[0].resource_arn == arn - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 diff --git a/tests/providers/aws/services/iam/iam_securityaudit_role_created/iam_securityaudit_role_created_test.py b/tests/providers/aws/services/iam/iam_securityaudit_role_created/iam_securityaudit_role_created_test.py index 76df621b..b6ea65d3 100644 --- a/tests/providers/aws/services/iam/iam_securityaudit_role_created/iam_securityaudit_role_created_test.py +++ b/tests/providers/aws/services/iam/iam_securityaudit_role_created/iam_securityaudit_role_created_test.py @@ -2,51 +2,20 @@ from json import dumps from re import search from unittest import mock -from boto3 import client, session +from boto3 import client from moto import mock_iam -from prowler.providers.aws.lib.audit_info.audit_info import AWS_Audit_Info from prowler.providers.aws.services.iam.iam_service import IAM -from prowler.providers.common.models import Audit_Metadata - -AWS_ACCOUNT_NUMBER = "123456789012" +from tests.providers.aws.audit_info_utils import ( + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, +) class Test_iam_securityaudit_role_created: - # Mocked Audit Info - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - ), - audited_account=AWS_ACCOUNT_NUMBER, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region="us-east-1", - credentials=None, - assumed_role_info=None, - audited_regions=None, - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - return audit_info - @mock_iam def test_securityaudit_role_created(self): - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) iam = client("iam") role_name = "test_securityaudit_role_created" assume_role_policy_document = { @@ -93,7 +62,7 @@ class Test_iam_securityaudit_role_created: @mock_iam def test_no_securityaudit_role_created(self): - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", diff --git a/tests/providers/aws/services/iam/iam_service_test.py b/tests/providers/aws/services/iam/iam_service_test.py index c8fbe0df..9fc59733 100644 --- a/tests/providers/aws/services/iam/iam_service_test.py +++ b/tests/providers/aws/services/iam/iam_service_test.py @@ -2,16 +2,18 @@ from json import dumps from uuid import uuid4 import botocore -from boto3 import client, session +from boto3 import client from freezegun import freeze_time from mock import patch from moto import mock_iam -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info from prowler.providers.aws.services.iam.iam_service import IAM, Policy, is_service_role -from prowler.providers.common.models import Audit_Metadata +from tests.providers.aws.audit_info_utils import ( + AWS_ACCOUNT_NUMBER, + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, +) -AWS_ACCOUNT_NUMBER = "123456789012" TEST_DATETIME = "2023-01-01T12:01:01+00:00" INLINE_POLICY_NOT_ADMIN = { @@ -77,42 +79,12 @@ def mock_make_api_call(self, operation_name, kwargs): # Patch every AWS call using Boto3 @patch("botocore.client.BaseClient._make_api_call", new=mock_make_api_call) class Test_IAM_Service: - # Mocked Audit Info - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - ), - audited_account=None, - audited_account_arn=None, - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region="us-east-1", - credentials=None, - assumed_role_info=None, - audited_regions=None, - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - return audit_info # Test IAM Client @mock_iam def test__get_client__(self): # IAM client for this test class - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) iam = IAM(audit_info) assert iam.client.__class__.__name__ == "IAM" @@ -120,7 +92,7 @@ class Test_IAM_Service: @mock_iam def test__get_session__(self): # IAM client for this test class - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) iam = IAM(audit_info) assert iam.session.__class__.__name__ == "Session" @@ -162,7 +134,7 @@ class Test_IAM_Service: } # IAM client for this test class - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) iam = IAM(audit_info) assert len(iam.credential_report) == 1 assert iam.credential_report[0].get("user") @@ -333,7 +305,7 @@ class Test_IAM_Service: )["Role"] # IAM client for this test class - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) iam = IAM(audit_info) assert len(iam.roles) == len(iam_client.list_roles()["Roles"]) @@ -360,7 +332,7 @@ class Test_IAM_Service: ) # IAM client for this test class - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) iam = IAM(audit_info) assert len(iam.groups) == len(iam_client.list_groups()["Groups"]) @@ -384,7 +356,7 @@ class Test_IAM_Service: ) # IAM client for this test class - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) iam = IAM(audit_info) assert len(iam.users) == len(iam_client.list_users()["Users"]) assert iam.users[0].tags == [ @@ -402,7 +374,7 @@ class Test_IAM_Service: account_summary = iam_client.get_account_summary()["SummaryMap"] # IAM client for this test class - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) iam = IAM(audit_info) assert iam.account_summary["SummaryMap"] == account_summary @@ -436,7 +408,7 @@ class Test_IAM_Service: ) # IAM client for this test class - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) iam = IAM(audit_info) assert iam.password_policy.length == min_password_length @@ -472,7 +444,7 @@ class Test_IAM_Service: ) # IAM client for this test class - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) iam = IAM(audit_info) assert len(iam.users) == 1 @@ -506,7 +478,7 @@ class Test_IAM_Service: ) # IAM client for this test class - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) iam = IAM(audit_info) assert len(iam.virtual_mfa_devices) == 1 @@ -533,7 +505,7 @@ class Test_IAM_Service: iam_client.add_user_to_group(GroupName=group, UserName=username) # IAM client for this test class - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) iam = IAM(audit_info) assert len(iam.groups) == 1 @@ -580,7 +552,7 @@ class Test_IAM_Service: ) # IAM client for this test class - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) iam = IAM(audit_info) assert len(iam.groups) == 1 @@ -615,7 +587,7 @@ class Test_IAM_Service: ) # IAM client for this test class - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) iam = IAM(audit_info) assert len(iam.roles) == 1 @@ -636,7 +608,7 @@ class Test_IAM_Service: EntityFilter="Role", )["PolicyRoles"] - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) iam = IAM(audit_info) assert len(iam.entities_role_attached_to_support_policy) == 0 @@ -667,7 +639,7 @@ class Test_IAM_Service: EntityFilter="Role", )["PolicyRoles"] - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) iam = IAM(audit_info) assert len(iam.entities_role_attached_to_support_policy) == 1 assert iam.entities_role_attached_to_support_policy[0]["RoleName"] == role_name @@ -680,7 +652,7 @@ class Test_IAM_Service: EntityFilter="Role", )["PolicyRoles"] - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) iam = IAM(audit_info) assert len(iam.entities_role_attached_to_securityaudit_policy) == 0 @@ -711,7 +683,7 @@ class Test_IAM_Service: EntityFilter="Role", )["PolicyRoles"] - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) iam = IAM(audit_info) assert len(iam.entities_role_attached_to_securityaudit_policy) == 1 assert ( @@ -736,7 +708,7 @@ class Test_IAM_Service: {"Key": "string", "Value": "string"}, ], ) - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) iam = IAM(audit_info) custom_policies = 0 for policy in iam.policies: @@ -761,7 +733,7 @@ class Test_IAM_Service: iam_client.create_policy( PolicyName=policy_name, PolicyDocument=dumps(policy_document) ) - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) iam = IAM(audit_info) custom_policies = 0 @@ -812,7 +784,7 @@ nTTxU4a7x1naFxzYXK1iQ1vMARKMjDb19QEJIEJKZlDK4uS7yMlf1nFS ) # IAM client for this test class - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) iam = IAM(audit_info) assert len(iam.saml_providers) == 1 @@ -836,7 +808,7 @@ nTTxU4a7x1naFxzYXK1iQ1vMARKMjDb19QEJIEJKZlDK4uS7yMlf1nFS ) # IAM client for this test class - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) iam = IAM(audit_info) assert len(iam.users) == 1 @@ -880,7 +852,7 @@ nTTxU4a7x1naFxzYXK1iQ1vMARKMjDb19QEJIEJKZlDK4uS7yMlf1nFS iam_client.delete_policy # IAM client for this test class - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) iam = IAM(audit_info) assert len(iam.groups) == 1 @@ -924,7 +896,7 @@ nTTxU4a7x1naFxzYXK1iQ1vMARKMjDb19QEJIEJKZlDK4uS7yMlf1nFS ) # IAM client for this test class - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) iam = IAM(audit_info) assert len(iam.roles) == 1 @@ -964,7 +936,7 @@ nTTxU4a7x1naFxzYXK1iQ1vMARKMjDb19QEJIEJKZlDK4uS7yMlf1nFS access_key = iam_client.create_access_key(UserName="test-user") access_key_id = access_key["AccessKey"]["AccessKeyId"] # IAM client for this test class - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) iam = IAM(audit_info) assert len(iam.users) == 1 diff --git a/tests/providers/aws/services/iam/iam_support_role_created/iam_support_role_created_test.py b/tests/providers/aws/services/iam/iam_support_role_created/iam_support_role_created_test.py index c8244f48..a322eb73 100644 --- a/tests/providers/aws/services/iam/iam_support_role_created/iam_support_role_created_test.py +++ b/tests/providers/aws/services/iam/iam_support_role_created/iam_support_role_created_test.py @@ -2,46 +2,24 @@ from json import dumps from re import search from unittest import mock -from boto3 import client, session +from boto3 import client from moto import mock_iam -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info -from prowler.providers.common.models import Audit_Metadata +from tests.providers.aws.audit_info_utils import ( + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, +) AWS_ACCOUNT_NUMBER = "123456789012" class Test_iam_support_role_created: - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - ), - audited_account=AWS_ACCOUNT_NUMBER, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region=None, - credentials=None, - assumed_role_info=None, - audited_regions=["us-east-1", "eu-west-1"], - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - - return audit_info + from tests.providers.aws.audit_info_utils import ( + AWS_ACCOUNT_ARN, + AWS_ACCOUNT_NUMBER, + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, + ) @mock_iam def test_support_role_created(self): @@ -65,7 +43,7 @@ class Test_iam_support_role_created: PolicyArn="arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy", ) - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( @@ -94,7 +72,7 @@ class Test_iam_support_role_created: @mock_iam def test_no_support_role_created(self): - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( diff --git a/tests/providers/aws/services/iam/iam_user_accesskey_unused/iam_user_accesskey_unused_test.py b/tests/providers/aws/services/iam/iam_user_accesskey_unused/iam_user_accesskey_unused_test.py index a36de6df..0230ddad 100644 --- a/tests/providers/aws/services/iam/iam_user_accesskey_unused/iam_user_accesskey_unused_test.py +++ b/tests/providers/aws/services/iam/iam_user_accesskey_unused/iam_user_accesskey_unused_test.py @@ -1,50 +1,19 @@ import datetime from unittest import mock -from boto3 import client, session +from boto3 import client from moto import mock_iam -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info -from prowler.providers.common.models import Audit_Metadata +from tests.providers.aws.audit_info_utils import ( + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, +) AWS_ACCOUNT_NUMBER = "123456789012" AWS_REGION = "us-east-1" class Test_iam_user_accesskey_unused_test: - # Mocked Audit Info - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - region_name=AWS_REGION, - ), - audited_account=AWS_ACCOUNT_NUMBER, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region=AWS_REGION, - credentials=None, - assumed_role_info=None, - audited_regions=None, - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - audit_config={"max_unused_access_keys_days": 45}, - ) - return audit_info - @mock_iam def test_user_no_access_keys(self): iam_client = client("iam") @@ -53,7 +22,9 @@ class Test_iam_user_accesskey_unused_test: from prowler.providers.aws.services.iam.iam_service import IAM - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info( + [AWS_REGION_US_EAST_1], audit_config={"max_unused_access_keys_days": 45} + ) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -84,7 +55,7 @@ class Test_iam_user_accesskey_unused_test: ) assert result[0].resource_id == user assert result[0].resource_arn == arn - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 @mock_iam def test_user_access_key_1_not_used(self): @@ -97,7 +68,9 @@ class Test_iam_user_accesskey_unused_test: from prowler.providers.aws.services.iam.iam_service import IAM - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info( + [AWS_REGION_US_EAST_1], audit_config={"max_unused_access_keys_days": 45} + ) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -126,7 +99,7 @@ class Test_iam_user_accesskey_unused_test: ) assert result[0].resource_id == user + "/AccessKey1" assert result[0].resource_arn == arn - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 @mock_iam def test_user_access_key_2_not_used(self): @@ -139,7 +112,9 @@ class Test_iam_user_accesskey_unused_test: from prowler.providers.aws.services.iam.iam_service import IAM - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info( + [AWS_REGION_US_EAST_1], audit_config={"max_unused_access_keys_days": 45} + ) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -168,7 +143,7 @@ class Test_iam_user_accesskey_unused_test: ) assert result[0].resource_id == user + "/AccessKey2" assert result[0].resource_arn == arn - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 @mock_iam def test_user_both_access_keys_not_used(self): @@ -181,7 +156,9 @@ class Test_iam_user_accesskey_unused_test: from prowler.providers.aws.services.iam.iam_service import IAM - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info( + [AWS_REGION_US_EAST_1], audit_config={"max_unused_access_keys_days": 45} + ) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -215,7 +192,7 @@ class Test_iam_user_accesskey_unused_test: ) assert result[0].resource_id == user + "/AccessKey1" assert result[0].resource_arn == arn - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 assert result[1].status == "FAIL" assert ( @@ -237,7 +214,9 @@ class Test_iam_user_accesskey_unused_test: from prowler.providers.aws.services.iam.iam_service import IAM - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info( + [AWS_REGION_US_EAST_1], audit_config={"max_unused_access_keys_days": 45} + ) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -271,4 +250,4 @@ class Test_iam_user_accesskey_unused_test: ) assert result[0].resource_id == user assert result[0].resource_arn == arn - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 diff --git a/tests/providers/aws/services/iam/iam_user_console_access_unused/iam_user_console_access_unused_test.py b/tests/providers/aws/services/iam/iam_user_console_access_unused/iam_user_console_access_unused_test.py index 09ace3cf..a52486fb 100644 --- a/tests/providers/aws/services/iam/iam_user_console_access_unused/iam_user_console_access_unused_test.py +++ b/tests/providers/aws/services/iam/iam_user_console_access_unused/iam_user_console_access_unused_test.py @@ -1,50 +1,19 @@ import datetime from unittest import mock -from boto3 import client, session +from boto3 import client from moto import mock_iam -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info -from prowler.providers.common.models import Audit_Metadata +from tests.providers.aws.audit_info_utils import ( + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, +) AWS_ACCOUNT_NUMBER = "123456789012" AWS_REGION = "us-east-1" class Test_iam_user_console_access_unused_test: - # Mocked Audit Info - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - region_name=AWS_REGION, - ), - audited_account=AWS_ACCOUNT_NUMBER, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region=AWS_REGION, - credentials=None, - assumed_role_info=None, - audited_regions=None, - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - audit_config={"max_console_access_days": 45}, - ) - return audit_info - @mock_iam def test_iam_user_logged_45_days(self): password_last_used = ( @@ -56,7 +25,9 @@ class Test_iam_user_console_access_unused_test: from prowler.providers.aws.services.iam.iam_service import IAM - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info( + [AWS_REGION_US_EAST_1], audit_config={"max_unused_access_keys_days": 45} + ) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -81,7 +52,7 @@ class Test_iam_user_console_access_unused_test: ) assert result[0].resource_id == user assert result[0].resource_arn == arn - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 @mock_iam def test_iam_user_not_logged_45_days(self): @@ -94,7 +65,9 @@ class Test_iam_user_console_access_unused_test: from prowler.providers.aws.services.iam.iam_service import IAM - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info( + [AWS_REGION_US_EAST_1], audit_config={"max_unused_access_keys_days": 45} + ) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -119,7 +92,7 @@ class Test_iam_user_console_access_unused_test: ) assert result[0].resource_id == user assert result[0].resource_arn == arn - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 @mock_iam def test_iam_user_not_logged(self): @@ -129,7 +102,9 @@ class Test_iam_user_console_access_unused_test: from prowler.providers.aws.services.iam.iam_service import IAM - audit_info = self.set_mocked_audit_info() + audit_info = set_mocked_aws_audit_info( + [AWS_REGION_US_EAST_1], audit_config={"max_unused_access_keys_days": 45} + ) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -155,4 +130,4 @@ class Test_iam_user_console_access_unused_test: ) assert result[0].resource_id == user assert result[0].resource_arn == arn - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 diff --git a/tests/providers/aws/services/iam/iam_user_hardware_mfa_enabled/iam_user_hardware_mfa_enabled_test.py b/tests/providers/aws/services/iam/iam_user_hardware_mfa_enabled/iam_user_hardware_mfa_enabled_test.py index efaaf140..8b77b50b 100644 --- a/tests/providers/aws/services/iam/iam_user_hardware_mfa_enabled/iam_user_hardware_mfa_enabled_test.py +++ b/tests/providers/aws/services/iam/iam_user_hardware_mfa_enabled/iam_user_hardware_mfa_enabled_test.py @@ -1,46 +1,24 @@ from re import search from unittest import mock -from boto3 import client, session +from boto3 import client from moto import mock_iam -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info -from prowler.providers.common.models import Audit_Metadata +from tests.providers.aws.audit_info_utils import ( + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, +) AWS_ACCOUNT_NUMBER = "123456789012" class Test_iam_user_hardware_mfa_enabled_test: - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - ), - audited_account=AWS_ACCOUNT_NUMBER, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region=None, - credentials=None, - assumed_role_info=None, - audited_regions=["us-east-1", "eu-west-1"], - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - - return audit_info + from tests.providers.aws.audit_info_utils import ( + AWS_ACCOUNT_ARN, + AWS_ACCOUNT_NUMBER, + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, + ) @mock_iam def test_user_no_mfa_devices(self): @@ -50,7 +28,7 @@ class Test_iam_user_hardware_mfa_enabled_test: from prowler.providers.aws.services.iam.iam_service import IAM - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -83,7 +61,7 @@ class Test_iam_user_hardware_mfa_enabled_test: from prowler.providers.aws.services.iam.iam_service import IAM, MFADevice - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -122,7 +100,7 @@ class Test_iam_user_hardware_mfa_enabled_test: from prowler.providers.aws.services.iam.iam_service import IAM, MFADevice - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", diff --git a/tests/providers/aws/services/iam/iam_user_mfa_enabled_console_access/iam_user_mfa_enabled_console_access_test.py b/tests/providers/aws/services/iam/iam_user_mfa_enabled_console_access/iam_user_mfa_enabled_console_access_test.py index 47a77d8b..cccc1004 100644 --- a/tests/providers/aws/services/iam/iam_user_mfa_enabled_console_access/iam_user_mfa_enabled_console_access_test.py +++ b/tests/providers/aws/services/iam/iam_user_mfa_enabled_console_access/iam_user_mfa_enabled_console_access_test.py @@ -1,45 +1,23 @@ from unittest import mock -from boto3 import client, session +from boto3 import client from moto import mock_iam -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info -from prowler.providers.common.models import Audit_Metadata +from tests.providers.aws.audit_info_utils import ( + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, +) AWS_ACCOUNT_NUMBER = "123456789012" class Test_iam_user_mfa_enabled_console_access_test: - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - ), - audited_account=AWS_ACCOUNT_NUMBER, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region=None, - credentials=None, - assumed_role_info=None, - audited_regions=["us-east-1", "eu-west-1"], - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - - return audit_info + from tests.providers.aws.audit_info_utils import ( + AWS_ACCOUNT_ARN, + AWS_ACCOUNT_NUMBER, + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, + ) @mock_iam def test_root_user_not_password_console_enabled(self): @@ -47,10 +25,9 @@ class Test_iam_user_mfa_enabled_console_access_test: user = "test-user" arn = iam_client.create_user(UserName=user)["User"]["Arn"] - current_audit_info = self.set_mocked_audit_info() from prowler.providers.aws.services.iam.iam_service import IAM - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", new=current_audit_info, @@ -83,7 +60,7 @@ class Test_iam_user_mfa_enabled_console_access_test: from prowler.providers.aws.services.iam.iam_service import IAM - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", new=current_audit_info, @@ -116,7 +93,7 @@ class Test_iam_user_mfa_enabled_console_access_test: from prowler.providers.aws.services.iam.iam_service import IAM - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", new=current_audit_info, @@ -150,7 +127,7 @@ class Test_iam_user_mfa_enabled_console_access_test: from prowler.providers.aws.services.iam.iam_service import IAM - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", new=current_audit_info, diff --git a/tests/providers/aws/services/iam/iam_user_no_setup_initial_access_key/iam_user_no_setup_initial_access_key_test.py b/tests/providers/aws/services/iam/iam_user_no_setup_initial_access_key/iam_user_no_setup_initial_access_key_test.py index 85dc01bc..c5c5792c 100644 --- a/tests/providers/aws/services/iam/iam_user_no_setup_initial_access_key/iam_user_no_setup_initial_access_key_test.py +++ b/tests/providers/aws/services/iam/iam_user_no_setup_initial_access_key/iam_user_no_setup_initial_access_key_test.py @@ -2,46 +2,23 @@ from csv import DictReader from re import search from unittest import mock -from boto3 import session from moto import mock_iam -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info -from prowler.providers.common.models import Audit_Metadata +from tests.providers.aws.audit_info_utils import ( + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, +) AWS_ACCOUNT_NUMBER = "123456789012" class Test_iam_user_no_setup_initial_access_key_test: - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - ), - audited_account=AWS_ACCOUNT_NUMBER, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region=None, - credentials=None, - assumed_role_info=None, - audited_regions=["us-east-1", "eu-west-1"], - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - - return audit_info + from tests.providers.aws.audit_info_utils import ( + AWS_ACCOUNT_ARN, + AWS_ACCOUNT_NUMBER, + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, + ) @mock_iam def test_setup_access_key_1_fail(self): @@ -51,7 +28,7 @@ test_false_access_key_1,arn:aws:iam::123456789012:test_false_access_key_1,2022-0 csv_reader = DictReader(credential_lines, delimiter=",") credential_list = list(csv_reader) - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( @@ -80,7 +57,7 @@ test_false_access_key_2,arn:aws:iam::123456789012:test_false_access_key_2,2022-0 csv_reader = DictReader(credential_lines, delimiter=",") credential_list = list(csv_reader) - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( @@ -109,7 +86,7 @@ test_false_both_access_keys,arn:aws:iam::123456789012:test_false_both_access_key csv_reader = DictReader(credential_lines, delimiter=",") credential_list = list(csv_reader) - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( @@ -140,7 +117,7 @@ test_pass,arn:aws:iam::123456789012:test_pass,2022-02-17T14:59:38+00:00,not_supp csv_reader = DictReader(credential_lines, delimiter=",") credential_list = list(csv_reader) - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) from prowler.providers.aws.services.iam.iam_service import IAM with mock.patch( diff --git a/tests/providers/aws/services/iam/iam_user_two_active_access_key/iam_user_two_active_access_key_test.py b/tests/providers/aws/services/iam/iam_user_two_active_access_key/iam_user_two_active_access_key_test.py index 4aabe2c3..d120b176 100644 --- a/tests/providers/aws/services/iam/iam_user_two_active_access_key/iam_user_two_active_access_key_test.py +++ b/tests/providers/aws/services/iam/iam_user_two_active_access_key/iam_user_two_active_access_key_test.py @@ -1,46 +1,24 @@ from re import search from unittest import mock -from boto3 import client, session +from boto3 import client from moto import mock_iam -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info -from prowler.providers.common.models import Audit_Metadata +from tests.providers.aws.audit_info_utils import ( + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, +) AWS_ACCOUNT_NUMBER = "123456789012" class Test_iam_user_two_active_access_key: - def set_mocked_audit_info(self): - audit_info = AWS_Audit_Info( - session_config=None, - original_session=None, - audit_session=session.Session( - profile_name=None, - botocore_session=None, - ), - audited_account=AWS_ACCOUNT_NUMBER, - audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", - audited_user_id=None, - audited_partition="aws", - audited_identity_arn=None, - profile=None, - profile_region=None, - credentials=None, - assumed_role_info=None, - audited_regions=["us-east-1", "eu-west-1"], - organizations_metadata=None, - audit_resources=None, - mfa_enabled=False, - audit_metadata=Audit_Metadata( - services_scanned=0, - expected_checks=[], - completed_checks=0, - audit_progress=0, - ), - ) - - return audit_info + from tests.providers.aws.audit_info_utils import ( + AWS_ACCOUNT_ARN, + AWS_ACCOUNT_NUMBER, + AWS_REGION_US_EAST_1, + set_mocked_aws_audit_info, + ) @mock_iam def test_iam_user_two_active_access_key(self): @@ -55,7 +33,7 @@ class Test_iam_user_two_active_access_key: from prowler.providers.aws.services.iam.iam_service import IAM - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -94,7 +72,7 @@ class Test_iam_user_two_active_access_key: from prowler.providers.aws.services.iam.iam_service import IAM - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -129,7 +107,7 @@ class Test_iam_user_two_active_access_key: from prowler.providers.aws.services.iam.iam_service import IAM - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", @@ -159,7 +137,7 @@ class Test_iam_user_two_active_access_key: def test_iam_no_users(self): from prowler.providers.aws.services.iam.iam_service import IAM - current_audit_info = self.set_mocked_audit_info() + current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]) with mock.patch( "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", diff --git a/tests/providers/aws/services/iam/iam_user_with_temporary_credentials/iam_user_with_temporary_credentials_test.py b/tests/providers/aws/services/iam/iam_user_with_temporary_credentials/iam_user_with_temporary_credentials_test.py index b1fe34cb..5d10298b 100644 --- a/tests/providers/aws/services/iam/iam_user_with_temporary_credentials/iam_user_with_temporary_credentials_test.py +++ b/tests/providers/aws/services/iam/iam_user_with_temporary_credentials/iam_user_with_temporary_credentials_test.py @@ -1,9 +1,10 @@ from unittest import mock from prowler.providers.aws.services.iam.iam_service import IAM - -AWS_REGION = "us-east-1" -AWS_ACCOUNT_NUMBER = "123456789012" +from tests.providers.aws.audit_info_utils import ( + AWS_ACCOUNT_NUMBER, + AWS_REGION_US_EAST_1, +) IAM_USER_NAME = "test-user" IAM_USER_ARN = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:user/{IAM_USER_NAME}" @@ -13,7 +14,7 @@ USER_DATA = (IAM_USER_NAME, IAM_USER_ARN) class Test_iam_user_with_temporary_credentials: def test_no_users(self): iam_client = mock.MagicMock - iam_client.region = AWS_REGION + iam_client.region = AWS_REGION_US_EAST_1 iam_client.access_keys_metadata = {} iam_client.last_accessed_services = {} @@ -42,7 +43,7 @@ class Test_iam_user_with_temporary_credentials: def test_user_no_access_keys_no_accesed_services(self): iam_client = mock.MagicMock - iam_client.region = AWS_REGION + iam_client.region = AWS_REGION_US_EAST_1 iam_client.access_keys_metadata = {USER_DATA: []} iam_client.last_accessed_services = {USER_DATA: []} @@ -75,11 +76,11 @@ class Test_iam_user_with_temporary_credentials: ) assert result[0].resource_id == IAM_USER_NAME assert result[0].resource_arn == IAM_USER_ARN - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 def test_user_access_keys_no_accesed_services(self): iam_client = mock.MagicMock - iam_client.region = AWS_REGION + iam_client.region = AWS_REGION_US_EAST_1 iam_client.access_keys_metadata = {USER_DATA: [{"AccessKeyId": 1}]} iam_client.last_accessed_services = {USER_DATA: []} @@ -112,11 +113,11 @@ class Test_iam_user_with_temporary_credentials: ) assert result[0].resource_id == IAM_USER_NAME assert result[0].resource_arn == IAM_USER_ARN - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 def test_user_access_keys_accesed_services_sts(self): iam_client = mock.MagicMock - iam_client.region = AWS_REGION + iam_client.region = AWS_REGION_US_EAST_1 iam_client.access_keys_metadata = {USER_DATA: [{"AccessKeyId": 1}]} iam_client.last_accessed_services = {USER_DATA: [{"ServiceNamespace": "sts"}]} @@ -149,11 +150,11 @@ class Test_iam_user_with_temporary_credentials: ) assert result[0].resource_id == IAM_USER_NAME assert result[0].resource_arn == IAM_USER_ARN - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 def test_access_keys_with_iam_and_sts(self): iam_client = mock.MagicMock - iam_client.region = AWS_REGION + iam_client.region = AWS_REGION_US_EAST_1 iam_client.access_keys_metadata = {USER_DATA: [{"AccessKeyId": 1}]} iam_client.last_accessed_services = { @@ -188,11 +189,11 @@ class Test_iam_user_with_temporary_credentials: ) assert result[0].resource_id == IAM_USER_NAME assert result[0].resource_arn == IAM_USER_ARN - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1 def test_access_keys_with_iam_and_ec2(self): iam_client = mock.MagicMock - iam_client.region = AWS_REGION + iam_client.region = AWS_REGION_US_EAST_1 iam_client.access_keys_metadata = {USER_DATA: [{"AccessKeyId": 1}]} iam_client.last_accessed_services = { @@ -227,4 +228,4 @@ class Test_iam_user_with_temporary_credentials: ) assert result[0].resource_id == IAM_USER_NAME assert result[0].resource_arn == IAM_USER_ARN - assert result[0].region == AWS_REGION + assert result[0].region == AWS_REGION_US_EAST_1