feat(ignore unused services): add --ignore-unused-services argument to ignore findings from services not in actual use (#2936)

2026-02-12 15:55:09 +00:00 · 2023-10-24 14:09:27 +02:00
parent 2aa3126eb0
commit b822c19d2c
89 changed files with 4587 additions and 1157 deletions
--- a/tests/providers/aws/services/athena/athena_workgroup_encryption/athena_workgroup_encryption_test.py
+++ b/tests/providers/aws/services/athena/athena_workgroup_encryption/athena_workgroup_encryption_test.py
@@ -77,6 +77,29 @@ class Test_athena_workgroup_encryption:
            assert result[0].region == AWS_REGION
            assert result[0].resource_tags == []

+    @mock_athena
+    def test_primary_workgroup_not_encrypted_ignoring(self):
+        from prowler.providers.aws.services.athena.athena_service import Athena
+
+        current_audit_info = self.set_mocked_audit_info()
+        current_audit_info.ignore_unused_services = True
+
+        with mock.patch(
+            "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
+            new=current_audit_info,
+        ), mock.patch(
+            "prowler.providers.aws.services.athena.athena_workgroup_encryption.athena_workgroup_encryption.athena_client",
+            new=Athena(current_audit_info),
+        ):
+            from prowler.providers.aws.services.athena.athena_workgroup_encryption.athena_workgroup_encryption import (
+                athena_workgroup_encryption,
+            )
+
+            check = athena_workgroup_encryption()
+            result = check.execute()
+
+            assert len(result) == 0
+
    @mock_athena
    # We mock the get_work_group to return an encrypted workgroup
    @patch("botocore.client.BaseClient._make_api_call", new=mock_make_api_call)
--- a/tests/providers/aws/services/athena/athena_workgroup_enforce_configuration/athena_workgroup_enforce_configuration_test.py
+++ b/tests/providers/aws/services/athena/athena_workgroup_enforce_configuration/athena_workgroup_enforce_configuration_test.py
@@ -77,6 +77,29 @@ class Test_athena_workgroup_enforce_configuration:
            assert result[0].region == AWS_REGION
            assert result[0].resource_tags == []

+    @mock_athena
+    def test_primary_workgroup_configuration_not_enforced_ignoring(self):
+        from prowler.providers.aws.services.athena.athena_service import Athena
+
+        current_audit_info = self.set_mocked_audit_info()
+        current_audit_info.ignore_unused_services = True
+
+        with mock.patch(
+            "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
+            new=current_audit_info,
+        ), mock.patch(
+            "prowler.providers.aws.services.athena.athena_workgroup_enforce_configuration.athena_workgroup_enforce_configuration.athena_client",
+            new=Athena(current_audit_info),
+        ):
+            from prowler.providers.aws.services.athena.athena_workgroup_enforce_configuration.athena_workgroup_enforce_configuration import (
+                athena_workgroup_enforce_configuration,
+            )
+
+            check = athena_workgroup_enforce_configuration()
+            result = check.execute()
+
+            assert len(result) == 0
+
    @mock_athena
    # We mock the get_work_group to return a workgroup not enforcing configuration
    @patch("botocore.client.BaseClient._make_api_call", new=mock_make_api_call)