feat(ignore unused services): add --ignore-unused-services argument to ignore findings from services not in actual use (#2936)

2026-02-11 23:35:07 +00:00 · 2023-10-24 14:09:27 +02:00
parent 2aa3126eb0
commit b822c19d2c
89 changed files with 4587 additions and 1157 deletions
--- a/tests/providers/aws/services/ec2/ec2_ebs_default_encryption/ec2_ebs_default_encryption_test.py
+++ b/tests/providers/aws/services/ec2/ec2_ebs_default_encryption/ec2_ebs_default_encryption_test.py
@@ -1,6 +1,6 @@
 from unittest import mock

-from boto3 import client, session
+from boto3 import client, resource, session
 from moto import mock_ec2

 from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
@@ -110,3 +110,63 @@ class Test_ec2_ebs_default_encryption:
            )
            assert result[0].resource_id == AWS_ACCOUNT_NUMBER
            assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
+
+    @mock_ec2
+    def test_ec2_ebs_encryption_disabled_ignored(self):
+        from prowler.providers.aws.services.ec2.ec2_service import EC2
+
+        current_audit_info = self.set_mocked_audit_info()
+        current_audit_info.ignore_unused_services = True
+
+        with mock.patch(
+            "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
+            new=current_audit_info,
+        ), mock.patch(
+            "prowler.providers.aws.services.ec2.ec2_ebs_default_encryption.ec2_ebs_default_encryption.ec2_client",
+            new=EC2(current_audit_info),
+        ):
+            # Test Check
+            from prowler.providers.aws.services.ec2.ec2_ebs_default_encryption.ec2_ebs_default_encryption import (
+                ec2_ebs_default_encryption,
+            )
+
+            check = ec2_ebs_default_encryption()
+            result = check.execute()
+
+            # One result per region
+            assert len(result) == 0
+
+    @mock_ec2
+    def test_ec2_ebs_encryption_disabled_ignoring_with_volumes(self):
+        # Create EC2 Mocked Resources
+        ec2 = resource("ec2", region_name=AWS_REGION)
+        ec2.create_volume(Size=36, AvailabilityZone=f"{AWS_REGION}a")
+        from prowler.providers.aws.services.ec2.ec2_service import EC2
+
+        current_audit_info = self.set_mocked_audit_info()
+        current_audit_info.ignore_unused_services = True
+
+        with mock.patch(
+            "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
+            new=current_audit_info,
+        ), mock.patch(
+            "prowler.providers.aws.services.ec2.ec2_ebs_default_encryption.ec2_ebs_default_encryption.ec2_client",
+            new=EC2(current_audit_info),
+        ):
+            # Test Check
+            from prowler.providers.aws.services.ec2.ec2_ebs_default_encryption.ec2_ebs_default_encryption import (
+                ec2_ebs_default_encryption,
+            )
+
+            check = ec2_ebs_default_encryption()
+            result = check.execute()
+
+            # One result per region
+            assert len(result) == 1
+            assert result[0].region == AWS_REGION
+            assert result[0].status == "FAIL"
+            assert (
+                result[0].status_extended == "EBS Default Encryption is not activated."
+            )
+            assert result[0].resource_id == AWS_ACCOUNT_NUMBER
+            assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"