feat(ecs_task_definitions_no_environment_secrets): Update resource_id (#1665)

Co-authored-by: sergargar <sergio@verica.io>
2026-02-10 14:55:00 +00:00 · 2023-01-09 17:05:45 +02:00
parent f9d67f0e9d
commit b965fda226
2 changed files with 16 additions and 16 deletions
--- a/tests/providers/aws/services/ecs/ecs_task_definitions_no_environment_secrets/ecs_task_definitions_no_environment_secrets_test.py
+++ b/tests/providers/aws/services/ecs/ecs_task_definitions_no_environment_secrets/ecs_task_definitions_no_environment_secrets_test.py
@@ -1,4 +1,3 @@
-from re import search
 from unittest import mock

 from prowler.providers.aws.services.ecs.ecs_service import (
@@ -9,6 +8,7 @@ from prowler.providers.aws.services.ecs.ecs_service import (
 AWS_REGION = "eu-west-1"
 AWS_ACCOUNT_NUMBER = "123456789012"
 task_name = "test-task"
+task_revision = "1"
 env_var_name_no_secrets = "host"
 env_var_value_no_secrets = "localhost:1234"
 env_var_name_with_secrets = "DB_PASSWORD"
@@ -38,7 +38,7 @@ class Test_ecs_task_definitions_no_environment_secrets:
        ecs_client.task_definitions.append(
            TaskDefinition(
                name=task_name,
-                arn=f"arn:aws:ecs:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:task-definition/{task_name}:1",
+                arn=f"arn:aws:ecs:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:task-definition/{task_name}:{task_revision}",
                revision="1",
                region=AWS_REGION,
                environment_variables=[
@@ -61,14 +61,14 @@ class Test_ecs_task_definitions_no_environment_secrets:
            result = check.execute()
            assert len(result) == 1
            assert result[0].status == "PASS"
-            assert search(
-                "No secrets found in variables of ECS task definition",
-                result[0].status_extended,
+            assert (
+                result[0].status_extended
+                == f"No secrets found in variables of ECS task definition {task_name} with revision {task_revision}"
            )
-            assert result[0].resource_id == task_name
+            assert result[0].resource_id == f"{task_name}:1"
            assert (
                result[0].resource_arn
-                == f"arn:aws:ecs:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:task-definition/{task_name}:1"
+                == f"arn:aws:ecs:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:task-definition/{task_name}:{task_revision}"
            )

    def test_container_env_var_with_secrets(self):
@@ -77,7 +77,7 @@ class Test_ecs_task_definitions_no_environment_secrets:
        ecs_client.task_definitions.append(
            TaskDefinition(
                name=task_name,
-                arn=f"arn:aws:ecs:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:task-definition/{task_name}:1",
+                arn=f"arn:aws:ecs:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:task-definition/{task_name}:{task_revision}",
                revision="1",
                region=AWS_REGION,
                environment_variables=[
@@ -100,12 +100,12 @@ class Test_ecs_task_definitions_no_environment_secrets:
            result = check.execute()
            assert len(result) == 1
            assert result[0].status == "FAIL"
-            assert search(
-                "Potential secret found in variables of ECS task definition",
-                result[0].status_extended,
+            assert (
+                result[0].status_extended
+                == f"Potential secret found in variables of ECS task definition {task_name} with revision {task_revision}"
            )
-            assert result[0].resource_id == task_name
+            assert result[0].resource_id == f"{task_name}:1"
            assert (
                result[0].resource_arn
-                == f"arn:aws:ecs:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:task-definition/{task_name}:1"
+                == f"arn:aws:ecs:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:task-definition/{task_name}:{task_revision}"
            )