mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-10 06:45:08 +00:00
test(audit_info): refactor config (#3121)
This commit is contained in:
Pepe Fagoaga
@@ -6,6 +6,7 @@ from prowler.providers.common.models import Audit_Metadata
|
||||
AWS_REGION_US_EAST_1 = "us-east-1"
|
||||
AWS_REGION_EU_WEST_1 = "eu-west-1"
|
||||
AWS_REGION_EU_WEST_2 = "eu-west-2"
|
||||
AWS_REGION_EU_SOUTH_2 = "eu-south-2"
|
||||
AWS_PARTITION = "aws"
|
||||
AWS_ACCOUNT_NUMBER = "123456789012"
|
||||
AWS_ACCOUNT_ARN = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
|
||||
@@ -18,6 +19,8 @@ def set_mocked_aws_audit_info(
|
||||
audited_account: str = AWS_ACCOUNT_NUMBER,
|
||||
audited_account_arn: str = AWS_ACCOUNT_ARN,
|
||||
expected_checks: [str] = [],
|
||||
profile_region: str = None,
|
||||
audit_config: dict = {},
|
||||
):
|
||||
audit_info = AWS_Audit_Info(
|
||||
session_config=None,
|
||||
@@ -32,7 +35,7 @@ def set_mocked_aws_audit_info(
|
||||
audited_partition=AWS_PARTITION,
|
||||
audited_identity_arn=None,
|
||||
profile=None,
|
||||
profile_region=None,
|
||||
profile_region=profile_region,
|
||||
credentials=None,
|
||||
assumed_role_info=None,
|
||||
audited_regions=audited_regions,
|
||||
@@ -45,5 +48,6 @@ def set_mocked_aws_audit_info(
|
||||
completed_checks=0,
|
||||
audit_progress=0,
|
||||
),
|
||||
audit_config=audit_config,
|
||||
)
|
||||
return audit_info
|
||||
|
||||
@@ -1,54 +1,26 @@
|
||||
from unittest import mock
|
||||
|
||||
from boto3 import client, session
|
||||
from boto3 import client
|
||||
from moto import mock_config
|
||||
|
||||
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
|
||||
from prowler.providers.common.models import Audit_Metadata
|
||||
|
||||
AWS_REGION = "us-east-1"
|
||||
AWS_ACCOUNT_NUMBER = "123456789012"
|
||||
AWS_ACCOUNT_ARN = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
|
||||
from tests.providers.aws.audit_info_utils import (
|
||||
AWS_ACCOUNT_ARN,
|
||||
AWS_ACCOUNT_NUMBER,
|
||||
AWS_REGION_EU_SOUTH_2,
|
||||
AWS_REGION_EU_WEST_1,
|
||||
AWS_REGION_US_EAST_1,
|
||||
set_mocked_aws_audit_info,
|
||||
)
|
||||
|
||||
|
||||
class Test_config_recorder_all_regions_enabled:
|
||||
def set_mocked_audit_info(self):
|
||||
audit_info = AWS_Audit_Info(
|
||||
session_config=None,
|
||||
original_session=None,
|
||||
audit_session=session.Session(
|
||||
profile_name=None,
|
||||
botocore_session=None,
|
||||
),
|
||||
audited_account=AWS_ACCOUNT_NUMBER,
|
||||
audited_account_arn=AWS_ACCOUNT_ARN,
|
||||
audited_user_id=None,
|
||||
audited_partition="aws",
|
||||
audited_identity_arn=None,
|
||||
profile=None,
|
||||
profile_region=None,
|
||||
credentials=None,
|
||||
assumed_role_info=None,
|
||||
audited_regions=["us-east-1", "eu-west-1"],
|
||||
organizations_metadata=None,
|
||||
audit_resources=None,
|
||||
mfa_enabled=False,
|
||||
audit_metadata=Audit_Metadata(
|
||||
services_scanned=0,
|
||||
expected_checks=[],
|
||||
completed_checks=0,
|
||||
audit_progress=0,
|
||||
),
|
||||
audit_config={},
|
||||
)
|
||||
|
||||
return audit_info
|
||||
|
||||
@mock_config
|
||||
def test_config_no_recorders(self):
|
||||
from prowler.providers.aws.services.config.config_service import Config
|
||||
|
||||
current_audit_info = self.set_mocked_audit_info()
|
||||
current_audit_info = set_mocked_aws_audit_info(
|
||||
[AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1]
|
||||
)
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
|
||||
@@ -79,15 +51,14 @@ class Test_config_recorder_all_regions_enabled:
|
||||
@mock_config
|
||||
def test_config_one_recoder_disabled(self):
|
||||
# Create Config Mocked Resources
|
||||
config_client = client("config", region_name=AWS_REGION)
|
||||
config_client = client("config", region_name=AWS_REGION_US_EAST_1)
|
||||
# Create Config Recorder
|
||||
config_client.put_configuration_recorder(
|
||||
ConfigurationRecorder={"name": "default", "roleARN": "somearn"}
|
||||
)
|
||||
from prowler.providers.aws.services.config.config_service import Config
|
||||
|
||||
current_audit_info = self.set_mocked_audit_info()
|
||||
current_audit_info.audited_regions = [AWS_REGION]
|
||||
current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1])
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
|
||||
@@ -114,12 +85,12 @@ class Test_config_recorder_all_regions_enabled:
|
||||
)
|
||||
assert recorder.resource_id == "default"
|
||||
assert recorder.resource_arn == AWS_ACCOUNT_ARN
|
||||
assert recorder.region == AWS_REGION
|
||||
assert recorder.region == AWS_REGION_US_EAST_1
|
||||
|
||||
@mock_config
|
||||
def test_config_one_recoder_enabled(self):
|
||||
# Create Config Mocked Resources
|
||||
config_client = client("config", region_name=AWS_REGION)
|
||||
config_client = client("config", region_name=AWS_REGION_US_EAST_1)
|
||||
# Create Config Recorder and start it
|
||||
config_client.put_configuration_recorder(
|
||||
ConfigurationRecorder={"name": "default", "roleARN": "somearn"}
|
||||
@@ -131,8 +102,7 @@ class Test_config_recorder_all_regions_enabled:
|
||||
config_client.start_configuration_recorder(ConfigurationRecorderName="default")
|
||||
from prowler.providers.aws.services.config.config_service import Config
|
||||
|
||||
current_audit_info = self.set_mocked_audit_info()
|
||||
current_audit_info.audited_regions = [AWS_REGION]
|
||||
current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1])
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
|
||||
@@ -159,22 +129,23 @@ class Test_config_recorder_all_regions_enabled:
|
||||
)
|
||||
assert recorder.resource_id == "default"
|
||||
assert recorder.resource_arn == AWS_ACCOUNT_ARN
|
||||
assert recorder.region == AWS_REGION
|
||||
assert recorder.region == AWS_REGION_US_EAST_1
|
||||
|
||||
@mock_config
|
||||
def test_config_one_recorder_disabled_allowlisted(self):
|
||||
# Create Config Mocked Resources
|
||||
config_client = client("config", region_name=AWS_REGION)
|
||||
config_client = client("config", region_name=AWS_REGION_US_EAST_1)
|
||||
# Create Config Recorder
|
||||
config_client.put_configuration_recorder(
|
||||
ConfigurationRecorder={"name": AWS_ACCOUNT_NUMBER, "roleARN": "somearn"}
|
||||
)
|
||||
from prowler.providers.aws.services.config.config_service import Config
|
||||
|
||||
current_audit_info = self.set_mocked_audit_info()
|
||||
current_audit_info.profile_region = "eu-south-2"
|
||||
current_audit_info.audited_regions = ["eu-south-2", AWS_REGION]
|
||||
current_audit_info.audit_config = {"allowlist_non_default_regions": True}
|
||||
current_audit_info = set_mocked_aws_audit_info(
|
||||
audited_regions=[AWS_REGION_EU_SOUTH_2, AWS_REGION_US_EAST_1],
|
||||
profile_region=AWS_REGION_EU_SOUTH_2,
|
||||
audit_config={"allowlist_non_default_regions": True},
|
||||
)
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
|
||||
@@ -193,7 +164,7 @@ class Test_config_recorder_all_regions_enabled:
|
||||
assert len(result) == 2
|
||||
# Search for the recorder just created
|
||||
for recorder in result:
|
||||
if recorder.region == AWS_REGION:
|
||||
if recorder.region == AWS_REGION_US_EAST_1:
|
||||
assert recorder.status == "WARNING"
|
||||
assert (
|
||||
recorder.status_extended
|
||||
@@ -201,7 +172,7 @@ class Test_config_recorder_all_regions_enabled:
|
||||
)
|
||||
assert recorder.resource_id == AWS_ACCOUNT_NUMBER
|
||||
assert recorder.resource_arn == AWS_ACCOUNT_ARN
|
||||
assert recorder.region == AWS_REGION
|
||||
assert recorder.region == AWS_REGION_US_EAST_1
|
||||
else:
|
||||
assert recorder.status == "FAIL"
|
||||
assert (
|
||||
|
||||
@@ -1,51 +1,23 @@
|
||||
from boto3 import client, session
|
||||
from boto3 import client
|
||||
from moto import mock_config
|
||||
|
||||
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
|
||||
from prowler.providers.aws.services.config.config_service import Config
|
||||
from prowler.providers.common.models import Audit_Metadata
|
||||
|
||||
AWS_ACCOUNT_NUMBER = "123456789012"
|
||||
AWS_REGION = "us-east-1"
|
||||
from tests.providers.aws.audit_info_utils import (
|
||||
AWS_ACCOUNT_NUMBER,
|
||||
AWS_REGION_EU_WEST_1,
|
||||
AWS_REGION_US_EAST_1,
|
||||
set_mocked_aws_audit_info,
|
||||
)
|
||||
|
||||
|
||||
class Test_Config_Service:
|
||||
# Mocked Audit Info
|
||||
def set_mocked_audit_info(self):
|
||||
audit_info = AWS_Audit_Info(
|
||||
session_config=None,
|
||||
original_session=None,
|
||||
audit_session=session.Session(
|
||||
profile_name=None,
|
||||
botocore_session=None,
|
||||
),
|
||||
audited_account=AWS_ACCOUNT_NUMBER,
|
||||
audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root",
|
||||
audited_user_id=None,
|
||||
audited_partition="aws",
|
||||
audited_identity_arn=None,
|
||||
profile=None,
|
||||
profile_region=None,
|
||||
credentials=None,
|
||||
assumed_role_info=None,
|
||||
audited_regions=["eu-west-1", "us-east-1"],
|
||||
organizations_metadata=None,
|
||||
audit_resources=None,
|
||||
mfa_enabled=False,
|
||||
audit_metadata=Audit_Metadata(
|
||||
services_scanned=0,
|
||||
expected_checks=[],
|
||||
completed_checks=0,
|
||||
audit_progress=0,
|
||||
),
|
||||
)
|
||||
return audit_info
|
||||
|
||||
# Test Config Service
|
||||
@mock_config
|
||||
def test_service(self):
|
||||
# Config client for this test class
|
||||
audit_info = self.set_mocked_audit_info()
|
||||
audit_info = set_mocked_aws_audit_info(
|
||||
[AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1]
|
||||
)
|
||||
config = Config(audit_info)
|
||||
assert config.service == "config"
|
||||
|
||||
@@ -53,7 +25,9 @@ class Test_Config_Service:
|
||||
@mock_config
|
||||
def test_client(self):
|
||||
# Config client for this test class
|
||||
audit_info = self.set_mocked_audit_info()
|
||||
audit_info = set_mocked_aws_audit_info(
|
||||
[AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1]
|
||||
)
|
||||
config = Config(audit_info)
|
||||
for regional_client in config.regional_clients.values():
|
||||
assert regional_client.__class__.__name__ == "ConfigService"
|
||||
@@ -62,7 +36,9 @@ class Test_Config_Service:
|
||||
@mock_config
|
||||
def test__get_session__(self):
|
||||
# Config client for this test class
|
||||
audit_info = self.set_mocked_audit_info()
|
||||
audit_info = set_mocked_aws_audit_info(
|
||||
[AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1]
|
||||
)
|
||||
config = Config(audit_info)
|
||||
assert config.session.__class__.__name__ == "Session"
|
||||
|
||||
@@ -70,7 +46,9 @@ class Test_Config_Service:
|
||||
@mock_config
|
||||
def test_audited_account(self):
|
||||
# Config client for this test class
|
||||
audit_info = self.set_mocked_audit_info()
|
||||
audit_info = set_mocked_aws_audit_info(
|
||||
[AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1]
|
||||
)
|
||||
config = Config(audit_info)
|
||||
assert config.audited_account == AWS_ACCOUNT_NUMBER
|
||||
|
||||
@@ -78,7 +56,7 @@ class Test_Config_Service:
|
||||
@mock_config
|
||||
def test__describe_configuration_recorder_status__(self):
|
||||
# Generate Config Client
|
||||
config_client = client("config", region_name=AWS_REGION)
|
||||
config_client = client("config", region_name=AWS_REGION_US_EAST_1)
|
||||
# Create Config Recorder and start it
|
||||
config_client.put_configuration_recorder(
|
||||
ConfigurationRecorder={"name": "default", "roleARN": "somearn"}
|
||||
@@ -89,7 +67,9 @@ class Test_Config_Service:
|
||||
)
|
||||
config_client.start_configuration_recorder(ConfigurationRecorderName="default")
|
||||
# Config client for this test class
|
||||
audit_info = self.set_mocked_audit_info()
|
||||
audit_info = set_mocked_aws_audit_info(
|
||||
[AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1]
|
||||
)
|
||||
config = Config(audit_info)
|
||||
# One recorder per region
|
||||
assert len(config.recorders) == 2
|
||||
|
||||
Reference in New Issue
Block a user