feat(tags): add resource tags to C-D services (#2003)

Co-authored-by: Pepe Fagoaga <pepe@verica.io>

tests/providers/aws/services/cloudformation/cloudformation_service_test.py

@@ -210,3 +210,7 @@ class Test_CloudFormation_Service:
         assert cloudformation.stacks[0].is_nested_stack is False
         assert cloudformation.stacks[0].root_nested_stack == ""
         assert cloudformation.stacks[0].region == AWS_REGION
+        assert cloudformation.stacks[0].tags == [
+            {"Key": "Tag1", "Value": "Value1"},
+            {"Key": "Tag2", "Value": "Value2"},
+        ]

tests/providers/aws/services/cloudformation/cloudformation_stacks_termination_protection_enabled/cloudformation_stacks_termination_protection_enabled_test.py

@@ -31,7 +31,7 @@ class Test_cloudformation_stacks_termination_protection_enabled:
             Stack(
                 arn="arn:aws:cloudformation:eu-west-1:123456789012:stack/Test-Stack/796c8d26-b390-41d7-a23c-0702c4e78b60",
                 name=stack_name,
-                outputs="",
+                outputs=[],
                 region=AWS_REGION,
             )
         ]
@@ -68,7 +68,7 @@ class Test_cloudformation_stacks_termination_protection_enabled:
             Stack(
                 arn="arn:aws:cloudformation:eu-west-1:123456789012:stack/Test-Stack/796c8d26-b390-41d7-a23c-0702c4e78b60",
                 name=stack_name,
-                outputs="",
+                outputs=[],
                 region=AWS_REGION,
             )
         ]

tests/providers/aws/services/cloudfront/cloudfront_service_test.py

@@ -133,6 +133,14 @@ def mock_make_api_call(self, operation_name, kwarg):
                 },
                 "ETag": "",
             }
+    if operation_name == "ListTagsForResource":
+        return {
+            "Tags": {
+                "Items": [
+                    {"Key": "test", "Value": "test"},
+                ]
+            }
+        }
     return make_api_call(self, operation_name, kwarg)
 
 
@@ -247,3 +255,7 @@ class Test_CloudFront_Service:
             ].default_cache_config.field_level_encryption_id
             == "enabled"
         )
+
+        assert cloudfront.distributions[cloudfront_distribution_id].tags == [
+            {"Key": "test", "Value": "test"},
+        ]

tests/providers/aws/services/cloudtrail/cloudtrail_service_test.py

@@ -63,7 +63,6 @@ class Test_Cloudtrail_Service:
     @mock_cloudtrail
     @mock_s3
     def test_describe_trails(self):
-
         cloudtrail_client_us_east_1 = client("cloudtrail", region_name="us-east-1")
         s3_client_us_east_1 = client("s3", region_name="us-east-1")
         cloudtrail_client_eu_west_1 = client("cloudtrail", region_name="eu-west-1")
@@ -78,10 +77,20 @@ class Test_Cloudtrail_Service:
             CreateBucketConfiguration={"LocationConstraint": "eu-west-1"},
         )
         cloudtrail_client_us_east_1.create_trail(
-            Name=trail_name_us, S3BucketName=bucket_name_us, IsMultiRegionTrail=False
+            Name=trail_name_us,
+            S3BucketName=bucket_name_us,
+            IsMultiRegionTrail=False,
+            TagsList=[
+                {"Key": "test", "Value": "test"},
+            ],
         )
         cloudtrail_client_eu_west_1.create_trail(
-            Name=trail_name_eu, S3BucketName=bucket_name_eu, IsMultiRegionTrail=False
+            Name=trail_name_eu,
+            S3BucketName=bucket_name_eu,
+            IsMultiRegionTrail=False,
+            TagsList=[
+                {"Key": "test", "Value": "test"},
+            ],
         )
         audit_info = self.set_mocked_audit_info()
         cloudtrail = Cloudtrail(audit_info)
@@ -101,6 +110,9 @@ class Test_Cloudtrail_Service:
                     trail.s3_bucket == bucket_name_eu
                     or trail.s3_bucket == bucket_name_us
                 )
+                assert trail.tags == [
+                    {"Key": "test", "Value": "test"},
+                ]
 
     @mock_cloudtrail
     @mock_s3

tests/providers/aws/services/codeartifact/codeartifact_service_test.py

@@ -72,6 +72,13 @@ def mock_make_api_call(self, operation_name, kwarg):
             ],
         }
 
+    if operation_name == "ListTagsForResource":
+        return {
+            "tags": [
+                {"key": "test", "value": "test"},
+            ]
+        }
+
     return make_api_call(self, operation_name, kwarg)
 
 
@@ -116,6 +123,9 @@ class Test_CodeArtifact_Service:
         assert codeartifact.repositories
         assert codeartifact.repositories["test-repository"]
         assert codeartifact.repositories["test-repository"].name == "test-repository"
+        assert codeartifact.repositories["test-repository"].tags == [
+            {"key": "test", "value": "test"},
+        ]
         assert (
             codeartifact.repositories["test-repository"].arn
             == f"arn:aws:codebuild:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:repository/test-repository"

tests/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled_test.py

@@ -13,6 +13,7 @@ class Test_config_recorder_all_regions_enabled:
         from prowler.providers.aws.services.config.config_service import Config
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audited_account = "012345678912"
         current_audit_info.audited_regions = ["eu-west-1", "us-east-1"]
 
         with mock.patch(
@@ -44,7 +45,7 @@ class Test_config_recorder_all_regions_enabled:
         from prowler.providers.aws.services.config.config_service import Config
 
         current_audit_info.audited_partition = "aws"
-        current_audit_info.audited_regions = ["eu-west-1", "us-east-1"]
+        current_audit_info.audited_regions = [AWS_REGION]
 
         with mock.patch(
             "prowler.providers.aws.services.config.config_recorder_all_regions_enabled.config_recorder_all_regions_enabled.config_client",
@@ -57,7 +58,7 @@ class Test_config_recorder_all_regions_enabled:
 
             check = config_recorder_all_regions_enabled()
             result = check.execute()
-            assert len(result) == 2
+            assert len(result) == 1
             # Search for the recorder just created
             for recorder in result:
                 if recorder.resource_id:
@@ -85,7 +86,7 @@ class Test_config_recorder_all_regions_enabled:
         from prowler.providers.aws.services.config.config_service import Config
 
         current_audit_info.audited_partition = "aws"
-        current_audit_info.audited_regions = ["eu-west-1", "us-east-1"]
+        current_audit_info.audited_regions = [AWS_REGION]
 
         with mock.patch(
             "prowler.providers.aws.services.config.config_recorder_all_regions_enabled.config_recorder_all_regions_enabled.config_client",
@@ -98,7 +99,7 @@ class Test_config_recorder_all_regions_enabled:
 
             check = config_recorder_all_regions_enabled()
             result = check.execute()
-            assert len(result) == 2
+            assert len(result) == 1
             # Search for the recorder just created
             for recorder in result:
                 if recorder.resource_id:

tests/providers/aws/services/directoryservice/directoryservice_service_test.py

@@ -92,7 +92,12 @@ def mock_make_api_call(self, operation_name, kwarg):
                 "ManualSnapshotsLimitReached": True,
             }
         }
-
+    if operation_name == "ListTagsForResource":
+        return {
+            "Tags": [
+                {"Key": "string", "Value": "string"},
+            ],
+        }
     return make_api_call(self, operation_name, kwarg)
 
 
@@ -145,6 +150,9 @@ class Test_DirectoryService_Service:
         )
         assert directoryservice.directories["d-12345a1b2"].name == "test-directory"
         assert directoryservice.directories["d-12345a1b2"].region == AWS_REGION
+        assert directoryservice.directories["d-12345a1b2"].tags == [
+            {"Key": "string", "Value": "string"},
+        ]
         assert (
             directoryservice.directories[
                 "d-12345a1b2"

tests/providers/aws/services/dynamodb/dynamodb_service_test.py

@@ -121,6 +121,9 @@ class Test_DynamoDB_Service:
                 {"AttributeName": "app", "KeyType": "RANGE"},
             ],
             BillingMode="PAY_PER_REQUEST",
+            Tags=[
+                {"Key": "test", "Value": "test"},
+            ],
         )["TableDescription"]
         # DynamoDB client for this test class
         audit_info = self.set_mocked_audit_info()
@@ -129,6 +132,9 @@ class Test_DynamoDB_Service:
         assert dynamo.tables[0].arn == table["TableArn"]
         assert dynamo.tables[0].name == "test1"
         assert dynamo.tables[0].region == AWS_REGION
+        assert dynamo.tables[0].tags == [
+            {"Key": "test", "Value": "test"},
+        ]
 
     # Test DynamoDB Describe Table
     @mock_dynamodb
@@ -174,6 +180,9 @@ class Test_DynamoDB_Service:
             ReplicationFactor=3,
             IamRoleArn=iam_role_arn,
             SSESpecification={"Enabled": True},
+            Tags=[
+                {"Key": "test", "Value": "test"},
+            ],
         )
         dax_client.create_cluster(
             ClusterName="daxcluster2",
@@ -181,6 +190,9 @@ class Test_DynamoDB_Service:
             ReplicationFactor=3,
             IamRoleArn=iam_role_arn,
             SSESpecification={"Enabled": True},
+            Tags=[
+                {"Key": "test", "Value": "test"},
+            ],
         )
         # DAX client for this test class
         audit_info = self.set_mocked_audit_info()
@@ -190,3 +202,9 @@ class Test_DynamoDB_Service:
         assert dax.clusters[1].name == "daxcluster2"
         assert dax.clusters[0].region == AWS_REGION
         assert dax.clusters[1].region == AWS_REGION
+        assert dax.clusters[0].tags == [
+            {"Key": "test", "Value": "test"},
+        ]
+        assert dax.clusters[1].tags == [
+            {"Key": "test", "Value": "test"},
+        ]