ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

test(audit_info): refactor organizations (#3147)

Browse Source
This commit is contained in:
Nacho Rivera
2023-12-05 12:59:22 +01:00
committed by GitHub
parent d483f1d90f
commit dbbd556830
5 changed files with 72 additions and 230 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
tests/providers/aws/services/organizations/organizations_account_part_of_organizations/organizations_account_part_of_organizations_test.py
View File

@@ -1,55 +1,23 @@
from re import search
from unittest import mock
from boto3 import client, session
from boto3 import client
from moto import mock_organizations
from prowler.providers.aws.lib.audit_info.audit_info import AWS_Audit_Info
from prowler.providers.aws.services.organizations.organizations_service import (
Organizations,
)
from prowler.providers.common.models import Audit_Metadata
AWS_REGION = "us-east-1"
AWS_ACCOUNT_ID = "123456789012"
AWS_ACCOUNT_ARN = f"arn:aws:iam::{AWS_ACCOUNT_ID}:root"
from tests.providers.aws.audit_info_utils import (
AWS_ACCOUNT_ARN,
AWS_REGION_EU_WEST_1,
set_mocked_aws_audit_info,
)
class Test_organizations_account_part_of_organizations:
# Mocked Audit Info
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=session.Session(
profile_name=None,
botocore_session=None,
),
audited_account=AWS_ACCOUNT_ID,
audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:root",
audited_user_id=None,
audited_partition="aws",
audited_identity_arn=None,
profile=None,
profile_region=None,
credentials=None,
assumed_role_info=None,
audited_regions=[AWS_REGION],
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
return audit_info
@mock_organizations
def test_no_organization(self):
audit_info = self.set_mocked_audit_info()
audit_info = set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1])
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
@@ -75,11 +43,11 @@ class Test_organizations_account_part_of_organizations:
)
assert result[0].resource_id == "AWS Organization"
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert result[0].region == AWS_REGION
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_organizations
def test_organization(self):
audit_info = self.set_mocked_audit_info()
audit_info = set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1])
# Create Organization
conn = client("organizations")
@@ -109,4 +77,4 @@ class Test_organizations_account_part_of_organizations:
)
assert result[0].resource_id == response["Organization"]["Id"]
assert result[0].resource_arn == response["Organization"]["Arn"]
assert result[0].region == AWS_REGION
assert result[0].region == AWS_REGION_EU_WEST_1

61
tests/providers/aws/services/organizations/organizations_delegated_administrators/organizations_delegated_administrators_test.py
View File

@@ -1,53 +1,22 @@
from re import search
from unittest import mock
from boto3 import client, session
from boto3 import client
from moto import mock_organizations
from prowler.providers.aws.lib.audit_info.audit_info import AWS_Audit_Info
from prowler.providers.aws.services.organizations.organizations_service import (
Organizations,
)
from prowler.providers.common.models import Audit_Metadata
AWS_REGION = "us-east-1"
from tests.providers.aws.audit_info_utils import (
AWS_REGION_EU_WEST_1,
set_mocked_aws_audit_info,
)
class Test_organizations_delegated_administrators:
# Mocked Audit Info
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=session.Session(
profile_name=None,
botocore_session=None,
),
audited_account=None,
audited_account_arn=None,
audited_user_id=None,
audited_partition="aws",
audited_identity_arn=None,
profile=None,
profile_region=None,
credentials=None,
assumed_role_info=None,
audited_regions=[AWS_REGION],
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
return audit_info
@mock_organizations
def test_no_organization(self):
audit_info = self.set_mocked_audit_info()
audit_info = set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1])
audit_info.audit_config = {"organizations_trusted_delegated_administrators": []}
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
@@ -69,11 +38,11 @@ class Test_organizations_delegated_administrators:
@mock_organizations
def test_organization_no_delegations(self):
audit_info = self.set_mocked_audit_info()
audit_info = set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1])
audit_info.audit_config = {"organizations_trusted_delegated_administrators": []}
# Create Organization
conn = client("organizations", region_name=AWS_REGION)
conn = client("organizations", region_name=AWS_REGION_EU_WEST_1)
response = conn.create_organization()
with mock.patch(
@@ -100,14 +69,14 @@ class Test_organizations_delegated_administrators:
"No Delegated Administrators",
result[0].status_extended,
)
assert result[0].region == AWS_REGION
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_organizations
def test_organization_trusted_delegated(self):
audit_info = self.set_mocked_audit_info()
audit_info = set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1])
# Create Organization
conn = client("organizations", region_name=AWS_REGION)
conn = client("organizations", region_name=AWS_REGION_EU_WEST_1)
response = conn.create_organization()
# Create Dummy Account
account = conn.create_account(
@@ -151,14 +120,14 @@ class Test_organizations_delegated_administrators:
"Trusted Delegated Administrator",
result[0].status_extended,
)
assert result[0].region == AWS_REGION
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_organizations
def test_organization_untrusted_delegated(self):
audit_info = self.set_mocked_audit_info()
audit_info = set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1])
# Create Organization
conn = client("organizations", region_name=AWS_REGION)
conn = client("organizations", region_name=AWS_REGION_EU_WEST_1)
response = conn.create_organization()
# Create Dummy Account
account = conn.create_account(
@@ -198,4 +167,4 @@ class Test_organizations_delegated_administrators:
"Untrusted Delegated Administrator",
result[0].status_extended,
)
assert result[0].region == AWS_REGION
assert result[0].region == AWS_REGION_EU_WEST_1

74
tests/providers/aws/services/organizations/organizations_scp_check_deny_regions/organizations_scp_check_deny_regions_test.py
View File

@@ -1,18 +1,17 @@
from re import search
from unittest import mock
from boto3 import client, session
from boto3 import client
from moto import mock_organizations
from prowler.providers.aws.lib.audit_info.audit_info import AWS_Audit_Info
from prowler.providers.aws.services.organizations.organizations_service import (
Organizations,
)
from prowler.providers.common.models import Audit_Metadata
AWS_REGION = "us-east-1"
AWS_ACCOUNT_ID = "123456789012"
AWS_ACCOUNT_ARN = f"arn:aws:iam::{AWS_ACCOUNT_ID}:root"
from tests.providers.aws.audit_info_utils import (
AWS_ACCOUNT_ARN,
AWS_REGION_EU_WEST_1,
set_mocked_aws_audit_info,
)
def scp_restrict_regions_with_deny():
@@ -20,41 +19,12 @@ def scp_restrict_regions_with_deny():
class Test_organizations_scp_check_deny_regions:
# Mocked Audit Info
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=session.Session(
profile_name=None,
botocore_session=None,
),
audited_account=AWS_ACCOUNT_ID,
audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:root",
audited_user_id=None,
audited_partition="aws",
audited_identity_arn=None,
profile=None,
profile_region=None,
credentials=None,
assumed_role_info=None,
audited_regions=[AWS_REGION],
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
return audit_info
@mock_organizations
def test_no_organization(self):
audit_info = self.set_mocked_audit_info()
audit_info.audit_config = {"organizations_enabled_regions": [AWS_REGION]}
audit_info = set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1])
audit_info.audit_config = {
"organizations_enabled_regions": [AWS_REGION_EU_WEST_1]
}
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=audit_info,
@@ -79,15 +49,17 @@ class Test_organizations_scp_check_deny_regions:
)
assert result[0].resource_id == "AWS Organization"
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert result[0].region == AWS_REGION
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_organizations
def test_organization_without_scp_deny_regions(self):
audit_info = self.set_mocked_audit_info()
audit_info.audit_config = {"organizations_enabled_regions": [AWS_REGION]}
audit_info = set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1])
audit_info.audit_config = {
"organizations_enabled_regions": [AWS_REGION_EU_WEST_1]
}
# Create Organization
conn = client("organizations", region_name=AWS_REGION)
conn = client("organizations", region_name=AWS_REGION_EU_WEST_1)
response = conn.create_organization()
with mock.patch(
@@ -114,14 +86,14 @@ class Test_organizations_scp_check_deny_regions:
"level but don't restrict AWS Regions",
result[0].status_extended,
)
assert result[0].region == AWS_REGION
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_organizations
def test_organization_with_scp_deny_regions_valid(self):
audit_info = self.set_mocked_audit_info()
audit_info = set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1])
# Create Organization
conn = client("organizations", region_name=AWS_REGION)
conn = client("organizations", region_name=AWS_REGION_EU_WEST_1)
response = conn.create_organization()
# Create Policy
conn.create_policy(
@@ -158,14 +130,14 @@ class Test_organizations_scp_check_deny_regions:
"restricting all configured regions found",
result[0].status_extended,
)
assert result[0].region == AWS_REGION
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_organizations
def test_organization_with_scp_deny_regions_not_valid(self):
audit_info = self.set_mocked_audit_info()
audit_info = set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1])
# Create Organization
conn = client("organizations", region_name=AWS_REGION)
conn = client("organizations", region_name=AWS_REGION_EU_WEST_1)
response = conn.create_organization()
# Create Policy
conn.create_policy(
@@ -202,4 +174,4 @@ class Test_organizations_scp_check_deny_regions:
"restricting some AWS Regions, but not all the configured ones, please check config.",
result[0].status_extended,
)
assert result[0].region == AWS_REGION
assert result[0].region == AWS_REGION_EU_WEST_1

53
tests/providers/aws/services/organizations/organizations_service_test.py
View File

@@ -1,16 +1,15 @@
import json
from boto3 import client, session
from boto3 import client
from moto import mock_organizations
from moto.core import DEFAULT_ACCOUNT_ID
from prowler.providers.aws.lib.audit_info.audit_info import AWS_Audit_Info
from prowler.providers.aws.services.organizations.organizations_service import (
Organizations,
)
from prowler.providers.common.models import Audit_Metadata
AWS_REGION = "eu-west-1"
from tests.providers.aws.audit_info_utils import (
AWS_REGION_EU_WEST_1,
set_mocked_aws_audit_info,
)
def scp_restrict_regions_with_deny():
@@ -18,51 +17,19 @@ def scp_restrict_regions_with_deny():
class Test_Organizations_Service:
# Mocked Audit Info
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=session.Session(
profile_name=None,
botocore_session=None,
region_name=AWS_REGION,
),
audited_account=DEFAULT_ACCOUNT_ID,
audited_account_arn=f"arn:aws:iam::{DEFAULT_ACCOUNT_ID}:root",
audited_user_id=None,
audited_partition="aws",
audited_identity_arn=None,
profile=None,
profile_region=AWS_REGION,
credentials=None,
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
return audit_info
@mock_organizations
def test_service(self):
audit_info = self.set_mocked_audit_info()
audit_info = set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1])
organizations = Organizations(audit_info)
assert organizations.service == "organizations"
@mock_organizations
def test__describe_organization__(self):
# Create Organization
conn = client("organizations", region_name=AWS_REGION)
conn = client("organizations", region_name=AWS_REGION_EU_WEST_1)
response = conn.create_organization()
# Mock
audit_info = self.set_mocked_audit_info()
audit_info = set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1])
organizations = Organizations(audit_info)
# Tests
assert len(organizations.organizations) == 1
@@ -78,7 +45,7 @@ class Test_Organizations_Service:
@mock_organizations
def test__list_policies__(self):
# Create Policy
conn = client("organizations", region_name=AWS_REGION)
conn = client("organizations", region_name=AWS_REGION_EU_WEST_1)
conn.create_organization()
response = conn.create_policy(
Content=scp_restrict_regions_with_deny(),
@@ -87,7 +54,7 @@ class Test_Organizations_Service:
Type="SERVICE_CONTROL_POLICY",
)
# Mock
audit_info = self.set_mocked_audit_info()
audit_info = set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1])
organizations = Organizations(audit_info)
# Tests
for policy in organizations.policies:

62
tests/providers/aws/services/organizations/organizations_tags_policies_enabled_and_attached/organizations_tags_policies_enabled_and_attached_test.py
View File

@@ -1,57 +1,23 @@
from unittest import mock
from boto3 import session
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
from prowler.providers.aws.services.organizations.organizations_service import (
Organization,
Policy,
)
from prowler.providers.common.models import Audit_Metadata
from tests.providers.aws.audit_info_utils import (
AWS_ACCOUNT_ARN,
AWS_REGION_EU_WEST_1,
set_mocked_aws_audit_info,
)
AWS_REGION = "us-east-1"
AWS_ACCOUNT_ID = "123456789012"
AWS_ACCOUNT_ARN = f"arn:aws:iam::{AWS_ACCOUNT_ID}:root"
# Moto: NotImplementedError: The TAG_POLICY policy type has not been implemented
# Needs to Mock manually
class Test_organizations_tags_policies_enabled_and_attached:
# Mocked Audit Info
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=session.Session(
profile_name=None,
botocore_session=None,
region_name=AWS_REGION,
),
audited_account=AWS_ACCOUNT_ID,
audited_account_arn=AWS_ACCOUNT_ARN,
audited_user_id=None,
audited_partition="aws",
audited_identity_arn=None,
profile=None,
profile_region=AWS_REGION,
credentials=None,
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
return audit_info
def test_organization_no_organization(self):
organizations_client = mock.MagicMock
organizations_client.region = AWS_REGION
organizations_client.region = AWS_REGION_EU_WEST_1
organizations_client.organizations = [
Organization(
arn=AWS_ACCOUNT_ARN,
@@ -61,7 +27,7 @@ class Test_organizations_tags_policies_enabled_and_attached:
)
]
audit_info = self.set_mocked_audit_info()
audit_info = set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1])
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
@@ -87,11 +53,11 @@ class Test_organizations_tags_policies_enabled_and_attached:
)
assert result[0].resource_id == "AWS Organization"
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert result[0].region == AWS_REGION
assert result[0].region == AWS_REGION_EU_WEST_1
def test_organization_with_tag_policies_not_attached(self):
organizations_client = mock.MagicMock
organizations_client.region = AWS_REGION
organizations_client.region = AWS_REGION_EU_WEST_1
organizations_client.organizations = [
Organization(
id="o-1234567890",
@@ -112,7 +78,7 @@ class Test_organizations_tags_policies_enabled_and_attached:
)
]
audit_info = self.set_mocked_audit_info()
audit_info = set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1])
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
@@ -141,11 +107,11 @@ class Test_organizations_tags_policies_enabled_and_attached:
result[0].resource_arn
== "arn:aws:organizations::1234567890:organization/o-1234567890"
)
assert result[0].region == AWS_REGION
assert result[0].region == AWS_REGION_EU_WEST_1
def test_organization_with_tag_policies_attached(self):
organizations_client = mock.MagicMock
organizations_client.region = AWS_REGION
organizations_client.region = AWS_REGION_EU_WEST_1
organizations_client.organizations = [
Organization(
id="o-1234567890",
@@ -166,7 +132,7 @@ class Test_organizations_tags_policies_enabled_and_attached:
)
]
audit_info = self.set_mocked_audit_info()
audit_info = set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1])
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
@@ -195,4 +161,4 @@ class Test_organizations_tags_policies_enabled_and_attached:
result[0].resource_arn
== "arn:aws:organizations::1234567890:organization/o-1234567890"
)
assert result[0].region == AWS_REGION
assert result[0].region == AWS_REGION_EU_WEST_1