ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(ec2 tests): add region and delete search sg checks (#2788)

Browse Source
This commit is contained in:
Nacho Rivera
2023-08-31 11:55:30 +02:00
committed by GitHub
parent 38a7dc1a93
commit dbd29c0ce1
19 changed files with 162 additions and 127 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port_test.py
View File

@@ -1,4 +1,3 @@
from re import search
from unittest import mock
from boto3 import client, session
@@ -122,9 +121,10 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_any_port:
for sg in result:
if sg.resource_id == default_sg_id:
assert sg.status == "FAIL"
assert search(
"has all ports open to the Internet",
sg.status_extended,
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {default_sg_name} ({default_sg_id}) has all ports open to the Internet."
)
assert (
sg.resource_arn
@@ -178,9 +178,10 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_any_port:
for sg in result:
if sg.resource_id == default_sg_id:
assert sg.status == "PASS"
assert search(
"does not have all ports open to the Internet",
sg.status_extended,
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {default_sg_name} ({default_sg_id}) does not have all ports open to the Internet."
)
assert (
sg.resource_arn
@@ -239,9 +240,10 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_any_port:
for sg in result:
if sg.resource_id == default_sg_id:
assert sg.status == "PASS"
assert search(
"does not have all ports open to the Internet",
sg.status_extended,
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {default_sg_name} ({default_sg_id}) does not have all ports open to the Internet."
)
assert (
sg.resource_arn

15
tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018_test.py
View File

@@ -1,4 +1,3 @@
from re import search
from unittest import mock
from boto3 import client, session
@@ -126,9 +125,10 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_2
for sg in result:
if sg.resource_id == default_sg_id:
assert sg.status == "FAIL"
assert search(
"has MongoDB ports 27017 and 27018 open to the Internet",
sg.status_extended,
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {default_sg_name} ({default_sg_id}) has MongoDB ports 27017 and 27018 open to the Internet."
)
assert (
sg.resource_arn
@@ -186,9 +186,10 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_2
for sg in result:
if sg.resource_id == default_sg_id:
assert sg.status == "PASS"
assert search(
"does not have MongoDB ports 27017 and 27018 open to the Internet",
sg.status_extended,
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {default_sg_name} ({default_sg_id}) does not have MongoDB ports 27017 and 27018 open to the Internet."
)
assert (
sg.resource_arn

15
tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21_test.py
View File

@@ -1,4 +1,3 @@
from re import search
from unittest import mock
from boto3 import client, session
@@ -126,9 +125,10 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21:
for sg in result:
if sg.resource_id == default_sg_id:
assert sg.status == "FAIL"
assert search(
"has FTP ports 20 and 21 open to the Internet",
sg.status_extended,
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {default_sg_name} ({default_sg_id}) has FTP ports 20 and 21 open to the Internet."
)
assert (
sg.resource_arn
@@ -186,9 +186,10 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21:
for sg in result:
if sg.resource_id == default_sg_id:
assert sg.status == "PASS"
assert search(
"does not have FTP ports 20 and 21 open to the Internet",
sg.status_extended,
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {default_sg_name} ({default_sg_id}) does not have FTP ports 20 and 21 open to the Internet."
)
assert (
sg.resource_arn

12
tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22_test.py
View File

@@ -122,6 +122,11 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22:
for sg in result:
if sg.resource_id == default_sg_id:
assert sg.status == "FAIL"
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {default_sg_name} ({default_sg_id}) has SSH port 22 open to the Internet."
)
assert search(
"has SSH port 22 open to the Internet",
sg.status_extended,
@@ -180,9 +185,10 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22:
for sg in result:
if sg.resource_id == default_sg_id:
assert sg.status == "PASS"
assert search(
"does not have SSH port 22 open to the Internet",
sg.status_extended,
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {default_sg_name} ({default_sg_id}) does not have SSH port 22 open to the Internet."
)
assert (
sg.resource_arn

15
tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389_test.py
View File

@@ -1,4 +1,3 @@
from re import search
from unittest import mock
from boto3 import client, session
@@ -122,9 +121,10 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389:
for sg in result:
if sg.resource_id == default_sg_id:
assert sg.status == "FAIL"
assert search(
"has Microsoft RDP port 3389 open to the Internet",
sg.status_extended,
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {default_sg_name} ({default_sg_id}) has Microsoft RDP port 3389 open to the Internet."
)
assert (
sg.resource_arn
@@ -180,9 +180,10 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389:
for sg in result:
if sg.resource_id == default_sg_id:
assert sg.status == "PASS"
assert search(
"does not have Microsoft RDP port 3389 open to the Internet",
sg.status_extended,
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {default_sg_name} ({default_sg_id}) does not have Microsoft RDP port 3389 open to the Internet."
)
assert (
sg.resource_arn

15
tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888_test.py
View File

@@ -1,4 +1,3 @@
from re import search
from unittest import mock
from boto3 import client, session
@@ -126,9 +125,10 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7
for sg in result:
if sg.resource_id == default_sg_id:
assert sg.status == "FAIL"
assert search(
"has Casandra ports 7199, 8888 and 9160 open to the Internet",
sg.status_extended,
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {default_sg_name} ({default_sg_id}) has Casandra ports 7199, 8888 and 9160 open to the Internet."
)
assert (
sg.resource_arn
@@ -186,9 +186,10 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7
for sg in result:
if sg.resource_id == default_sg_id:
assert sg.status == "PASS"
assert search(
"does not have Casandra ports 7199, 8888 and 9160 open to the Internet",
sg.status_extended,
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {default_sg_name} ({default_sg_id}) does not have Casandra ports 7199, 8888 and 9160 open to the Internet."
)
assert (
sg.resource_arn

15
tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601_test.py
View File

@@ -1,4 +1,3 @@
from re import search
from unittest import mock
from boto3 import client, session
@@ -126,9 +125,10 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsear
for sg in result:
if sg.resource_id == default_sg_id:
assert sg.status == "FAIL"
assert search(
"has Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet",
sg.status_extended,
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {default_sg_name} ({default_sg_id}) has Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet."
)
assert (
sg.resource_arn
@@ -186,9 +186,10 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsear
for sg in result:
if sg.resource_id == default_sg_id:
assert sg.status == "PASS"
assert search(
"does not have Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet",
sg.status_extended,
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {default_sg_name} ({default_sg_id}) does not have Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet."
)
assert (
sg.resource_arn

14
tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092_test.py
View File

@@ -1,4 +1,3 @@
from re import search
from unittest import mock
from boto3 import client, session
@@ -126,8 +125,10 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092:
for sg in result:
if sg.resource_id == default_sg_id:
assert sg.status == "FAIL"
assert search(
"has Kafka port 9092 open to the Internet", sg.status_extended
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {default_sg_name} ({default_sg_id}) has Kafka port 9092 open to the Internet."
)
assert (
sg.resource_arn
@@ -185,9 +186,10 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092:
for sg in result:
if sg.resource_id == default_sg_id:
assert sg.status == "PASS"
assert search(
"does not have Kafka port 9092 open to the Internet",
sg.status_extended,
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {default_sg_name} ({default_sg_id}) does not have Kafka port 9092 open to the Internet."
)
assert (
sg.resource_arn

15
tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211_test.py
View File

@@ -1,4 +1,3 @@
from re import search
from unittest import mock
from boto3 import client, session
@@ -126,9 +125,10 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_1
for sg in result:
if sg.resource_id == default_sg_id:
assert sg.status == "FAIL"
assert search(
"has Memcached port 11211 open to the Internet",
sg.status_extended,
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {default_sg_name} ({default_sg_id}) has Memcached port 11211 open to the Internet."
)
assert (
sg.resource_arn
@@ -186,9 +186,10 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_1
for sg in result:
if sg.resource_id == default_sg_id:
assert sg.status == "PASS"
assert search(
"does not have Memcached port 11211 open to the Internet",
sg.status_extended,
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {default_sg_name} ({default_sg_id}) does not have Memcached port 11211 open to the Internet."
)
assert (
sg.resource_arn

15
tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306_test.py
View File

@@ -1,4 +1,3 @@
from re import search
from unittest import mock
from boto3 import client, session
@@ -126,9 +125,10 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306:
for sg in result:
if sg.resource_id == default_sg_id:
assert sg.status == "FAIL"
assert search(
"has MySQL port 3306 open to the Internet",
sg.status_extended,
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {default_sg_name} ({default_sg_id}) has MySQL port 3306 open to the Internet."
)
assert (
sg.resource_arn
@@ -186,9 +186,10 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306:
for sg in result:
if sg.resource_id == default_sg_id:
assert sg.status == "PASS"
assert search(
"does not have MySQL port 3306 open to the Internet",
sg.status_extended,
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {default_sg_name} ({default_sg_id}) does not have MySQL port 3306 open to the Internet."
)
assert (
sg.resource_arn

15
tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483_test.py
View File

@@ -1,4 +1,3 @@
from re import search
from unittest import mock
from boto3 import client, session
@@ -126,9 +125,10 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521
for sg in result:
if sg.resource_id == default_sg_id:
assert sg.status == "FAIL"
assert search(
"has Oracle ports 1521 and 2483 open to the Internet",
sg.status_extended,
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {default_sg_name} ({default_sg_id}) has Oracle ports 1521 and 2483 open to the Internet."
)
assert (
sg.resource_arn
@@ -186,9 +186,10 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521
for sg in result:
if sg.resource_id == default_sg_id:
assert sg.status == "PASS"
assert search(
"does not have Oracle ports 1521 and 2483 open to the Internet",
sg.status_extended,
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {default_sg_name} ({default_sg_id}) does not have Oracle ports 1521 and 2483 open to the Internet."
)
assert (
sg.resource_arn

22
tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432_test.py
View File

@@ -1,4 +1,3 @@
from re import search
from unittest import mock
from boto3 import client, session
@@ -126,9 +125,10 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_54
for sg in result:
if sg.resource_id == default_sg_id:
assert sg.status == "FAIL"
assert search(
"has Postgres port 5432 open to the Internet",
sg.status_extended,
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {default_sg_name} ({default_sg_id}) has Postgres port 5432 open to the Internet."
)
assert (
sg.resource_arn
@@ -186,9 +186,10 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_54
for sg in result:
if sg.resource_id == default_sg_id:
assert sg.status == "PASS"
assert search(
"does not have Postgres port 5432 open to the Internet",
sg.status_extended,
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {default_sg_name} ({default_sg_id}) does not have Postgres port 5432 open to the Internet."
)
assert (
sg.resource_arn
@@ -251,9 +252,10 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_54
for sg in result:
if sg.resource_id == default_sg_id:
assert sg.status == "PASS"
assert search(
"does not have Postgres port 5432 open to the Internet",
sg.status_extended,
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {default_sg_name} ({default_sg_id}) does not have Postgres port 5432 open to the Internet."
)
assert (
sg.resource_arn

14
tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379_test.py
View File

@@ -1,4 +1,3 @@
from re import search
from unittest import mock
from boto3 import client, session
@@ -126,8 +125,10 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379:
for sg in result:
if sg.resource_id == default_sg_id:
assert sg.status == "FAIL"
assert search(
"has Redis port 6379 open to the Internet", sg.status_extended
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {default_sg_name} ({default_sg_id}) has Redis port 6379 open to the Internet."
)
assert (
sg.resource_arn
@@ -185,9 +186,10 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379:
for sg in result:
if sg.resource_id == default_sg_id:
assert sg.status == "PASS"
assert search(
"does not have Redis port 6379 open to the Internet",
sg.status_extended,
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {default_sg_name} ({default_sg_id}) does not have Redis port 6379 open to the Internet."
)
assert (
sg.resource_arn

15
tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434_test.py
View File

@@ -1,4 +1,3 @@
from re import search
from unittest import mock
from boto3 import client, session
@@ -126,9 +125,10 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_
for sg in result:
if sg.resource_id == default_sg_id:
assert sg.status == "FAIL"
assert search(
"has Microsoft SQL Server ports 1433 and 1434 open to the Internet",
sg.status_extended,
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {default_sg_name} ({default_sg_id}) has Microsoft SQL Server ports 1433 and 1434 open to the Internet."
)
assert (
sg.resource_arn
@@ -186,9 +186,10 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_
for sg in result:
if sg.resource_id == default_sg_id:
assert sg.status == "PASS"
assert search(
"does not have Microsoft SQL Server ports 1433 and 1434 open to the Internet",
sg.status_extended,
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {default_sg_name} ({default_sg_id}) does not have Microsoft SQL Server ports 1433 and 1434 open to the Internet."
)
assert (
sg.resource_arn

14
tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23_test.py
View File

@@ -1,4 +1,3 @@
from re import search
from unittest import mock
from boto3 import client, session
@@ -126,8 +125,10 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23:
for sg in result:
if sg.resource_id == default_sg_id:
assert sg.status == "FAIL"
assert search(
"has Telnet port 23 open to the Internet", sg.status_extended
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {default_sg_name} ({default_sg_id}) has Telnet port 23 open to the Internet."
)
assert (
sg.resource_arn
@@ -185,9 +186,10 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23:
for sg in result:
if sg.resource_id == default_sg_id:
assert sg.status == "PASS"
assert search(
"does not have Telnet port 23 open to the Internet",
sg.status_extended,
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {default_sg_name} ({default_sg_id}) does not have Telnet port 23 open to the Internet."
)
assert (
sg.resource_arn

15
tests/providers/aws/services/ec2/ec2_securitygroup_allow_wide_open_public_ipv4/ec2_securitygroup_allow_wide_open_public_ipv4_test.py
View File

@@ -1,4 +1,3 @@
from re import search
from unittest import mock
from boto3 import client, session
@@ -120,9 +119,10 @@ class Test_ec2_securitygroup_allow_wide_open_public_ipv4:
for sg in result:
if sg.resource_id == default_sg_id:
assert sg.status == "PASS"
assert search(
"has no potential wide-open non-RFC1918 address",
sg.status_extended,
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {default_sg_name} ({default_sg_id}) has no potential wide-open non-RFC1918 address."
)
assert (
sg.resource_arn
@@ -176,9 +176,10 @@ class Test_ec2_securitygroup_allow_wide_open_public_ipv4:
for sg in result:
if sg.resource_id == default_sg_id:
assert sg.status == "FAIL"
assert search(
"has potential wide-open non-RFC1918 address",
sg.status_extended,
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {default_sg_name} ({default_sg_id}) has potential wide-open non-RFC1918 address 82.122.0.0/16 in ingress rule."
)
assert (
sg.resource_arn

15
tests/providers/aws/services/ec2/ec2_securitygroup_from_launch_wizard/ec2_securitygroup_from_launch_wizard_test.py
View File

@@ -1,4 +1,3 @@
from re import search
from unittest import mock
from boto3 import client, resource, session
@@ -112,9 +111,10 @@ class Test_ec2_securitygroup_from_launch_wizard:
for sg in result:
if sg.resource_id == sg_id:
assert sg.status == "FAIL"
assert search(
"was created using the EC2 Launch Wizard",
sg.status_extended,
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {sg_name} ({sg_id}) was created using the EC2 Launch Wizard."
)
assert (
sg.resource_arn
@@ -168,9 +168,10 @@ class Test_ec2_securitygroup_from_launch_wizard:
for sg in result:
if sg.resource_id == default_sg_id:
assert sg.status == "PASS"
assert search(
"was not created using the EC2 Launch Wizard",
sg.status_extended,
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {default_sg_name} ({default_sg_id}) was not created using the EC2 Launch Wizard."
)
assert (
sg.resource_arn

12
tests/providers/aws/services/ec2/ec2_securitygroup_not_used/ec2_securitygroup_not_used_test.py
View File

@@ -105,9 +105,10 @@ class Test_ec2_securitygroup_not_used:
# One custom sg
assert len(result) == 1
assert result[0].status == "FAIL"
assert search(
"it is not being used",
result[0].status_extended,
assert result[0].region == AWS_REGION
assert (
result[0].status_extended
== f"Security group {sg_name} ({sg.id}) it is not being used."
)
assert (
result[0].resource_arn
@@ -152,6 +153,11 @@ class Test_ec2_securitygroup_not_used:
# One custom sg
assert len(result) == 1
assert result[0].status == "PASS"
assert result[0].region == AWS_REGION
assert (
result[0].status_extended
== f"Security group {sg_name} ({sg.id}) it is being used."
)
assert search(
"it is being used",
result[0].status_extended,

14
tests/providers/aws/services/ec2/ec2_securitygroup_with_many_ingress_egress_rules/ec2_securitygroup_with_many_ingress_egress_rules_test.py
View File

@@ -1,4 +1,3 @@
from re import search
from unittest import mock
from boto3 import client, session
@@ -125,8 +124,10 @@ class Test_ec2_securitygroup_with_many_ingress_egress_rules:
for sg in result:
if sg.resource_id == default_sg_id:
assert sg.status == "FAIL"
assert search(
"has 60 inbound rules and 1 outbound rules", sg.status_extended
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {default_sg_name} ({default_sg_id}) has 60 inbound rules and 1 outbound rules."
)
assert (
sg.resource_arn
@@ -183,9 +184,10 @@ class Test_ec2_securitygroup_with_many_ingress_egress_rules:
for sg in result:
if sg.resource_id == default_sg_id:
assert sg.status == "PASS"
assert search(
"has 1 inbound rules and 1 outbound rules",
sg.status_extended,
assert sg.region == AWS_REGION
assert (
sg.status_extended
== f"Security group {default_sg_name} ({default_sg_id}) has 1 inbound rules and 1 outbound rules."
)
assert (
sg.resource_arn