ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 06:45:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(region): add get_default_region function in AWS Services (#2524)

Browse Source
This commit is contained in:
Sergio Garcia
2023-06-23 14:10:49 +02:00
committed by GitHub
parent d044e535e0
commit e1da9e60fc
13 changed files with 380 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

282
tests/providers/aws/aws_provider_test.py
View File

@@ -7,6 +7,9 @@ from prowler.providers.aws.aws_provider import (
AWS_Provider,
assume_role,
generate_regional_clients,
get_available_aws_service_regions,
get_default_region,
get_global_region,
)
from prowler.providers.aws.lib.audit_info.models import AWS_Assume_Role, AWS_Audit_Info
@@ -275,3 +278,282 @@ class Test_AWS_Provider:
# Shield does not exist in China
assert generate_regional_clients_response == {}
def test_get_default_region(self):
audited_regions = ["eu-west-1"]
profile_region = "eu-west-1"
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=None,
audited_account=None,
audited_account_arn=None,
audited_partition="aws",
audited_identity_arn=None,
audited_user_id=None,
profile=None,
profile_region=profile_region,
credentials=None,
assumed_role_info=None,
audited_regions=audited_regions,
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
)
assert get_default_region("ec2", audit_info) == "eu-west-1"
def test_get_default_region_profile_region_not_audited(self):
audited_regions = ["eu-west-1"]
profile_region = "us-east-2"
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=None,
audited_account=None,
audited_account_arn=None,
audited_partition="aws",
audited_identity_arn=None,
audited_user_id=None,
profile=None,
profile_region=profile_region,
credentials=None,
assumed_role_info=None,
audited_regions=audited_regions,
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
)
assert get_default_region("ec2", audit_info) == "eu-west-1"
def test_get_default_region_non_profile_region(self):
audited_regions = ["eu-west-1"]
profile_region = None
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=None,
audited_account=None,
audited_account_arn=None,
audited_partition="aws",
audited_identity_arn=None,
audited_user_id=None,
profile=None,
profile_region=profile_region,
credentials=None,
assumed_role_info=None,
audited_regions=audited_regions,
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
)
assert get_default_region("ec2", audit_info) == "eu-west-1"
def test_get_default_region_non_profile_or_audited_region(self):
audited_regions = None
profile_region = None
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=None,
audited_account=None,
audited_account_arn=None,
audited_partition="aws",
audited_identity_arn=None,
audited_user_id=None,
profile=None,
profile_region=profile_region,
credentials=None,
assumed_role_info=None,
audited_regions=audited_regions,
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
)
assert get_default_region("ec2", audit_info) == "us-east-1"
def test_aws_get_global_region(self):
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=None,
audited_account=None,
audited_account_arn=None,
audited_partition="aws",
audited_identity_arn=None,
audited_user_id=None,
profile=None,
profile_region=None,
credentials=None,
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
)
assert get_default_region("ec2", audit_info) == "us-east-1"
def test_aws_gov_get_global_region(self):
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=None,
audited_account=None,
audited_account_arn=None,
audited_partition="aws-us-gov",
audited_identity_arn=None,
audited_user_id=None,
profile=None,
profile_region=None,
credentials=None,
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
)
assert get_global_region(audit_info) == "us-gov-east-1"
def test_aws_cn_get_global_region(self):
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=None,
audited_account=None,
audited_account_arn=None,
audited_partition="aws-cn",
audited_identity_arn=None,
audited_user_id=None,
profile=None,
profile_region=None,
credentials=None,
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
)
assert get_global_region(audit_info) == "cn-north-1"
def test_aws_iso_get_global_region(self):
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=None,
audited_account=None,
audited_account_arn=None,
audited_partition="aws-iso",
audited_identity_arn=None,
audited_user_id=None,
profile=None,
profile_region=None,
credentials=None,
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
)
assert get_global_region(audit_info) == "aws-iso-global"
def test_get_available_aws_service_regions_with_us_east_1_audited(self):
audited_regions = ["us-east-1"]
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=None,
audited_account=None,
audited_account_arn=None,
audited_partition="aws",
audited_identity_arn=None,
audited_user_id=None,
profile=None,
profile_region=None,
credentials=None,
assumed_role_info=None,
audited_regions=audited_regions,
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
)
with patch(
"prowler.providers.aws.aws_provider.parse_json_file",
return_value={
"services": {
"ec2": {
"regions": {
"aws": [
"af-south-1",
"ca-central-1",
"eu-central-1",
"eu-central-2",
"eu-north-1",
"eu-south-1",
"eu-south-2",
"eu-west-1",
"eu-west-2",
"eu-west-3",
"me-central-1",
"me-south-1",
"sa-east-1",
"us-east-1",
"us-east-2",
"us-west-1",
"us-west-2",
],
}
}
}
},
):
assert get_available_aws_service_regions("ec2", audit_info) == ["us-east-1"]
def test_get_available_aws_service_regions_with_all_regions_audited(self):
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=None,
audited_account=None,
audited_account_arn=None,
audited_partition="aws",
audited_identity_arn=None,
audited_user_id=None,
profile=None,
profile_region=None,
credentials=None,
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
)
with patch(
"prowler.providers.aws.aws_provider.parse_json_file",
return_value={
"services": {
"ec2": {
"regions": {
"aws": [
"af-south-1",
"ca-central-1",
"eu-central-1",
"eu-central-2",
"eu-north-1",
"eu-south-1",
"eu-south-2",
"eu-west-1",
"eu-west-2",
"eu-west-3",
"me-central-1",
"me-south-1",
"sa-east-1",
"us-east-1",
"us-east-2",
"us-west-1",
"us-west-2",
],
}
}
}
},
):
assert len(get_available_aws_service_regions("ec2", audit_info)) == 17

2
tests/providers/aws/services/resourceexplorer2/resourceexplorer2_service_test.py
View File

@@ -60,7 +60,7 @@ class Test_ResourceExplorer2_Service:
profile_region=None,
credentials=None,
assumed_role_info=None,
audited_regions="us-east-1",
audited_regions=["us-east-1"],
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,