ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(tags): add resource tags to G-R services (#2009)

Browse Source
This commit is contained in:
Sergio Garcia
2023-03-02 13:56:22 +01:00
committed by GitHub
parent 76bb418ea9
commit e8a1378ad0
58 changed files with 287 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tests/providers/aws/services/glacier/glacier_service_test.py
View File

@@ -54,6 +54,9 @@ def mock_make_api_call(self, operation_name, kwarg):
if operation_name == "GetVaultAccessPolicy":
return {"policy": {"Policy": json.dumps(vault_json_policy)}}
if operation_name == "ListTagsForVault":
return {"Tags": {"test": "test"}}
return make_api_call(self, operation_name, kwarg)
@@ -99,6 +102,7 @@ class Test_Glacier_Service:
== f"arn:aws:glacier:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:vaults/examplevault"
)
assert glacier.vaults[vault_name].region == AWS_REGION
assert glacier.vaults[vault_name].tags == [{"test": "test"}]
def test__get_vault_access_policy__(self):
# Set partition for the service

12
tests/providers/aws/services/guardduty/guardduty_is_enabled/guardduty_is_enabled_test.py
View File

@@ -8,6 +8,9 @@ AWS_REGION = "eu-west-1"
AWS_ACCOUNT_NUMBER = "123456789012"
detector_id = str(uuid4())
detector_arn = (
f"arn:aws:guardduty:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:detector/{detector_id}"
)
class Test_guardduty_is_enabled:
@@ -33,6 +36,7 @@ class Test_guardduty_is_enabled:
Detector(
id=detector_id,
region=AWS_REGION,
arn=detector_arn,
status=True,
)
)
@@ -50,7 +54,7 @@ class Test_guardduty_is_enabled:
assert result[0].status == "PASS"
assert search("enabled", result[0].status_extended)
assert result[0].resource_id == detector_id
assert result[0].resource_arn == ""
assert result[0].resource_arn == detector_arn
def test_guardduty_configured_but_suspended(self):
guardduty_client = mock.MagicMock
@@ -58,6 +62,7 @@ class Test_guardduty_is_enabled:
guardduty_client.detectors.append(
Detector(
id=detector_id,
arn=detector_arn,
region=AWS_REGION,
status=False,
)
@@ -76,7 +81,7 @@ class Test_guardduty_is_enabled:
assert result[0].status == "FAIL"
assert search("configured but suspended", result[0].status_extended)
assert result[0].resource_id == detector_id
assert result[0].resource_arn == ""
assert result[0].resource_arn == detector_arn
def test_guardduty_not_configured(self):
guardduty_client = mock.MagicMock
@@ -84,6 +89,7 @@ class Test_guardduty_is_enabled:
guardduty_client.detectors.append(
Detector(
id=detector_id,
arn=detector_arn,
region=AWS_REGION,
)
)
@@ -101,4 +107,4 @@ class Test_guardduty_is_enabled:
assert result[0].status == "FAIL"
assert search("not configured", result[0].status_extended)
assert result[0].resource_id == detector_id
assert result[0].resource_arn == ""
assert result[0].resource_arn == detector_arn

7
tests/providers/aws/services/guardduty/guardduty_no_high_severity_findings/guardduty_no_high_severity_findings_test.py
View File

@@ -32,6 +32,7 @@ class Test_guardduty_no_high_severity_findings:
guardduty_client.detectors.append(
Detector(
id=detector_id,
arn="",
region=AWS_REGION,
)
)
@@ -58,7 +59,11 @@ class Test_guardduty_no_high_severity_findings:
guardduty_client.detectors = []
guardduty_client.detectors.append(
Detector(
id=detector_id, region=AWS_REGION, status=False, findings=[str(uuid4())]
id=detector_id,
region=AWS_REGION,
arn="",
status=False,
findings=[str(uuid4())],
)
)
with mock.patch(

5
tests/providers/aws/services/guardduty/guardduty_service_test.py
View File

@@ -16,6 +16,8 @@ make_api_call = botocore.client.BaseClient._make_api_call
def mock_make_api_call(self, operation_name, kwarg):
if operation_name == "ListFindings":
return {"FindingIds": ["86c1d16c9ec63f634ccd087ae0d427ba1"]}
if operation_name == "ListTagsForResource":
return {"Tags": {"test": "test"}}
return make_api_call(self, operation_name, kwarg)
@@ -77,7 +79,7 @@ class Test_GuardDuty_Service:
# Test GuardDuty session
def test__list_detectors__(self):
guardduty_client = client("guardduty", region_name=AWS_REGION)
response = guardduty_client.create_detector(Enable=True)
response = guardduty_client.create_detector(Enable=True, Tags={"test": "test"})
audit_info = self.set_mocked_audit_info()
guardduty = GuardDuty(audit_info)
@@ -85,6 +87,7 @@ class Test_GuardDuty_Service:
assert len(guardduty.detectors) == 1
assert guardduty.detectors[0].id == response["DetectorId"]
assert guardduty.detectors[0].region == AWS_REGION
assert guardduty.detectors[0].tags == [{"test": "test"}]
@mock_guardduty
# Test GuardDuty session

24
tests/providers/aws/services/iam/iam_service_test.py
View File

@@ -247,10 +247,16 @@ class Test_IAM_Service:
service_role = iam_client.create_role(
RoleName="test-1",
AssumeRolePolicyDocument=dumps(service_policy_document),
Tags=[
{"Key": "test", "Value": "test"},
],
)["Role"]
role = iam_client.create_role(
RoleName="test-2",
AssumeRolePolicyDocument=dumps(policy_document),
Tags=[
{"Key": "test", "Value": "test"},
],
)["Role"]
# IAM client for this test class
@@ -258,6 +264,12 @@ class Test_IAM_Service:
iam = IAM(audit_info)
assert len(iam.roles) == len(iam_client.list_roles()["Roles"])
assert iam.roles[0].tags == [
{"Key": "test", "Value": "test"},
]
assert iam.roles[1].tags == [
{"Key": "test", "Value": "test"},
]
assert is_service_role(service_role)
assert not is_service_role(role)
@@ -287,15 +299,27 @@ class Test_IAM_Service:
# Create 2 IAM Users
iam_client.create_user(
UserName="user1",
Tags=[
{"Key": "test", "Value": "test"},
],
)
iam_client.create_user(
UserName="user2",
Tags=[
{"Key": "test", "Value": "test"},
],
)
# IAM client for this test class
audit_info = self.set_mocked_audit_info()
iam = IAM(audit_info)
assert len(iam.users) == len(iam_client.list_users()["Users"])
assert iam.users[0].tags == [
{"Key": "test", "Value": "test"},
]
assert iam.users[1].tags == [
{"Key": "test", "Value": "test"},
]
# Test IAM Get Account Summary
@mock_iam

9
tests/providers/aws/services/kms/kms_service_test.py
View File

@@ -88,7 +88,11 @@ class Test_ACM_Service:
# Generate KMS Client
kms_client = client("kms", region_name=AWS_REGION)
# Create KMS keys
key1 = kms_client.create_key()["KeyMetadata"]
key1 = kms_client.create_key(
Tags=[
{"TagKey": "test", "TagValue": "test"},
],
)["KeyMetadata"]
# KMS client for this test class
audit_info = self.set_mocked_audit_info()
kms = KMS(audit_info)
@@ -97,6 +101,9 @@ class Test_ACM_Service:
assert kms.keys[0].state == key1["KeyState"]
assert kms.keys[0].origin == key1["Origin"]
assert kms.keys[0].manager == key1["KeyManager"]
assert kms.keys[0].tags == [
{"TagKey": "test", "TagValue": "test"},
]
# Test KMS Get rotation status
@mock_kms

12
tests/providers/aws/services/macie/macie_is_enabled/macie_is_enabled_test.py
View File

@@ -8,8 +8,8 @@ class Test_macie_is_enabled:
macie_client = mock.MagicMock
macie_client.sessions = [
Session(
"DISABLED",
"eu-west-1",
status="DISABLED",
region="eu-west-1",
)
]
with mock.patch(
@@ -33,8 +33,8 @@ class Test_macie_is_enabled:
macie_client = mock.MagicMock
macie_client.sessions = [
Session(
"ENABLED",
"eu-west-1",
status="ENABLED",
region="eu-west-1",
)
]
with mock.patch(
@@ -58,8 +58,8 @@ class Test_macie_is_enabled:
macie_client = mock.MagicMock
macie_client.sessions = [
Session(
"PAUSED",
"eu-west-1",
status="PAUSED",
region="eu-west-1",
)
]
with mock.patch(

4
tests/providers/aws/services/macie/macie_service_test.py
View File

@@ -66,8 +66,8 @@ class Test_Macie_Service:
macie = Macie(current_audit_info)
macie.sessions = [
Session(
"ENABLED",
"eu-west-1",
status="ENABLED",
region="eu-west-1",
)
]
assert len(macie.sessions) == 1

9
tests/providers/aws/services/opensearch/opensearch_service_test.py
View File

@@ -82,6 +82,12 @@ def mock_make_api_call(self, operation_name, kwarg):
"AdvancedSecurityOptions": {"InternalUserDatabaseEnabled": True},
}
}
if operation_name == "ListTags":
return {
"TagList": [
{"Key": "test", "Value": "test"},
]
}
return make_api_call(self, operation_name, kwarg)
@@ -183,3 +189,6 @@ class Test_OpenSearchService_Service:
assert opensearch.opensearch_domains[0].internal_user_database
assert opensearch.opensearch_domains[0].update_available
assert opensearch.opensearch_domains[0].version == "opensearch-version1"
assert opensearch.opensearch_domains[0].tags == [
{"Key": "test", "Value": "test"},
]

6
tests/providers/aws/services/rds/rds_service_test.py
View File

@@ -82,6 +82,9 @@ class Test_RDS_Service:
BackupRetentionPeriod=10,
EnableCloudwatchLogsExports=["audit", "error"],
MultiAZ=True,
Tags=[
{"Key": "test", "Value": "test"},
],
)
# RDS client for this test class
audit_info = self.set_mocked_audit_info()
@@ -101,6 +104,9 @@ class Test_RDS_Service:
assert rds.db_instances[0].deletion_protection
assert rds.db_instances[0].auto_minor_version_upgrade
assert rds.db_instances[0].multi_az
assert rds.db_instances[0].tags == [
{"Key": "test", "Value": "test"},
]
# Test RDS Describe DB Snapshots
@mock_rds

6
tests/providers/aws/services/redshift/redshift_service_test.py
View File

@@ -110,6 +110,9 @@ class Test_Redshift_Service:
MasterUsername="user",
MasterUserPassword="password",
PubliclyAccessible=True,
Tags=[
{"Key": "test", "Value": "test"},
],
)
audit_info = self.set_mocked_audit_info()
redshift = Redshift(audit_info)
@@ -126,6 +129,9 @@ class Test_Redshift_Service:
redshift.clusters[0].allow_version_upgrade
== response["Cluster"]["AllowVersionUpgrade"]
)
assert redshift.clusters[0].tags == [
{"Key": "test", "Value": "test"},
]
@mock_redshift
def test_describe_logging_status(self):

14
tests/providers/aws/services/route53/route53_service_test.py
View File

@@ -18,7 +18,16 @@ def mock_make_api_call(self, operation_name, kwarg):
"""We have to mock every AWS API call using Boto3"""
if operation_name == "DescribeDirectories":
return {}
if operation_name == "ListTagsForResource":
return {
"ResourceTagSet": {
"ResourceType": "hostedzone",
"ResourceId": "test",
"Tags": [
{"Key": "test", "Value": "test"},
],
}
}
return make_api_call(self, operation_name, kwarg)
@@ -107,6 +116,9 @@ class Test_Route53_Service:
== log_group_arn
)
assert route53.hosted_zones[hosted_zone_id].region == AWS_REGION
assert route53.hosted_zones[hosted_zone_id].tags == [
{"Key": "test", "Value": "test"},
]
@mock_route53
@mock_logs

9
tests/providers/aws/services/route53/route53domains_service_test.py
View File

@@ -28,6 +28,12 @@ def mock_make_api_call(self, operation_name, kwarg):
],
"NextPageMarker": "string",
}
if operation_name == "ListTagsForDomain":
return {
"TagList": [
{"Key": "test", "Value": "test"},
]
}
if operation_name == "GetDomainDetail":
return {
"DomainName": "test.domain.com",
@@ -117,3 +123,6 @@ class Test_Route53_Service:
"clientTransferProhibited"
in route53domains.domains[domain_name].status_list
)
assert route53domains.domains[domain_name].tags == [
{"Key": "test", "Value": "test"},
]