mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-10 06:45:08 +00:00
feat(azure): Add new checks related to PostgreSQL service (#3409)
This commit is contained in:
Pedro Martín
@@ -172,39 +172,17 @@ expected_packages = [
|
||||
ispkg=False,
|
||||
),
|
||||
ModuleInfo(
|
||||
module_finder=FileFinder("/root_dir/prowler/providers/azure/services/cosmosdb"),
|
||||
name="prowler.providers.azure.services.cosmosdb.cosmosdb_account_firewall_use_selected_networks",
|
||||
module_finder=FileFinder(
|
||||
"/root_dir/prowler/providers/azure/services/postgresql"
|
||||
),
|
||||
name="prowler.providers.azure.services.postgresql.postgresql_flexible_server_enforce_ssl_enabled",
|
||||
ispkg=True,
|
||||
),
|
||||
ModuleInfo(
|
||||
module_finder=FileFinder(
|
||||
"/root_dir/prowler/providers/azure/services/cosmosdb/cosmosdb_account_firewall_use_selected_networks"
|
||||
"/root_dir/prowler/providers/azure/services/postgresql/postgresql_flexible_server_enforce_ssl_enabled"
|
||||
),
|
||||
name="prowler.providers.azure.services.cosmosdb.cosmosdb_account_firewall_use_selected_networks.cosmosdb_account_firewall_use_selected_networks",
|
||||
ispkg=False,
|
||||
),
|
||||
ModuleInfo(
|
||||
module_finder=FileFinder("/root_dir/prowler/providers/azure/services/cosmosdb"),
|
||||
name="prowler.providers.azure.services.cosmosdb.cosmosdb_account_use_private_endpoints",
|
||||
ispkg=True,
|
||||
),
|
||||
ModuleInfo(
|
||||
module_finder=FileFinder(
|
||||
"/root_dir/prowler/providers/azure/services/cosmosdb/cosmosdb_account_use_private_endpoints"
|
||||
),
|
||||
name="prowler.providers.azure.services.cosmosdb.cosmosdb_account_use_private_endpoints.cosmosdb_account_use_private_endpoints",
|
||||
ispkg=False,
|
||||
),
|
||||
ModuleInfo(
|
||||
module_finder=FileFinder("/root_dir/prowler/providers/azure/services/cosmosdb"),
|
||||
name="prowler.providers.azure.services.cosmosdb.cosmosdb_account_use_aad_and_rbac",
|
||||
ispkg=True,
|
||||
),
|
||||
ModuleInfo(
|
||||
module_finder=FileFinder(
|
||||
"/root_dir/prowler/providers/azure/services/cosmosdb/cosmosdb_account_use_aad_and_rbac"
|
||||
),
|
||||
name="prowler.providers.azure.services.cosmosdb.cosmosdb_account_use_aad_and_rbac.cosmosdb_account_use_aad_and_rbac",
|
||||
name="prowler.providers.azure.services.postgresql.postgresql_flexible_server_enforce_ssl_enabled.postgresql_flexible_server_enforce_ssl_enabled",
|
||||
ispkg=False,
|
||||
),
|
||||
]
|
||||
@@ -358,44 +336,16 @@ def mock_list_modules(*_):
|
||||
),
|
||||
ModuleInfo(
|
||||
module_finder=FileFinder(
|
||||
"/root_dir/prowler/providers/azure/services/cosmosdb"
|
||||
"/root_dir/prowler/providers/azure/services/postgresql"
|
||||
),
|
||||
name="prowler.providers.azure.services.cosmosdb.cosmosdb_account_firewall_use_selected_networks",
|
||||
name="prowler.providers.azure.services.postgresql.postgresql_flexible_server_enforce_ssl_enabled",
|
||||
ispkg=True,
|
||||
),
|
||||
ModuleInfo(
|
||||
module_finder=FileFinder(
|
||||
"/root_dir/prowler/providers/azure/services/cosmosdb/cosmosdb_account_firewall_use_selected_networks"
|
||||
"/root_dir/prowler/providers/azure/services/postgresql/postgresql_flexible_server_enforce_ssl_enabled"
|
||||
),
|
||||
name="prowler.providers.azure.services.cosmosdb.cosmosdb_account_firewall_use_selected_networks.cosmosdb_account_firewall_use_selected_networks",
|
||||
ispkg=False,
|
||||
),
|
||||
ModuleInfo(
|
||||
module_finder=FileFinder(
|
||||
"/root_dir/prowler/providers/azure/services/cosmosdb"
|
||||
),
|
||||
name="prowler.providers.azure.services.cosmosdb.cosmosdb_account_use_private_endpoints",
|
||||
ispkg=True,
|
||||
),
|
||||
ModuleInfo(
|
||||
module_finder=FileFinder(
|
||||
"/root_dir/prowler/providers/azure/services/cosmosdb/cosmosdb_account_use_private_endpoints"
|
||||
),
|
||||
name="prowler.providers.azure.services.cosmosdb.cosmosdb_account_use_private_endpoints.cosmosdb_account_use_private_endpoints",
|
||||
ispkg=False,
|
||||
),
|
||||
ModuleInfo(
|
||||
module_finder=FileFinder(
|
||||
"/root_dir/prowler/providers/azure/services/cosmosdb"
|
||||
),
|
||||
name="prowler.providers.azure.services.cosmosdb.cosmosdb_account_use_aad_and_rbac",
|
||||
ispkg=True,
|
||||
),
|
||||
ModuleInfo(
|
||||
module_finder=FileFinder(
|
||||
"/root_dir/prowler/providers/azure/services/cosmosdb/cosmosdb_account_use_aad_and_rbac"
|
||||
),
|
||||
name="prowler.providers.azure.services.cosmosdb.cosmosdb_account_use_aad_and_rbac.cosmosdb_account_use_aad_and_rbac",
|
||||
name="prowler.providers.azure.services.postgresql.postgresql_flexible_server_enforce_ssl_enabled.postgresql_flexible_server_enforce_ssl_enabled",
|
||||
ispkg=False,
|
||||
),
|
||||
]
|
||||
@@ -808,16 +758,8 @@ class Test_Check:
|
||||
"/root_dir/prowler/providers/azure/services/sqlserver/sqlserver_va_emails_notifications_admins_enabled",
|
||||
),
|
||||
(
|
||||
"cosmosdb_account_firewall_use_selected_networks",
|
||||
"/root_dir/prowler/providers/azure/services/cosmosdb/cosmosdb_account_firewall_use_selected_networks",
|
||||
),
|
||||
(
|
||||
"cosmosdb_account_use_private_endpoints",
|
||||
"/root_dir/prowler/providers/azure/services/cosmosdb/cosmosdb_account_use_private_endpoints",
|
||||
),
|
||||
(
|
||||
"cosmosdb_account_use_aad_and_rbac",
|
||||
"/root_dir/prowler/providers/azure/services/cosmosdb/cosmosdb_account_use_aad_and_rbac",
|
||||
"postgresql_flexible_server_enforce_ssl_enabled",
|
||||
"/root_dir/prowler/providers/azure/services/postgresql/postgresql_flexible_server_enforce_ssl_enabled",
|
||||
),
|
||||
]
|
||||
returned_checks = recover_checks_from_provider(provider, service)
|
||||
|
||||
@@ -0,0 +1,121 @@
|
||||
from unittest import mock
|
||||
from uuid import uuid4
|
||||
|
||||
from prowler.providers.azure.services.postgresql.postgresql_service import (
|
||||
Firewall,
|
||||
Server,
|
||||
)
|
||||
|
||||
AZURE_SUBSCRIPTION = str(uuid4())
|
||||
|
||||
|
||||
class Test_postgresql_flexible_server_allow_access_services_disabled:
|
||||
def test_no_postgresql_flexible_servers(self):
|
||||
postgresql_client = mock.MagicMock
|
||||
postgresql_client.flexible_servers = {}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.postgresql.postgresql_flexible_server_allow_access_services_disabled.postgresql_flexible_server_allow_access_services_disabled.postgresql_client",
|
||||
new=postgresql_client,
|
||||
):
|
||||
from prowler.providers.azure.services.postgresql.postgresql_flexible_server_allow_access_services_disabled.postgresql_flexible_server_allow_access_services_disabled import (
|
||||
postgresql_flexible_server_allow_access_services_disabled,
|
||||
)
|
||||
|
||||
check = postgresql_flexible_server_allow_access_services_disabled()
|
||||
result = check.execute()
|
||||
assert len(result) == 0
|
||||
|
||||
def test_flexible_servers_allow_public_access(self):
|
||||
postgresql_client = mock.MagicMock
|
||||
postgresql_server_name = "Postgres Flexible Server Name"
|
||||
postgresql_server_id = str(uuid4())
|
||||
firewall = Firewall(
|
||||
id=str(uuid4()),
|
||||
name="firewall_name",
|
||||
start_ip="0.0.0.0",
|
||||
end_ip="0.0.0.0",
|
||||
)
|
||||
postgresql_client.flexible_servers = {
|
||||
AZURE_SUBSCRIPTION: [
|
||||
Server(
|
||||
id=postgresql_server_id,
|
||||
name=postgresql_server_name,
|
||||
resource_group="resource_group",
|
||||
require_secure_transport="OFF",
|
||||
log_checkpoints="OFF",
|
||||
log_connections="OFF",
|
||||
log_disconnections="OFF",
|
||||
connection_throttling="OFF",
|
||||
log_retention_days="3",
|
||||
firewall=[firewall],
|
||||
)
|
||||
]
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.postgresql.postgresql_flexible_server_allow_access_services_disabled.postgresql_flexible_server_allow_access_services_disabled.postgresql_client",
|
||||
new=postgresql_client,
|
||||
):
|
||||
from prowler.providers.azure.services.postgresql.postgresql_flexible_server_allow_access_services_disabled.postgresql_flexible_server_allow_access_services_disabled import (
|
||||
postgresql_flexible_server_allow_access_services_disabled,
|
||||
)
|
||||
|
||||
check = postgresql_flexible_server_allow_access_services_disabled()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION} has allow public access from any Azure service enabled"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUBSCRIPTION
|
||||
assert result[0].resource_name == postgresql_server_name
|
||||
assert result[0].resource_id == postgresql_server_id
|
||||
|
||||
def test_flexible_servers_dont_allow_public_access(self):
|
||||
postgresql_client = mock.MagicMock
|
||||
postgresql_server_name = "Postgres Flexible Server Name"
|
||||
postgresql_server_id = str(uuid4())
|
||||
firewall = Firewall(
|
||||
id=str(uuid4()),
|
||||
name="firewall_name",
|
||||
start_ip="1.1.1.1",
|
||||
end_ip="1.1.1.1",
|
||||
)
|
||||
postgresql_client.flexible_servers = {
|
||||
AZURE_SUBSCRIPTION: [
|
||||
Server(
|
||||
id=postgresql_server_id,
|
||||
name=postgresql_server_name,
|
||||
resource_group="resource_group",
|
||||
require_secure_transport="OFF",
|
||||
log_checkpoints="OFF",
|
||||
log_connections="OFF",
|
||||
log_disconnections="OFF",
|
||||
connection_throttling="OFF",
|
||||
log_retention_days="3",
|
||||
firewall=[firewall],
|
||||
)
|
||||
]
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.postgresql.postgresql_flexible_server_allow_access_services_disabled.postgresql_flexible_server_allow_access_services_disabled.postgresql_client",
|
||||
new=postgresql_client,
|
||||
):
|
||||
from prowler.providers.azure.services.postgresql.postgresql_flexible_server_allow_access_services_disabled.postgresql_flexible_server_allow_access_services_disabled import (
|
||||
postgresql_flexible_server_allow_access_services_disabled,
|
||||
)
|
||||
|
||||
check = postgresql_flexible_server_allow_access_services_disabled()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION} has allow public access from any Azure service disabled"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUBSCRIPTION
|
||||
assert result[0].resource_name == postgresql_server_name
|
||||
assert result[0].resource_id == postgresql_server_id
|
||||
@@ -0,0 +1,106 @@
|
||||
from unittest import mock
|
||||
from uuid import uuid4
|
||||
|
||||
from prowler.providers.azure.services.postgresql.postgresql_service import Server
|
||||
|
||||
AZURE_SUBSCRIPTION = str(uuid4())
|
||||
|
||||
|
||||
class Test_postgresql_flexible_server_connection_throttling_on:
|
||||
def test_no_postgresql_flexible_servers(self):
|
||||
postgresql_client = mock.MagicMock
|
||||
postgresql_client.flexible_servers = {}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.postgresql.postgresql_flexible_server_connection_throttling_on.postgresql_flexible_server_connection_throttling_on.postgresql_client",
|
||||
new=postgresql_client,
|
||||
):
|
||||
from prowler.providers.azure.services.postgresql.postgresql_flexible_server_connection_throttling_on.postgresql_flexible_server_connection_throttling_on import (
|
||||
postgresql_flexible_server_connection_throttling_on,
|
||||
)
|
||||
|
||||
check = postgresql_flexible_server_connection_throttling_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 0
|
||||
|
||||
def test_flexible_servers_connection_throttling_off(self):
|
||||
postgresql_client = mock.MagicMock
|
||||
postgresql_server_name = "Postgres Flexible Server Name"
|
||||
postgresql_server_id = str(uuid4())
|
||||
postgresql_client.flexible_servers = {
|
||||
AZURE_SUBSCRIPTION: [
|
||||
Server(
|
||||
id=postgresql_server_id,
|
||||
name=postgresql_server_name,
|
||||
resource_group="resource_group",
|
||||
require_secure_transport="OFF",
|
||||
log_checkpoints="OFF",
|
||||
log_connections="OFF",
|
||||
log_disconnections="OFF",
|
||||
connection_throttling="OFF",
|
||||
log_retention_days="3",
|
||||
firewall=None,
|
||||
)
|
||||
]
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.postgresql.postgresql_flexible_server_connection_throttling_on.postgresql_flexible_server_connection_throttling_on.postgresql_client",
|
||||
new=postgresql_client,
|
||||
):
|
||||
from prowler.providers.azure.services.postgresql.postgresql_flexible_server_connection_throttling_on.postgresql_flexible_server_connection_throttling_on import (
|
||||
postgresql_flexible_server_connection_throttling_on,
|
||||
)
|
||||
|
||||
check = postgresql_flexible_server_connection_throttling_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION} has connection_throttling disabled"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUBSCRIPTION
|
||||
assert result[0].resource_name == postgresql_server_name
|
||||
assert result[0].resource_id == postgresql_server_id
|
||||
|
||||
def test_flexible_servers_connection_throttling_on(self):
|
||||
postgresql_client = mock.MagicMock
|
||||
postgresql_server_name = "Postgres Flexible Server Name"
|
||||
postgresql_server_id = str(uuid4())
|
||||
postgresql_client.flexible_servers = {
|
||||
AZURE_SUBSCRIPTION: [
|
||||
Server(
|
||||
id=postgresql_server_id,
|
||||
name=postgresql_server_name,
|
||||
resource_group="resource_group",
|
||||
require_secure_transport="OFF",
|
||||
log_checkpoints="ON",
|
||||
log_connections="ON",
|
||||
log_disconnections="ON",
|
||||
connection_throttling="ON",
|
||||
log_retention_days="3",
|
||||
firewall=None,
|
||||
)
|
||||
]
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.postgresql.postgresql_flexible_server_connection_throttling_on.postgresql_flexible_server_connection_throttling_on.postgresql_client",
|
||||
new=postgresql_client,
|
||||
):
|
||||
from prowler.providers.azure.services.postgresql.postgresql_flexible_server_connection_throttling_on.postgresql_flexible_server_connection_throttling_on import (
|
||||
postgresql_flexible_server_connection_throttling_on,
|
||||
)
|
||||
|
||||
check = postgresql_flexible_server_connection_throttling_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION} has connection_throttling enabled"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUBSCRIPTION
|
||||
assert result[0].resource_name == postgresql_server_name
|
||||
assert result[0].resource_id == postgresql_server_id
|
||||
@@ -0,0 +1,106 @@
|
||||
from unittest import mock
|
||||
from uuid import uuid4
|
||||
|
||||
from prowler.providers.azure.services.postgresql.postgresql_service import Server
|
||||
|
||||
AZURE_SUBSCRIPTION = str(uuid4())
|
||||
|
||||
|
||||
class Test_postgresql_flexible_server_enforce_ssl_enabled:
|
||||
def test_no_postgresql_flexible_servers(self):
|
||||
postgresql_client = mock.MagicMock
|
||||
postgresql_client.flexible_servers = {}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.postgresql.postgresql_flexible_server_enforce_ssl_enabled.postgresql_flexible_server_enforce_ssl_enabled.postgresql_client",
|
||||
new=postgresql_client,
|
||||
):
|
||||
from prowler.providers.azure.services.postgresql.postgresql_flexible_server_enforce_ssl_enabled.postgresql_flexible_server_enforce_ssl_enabled import (
|
||||
postgresql_flexible_server_enforce_ssl_enabled,
|
||||
)
|
||||
|
||||
check = postgresql_flexible_server_enforce_ssl_enabled()
|
||||
result = check.execute()
|
||||
assert len(result) == 0
|
||||
|
||||
def test_flexible_servers_require_secure_transport_off(self):
|
||||
postgresql_client = mock.MagicMock
|
||||
postgresql_server_name = "Postgres Flexible Server Name"
|
||||
postgresql_server_id = str(uuid4())
|
||||
postgresql_client.flexible_servers = {
|
||||
AZURE_SUBSCRIPTION: [
|
||||
Server(
|
||||
id=postgresql_server_id,
|
||||
name=postgresql_server_name,
|
||||
resource_group="resource_group",
|
||||
require_secure_transport="OFF",
|
||||
log_checkpoints="ON",
|
||||
log_connections="ON",
|
||||
log_disconnections="ON",
|
||||
connection_throttling="ON",
|
||||
log_retention_days="3",
|
||||
firewall=None,
|
||||
)
|
||||
]
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.postgresql.postgresql_flexible_server_enforce_ssl_enabled.postgresql_flexible_server_enforce_ssl_enabled.postgresql_client",
|
||||
new=postgresql_client,
|
||||
):
|
||||
from prowler.providers.azure.services.postgresql.postgresql_flexible_server_enforce_ssl_enabled.postgresql_flexible_server_enforce_ssl_enabled import (
|
||||
postgresql_flexible_server_enforce_ssl_enabled,
|
||||
)
|
||||
|
||||
check = postgresql_flexible_server_enforce_ssl_enabled()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION} has enforce ssl disabled"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUBSCRIPTION
|
||||
assert result[0].resource_name == postgresql_server_name
|
||||
assert result[0].resource_id == postgresql_server_id
|
||||
|
||||
def test_flexible_servers_require_secure_transport_on(self):
|
||||
postgresql_client = mock.MagicMock
|
||||
postgresql_server_name = "Postgres Flexible Server Name"
|
||||
postgresql_server_id = str(uuid4())
|
||||
postgresql_client.flexible_servers = {
|
||||
AZURE_SUBSCRIPTION: [
|
||||
Server(
|
||||
id=postgresql_server_id,
|
||||
name=postgresql_server_name,
|
||||
resource_group="resource_group",
|
||||
require_secure_transport="ON",
|
||||
log_checkpoints="ON",
|
||||
log_connections="ON",
|
||||
log_disconnections="ON",
|
||||
connection_throttling="ON",
|
||||
log_retention_days="3",
|
||||
firewall=None,
|
||||
)
|
||||
]
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.postgresql.postgresql_flexible_server_enforce_ssl_enabled.postgresql_flexible_server_enforce_ssl_enabled.postgresql_client",
|
||||
new=postgresql_client,
|
||||
):
|
||||
from prowler.providers.azure.services.postgresql.postgresql_flexible_server_enforce_ssl_enabled.postgresql_flexible_server_enforce_ssl_enabled import (
|
||||
postgresql_flexible_server_enforce_ssl_enabled,
|
||||
)
|
||||
|
||||
check = postgresql_flexible_server_enforce_ssl_enabled()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION} has enforce ssl enabled"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUBSCRIPTION
|
||||
assert result[0].resource_name == postgresql_server_name
|
||||
assert result[0].resource_id == postgresql_server_id
|
||||
@@ -0,0 +1,106 @@
|
||||
from unittest import mock
|
||||
from uuid import uuid4
|
||||
|
||||
from prowler.providers.azure.services.postgresql.postgresql_service import Server
|
||||
|
||||
AZURE_SUBSCRIPTION = str(uuid4())
|
||||
|
||||
|
||||
class Test_postgresql_flexible_server_log_checkpoints_on:
|
||||
def test_no_postgresql_flexible_servers(self):
|
||||
postgresql_client = mock.MagicMock
|
||||
postgresql_client.flexible_servers = {}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_checkpoints_on.postgresql_flexible_server_log_checkpoints_on.postgresql_client",
|
||||
new=postgresql_client,
|
||||
):
|
||||
from prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_checkpoints_on.postgresql_flexible_server_log_checkpoints_on import (
|
||||
postgresql_flexible_server_log_checkpoints_on,
|
||||
)
|
||||
|
||||
check = postgresql_flexible_server_log_checkpoints_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 0
|
||||
|
||||
def test_flexible_servers_log_checkpoints_off(self):
|
||||
postgresql_client = mock.MagicMock
|
||||
postgresql_server_name = "Postgres Flexible Server Name"
|
||||
postgresql_server_id = str(uuid4())
|
||||
postgresql_client.flexible_servers = {
|
||||
AZURE_SUBSCRIPTION: [
|
||||
Server(
|
||||
id=postgresql_server_id,
|
||||
name=postgresql_server_name,
|
||||
resource_group="resource_group",
|
||||
require_secure_transport="ON",
|
||||
log_checkpoints="OFF",
|
||||
log_connections="ON",
|
||||
log_disconnections="ON",
|
||||
connection_throttling="ON",
|
||||
log_retention_days="3",
|
||||
firewall=None,
|
||||
)
|
||||
]
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_checkpoints_on.postgresql_flexible_server_log_checkpoints_on.postgresql_client",
|
||||
new=postgresql_client,
|
||||
):
|
||||
from prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_checkpoints_on.postgresql_flexible_server_log_checkpoints_on import (
|
||||
postgresql_flexible_server_log_checkpoints_on,
|
||||
)
|
||||
|
||||
check = postgresql_flexible_server_log_checkpoints_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION} has log_checkpoints disabled"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUBSCRIPTION
|
||||
assert result[0].resource_name == postgresql_server_name
|
||||
assert result[0].resource_id == postgresql_server_id
|
||||
|
||||
def test_flexible_servers_log_checkpoints_on(self):
|
||||
postgresql_client = mock.MagicMock
|
||||
postgresql_server_name = "Postgres Flexible Server Name"
|
||||
postgresql_server_id = str(uuid4())
|
||||
postgresql_client.flexible_servers = {
|
||||
AZURE_SUBSCRIPTION: [
|
||||
Server(
|
||||
id=postgresql_server_id,
|
||||
name=postgresql_server_name,
|
||||
resource_group="resource_group",
|
||||
require_secure_transport="ON",
|
||||
log_checkpoints="ON",
|
||||
log_connections="ON",
|
||||
log_disconnections="ON",
|
||||
connection_throttling="ON",
|
||||
log_retention_days="3",
|
||||
firewall=None,
|
||||
)
|
||||
]
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_checkpoints_on.postgresql_flexible_server_log_checkpoints_on.postgresql_client",
|
||||
new=postgresql_client,
|
||||
):
|
||||
from prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_checkpoints_on.postgresql_flexible_server_log_checkpoints_on import (
|
||||
postgresql_flexible_server_log_checkpoints_on,
|
||||
)
|
||||
|
||||
check = postgresql_flexible_server_log_checkpoints_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION} has log_checkpoints enabled"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUBSCRIPTION
|
||||
assert result[0].resource_name == postgresql_server_name
|
||||
assert result[0].resource_id == postgresql_server_id
|
||||
@@ -0,0 +1,106 @@
|
||||
from unittest import mock
|
||||
from uuid import uuid4
|
||||
|
||||
from prowler.providers.azure.services.postgresql.postgresql_service import Server
|
||||
|
||||
AZURE_SUBSCRIPTION = str(uuid4())
|
||||
|
||||
|
||||
class Test_postgresql_flexible_server_log_connections_on:
|
||||
def test_no_postgresql_flexible_servers(self):
|
||||
postgresql_client = mock.MagicMock
|
||||
postgresql_client.flexible_servers = {}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_connections_on.postgresql_flexible_server_log_connections_on.postgresql_client",
|
||||
new=postgresql_client,
|
||||
):
|
||||
from prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_connections_on.postgresql_flexible_server_log_connections_on import (
|
||||
postgresql_flexible_server_log_connections_on,
|
||||
)
|
||||
|
||||
check = postgresql_flexible_server_log_connections_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 0
|
||||
|
||||
def test_flexible_servers_log_connections_off(self):
|
||||
postgresql_client = mock.MagicMock
|
||||
postgresql_server_name = "Postgres Flexible Server Name"
|
||||
postgresql_server_id = str(uuid4())
|
||||
postgresql_client.flexible_servers = {
|
||||
AZURE_SUBSCRIPTION: [
|
||||
Server(
|
||||
id=postgresql_server_id,
|
||||
name=postgresql_server_name,
|
||||
resource_group="resource_group",
|
||||
require_secure_transport="OFF",
|
||||
log_checkpoints="OFF",
|
||||
log_connections="OFF",
|
||||
log_disconnections="OFF",
|
||||
connection_throttling="ON",
|
||||
log_retention_days="3",
|
||||
firewall=None,
|
||||
)
|
||||
]
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_connections_on.postgresql_flexible_server_log_connections_on.postgresql_client",
|
||||
new=postgresql_client,
|
||||
):
|
||||
from prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_connections_on.postgresql_flexible_server_log_connections_on import (
|
||||
postgresql_flexible_server_log_connections_on,
|
||||
)
|
||||
|
||||
check = postgresql_flexible_server_log_connections_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION} has log_connections disabled"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUBSCRIPTION
|
||||
assert result[0].resource_name == postgresql_server_name
|
||||
assert result[0].resource_id == postgresql_server_id
|
||||
|
||||
def test_flexible_servers_log_connections_on(self):
|
||||
postgresql_client = mock.MagicMock
|
||||
postgresql_server_name = "Postgres Flexible Server Name"
|
||||
postgresql_server_id = str(uuid4())
|
||||
postgresql_client.flexible_servers = {
|
||||
AZURE_SUBSCRIPTION: [
|
||||
Server(
|
||||
id=postgresql_server_id,
|
||||
name=postgresql_server_name,
|
||||
resource_group="resource_group",
|
||||
require_secure_transport="OFF",
|
||||
log_checkpoints="ON",
|
||||
log_connections="ON",
|
||||
log_disconnections="ON",
|
||||
connection_throttling="ON",
|
||||
log_retention_days="3",
|
||||
firewall=None,
|
||||
)
|
||||
]
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_connections_on.postgresql_flexible_server_log_connections_on.postgresql_client",
|
||||
new=postgresql_client,
|
||||
):
|
||||
from prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_connections_on.postgresql_flexible_server_log_connections_on import (
|
||||
postgresql_flexible_server_log_connections_on,
|
||||
)
|
||||
|
||||
check = postgresql_flexible_server_log_connections_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION} has log_connections enabled"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUBSCRIPTION
|
||||
assert result[0].resource_name == postgresql_server_name
|
||||
assert result[0].resource_id == postgresql_server_id
|
||||
@@ -0,0 +1,106 @@
|
||||
from unittest import mock
|
||||
from uuid import uuid4
|
||||
|
||||
from prowler.providers.azure.services.postgresql.postgresql_service import Server
|
||||
|
||||
AZURE_SUBSCRIPTION = str(uuid4())
|
||||
|
||||
|
||||
class Test_postgresql_flexible_server_log_disconnections_on:
|
||||
def test_no_postgresql_flexible_servers(self):
|
||||
postgresql_client = mock.MagicMock
|
||||
postgresql_client.flexible_servers = {}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_disconnections_on.postgresql_flexible_server_log_disconnections_on.postgresql_client",
|
||||
new=postgresql_client,
|
||||
):
|
||||
from prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_disconnections_on.postgresql_flexible_server_log_disconnections_on import (
|
||||
postgresql_flexible_server_log_disconnections_on,
|
||||
)
|
||||
|
||||
check = postgresql_flexible_server_log_disconnections_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 0
|
||||
|
||||
def test_flexible_servers_log_connections_off(self):
|
||||
postgresql_client = mock.MagicMock
|
||||
postgresql_server_name = "Postgres Flexible Server Name"
|
||||
postgresql_server_id = str(uuid4())
|
||||
postgresql_client.flexible_servers = {
|
||||
AZURE_SUBSCRIPTION: [
|
||||
Server(
|
||||
id=postgresql_server_id,
|
||||
name=postgresql_server_name,
|
||||
resource_group="resource_group",
|
||||
require_secure_transport="OFF",
|
||||
log_checkpoints="OFF",
|
||||
log_connections="OFF",
|
||||
log_disconnections="OFF",
|
||||
connection_throttling="OFF",
|
||||
log_retention_days="3",
|
||||
firewall=None,
|
||||
)
|
||||
]
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_disconnections_on.postgresql_flexible_server_log_disconnections_on.postgresql_client",
|
||||
new=postgresql_client,
|
||||
):
|
||||
from prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_disconnections_on.postgresql_flexible_server_log_disconnections_on import (
|
||||
postgresql_flexible_server_log_disconnections_on,
|
||||
)
|
||||
|
||||
check = postgresql_flexible_server_log_disconnections_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION} has log_disconnections disabled"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUBSCRIPTION
|
||||
assert result[0].resource_name == postgresql_server_name
|
||||
assert result[0].resource_id == postgresql_server_id
|
||||
|
||||
def test_flexible_servers_log_connections_on(self):
|
||||
postgresql_client = mock.MagicMock
|
||||
postgresql_server_name = "Postgres Flexible Server Name"
|
||||
postgresql_server_id = str(uuid4())
|
||||
postgresql_client.flexible_servers = {
|
||||
AZURE_SUBSCRIPTION: [
|
||||
Server(
|
||||
id=postgresql_server_id,
|
||||
name=postgresql_server_name,
|
||||
resource_group="resource_group",
|
||||
require_secure_transport="OFF",
|
||||
log_checkpoints="ON",
|
||||
log_connections="ON",
|
||||
log_disconnections="ON",
|
||||
connection_throttling="ON",
|
||||
log_retention_days="3",
|
||||
firewall=None,
|
||||
)
|
||||
]
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_disconnections_on.postgresql_flexible_server_log_disconnections_on.postgresql_client",
|
||||
new=postgresql_client,
|
||||
):
|
||||
from prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_disconnections_on.postgresql_flexible_server_log_disconnections_on import (
|
||||
postgresql_flexible_server_log_disconnections_on,
|
||||
)
|
||||
|
||||
check = postgresql_flexible_server_log_disconnections_on()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION} has log_disconnections enabled"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUBSCRIPTION
|
||||
assert result[0].resource_name == postgresql_server_name
|
||||
assert result[0].resource_id == postgresql_server_id
|
||||
@@ -0,0 +1,191 @@
|
||||
from unittest import mock
|
||||
from uuid import uuid4
|
||||
|
||||
from prowler.providers.azure.services.postgresql.postgresql_service import Server
|
||||
|
||||
AZURE_SUBSCRIPTION = str(uuid4())
|
||||
|
||||
|
||||
class Test_postgresql_flexible_server_log_retention_days_greater_3:
|
||||
def test_no_postgresql_flexible_servers(self):
|
||||
postgresql_client = mock.MagicMock
|
||||
postgresql_client.flexible_servers = {}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_retention_days_greater_3.postgresql_flexible_server_log_retention_days_greater_3.postgresql_client",
|
||||
new=postgresql_client,
|
||||
):
|
||||
from prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_retention_days_greater_3.postgresql_flexible_server_log_retention_days_greater_3 import (
|
||||
postgresql_flexible_server_log_retention_days_greater_3,
|
||||
)
|
||||
|
||||
check = postgresql_flexible_server_log_retention_days_greater_3()
|
||||
result = check.execute()
|
||||
assert len(result) == 0
|
||||
|
||||
def test_flexible_servers_no_log_retention_days(self):
|
||||
postgresql_client = mock.MagicMock
|
||||
postgresql_server_name = "Postgres Flexible Server Name"
|
||||
postgresql_server_id = str(uuid4())
|
||||
postgresql_client.flexible_servers = {
|
||||
AZURE_SUBSCRIPTION: [
|
||||
Server(
|
||||
id=postgresql_server_id,
|
||||
name=postgresql_server_name,
|
||||
resource_group="resource_group",
|
||||
require_secure_transport="OFF",
|
||||
log_checkpoints="OFF",
|
||||
log_connections="OFF",
|
||||
log_disconnections="OFF",
|
||||
connection_throttling="OFF",
|
||||
log_retention_days=None,
|
||||
firewall=None,
|
||||
)
|
||||
]
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_retention_days_greater_3.postgresql_flexible_server_log_retention_days_greater_3.postgresql_client",
|
||||
new=postgresql_client,
|
||||
):
|
||||
from prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_retention_days_greater_3.postgresql_flexible_server_log_retention_days_greater_3 import (
|
||||
postgresql_flexible_server_log_retention_days_greater_3,
|
||||
)
|
||||
|
||||
check = postgresql_flexible_server_log_retention_days_greater_3()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION} has log_retention disabled"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUBSCRIPTION
|
||||
assert result[0].resource_name == postgresql_server_name
|
||||
assert result[0].resource_id == postgresql_server_id
|
||||
|
||||
def test_flexible_servers_log_retention_days_3(self):
|
||||
postgresql_client = mock.MagicMock
|
||||
postgresql_server_name = "Postgres Flexible Server Name"
|
||||
postgresql_server_id = str(uuid4())
|
||||
log_retention_days = "3"
|
||||
postgresql_client.flexible_servers = {
|
||||
AZURE_SUBSCRIPTION: [
|
||||
Server(
|
||||
id=postgresql_server_id,
|
||||
name=postgresql_server_name,
|
||||
resource_group="resource_group",
|
||||
require_secure_transport="OFF",
|
||||
log_checkpoints="OFF",
|
||||
log_connections="OFF",
|
||||
log_disconnections="OFF",
|
||||
connection_throttling="OFF",
|
||||
log_retention_days=log_retention_days,
|
||||
firewall=None,
|
||||
)
|
||||
]
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_retention_days_greater_3.postgresql_flexible_server_log_retention_days_greater_3.postgresql_client",
|
||||
new=postgresql_client,
|
||||
):
|
||||
from prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_retention_days_greater_3.postgresql_flexible_server_log_retention_days_greater_3 import (
|
||||
postgresql_flexible_server_log_retention_days_greater_3,
|
||||
)
|
||||
|
||||
check = postgresql_flexible_server_log_retention_days_greater_3()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION} has log_retention set to {log_retention_days}"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUBSCRIPTION
|
||||
assert result[0].resource_name == postgresql_server_name
|
||||
assert result[0].resource_id == postgresql_server_id
|
||||
|
||||
def test_flexible_servers_log_retention_days_4(self):
|
||||
postgresql_client = mock.MagicMock
|
||||
postgresql_server_name = "Postgres Flexible Server Name"
|
||||
postgresql_server_id = str(uuid4())
|
||||
log_retention_days = "4"
|
||||
postgresql_client.flexible_servers = {
|
||||
AZURE_SUBSCRIPTION: [
|
||||
Server(
|
||||
id=postgresql_server_id,
|
||||
name=postgresql_server_name,
|
||||
resource_group="resource_group",
|
||||
require_secure_transport="OFF",
|
||||
log_checkpoints="OFF",
|
||||
log_connections="OFF",
|
||||
log_disconnections="OFF",
|
||||
connection_throttling="OFF",
|
||||
log_retention_days=log_retention_days,
|
||||
firewall=None,
|
||||
)
|
||||
]
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_retention_days_greater_3.postgresql_flexible_server_log_retention_days_greater_3.postgresql_client",
|
||||
new=postgresql_client,
|
||||
):
|
||||
from prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_retention_days_greater_3.postgresql_flexible_server_log_retention_days_greater_3 import (
|
||||
postgresql_flexible_server_log_retention_days_greater_3,
|
||||
)
|
||||
|
||||
check = postgresql_flexible_server_log_retention_days_greater_3()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION} has log_retention set to {log_retention_days}"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUBSCRIPTION
|
||||
assert result[0].resource_name == postgresql_server_name
|
||||
assert result[0].resource_id == postgresql_server_id
|
||||
|
||||
def test_flexible_servers_log_retention_days_8(self):
|
||||
postgresql_client = mock.MagicMock
|
||||
postgresql_server_name = "Postgres Flexible Server Name"
|
||||
postgresql_server_id = str(uuid4())
|
||||
log_retention_days = "8"
|
||||
postgresql_client.flexible_servers = {
|
||||
AZURE_SUBSCRIPTION: [
|
||||
Server(
|
||||
id=postgresql_server_id,
|
||||
name=postgresql_server_name,
|
||||
resource_group="resource_group",
|
||||
require_secure_transport="OFF",
|
||||
log_checkpoints="OFF",
|
||||
log_connections="OFF",
|
||||
log_disconnections="OFF",
|
||||
connection_throttling="OFF",
|
||||
log_retention_days=log_retention_days,
|
||||
firewall=None,
|
||||
)
|
||||
]
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_retention_days_greater_3.postgresql_flexible_server_log_retention_days_greater_3.postgresql_client",
|
||||
new=postgresql_client,
|
||||
):
|
||||
from prowler.providers.azure.services.postgresql.postgresql_flexible_server_log_retention_days_greater_3.postgresql_flexible_server_log_retention_days_greater_3 import (
|
||||
postgresql_flexible_server_log_retention_days_greater_3,
|
||||
)
|
||||
|
||||
check = postgresql_flexible_server_log_retention_days_greater_3()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Flexible Postgresql server {postgresql_server_name} from subscription {AZURE_SUBSCRIPTION} has log_retention set to {log_retention_days}"
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUBSCRIPTION
|
||||
assert result[0].resource_name == postgresql_server_name
|
||||
assert result[0].resource_id == postgresql_server_id
|
||||
@@ -0,0 +1,122 @@
|
||||
from unittest.mock import patch
|
||||
|
||||
from prowler.providers.azure.services.postgresql.postgresql_service import (
|
||||
Firewall,
|
||||
PostgreSQL,
|
||||
Server,
|
||||
)
|
||||
from tests.providers.azure.azure_fixtures import (
|
||||
AZURE_SUBSCRIPTION,
|
||||
set_mocked_azure_audit_info,
|
||||
)
|
||||
|
||||
|
||||
def mock_sqlserver_get_postgresql_flexible_servers(_):
|
||||
firewall = Firewall(
|
||||
id="id",
|
||||
name="name",
|
||||
start_ip="start_ip",
|
||||
end_ip="end_ip",
|
||||
)
|
||||
return {
|
||||
AZURE_SUBSCRIPTION: [
|
||||
Server(
|
||||
id="id",
|
||||
name="name",
|
||||
resource_group="resource_group",
|
||||
require_secure_transport="ON",
|
||||
log_checkpoints="ON",
|
||||
log_connections="ON",
|
||||
log_disconnections="ON",
|
||||
connection_throttling="ON",
|
||||
log_retention_days="3",
|
||||
firewall=[firewall],
|
||||
)
|
||||
]
|
||||
}
|
||||
|
||||
|
||||
@patch(
|
||||
"prowler.providers.azure.services.postgresql.postgresql_service.PostgreSQL.__get_flexible_servers__",
|
||||
new=mock_sqlserver_get_postgresql_flexible_servers,
|
||||
)
|
||||
class Test_SqlServer_Service:
|
||||
def test__get_client__(self):
|
||||
postgresql = PostgreSQL(set_mocked_azure_audit_info())
|
||||
assert (
|
||||
postgresql.clients[AZURE_SUBSCRIPTION].__class__.__name__
|
||||
== "PostgreSQLManagementClient"
|
||||
)
|
||||
|
||||
def test__get_sql_servers__(self):
|
||||
postgesql = PostgreSQL(set_mocked_azure_audit_info())
|
||||
assert (
|
||||
postgesql.flexible_servers[AZURE_SUBSCRIPTION][0].__class__.__name__
|
||||
== "Server"
|
||||
)
|
||||
assert postgesql.flexible_servers[AZURE_SUBSCRIPTION][0].id == "id"
|
||||
assert postgesql.flexible_servers[AZURE_SUBSCRIPTION][0].name == "name"
|
||||
assert (
|
||||
postgesql.flexible_servers[AZURE_SUBSCRIPTION][0].resource_group
|
||||
== "resource_group"
|
||||
)
|
||||
|
||||
def test__get_resource_group__(self):
|
||||
id = "/subscriptions/subscription/resourceGroups/resource_group/providers/Microsoft.DBforPostgreSQL/flexibleServers/server"
|
||||
postgresql = PostgreSQL(set_mocked_azure_audit_info())
|
||||
assert postgresql.__get_resource_group__(id) == "resource_group"
|
||||
|
||||
def test__get_require_secure_transport__(self):
|
||||
postgesql = PostgreSQL(set_mocked_azure_audit_info())
|
||||
assert (
|
||||
postgesql.flexible_servers[AZURE_SUBSCRIPTION][0].require_secure_transport
|
||||
== "ON"
|
||||
)
|
||||
|
||||
def test__get_log_checkpoints__(self):
|
||||
postgesql = PostgreSQL(set_mocked_azure_audit_info())
|
||||
assert postgesql.flexible_servers[AZURE_SUBSCRIPTION][0].log_checkpoints == "ON"
|
||||
|
||||
def test__get_log_connections__(self):
|
||||
postgesql = PostgreSQL(set_mocked_azure_audit_info())
|
||||
assert postgesql.flexible_servers[AZURE_SUBSCRIPTION][0].log_connections == "ON"
|
||||
|
||||
def test__get_log_disconnections__(self):
|
||||
postgesql = PostgreSQL(set_mocked_azure_audit_info())
|
||||
assert (
|
||||
postgesql.flexible_servers[AZURE_SUBSCRIPTION][0].log_disconnections == "ON"
|
||||
)
|
||||
|
||||
def test__get_connection_throttling__(self):
|
||||
postgesql = PostgreSQL(set_mocked_azure_audit_info())
|
||||
assert (
|
||||
postgesql.flexible_servers[AZURE_SUBSCRIPTION][0].connection_throttling
|
||||
== "ON"
|
||||
)
|
||||
|
||||
def test__get_log_retention_days__(self):
|
||||
postgesql = PostgreSQL(set_mocked_azure_audit_info())
|
||||
assert (
|
||||
postgesql.flexible_servers[AZURE_SUBSCRIPTION][0].log_retention_days == "3"
|
||||
)
|
||||
|
||||
def test__get_firewall__(self):
|
||||
postgesql = PostgreSQL(set_mocked_azure_audit_info())
|
||||
assert (
|
||||
postgesql.flexible_servers[AZURE_SUBSCRIPTION][0]
|
||||
.firewall[0]
|
||||
.__class__.__name__
|
||||
== "Firewall"
|
||||
)
|
||||
assert postgesql.flexible_servers[AZURE_SUBSCRIPTION][0].firewall[0].id == "id"
|
||||
assert (
|
||||
postgesql.flexible_servers[AZURE_SUBSCRIPTION][0].firewall[0].name == "name"
|
||||
)
|
||||
assert (
|
||||
postgesql.flexible_servers[AZURE_SUBSCRIPTION][0].firewall[0].start_ip
|
||||
== "start_ip"
|
||||
)
|
||||
assert (
|
||||
postgesql.flexible_servers[AZURE_SUBSCRIPTION][0].firewall[0].end_ip
|
||||
== "end_ip"
|
||||
)
|
||||
Reference in New Issue
Block a user