feat(azure regions): support non default azure region (#3013)

Co-authored-by: Pepe Fagoaga <pepe@verica.io>
2026-02-10 14:55:00 +00:00 · 2023-11-14 13:17:48 +01:00
parent 573f1eba56
commit f8e713a544
17 changed files with 284 additions and 15 deletions
--- a/tests/lib/cli/parser_test.py
+++ b/tests/lib/cli/parser_test.py
@@ -1,9 +1,11 @@
 import uuid
+from argparse import ArgumentTypeError

 import pytest
 from mock import patch

 from prowler.lib.cli.parser import ProwlerArgumentParser
+from prowler.providers.azure.lib.arguments.arguments import validate_azure_region

 prowler_command = "prowler"

@@ -1050,6 +1052,14 @@ class Test_Parser:
        assert parsed.subscription_ids[0] == subscription_1
        assert parsed.subscription_ids[1] == subscription_2

+    def test_parser_azure_region(self):
+        argument = "--azure-region"
+        region = "AzureChinaCloud"
+        command = [prowler_command, "azure", argument, region]
+        parsed = self.parser.parse(command)
+        assert parsed.provider == "azure"
+        assert parsed.azure_region == region
+
    # Test AWS flags with Azure provider
    def test_parser_azure_with_aws_flag(self, capsys):
        command = [prowler_command, "azure", "-p"]
@@ -1092,3 +1102,33 @@ class Test_Parser:
        assert len(parsed.project_ids) == 2
        assert parsed.project_ids[0] == project_1
        assert parsed.project_ids[1] == project_2
+
+    def test_validate_azure_region_valid_regions(self):
+        expected_regions = [
+            "AzureChinaCloud",
+            "AzureUSGovernment",
+            "AzureGermanCloud",
+            "AzureCloud",
+        ]
+        input_regions = [
+            "AzureChinaCloud",
+            "AzureUSGovernment",
+            "AzureGermanCloud",
+            "AzureCloud",
+        ]
+        for region in input_regions:
+            assert validate_azure_region(region) in expected_regions
+
+    def test_validate_azure_region_invalid_regions(self):
+        expected_regions = [
+            "AzureChinaCloud",
+            "AzureUSGovernment",
+            "AzureGermanCloud",
+            "AzureCloud",
+        ]
+        invalid_region = "non-valid-region"
+        with pytest.raises(
+            ArgumentTypeError,
+            match=f"Region {invalid_region} not allowed, allowed regions are {' '.join(expected_regions)}",
+        ):
+            validate_azure_region(invalid_region)
--- a/tests/lib/outputs/slack_test.py
+++ b/tests/lib/outputs/slack_test.py
@@ -11,6 +11,7 @@ from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
 from prowler.providers.azure.lib.audit_info.models import (
    Azure_Audit_Info,
    Azure_Identity_Info,
+    Azure_Region_Config,
 )
 from prowler.providers.common.models import Audit_Metadata
 from prowler.providers.gcp.lib.audit_info.models import GCP_Audit_Info
@@ -76,6 +77,7 @@ class Test_Slack_Integration:
            audit_resources=None,
            audit_metadata=None,
            audit_config=None,
+            azure_region_config=Azure_Region_Config(),
        )
        assert create_message_identity("aws", aws_audit_info) == (
            f"AWS Account *{aws_audit_info.audited_account}*",
--- a/tests/providers/azure/lib/regions/regions_test.py
+++ b/tests/providers/azure/lib/regions/regions_test.py
@@ -0,0 +1,50 @@
+from azure.identity import AzureAuthorityHosts
+from msrestazure.azure_cloud import (
+    AZURE_CHINA_CLOUD,
+    AZURE_GERMAN_CLOUD,
+    AZURE_US_GOV_CLOUD,
+)
+
+from prowler.providers.azure.lib.regions.regions import get_regions_config
+
+
+class Test_azure_regions:
+    def test_get_regions_config(self):
+        allowed_regions = [
+            "AzureCloud",
+            "AzureChinaCloud",
+            "AzureUSGovernment",
+            "AzureGermanCloud",
+        ]
+        expected_output = {
+            "AzureCloud": {
+                "authority": None,
+                "base_url": "https://management.azure.com",
+                "credential_scopes": ["https://management.azure.com/.default"],
+            },
+            "AzureChinaCloud": {
+                "authority": AzureAuthorityHosts.AZURE_CHINA,
+                "base_url": AZURE_CHINA_CLOUD.endpoints.resource_manager,
+                "credential_scopes": [
+                    AZURE_CHINA_CLOUD.endpoints.resource_manager + "/.default"
+                ],
+            },
+            "AzureUSGovernment": {
+                "authority": AzureAuthorityHosts.AZURE_GOVERNMENT,
+                "base_url": AZURE_US_GOV_CLOUD.endpoints.resource_manager,
+                "credential_scopes": [
+                    AZURE_US_GOV_CLOUD.endpoints.resource_manager + "/.default"
+                ],
+            },
+            "AzureGermanCloud": {
+                "authority": AzureAuthorityHosts.AZURE_GERMANY,
+                "base_url": AZURE_GERMAN_CLOUD.endpoints.resource_manager,
+                "credential_scopes": [
+                    AZURE_GERMAN_CLOUD.endpoints.resource_manager + "/.default"
+                ],
+            },
+        }
+
+        for region in allowed_regions:
+            region_config = get_regions_config(region)
+            assert region_config == expected_output[region]
--- a/tests/providers/common/audit_info_test.py
+++ b/tests/providers/common/audit_info_test.py
@@ -11,6 +11,7 @@ from prowler.providers.azure.azure_provider import Azure_Provider
 from prowler.providers.azure.lib.audit_info.models import (
    Azure_Audit_Info,
    Azure_Identity_Info,
+    Azure_Region_Config,
 )
 from prowler.providers.common.audit_info import (
    Audit_Info,
@@ -31,6 +32,7 @@ mock_azure_audit_info = Azure_Audit_Info(
    audit_metadata=None,
    audit_resources=None,
    audit_config=None,
+    azure_region_config=Azure_Region_Config(),
 )

 mock_set_audit_info = Audit_Info()
@@ -132,8 +134,8 @@ class Test_Set_Audit_Info:
        "prowler.providers.common.audit_info.azure_audit_info",
        new=mock_azure_audit_info,
    )
-    @patch.object(Azure_Provider, "__set_credentials__", new=mock_set_azure_credentials)
-    @patch.object(Azure_Provider, "__set_identity_info__", new=mock_set_identity_info)
+    @patch.object(Azure_Provider, "__get_credentials__", new=mock_set_azure_credentials)
+    @patch.object(Azure_Provider, "__get_identity_info__", new=mock_set_identity_info)
    def test_set_audit_info_azure(self):
        provider = "azure"
        arguments = {
@@ -150,6 +152,7 @@ class Test_Set_Audit_Info:
            "browser_auth": None,
            "managed_entity_auth": None,
            "config_file": default_config_file_path,
+            "azure_region": "AzureCloud",
        }

        audit_info = set_provider_audit_info(provider, arguments)
--- a/tests/providers/common/common_outputs_test.py
+++ b/tests/providers/common/common_outputs_test.py
@@ -9,6 +9,7 @@ from prowler.providers.aws.lib.audit_info.audit_info import AWS_Audit_Info
 from prowler.providers.azure.lib.audit_info.audit_info import (
    Azure_Audit_Info,
    Azure_Identity_Info,
+    Azure_Region_Config,
 )
 from prowler.providers.common.models import Audit_Metadata
 from prowler.providers.common.outputs import (
@@ -33,6 +34,7 @@ class Test_Common_Output_Options:
            audit_metadata=None,
            audit_resources=None,
            audit_config=None,
+            azure_region_config=Azure_Region_Config(),
        )
        return audit_info