ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(test): Mock audit into in CloudWatch (#2223)

Browse Source
This commit is contained in:
Pepe Fagoaga
2023-04-17 10:54:01 +02:00
committed by GitHub
parent 93a8f6e759
commit fa1792eb77
19 changed files with 1408 additions and 504 deletions
Download Patch File Download Diff File Expand all files Collapse all files

114
tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured_test.py
View File

@@ -1,25 +1,55 @@
from unittest import mock
from boto3 import client
from boto3 import client, session
from moto import mock_cloudtrail, mock_cloudwatch, mock_logs, mock_s3
from moto.core import DEFAULT_ACCOUNT_ID
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
AWS_REGION = "us-east-1"
AWS_ACCOUNT_NUMBER = "123456789012"
class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
class Test_cloudwatch_changes_to_network_acls_alarm_configured:
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=session.Session(
profile_name=None,
botocore_session=None,
),
audited_account=AWS_ACCOUNT_NUMBER,
audited_user_id=None,
audited_partition="aws",
audited_identity_arn=None,
profile=None,
profile_region=None,
credentials=None,
assumed_role_info=None,
audited_regions=["us-east-1", "eu-west-1"],
organizations_metadata=None,
audit_resources=None,
)
return audit_info
@mock_logs
@mock_cloudtrail
@mock_cloudwatch
def test_cloudwatch_no_log_groups(self):
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -27,11 +57,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_network_acls_alarm_configured.cloudwatch_changes_to_network_acls_alarm_configured.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -67,14 +97,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
s3_client.create_bucket(Bucket="test")
cloudtrail_client.create_trail(Name="test_trail", S3BucketName="test")
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -82,11 +116,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_network_acls_alarm_configured.cloudwatch_changes_to_network_acls_alarm_configured.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -128,14 +162,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
CloudWatchLogsLogGroupArn=f"arn:aws:logs:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:log-group:/log-group/test:*",
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -143,11 +181,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_network_acls_alarm_configured.cloudwatch_changes_to_network_acls_alarm_configured.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -201,14 +239,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
],
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -216,11 +258,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_network_acls_alarm_configured.cloudwatch_changes_to_network_acls_alarm_configured.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -286,14 +328,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
ActionsEnabled=True,
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -301,11 +347,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_network_acls_alarm_configured.cloudwatch_changes_to_network_acls_alarm_configured.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -371,14 +417,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
ActionsEnabled=True,
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -386,11 +436,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_network_acls_alarm_configured.cloudwatch_changes_to_network_acls_alarm_configured.logs_client",
new=Logs(current_audit_info),
), mock.patch(

114
tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured_test.py
View File

@@ -1,25 +1,55 @@
from unittest import mock
from boto3 import client
from boto3 import client, session
from moto import mock_cloudtrail, mock_cloudwatch, mock_logs, mock_s3
from moto.core import DEFAULT_ACCOUNT_ID
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
AWS_REGION = "us-east-1"
AWS_ACCOUNT_NUMBER = "123456789012"
class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
class Test_cloudwatch_changes_to_network_gateways_alarm_configured:
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=session.Session(
profile_name=None,
botocore_session=None,
),
audited_account=AWS_ACCOUNT_NUMBER,
audited_user_id=None,
audited_partition="aws",
audited_identity_arn=None,
profile=None,
profile_region=None,
credentials=None,
assumed_role_info=None,
audited_regions=["us-east-1", "eu-west-1"],
organizations_metadata=None,
audit_resources=None,
)
return audit_info
@mock_logs
@mock_cloudtrail
@mock_cloudwatch
def test_cloudwatch_no_log_groups(self):
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -27,11 +57,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_network_gateways_alarm_configured.cloudwatch_changes_to_network_gateways_alarm_configured.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -67,14 +97,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
s3_client.create_bucket(Bucket="test")
cloudtrail_client.create_trail(Name="test_trail", S3BucketName="test")
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -82,11 +116,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_network_gateways_alarm_configured.cloudwatch_changes_to_network_gateways_alarm_configured.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -128,14 +162,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
CloudWatchLogsLogGroupArn=f"arn:aws:logs:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:log-group:/log-group/test:*",
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -143,11 +181,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_network_gateways_alarm_configured.cloudwatch_changes_to_network_gateways_alarm_configured.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -201,14 +239,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
],
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -216,11 +258,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_network_gateways_alarm_configured.cloudwatch_changes_to_network_gateways_alarm_configured.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -286,14 +328,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
ActionsEnabled=True,
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -301,11 +347,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_network_gateways_alarm_configured.cloudwatch_changes_to_network_gateways_alarm_configured.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -371,14 +417,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
ActionsEnabled=True,
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -386,11 +436,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_network_gateways_alarm_configured.cloudwatch_changes_to_network_gateways_alarm_configured.logs_client",
new=Logs(current_audit_info),
), mock.patch(

114
tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured_test.py
View File

@@ -1,25 +1,55 @@
from unittest import mock
from boto3 import client
from boto3 import client, session
from moto import mock_cloudtrail, mock_cloudwatch, mock_logs, mock_s3
from moto.core import DEFAULT_ACCOUNT_ID
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
AWS_REGION = "us-east-1"
AWS_ACCOUNT_NUMBER = "123456789012"
class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
class Test_cloudwatch_changes_to_network_route_tables_alarm_configured:
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=session.Session(
profile_name=None,
botocore_session=None,
),
audited_account=AWS_ACCOUNT_NUMBER,
audited_user_id=None,
audited_partition="aws",
audited_identity_arn=None,
profile=None,
profile_region=None,
credentials=None,
assumed_role_info=None,
audited_regions=["us-east-1", "eu-west-1"],
organizations_metadata=None,
audit_resources=None,
)
return audit_info
@mock_logs
@mock_cloudtrail
@mock_cloudwatch
def test_cloudwatch_no_log_groups(self):
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -27,11 +57,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_network_route_tables_alarm_configured.cloudwatch_changes_to_network_route_tables_alarm_configured.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -67,14 +97,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
s3_client.create_bucket(Bucket="test")
cloudtrail_client.create_trail(Name="test_trail", S3BucketName="test")
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -82,11 +116,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_network_route_tables_alarm_configured.cloudwatch_changes_to_network_route_tables_alarm_configured.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -128,14 +162,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
CloudWatchLogsLogGroupArn=f"arn:aws:logs:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:log-group:/log-group/test:*",
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -143,11 +181,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_network_route_tables_alarm_configured.cloudwatch_changes_to_network_route_tables_alarm_configured.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -201,14 +239,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
],
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -216,11 +258,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_network_route_tables_alarm_configured.cloudwatch_changes_to_network_route_tables_alarm_configured.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -286,14 +328,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
ActionsEnabled=True,
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -301,11 +347,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_network_route_tables_alarm_configured.cloudwatch_changes_to_network_route_tables_alarm_configured.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -371,14 +417,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
ActionsEnabled=True,
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -386,11 +436,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_network_route_tables_alarm_configured.cloudwatch_changes_to_network_route_tables_alarm_configured.logs_client",
new=Logs(current_audit_info),
), mock.patch(

114
tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured_test.py
View File

@@ -1,25 +1,55 @@
from unittest import mock
from boto3 import client
from boto3 import client, session
from moto import mock_cloudtrail, mock_cloudwatch, mock_logs, mock_s3
from moto.core import DEFAULT_ACCOUNT_ID
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
AWS_REGION = "us-east-1"
AWS_ACCOUNT_NUMBER = "123456789012"
class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
class Test_cloudwatch_changes_to_vpcs_alarm_configured:
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=session.Session(
profile_name=None,
botocore_session=None,
),
audited_account=AWS_ACCOUNT_NUMBER,
audited_user_id=None,
audited_partition="aws",
audited_identity_arn=None,
profile=None,
profile_region=None,
credentials=None,
assumed_role_info=None,
audited_regions=["us-east-1", "eu-west-1"],
organizations_metadata=None,
audit_resources=None,
)
return audit_info
@mock_logs
@mock_cloudtrail
@mock_cloudwatch
def test_cloudwatch_no_log_groups(self):
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -27,11 +57,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_vpcs_alarm_configured.cloudwatch_changes_to_vpcs_alarm_configured.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -67,14 +97,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
s3_client.create_bucket(Bucket="test")
cloudtrail_client.create_trail(Name="test_trail", S3BucketName="test")
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -82,11 +116,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_vpcs_alarm_configured.cloudwatch_changes_to_vpcs_alarm_configured.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -128,14 +162,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
CloudWatchLogsLogGroupArn=f"arn:aws:logs:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:log-group:/log-group/test:*",
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -143,11 +181,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_vpcs_alarm_configured.cloudwatch_changes_to_vpcs_alarm_configured.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -201,14 +239,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
],
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -216,11 +258,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_vpcs_alarm_configured.cloudwatch_changes_to_vpcs_alarm_configured.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -286,14 +328,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
ActionsEnabled=True,
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -301,11 +347,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_vpcs_alarm_configured.cloudwatch_changes_to_vpcs_alarm_configured.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -371,14 +417,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
ActionsEnabled=True,
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -386,11 +436,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_changes_to_vpcs_alarm_configured.cloudwatch_changes_to_vpcs_alarm_configured.logs_client",
new=Logs(current_audit_info),
), mock.patch(

44
tests/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled_test.py
View File

@@ -1,19 +1,46 @@
from unittest import mock
from boto3 import client
from boto3 import client, session
from moto import mock_iam
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
AWS_REGION = "us-east-1"
AWS_ACCOUNT_NUMBER = "123456789012"
class Test_cloudwatch_cross_account_sharing_disabled:
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=session.Session(
profile_name=None,
botocore_session=None,
),
audited_account=AWS_ACCOUNT_NUMBER,
audited_user_id=None,
audited_partition="aws",
audited_identity_arn=None,
profile=None,
profile_region=None,
credentials=None,
assumed_role_info=None,
audited_regions=["us-east-1", "eu-west-1"],
organizations_metadata=None,
audit_resources=None,
)
return audit_info
@mock_iam
def test_cloudwatch_without_cross_account_role(self):
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.iam.iam_service import IAM
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -23,6 +50,9 @@ class Test_cloudwatch_cross_account_sharing_disabled:
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_cross_account_sharing_disabled.cloudwatch_cross_account_sharing_disabled.iam_client",
new=IAM(current_audit_info),
):
@@ -50,11 +80,12 @@ class Test_cloudwatch_cross_account_sharing_disabled:
iam_client.create_role(
RoleName="CloudWatch-CrossAccountSharingRole", AssumeRolePolicyDocument="{}"
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.iam.iam_service import IAM
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -64,6 +95,9 @@ class Test_cloudwatch_cross_account_sharing_disabled:
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_cross_account_sharing_disabled.cloudwatch_cross_account_sharing_disabled.iam_client",
new=IAM(current_audit_info),
):

54
tests/providers/aws/services/cloudwatch/cloudwatch_log_group_kms_encryption_enabled/cloudwatch_log_group_kms_encryption_enabled_test.py
View File

@@ -1,18 +1,45 @@
from unittest import mock
from boto3 import client
from boto3 import client, session
from moto import mock_logs
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
AWS_REGION = "us-east-1"
AWS_ACCOUNT_NUMBER = "123456789012"
class Test_cloudwatch_log_group_kms_encryption_enabled:
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=session.Session(
profile_name=None,
botocore_session=None,
),
audited_account=AWS_ACCOUNT_NUMBER,
audited_user_id=None,
audited_partition="aws",
audited_identity_arn=None,
profile=None,
profile_region=None,
credentials=None,
assumed_role_info=None,
audited_regions=["us-east-1", "eu-west-1"],
organizations_metadata=None,
audit_resources=None,
)
return audit_info
def test_cloudwatch_no_log_groups(self):
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -22,6 +49,9 @@ class Test_cloudwatch_log_group_kms_encryption_enabled:
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_kms_encryption_enabled.cloudwatch_log_group_kms_encryption_enabled.logs_client",
new=Logs(current_audit_info),
):
@@ -43,11 +73,13 @@ class Test_cloudwatch_log_group_kms_encryption_enabled:
logs_client.create_log_group(
logGroupName="test",
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -57,6 +89,9 @@ class Test_cloudwatch_log_group_kms_encryption_enabled:
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_kms_encryption_enabled.cloudwatch_log_group_kms_encryption_enabled.logs_client",
new=Logs(current_audit_info),
):
@@ -82,11 +117,13 @@ class Test_cloudwatch_log_group_kms_encryption_enabled:
logs_client = client("logs", region_name=AWS_REGION)
# Request Logs group
logs_client.create_log_group(logGroupName="test", kmsKeyId="test_kms_id")
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -96,6 +133,9 @@ class Test_cloudwatch_log_group_kms_encryption_enabled:
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_kms_encryption_enabled.cloudwatch_log_group_kms_encryption_enabled.logs_client",
new=Logs(current_audit_info),
):

52
tests/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/cloudwatch_log_group_no_secrets_in_logs_test.py
View File

@@ -1,20 +1,47 @@
from re import search
from unittest import mock
from boto3 import client
from boto3 import client, session
from moto import mock_logs
from moto.core.utils import unix_time_millis
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
AWS_REGION = "us-east-1"
AWS_ACCOUNT_NUMBER = "123456789012"
class Test_cloudwatch_log_group_no_secrets_in_logs:
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=session.Session(
profile_name=None,
botocore_session=None,
),
audited_account=AWS_ACCOUNT_NUMBER,
audited_user_id=None,
audited_partition="aws",
audited_identity_arn=None,
profile=None,
profile_region=None,
credentials=None,
assumed_role_info=None,
audited_regions=["us-east-1", "eu-west-1"],
organizations_metadata=None,
audit_resources=None,
)
return audit_info
def test_cloudwatch_no_log_groups(self):
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -24,6 +51,9 @@ class Test_cloudwatch_log_group_no_secrets_in_logs:
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_no_secrets_in_logs.cloudwatch_log_group_no_secrets_in_logs.logs_client",
new=Logs(current_audit_info),
):
@@ -49,11 +79,12 @@ class Test_cloudwatch_log_group_no_secrets_in_logs:
logStreamName="test stream",
logEvents=[{"timestamp": 0, "message": "line"}],
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -63,6 +94,9 @@ class Test_cloudwatch_log_group_no_secrets_in_logs:
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_no_secrets_in_logs.cloudwatch_log_group_no_secrets_in_logs.logs_client",
new=Logs(current_audit_info),
):
@@ -96,11 +130,12 @@ class Test_cloudwatch_log_group_no_secrets_in_logs:
}
],
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -110,6 +145,9 @@ class Test_cloudwatch_log_group_no_secrets_in_logs:
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_no_secrets_in_logs.cloudwatch_log_group_no_secrets_in_logs.logs_client",
new=Logs(current_audit_info),
):

60
tests/providers/aws/services/cloudwatch/cloudwatch_log_group_retention_policy_specific_days_enabled/cloudwatch_log_group_retention_policy_specific_days_enabled_test.py
View File

@@ -1,18 +1,45 @@
from unittest import mock
from boto3 import client
from boto3 import client, session
from moto import mock_logs
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
AWS_REGION = "us-east-1"
AWS_ACCOUNT_NUMBER = "123456789012"
class Test_cloudwatch_log_group_retention_policy_specific_days_enabled:
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=session.Session(
profile_name=None,
botocore_session=None,
),
audited_account=AWS_ACCOUNT_NUMBER,
audited_user_id=None,
audited_partition="aws",
audited_identity_arn=None,
profile=None,
profile_region=None,
credentials=None,
assumed_role_info=None,
audited_regions=["us-east-1", "eu-west-1"],
organizations_metadata=None,
audit_resources=None,
)
return audit_info
def test_cloudwatch_no_log_groups(self):
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -22,6 +49,9 @@ class Test_cloudwatch_log_group_retention_policy_specific_days_enabled:
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_retention_policy_specific_days_enabled.cloudwatch_log_group_retention_policy_specific_days_enabled.logs_client",
new=Logs(current_audit_info),
):
@@ -43,11 +73,12 @@ class Test_cloudwatch_log_group_retention_policy_specific_days_enabled:
logs_client.create_log_group(
logGroupName="test",
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -57,6 +88,9 @@ class Test_cloudwatch_log_group_retention_policy_specific_days_enabled:
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_retention_policy_specific_days_enabled.cloudwatch_log_group_retention_policy_specific_days_enabled.logs_client",
new=Logs(current_audit_info),
):
@@ -85,11 +119,12 @@ class Test_cloudwatch_log_group_retention_policy_specific_days_enabled:
logGroupName="test",
)
logs_client.put_retention_policy(logGroupName="test", retentionInDays=400)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -99,6 +134,9 @@ class Test_cloudwatch_log_group_retention_policy_specific_days_enabled:
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_retention_policy_specific_days_enabled.cloudwatch_log_group_retention_policy_specific_days_enabled.logs_client",
new=Logs(current_audit_info),
):
@@ -127,11 +165,12 @@ class Test_cloudwatch_log_group_retention_policy_specific_days_enabled:
logGroupName="test",
)
logs_client.put_retention_policy(logGroupName="test", retentionInDays=7)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -141,6 +180,9 @@ class Test_cloudwatch_log_group_retention_policy_specific_days_enabled:
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_retention_policy_specific_days_enabled.cloudwatch_log_group_retention_policy_specific_days_enabled.logs_client",
new=Logs(current_audit_info),
):

114
tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled_test.py
View File

@@ -1,25 +1,55 @@
from unittest import mock
from boto3 import client
from boto3 import client, session
from moto import mock_cloudtrail, mock_cloudwatch, mock_logs, mock_s3
from moto.core import DEFAULT_ACCOUNT_ID
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
AWS_REGION = "us-east-1"
AWS_ACCOUNT_NUMBER = "123456789012"
class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
class Test_cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled:
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=session.Session(
profile_name=None,
botocore_session=None,
),
audited_account=AWS_ACCOUNT_NUMBER,
audited_user_id=None,
audited_partition="aws",
audited_identity_arn=None,
profile=None,
profile_region=None,
credentials=None,
assumed_role_info=None,
audited_regions=["us-east-1", "eu-west-1"],
organizations_metadata=None,
audit_resources=None,
)
return audit_info
@mock_logs
@mock_cloudtrail
@mock_cloudwatch
def test_cloudwatch_no_log_groups(self):
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -27,11 +57,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -69,14 +99,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
s3_client.create_bucket(Bucket="test")
cloudtrail_client.create_trail(Name="test_trail", S3BucketName="test")
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -84,11 +118,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -132,14 +166,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
CloudWatchLogsLogGroupArn=f"arn:aws:logs:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:log-group:/log-group/test:*",
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -147,11 +185,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -207,14 +245,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
],
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -222,11 +264,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -294,14 +336,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
ActionsEnabled=True,
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -309,11 +355,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -381,14 +427,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
ActionsEnabled=True,
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -396,11 +446,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.logs_client",
new=Logs(current_audit_info),
), mock.patch(

114
tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled_test.py
View File

@@ -1,25 +1,55 @@
from unittest import mock
from boto3 import client
from boto3 import client, session
from moto import mock_cloudtrail, mock_cloudwatch, mock_logs, mock_s3
from moto.core import DEFAULT_ACCOUNT_ID
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
AWS_REGION = "us-east-1"
AWS_ACCOUNT_NUMBER = "123456789012"
class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
class Test_cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled:
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=session.Session(
profile_name=None,
botocore_session=None,
),
audited_account=AWS_ACCOUNT_NUMBER,
audited_user_id=None,
audited_partition="aws",
audited_identity_arn=None,
profile=None,
profile_region=None,
credentials=None,
assumed_role_info=None,
audited_regions=["us-east-1", "eu-west-1"],
organizations_metadata=None,
audit_resources=None,
)
return audit_info
@mock_logs
@mock_cloudtrail
@mock_cloudwatch
def test_cloudwatch_no_log_groups(self):
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -27,11 +57,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -69,14 +99,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
s3_client.create_bucket(Bucket="test")
cloudtrail_client.create_trail(Name="test_trail", S3BucketName="test")
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -84,11 +118,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -132,14 +166,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
CloudWatchLogsLogGroupArn=f"arn:aws:logs:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:log-group:/log-group/test:*",
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -147,11 +185,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -207,14 +245,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
],
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -222,11 +264,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -294,14 +336,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
ActionsEnabled=True,
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -309,11 +355,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -381,14 +427,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
ActionsEnabled=True,
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -396,11 +446,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.logs_client",
new=Logs(current_audit_info),
), mock.patch(

114
tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures_test.py
View File

@@ -1,25 +1,55 @@
from unittest import mock
from boto3 import client
from boto3 import client, session
from moto import mock_cloudtrail, mock_cloudwatch, mock_logs, mock_s3
from moto.core import DEFAULT_ACCOUNT_ID
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
AWS_REGION = "us-east-1"
AWS_ACCOUNT_NUMBER = "123456789012"
class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
class Test_cloudwatch_log_metric_filter_authentication_failures:
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=session.Session(
profile_name=None,
botocore_session=None,
),
audited_account=AWS_ACCOUNT_NUMBER,
audited_user_id=None,
audited_partition="aws",
audited_identity_arn=None,
profile=None,
profile_region=None,
credentials=None,
assumed_role_info=None,
audited_regions=["us-east-1", "eu-west-1"],
organizations_metadata=None,
audit_resources=None,
)
return audit_info
@mock_logs
@mock_cloudtrail
@mock_cloudwatch
def test_cloudwatch_no_log_groups(self):
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -27,11 +57,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_authentication_failures.cloudwatch_log_metric_filter_authentication_failures.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -67,14 +97,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
s3_client.create_bucket(Bucket="test")
cloudtrail_client.create_trail(Name="test_trail", S3BucketName="test")
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -82,11 +116,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_authentication_failures.cloudwatch_log_metric_filter_authentication_failures.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -128,14 +162,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
CloudWatchLogsLogGroupArn=f"arn:aws:logs:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:log-group:/log-group/test:*",
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -143,11 +181,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_authentication_failures.cloudwatch_log_metric_filter_authentication_failures.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -201,14 +239,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
],
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -216,11 +258,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_authentication_failures.cloudwatch_log_metric_filter_authentication_failures.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -286,14 +328,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
ActionsEnabled=True,
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -301,11 +347,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_authentication_failures.cloudwatch_log_metric_filter_authentication_failures.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -371,14 +417,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
ActionsEnabled=True,
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -386,11 +436,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_authentication_failures.cloudwatch_log_metric_filter_authentication_failures.logs_client",
new=Logs(current_audit_info),
), mock.patch(

112
tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes_test.py
View File

@@ -1,25 +1,55 @@
from unittest import mock
from boto3 import client
from boto3 import client, session
from moto import mock_cloudtrail, mock_cloudwatch, mock_logs, mock_s3
from moto.core import DEFAULT_ACCOUNT_ID
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
AWS_REGION = "us-east-1"
AWS_ACCOUNT_NUMBER = "123456789012"
class Test_cloudwatch_log_metric_filter_aws_organizations_changes:
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=session.Session(
profile_name=None,
botocore_session=None,
),
audited_account=AWS_ACCOUNT_NUMBER,
audited_user_id=None,
audited_partition="aws",
audited_identity_arn=None,
profile=None,
profile_region=None,
credentials=None,
assumed_role_info=None,
audited_regions=["us-east-1", "eu-west-1"],
organizations_metadata=None,
audit_resources=None,
)
return audit_info
@mock_logs
@mock_cloudtrail
@mock_cloudwatch
def test_cloudwatch_no_log_groups(self):
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -27,11 +57,11 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_aws_organizations_changes.cloudwatch_log_metric_filter_aws_organizations_changes.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -67,14 +97,18 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes:
s3_client.create_bucket(Bucket="test")
cloudtrail_client.create_trail(Name="test_trail", S3BucketName="test")
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -82,11 +116,11 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_aws_organizations_changes.cloudwatch_log_metric_filter_aws_organizations_changes.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -128,14 +162,18 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes:
CloudWatchLogsLogGroupArn=f"arn:aws:logs:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:log-group:/log-group/test:*",
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -143,11 +181,11 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_aws_organizations_changes.cloudwatch_log_metric_filter_aws_organizations_changes.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -201,14 +239,18 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes:
],
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -216,11 +258,11 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_aws_organizations_changes.cloudwatch_log_metric_filter_aws_organizations_changes.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -286,14 +328,18 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes:
ActionsEnabled=True,
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -301,11 +347,11 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_aws_organizations_changes.cloudwatch_log_metric_filter_aws_organizations_changes.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -371,14 +417,18 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes:
ActionsEnabled=True,
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -386,11 +436,11 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_aws_organizations_changes.cloudwatch_log_metric_filter_aws_organizations_changes.logs_client",
new=Logs(current_audit_info),
), mock.patch(

114
tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk_test.py
View File

@@ -1,25 +1,55 @@
from unittest import mock
from boto3 import client
from boto3 import client, session
from moto import mock_cloudtrail, mock_cloudwatch, mock_logs, mock_s3
from moto.core import DEFAULT_ACCOUNT_ID
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
AWS_REGION = "us-east-1"
AWS_ACCOUNT_NUMBER = "123456789012"
class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
class Test_cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk:
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=session.Session(
profile_name=None,
botocore_session=None,
),
audited_account=AWS_ACCOUNT_NUMBER,
audited_user_id=None,
audited_partition="aws",
audited_identity_arn=None,
profile=None,
profile_region=None,
credentials=None,
assumed_role_info=None,
audited_regions=["us-east-1", "eu-west-1"],
organizations_metadata=None,
audit_resources=None,
)
return audit_info
@mock_logs
@mock_cloudtrail
@mock_cloudwatch
def test_cloudwatch_no_log_groups(self):
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -27,11 +57,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk.cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -69,14 +99,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
s3_client.create_bucket(Bucket="test")
cloudtrail_client.create_trail(Name="test_trail", S3BucketName="test")
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -84,11 +118,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk.cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -132,14 +166,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
CloudWatchLogsLogGroupArn=f"arn:aws:logs:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:log-group:/log-group/test:*",
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -147,11 +185,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk.cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -207,14 +245,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
],
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -222,11 +264,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk.cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -294,14 +336,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
ActionsEnabled=True,
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -309,11 +355,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk.cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -381,14 +427,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
ActionsEnabled=True,
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -396,11 +446,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk.cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk.logs_client",
new=Logs(current_audit_info),
), mock.patch(

114
tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes_test.py
View File

@@ -1,25 +1,55 @@
from unittest import mock
from boto3 import client
from boto3 import client, session
from moto import mock_cloudtrail, mock_cloudwatch, mock_logs, mock_s3
from moto.core import DEFAULT_ACCOUNT_ID
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
AWS_REGION = "us-east-1"
AWS_ACCOUNT_NUMBER = "123456789012"
class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
class Test_cloudwatch_log_metric_filter_for_s3_bucket_policy_changes:
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=session.Session(
profile_name=None,
botocore_session=None,
),
audited_account=AWS_ACCOUNT_NUMBER,
audited_user_id=None,
audited_partition="aws",
audited_identity_arn=None,
profile=None,
profile_region=None,
credentials=None,
assumed_role_info=None,
audited_regions=["us-east-1", "eu-west-1"],
organizations_metadata=None,
audit_resources=None,
)
return audit_info
@mock_logs
@mock_cloudtrail
@mock_cloudwatch
def test_cloudwatch_no_log_groups(self):
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -27,11 +57,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -67,14 +97,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
s3_client.create_bucket(Bucket="test")
cloudtrail_client.create_trail(Name="test_trail", S3BucketName="test")
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -82,11 +116,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -128,14 +162,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
CloudWatchLogsLogGroupArn=f"arn:aws:logs:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:log-group:/log-group/test:*",
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -143,11 +181,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -201,14 +239,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
],
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -216,11 +258,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -286,14 +328,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
ActionsEnabled=True,
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -301,11 +347,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -371,14 +417,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
ActionsEnabled=True,
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -386,11 +436,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.logs_client",
new=Logs(current_audit_info),
), mock.patch(

112
tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes_test.py
View File

@@ -1,25 +1,55 @@
from unittest import mock
from boto3 import client
from boto3 import client, session
from moto import mock_cloudtrail, mock_cloudwatch, mock_logs, mock_s3
from moto.core import DEFAULT_ACCOUNT_ID
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
AWS_REGION = "us-east-1"
AWS_ACCOUNT_NUMBER = "123456789012"
class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=session.Session(
profile_name=None,
botocore_session=None,
),
audited_account=AWS_ACCOUNT_NUMBER,
audited_user_id=None,
audited_partition="aws",
audited_identity_arn=None,
profile=None,
profile_region=None,
credentials=None,
assumed_role_info=None,
audited_regions=["us-east-1", "eu-west-1"],
organizations_metadata=None,
audit_resources=None,
)
return audit_info
@mock_logs
@mock_cloudtrail
@mock_cloudwatch
def test_cloudwatch_no_log_groups(self):
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -27,11 +57,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_policy_changes.cloudwatch_log_metric_filter_policy_changes.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -67,14 +97,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
s3_client.create_bucket(Bucket="test")
cloudtrail_client.create_trail(Name="test_trail", S3BucketName="test")
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -82,11 +116,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_policy_changes.cloudwatch_log_metric_filter_policy_changes.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -128,14 +162,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
CloudWatchLogsLogGroupArn=f"arn:aws:logs:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:log-group:/log-group/test:*",
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -143,11 +181,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_policy_changes.cloudwatch_log_metric_filter_policy_changes.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -201,14 +239,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
],
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -216,11 +258,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_policy_changes.cloudwatch_log_metric_filter_policy_changes.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -286,14 +328,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
ActionsEnabled=True,
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -301,11 +347,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_policy_changes.cloudwatch_log_metric_filter_policy_changes.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -371,14 +417,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
ActionsEnabled=True,
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -386,11 +436,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_policy_changes.cloudwatch_log_metric_filter_policy_changes.logs_client",
new=Logs(current_audit_info),
), mock.patch(

114
tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage_test.py
View File

@@ -1,25 +1,55 @@
from unittest import mock
from boto3 import client
from boto3 import client, session
from moto import mock_cloudtrail, mock_cloudwatch, mock_logs, mock_s3
from moto.core import DEFAULT_ACCOUNT_ID
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
AWS_REGION = "us-east-1"
AWS_ACCOUNT_NUMBER = "123456789012"
class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
class Test_cloudwatch_log_metric_filter_root_usage:
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=session.Session(
profile_name=None,
botocore_session=None,
),
audited_account=AWS_ACCOUNT_NUMBER,
audited_user_id=None,
audited_partition="aws",
audited_identity_arn=None,
profile=None,
profile_region=None,
credentials=None,
assumed_role_info=None,
audited_regions=["us-east-1", "eu-west-1"],
organizations_metadata=None,
audit_resources=None,
)
return audit_info
@mock_logs
@mock_cloudtrail
@mock_cloudwatch
def test_cloudwatch_no_log_groups(self):
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -27,11 +57,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_root_usage.cloudwatch_log_metric_filter_root_usage.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -67,14 +97,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
s3_client.create_bucket(Bucket="test")
cloudtrail_client.create_trail(Name="test_trail", S3BucketName="test")
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -82,11 +116,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_root_usage.cloudwatch_log_metric_filter_root_usage.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -128,14 +162,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
CloudWatchLogsLogGroupArn=f"arn:aws:logs:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:log-group:/log-group/test:*",
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -143,11 +181,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_root_usage.cloudwatch_log_metric_filter_root_usage.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -201,14 +239,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
],
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -216,11 +258,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_root_usage.cloudwatch_log_metric_filter_root_usage.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -286,14 +328,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
ActionsEnabled=True,
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -301,11 +347,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_root_usage.cloudwatch_log_metric_filter_root_usage.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -371,14 +417,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
ActionsEnabled=True,
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -386,11 +436,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_root_usage.cloudwatch_log_metric_filter_root_usage.logs_client",
new=Logs(current_audit_info),
), mock.patch(

112
tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes_test.py
View File

@@ -1,25 +1,55 @@
from unittest import mock
from boto3 import client
from boto3 import client, session
from moto import mock_cloudtrail, mock_cloudwatch, mock_logs, mock_s3
from moto.core import DEFAULT_ACCOUNT_ID
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
AWS_REGION = "us-east-1"
AWS_ACCOUNT_NUMBER = "123456789012"
class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=session.Session(
profile_name=None,
botocore_session=None,
),
audited_account=AWS_ACCOUNT_NUMBER,
audited_user_id=None,
audited_partition="aws",
audited_identity_arn=None,
profile=None,
profile_region=None,
credentials=None,
assumed_role_info=None,
audited_regions=["us-east-1", "eu-west-1"],
organizations_metadata=None,
audit_resources=None,
)
return audit_info
@mock_logs
@mock_cloudtrail
@mock_cloudwatch
def test_cloudwatch_no_log_groups(self):
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -27,11 +57,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_security_group_changes.cloudwatch_log_metric_filter_security_group_changes.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -67,14 +97,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
s3_client.create_bucket(Bucket="test")
cloudtrail_client.create_trail(Name="test_trail", S3BucketName="test")
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -82,11 +116,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_security_group_changes.cloudwatch_log_metric_filter_security_group_changes.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -128,14 +162,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
CloudWatchLogsLogGroupArn=f"arn:aws:logs:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:log-group:/log-group/test:*",
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -143,11 +181,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_security_group_changes.cloudwatch_log_metric_filter_security_group_changes.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -201,14 +239,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
],
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -216,11 +258,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_security_group_changes.cloudwatch_log_metric_filter_security_group_changes.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -286,14 +328,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
ActionsEnabled=True,
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -301,11 +347,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_security_group_changes.cloudwatch_log_metric_filter_security_group_changes.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -371,14 +417,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
ActionsEnabled=True,
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -386,11 +436,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_security_group_changes.cloudwatch_log_metric_filter_security_group_changes.logs_client",
new=Logs(current_audit_info),
), mock.patch(

114
tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa_test.py
View File

@@ -1,25 +1,55 @@
from unittest import mock
from boto3 import client
from boto3 import client, session
from moto import mock_cloudtrail, mock_cloudwatch, mock_logs, mock_s3
from moto.core import DEFAULT_ACCOUNT_ID
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
AWS_REGION = "us-east-1"
AWS_ACCOUNT_NUMBER = "123456789012"
class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
class Test_cloudwatch_log_metric_filter_sign_in_without_mfa:
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=session.Session(
profile_name=None,
botocore_session=None,
),
audited_account=AWS_ACCOUNT_NUMBER,
audited_user_id=None,
audited_partition="aws",
audited_identity_arn=None,
profile=None,
profile_region=None,
credentials=None,
assumed_role_info=None,
audited_regions=["us-east-1", "eu-west-1"],
organizations_metadata=None,
audit_resources=None,
)
return audit_info
@mock_logs
@mock_cloudtrail
@mock_cloudwatch
def test_cloudwatch_no_log_groups(self):
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -27,11 +57,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_sign_in_without_mfa.cloudwatch_log_metric_filter_sign_in_without_mfa.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -67,14 +97,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
s3_client.create_bucket(Bucket="test")
cloudtrail_client.create_trail(Name="test_trail", S3BucketName="test")
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -82,11 +116,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_sign_in_without_mfa.cloudwatch_log_metric_filter_sign_in_without_mfa.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -128,14 +162,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
CloudWatchLogsLogGroupArn=f"arn:aws:logs:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:log-group:/log-group/test:*",
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -143,11 +181,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_sign_in_without_mfa.cloudwatch_log_metric_filter_sign_in_without_mfa.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -201,14 +239,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
],
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -216,11 +258,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_sign_in_without_mfa.cloudwatch_log_metric_filter_sign_in_without_mfa.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -286,14 +328,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
ActionsEnabled=True,
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -301,11 +347,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_sign_in_without_mfa.cloudwatch_log_metric_filter_sign_in_without_mfa.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -371,14 +417,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
ActionsEnabled=True,
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -386,11 +436,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_sign_in_without_mfa.cloudwatch_log_metric_filter_sign_in_without_mfa.logs_client",
new=Logs(current_audit_info),
), mock.patch(

112
tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls_test.py
View File

@@ -1,25 +1,55 @@
from unittest import mock
from boto3 import client
from boto3 import client, session
from moto import mock_cloudtrail, mock_cloudwatch, mock_logs, mock_s3
from moto.core import DEFAULT_ACCOUNT_ID
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
AWS_REGION = "us-east-1"
AWS_ACCOUNT_NUMBER = "123456789012"
class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=session.Session(
profile_name=None,
botocore_session=None,
),
audited_account=AWS_ACCOUNT_NUMBER,
audited_user_id=None,
audited_partition="aws",
audited_identity_arn=None,
profile=None,
profile_region=None,
credentials=None,
assumed_role_info=None,
audited_regions=["us-east-1", "eu-west-1"],
organizations_metadata=None,
audit_resources=None,
)
return audit_info
@mock_logs
@mock_cloudtrail
@mock_cloudwatch
def test_cloudwatch_no_log_groups(self):
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -27,11 +57,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_unauthorized_api_calls.cloudwatch_log_metric_filter_unauthorized_api_calls.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -67,14 +97,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
s3_client.create_bucket(Bucket="test")
cloudtrail_client.create_trail(Name="test_trail", S3BucketName="test")
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -82,11 +116,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_unauthorized_api_calls.cloudwatch_log_metric_filter_unauthorized_api_calls.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -128,14 +162,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
CloudWatchLogsLogGroupArn=f"arn:aws:logs:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:log-group:/log-group/test:*",
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -143,11 +181,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_unauthorized_api_calls.cloudwatch_log_metric_filter_unauthorized_api_calls.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -201,14 +239,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
],
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -216,11 +258,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_unauthorized_api_calls.cloudwatch_log_metric_filter_unauthorized_api_calls.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -286,14 +328,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
ActionsEnabled=True,
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -301,11 +347,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_unauthorized_api_calls.cloudwatch_log_metric_filter_unauthorized_api_calls.logs_client",
new=Logs(current_audit_info),
), mock.patch(
@@ -371,14 +417,18 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
ActionsEnabled=True,
)
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
Cloudtrail,
)
from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
CloudWatch,
Logs,
)
current_audit_info = self.set_mocked_audit_info()
from prowler.providers.common.models import Audit_Metadata
current_audit_info.audited_partition = "aws"
current_audit_info.audit_metadata = Audit_Metadata(
services_scanned=0,
# We need to set this check to call __describe_log_groups__
@@ -386,11 +436,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
completed_checks=0,
audit_progress=0,
)
from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
Cloudtrail,
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.cloudwatch.cloudwatch_log_metric_filter_unauthorized_api_calls.cloudwatch_log_metric_filter_unauthorized_api_calls.logs_client",
new=Logs(current_audit_info),
), mock.patch(