ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 06:45:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(arn): improve resource ARNs in checks (#3388)

Browse Source 
Co-authored-by: Pepe Fagoaga <pepe@prowler.com>
This commit is contained in:
Sergio Garcia
2024-03-05 18:10:22 +01:00
committed by GitHub
parent ddd43bae5d
commit fcb2df93b8
115 changed files with 869 additions and 257 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
tests/providers/aws/services/backup/backup_plans_exist/backup_plans_exist_test.py
View File

@@ -13,7 +13,12 @@ class Test_backup_plans_exist:
backup_client = mock.MagicMock
backup_client.audited_account = AWS_ACCOUNT_NUMBER
backup_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
backup_client.audited_partition = "aws"
backup_client.region = AWS_REGION
backup_client.backup_plan_arn_template = f"arn:{backup_client.audited_partition}:backup:{backup_client.region}:{backup_client.audited_account}:backup-plan"
backup_client.__get_backup_plan_arn_template__ = mock.MagicMock(
return_value=backup_client.backup_plan_arn_template
)
backup_client.backup_plans = []
backup_client.backup_vaults = ["vault"]
with mock.patch(
@@ -32,7 +37,10 @@ class Test_backup_plans_exist:
assert result[0].status == "FAIL"
assert result[0].status_extended == "No Backup Plan exist."
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
assert (
result[0].resource_arn
== f"arn:aws:backup:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:backup-plan"
)
assert result[0].region == AWS_REGION
def test_no_backup_plans_not_vaults(self):

15
tests/providers/aws/services/backup/backup_reportplans_exist/backup_reportplans_exist_test.py
View File

@@ -35,6 +35,11 @@ class Test_backup_reportplans_exist:
backup_client.audited_account = AWS_ACCOUNT_NUMBER
backup_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
backup_client.region = AWS_REGION
backup_client.audited_partition = "aws"
backup_client.report_plan_arn_template = f"arn:{backup_client.audited_partition}:backup:{backup_client.region}:{backup_client.audited_account}:report-plan"
backup_client.__get_report_plan_arn_template__ = mock.MagicMock(
return_value=backup_client.report_plan_arn_template
)
backup_plan_id = str(uuid4()).upper()
backup_plan_arn = (
f"arn:aws:backup:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:plan:{backup_plan_id}"
@@ -67,7 +72,10 @@ class Test_backup_reportplans_exist:
assert result[0].status == "FAIL"
assert result[0].status_extended == "No Backup Report Plan exist."
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
assert (
result[0].resource_arn
== f"arn:aws:backup:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:report-plan"
)
assert result[0].region == AWS_REGION
def test_one_backup_report_plan(self):
@@ -75,6 +83,11 @@ class Test_backup_reportplans_exist:
backup_client.audited_account = AWS_ACCOUNT_NUMBER
backup_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
backup_client.region = AWS_REGION
backup_client.audited_partition = "aws"
backup_client.report_plan_arn_template = f"arn:{backup_client.audited_partition}:backup:{backup_client.region}:{backup_client.audited_account}:report-plan"
backup_client.__get_report_plan_arn_template__ = mock.MagicMock(
return_value=backup_client.report_plan_arn_template
)
backup_plan_id = str(uuid4()).upper()
backup_plan_arn = (
f"arn:aws:backup:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:plan:{backup_plan_id}"

15
tests/providers/aws/services/backup/backup_vaults_exist/backup_vaults_exist_test.py
View File

@@ -12,6 +12,11 @@ class Test_backup_vaults_exist:
backup_client.audited_account = AWS_ACCOUNT_NUMBER
backup_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
backup_client.region = AWS_REGION
backup_client.audited_partition = "aws"
backup_client.backup_vault_arn_template = f"arn:{backup_client.audited_partition}:backup:{backup_client.region}:{backup_client.audited_account}:backup-vault"
backup_client.__get_backup_vault_arn_template__ = mock.MagicMock(
return_value=backup_client.backup_vault_arn_template
)
backup_client.backup_vaults = []
with mock.patch(
"prowler.providers.aws.services.backup.backup_service.Backup",
@@ -29,7 +34,10 @@ class Test_backup_vaults_exist:
assert result[0].status == "FAIL"
assert result[0].status_extended == "No Backup Vault exist."
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
assert (
result[0].resource_arn
== f"arn:aws:backup:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:backup-vault"
)
assert result[0].region == AWS_REGION
def test_one_backup_vault(self):
@@ -37,6 +45,11 @@ class Test_backup_vaults_exist:
backup_client.audited_account = AWS_ACCOUNT_NUMBER
backup_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
backup_client.region = AWS_REGION
backup_client.audited_partition = "aws"
backup_client.backup_vault_arn_template = f"arn:{backup_client.audited_partition}:backup:{backup_client.region}:{backup_client.audited_account}:backup-vault"
backup_client.__get_backup_vault_arn_template__ = mock.MagicMock(
return_value=backup_client.backup_vault_arn_template
)
backup_vault_arn = f"arn:aws:backup:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:backup-vault:MyBackupVault"
backup_client.backup_vaults = [
BackupVault(

10
tests/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled_test.py
View File

@@ -49,7 +49,7 @@ class Test_cloudtrail_multi_region_enabled:
assert report.resource_id == AWS_ACCOUNT_NUMBER
assert (
report.resource_arn
== f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
== f"arn:aws:cloudtrail:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:trail"
)
assert report.resource_tags == []
elif report.region == AWS_REGION_EU_WEST_1:
@@ -61,7 +61,7 @@ class Test_cloudtrail_multi_region_enabled:
assert report.resource_id == AWS_ACCOUNT_NUMBER
assert (
report.resource_arn
== f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
== f"arn:aws:cloudtrail:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:trail"
)
assert report.resource_tags == []
@@ -125,7 +125,7 @@ class Test_cloudtrail_multi_region_enabled:
assert report.resource_id == AWS_ACCOUNT_NUMBER
assert (
report.resource_arn
== f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
== f"arn:aws:cloudtrail:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:trail"
)
assert report.resource_tags == []
elif report.region == AWS_REGION_EU_WEST_1:
@@ -137,7 +137,7 @@ class Test_cloudtrail_multi_region_enabled:
assert report.resource_id == AWS_ACCOUNT_NUMBER
assert (
report.resource_arn
== f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
== f"arn:aws:cloudtrail:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:trail"
)
assert report.resource_tags == []
@@ -213,7 +213,7 @@ class Test_cloudtrail_multi_region_enabled:
assert report.resource_id == AWS_ACCOUNT_NUMBER
assert (
report.resource_arn
== f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
== f"arn:aws:cloudtrail:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:trail"
)
assert report.resource_tags == []
assert report.region == AWS_REGION_EU_WEST_1

16
tests/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled_logging_management_events/cloudtrail_multi_region_enabled_logging_management_events_test.py
View File

@@ -4,7 +4,6 @@ from boto3 import client
from moto import mock_aws
from tests.providers.aws.audit_info_utils import (
AWS_ACCOUNT_ARN,
AWS_ACCOUNT_NUMBER,
AWS_REGION_US_EAST_1,
set_mocked_aws_audit_info,
@@ -37,7 +36,10 @@ class Test_cloudtrail_multi_region_enabled_logging_management_events:
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:cloudtrail:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:trail"
)
assert result[0].region == AWS_REGION_US_EAST_1
assert result[0].status == "FAIL"
assert (
@@ -149,7 +151,10 @@ class Test_cloudtrail_multi_region_enabled_logging_management_events:
check = cloudtrail_multi_region_enabled_logging_management_events()
result = check.execute()
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:cloudtrail:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:trail"
)
assert result[0].region == AWS_REGION_US_EAST_1
assert result[0].status == "FAIL"
assert (
@@ -258,7 +263,10 @@ class Test_cloudtrail_multi_region_enabled_logging_management_events:
check = cloudtrail_multi_region_enabled_logging_management_events()
result = check.execute()
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:cloudtrail:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:trail"
)
assert result[0].region == AWS_REGION_US_EAST_1
assert result[0].status == "FAIL"
assert (

15
tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled_test.py
View File

@@ -56,7 +56,10 @@ class Test_cloudtrail_s3_dataevents_read_enabled:
== "No CloudTrail trails have a data event to record all S3 object-level API operations."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
assert (
result[0].resource_arn
== f"arn:aws:cloudtrail:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:trail"
)
assert result[0].resource_tags == []
assert result[0].region == AWS_REGION_US_EAST_1
@@ -129,7 +132,10 @@ class Test_cloudtrail_s3_dataevents_read_enabled:
== "No CloudTrail trails have a data event to record all S3 object-level API operations."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
assert (
result[0].resource_arn
== f"arn:aws:cloudtrail:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:trail"
)
assert result[0].resource_tags == []
assert result[0].region == AWS_REGION_US_EAST_1
@@ -190,7 +196,10 @@ class Test_cloudtrail_s3_dataevents_read_enabled:
== "No CloudTrail trails have a data event to record all S3 object-level API operations."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
assert (
result[0].resource_arn
== f"arn:aws:cloudtrail:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:trail"
)
assert result[0].resource_tags == []
assert result[0].region == AWS_REGION_US_EAST_1

15
tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled_test.py
View File

@@ -56,7 +56,10 @@ class Test_cloudtrail_s3_dataevents_write_enabled:
== "No CloudTrail trails have a data event to record all S3 object-level API operations."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
assert (
result[0].resource_arn
== f"arn:aws:cloudtrail:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:trail"
)
assert result[0].resource_tags == []
assert result[0].region == AWS_REGION_US_EAST_1
@@ -117,7 +120,10 @@ class Test_cloudtrail_s3_dataevents_write_enabled:
== "No CloudTrail trails have a data event to record all S3 object-level API operations."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
assert (
result[0].resource_arn
== f"arn:aws:cloudtrail:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:trail"
)
assert result[0].resource_tags == []
assert result[0].region == AWS_REGION_US_EAST_1
@@ -189,7 +195,10 @@ class Test_cloudtrail_s3_dataevents_write_enabled:
== "No CloudTrail trails have a data event to record all S3 object-level API operations."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
assert (
result[0].resource_arn
== f"arn:aws:cloudtrail:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:trail"
)
assert result[0].resource_tags == []
assert result[0].region == AWS_REGION_US_EAST_1

16
tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured_test.py
View File

@@ -4,7 +4,6 @@ from boto3 import client
from moto import mock_aws
from tests.providers.aws.audit_info_utils import (
AWS_ACCOUNT_ARN,
AWS_ACCOUNT_NUMBER,
AWS_REGION_EU_WEST_1,
AWS_REGION_US_EAST_1,
@@ -65,7 +64,10 @@ class Test_cloudwatch_changes_to_network_acls_alarm_configured:
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws
@@ -125,7 +127,10 @@ class Test_cloudwatch_changes_to_network_acls_alarm_configured:
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_US_EAST_1
@mock_aws
@@ -191,7 +196,10 @@ class Test_cloudwatch_changes_to_network_acls_alarm_configured:
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_US_EAST_1
@mock_aws

16
tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured_test.py
View File

@@ -4,7 +4,6 @@ from boto3 import client
from moto import mock_aws
from tests.providers.aws.audit_info_utils import (
AWS_ACCOUNT_ARN,
AWS_ACCOUNT_NUMBER,
AWS_REGION_EU_WEST_1,
AWS_REGION_US_EAST_1,
@@ -65,7 +64,10 @@ class Test_cloudwatch_changes_to_network_gateways_alarm_configured:
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws
@@ -125,7 +127,10 @@ class Test_cloudwatch_changes_to_network_gateways_alarm_configured:
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws
@@ -191,7 +196,10 @@ class Test_cloudwatch_changes_to_network_gateways_alarm_configured:
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws

16
tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured_test.py
View File

@@ -4,7 +4,6 @@ from boto3 import client
from moto import mock_aws
from tests.providers.aws.audit_info_utils import (
AWS_ACCOUNT_ARN,
AWS_ACCOUNT_NUMBER,
AWS_REGION_EU_WEST_1,
AWS_REGION_US_EAST_1,
@@ -65,7 +64,10 @@ class Test_cloudwatch_changes_to_network_route_tables_alarm_configured:
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws
@@ -125,7 +127,10 @@ class Test_cloudwatch_changes_to_network_route_tables_alarm_configured:
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws
@@ -191,7 +196,10 @@ class Test_cloudwatch_changes_to_network_route_tables_alarm_configured:
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws

16
tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured_test.py
View File

@@ -4,7 +4,6 @@ from boto3 import client
from moto import mock_aws
from tests.providers.aws.audit_info_utils import (
AWS_ACCOUNT_ARN,
AWS_ACCOUNT_NUMBER,
AWS_REGION_EU_WEST_1,
AWS_REGION_US_EAST_1,
@@ -65,7 +64,10 @@ class Test_cloudwatch_changes_to_vpcs_alarm_configured:
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws
@@ -125,7 +127,10 @@ class Test_cloudwatch_changes_to_vpcs_alarm_configured:
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws
@@ -191,7 +196,10 @@ class Test_cloudwatch_changes_to_vpcs_alarm_configured:
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws

16
tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled_test.py
View File

@@ -4,7 +4,6 @@ from boto3 import client
from moto import mock_aws
from tests.providers.aws.audit_info_utils import (
AWS_ACCOUNT_ARN,
AWS_ACCOUNT_NUMBER,
AWS_REGION_EU_WEST_1,
AWS_REGION_US_EAST_1,
@@ -67,7 +66,10 @@ class Test_cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_c
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws
@@ -129,7 +131,10 @@ class Test_cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_c
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws
@@ -197,7 +202,10 @@ class Test_cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_c
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws

16
tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled_test.py
View File

@@ -4,7 +4,6 @@ from boto3 import client
from moto import mock_aws
from tests.providers.aws.audit_info_utils import (
AWS_ACCOUNT_ARN,
AWS_ACCOUNT_NUMBER,
AWS_REGION_EU_WEST_1,
AWS_REGION_US_EAST_1,
@@ -67,7 +66,10 @@ class Test_cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_c
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws
@@ -129,7 +131,10 @@ class Test_cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_c
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws
@@ -197,7 +202,10 @@ class Test_cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_c
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws

16
tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures_test.py
View File

@@ -4,7 +4,6 @@ from boto3 import client
from moto import mock_aws
from tests.providers.aws.audit_info_utils import (
AWS_ACCOUNT_ARN,
AWS_ACCOUNT_NUMBER,
AWS_REGION_EU_WEST_1,
AWS_REGION_US_EAST_1,
@@ -65,7 +64,10 @@ class Test_cloudwatch_log_metric_filter_authentication_failures:
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws
@@ -125,7 +127,10 @@ class Test_cloudwatch_log_metric_filter_authentication_failures:
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws
@@ -191,7 +196,10 @@ class Test_cloudwatch_log_metric_filter_authentication_failures:
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws

16
tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes_test.py
View File

@@ -4,7 +4,6 @@ from boto3 import client
from moto import mock_aws
from tests.providers.aws.audit_info_utils import (
AWS_ACCOUNT_ARN,
AWS_ACCOUNT_NUMBER,
AWS_REGION_EU_WEST_1,
AWS_REGION_US_EAST_1,
@@ -65,7 +64,10 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes:
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws
@@ -125,7 +127,10 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes:
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws
@@ -191,7 +196,10 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes:
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws

16
tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk_test.py
View File

@@ -4,7 +4,6 @@ from boto3 import client
from moto import mock_aws
from tests.providers.aws.audit_info_utils import (
AWS_ACCOUNT_ARN,
AWS_ACCOUNT_NUMBER,
AWS_REGION_EU_WEST_1,
AWS_REGION_US_EAST_1,
@@ -67,7 +66,10 @@ class Test_cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws
@@ -129,7 +131,10 @@ class Test_cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws
@@ -197,7 +202,10 @@ class Test_cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws

16
tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes_test.py
View File

@@ -4,7 +4,6 @@ from boto3 import client
from moto import mock_aws
from tests.providers.aws.audit_info_utils import (
AWS_ACCOUNT_ARN,
AWS_ACCOUNT_NUMBER,
AWS_REGION_EU_WEST_1,
AWS_REGION_US_EAST_1,
@@ -65,7 +64,10 @@ class Test_cloudwatch_log_metric_filter_for_s3_bucket_policy_changes:
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws
@@ -125,7 +127,10 @@ class Test_cloudwatch_log_metric_filter_for_s3_bucket_policy_changes:
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws
@@ -191,7 +196,10 @@ class Test_cloudwatch_log_metric_filter_for_s3_bucket_policy_changes:
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws

16
tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes_test.py
View File

@@ -4,7 +4,6 @@ from boto3 import client
from moto import mock_aws
from tests.providers.aws.audit_info_utils import (
AWS_ACCOUNT_ARN,
AWS_ACCOUNT_NUMBER,
AWS_REGION_EU_WEST_1,
AWS_REGION_US_EAST_1,
@@ -65,7 +64,10 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws
@@ -125,7 +127,10 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws
@@ -191,7 +196,10 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws

16
tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage_test.py
View File

@@ -4,7 +4,6 @@ from boto3 import client
from moto import mock_aws
from tests.providers.aws.audit_info_utils import (
AWS_ACCOUNT_ARN,
AWS_ACCOUNT_NUMBER,
AWS_REGION_EU_WEST_1,
AWS_REGION_US_EAST_1,
@@ -65,7 +64,10 @@ class Test_cloudwatch_log_metric_filter_root_usage:
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws
@@ -125,7 +127,10 @@ class Test_cloudwatch_log_metric_filter_root_usage:
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws
@@ -191,7 +196,10 @@ class Test_cloudwatch_log_metric_filter_root_usage:
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws

19
tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes_test.py
View File

@@ -4,7 +4,6 @@ from boto3 import client
from moto import mock_aws
from tests.providers.aws.audit_info_utils import (
AWS_ACCOUNT_ARN,
AWS_ACCOUNT_NUMBER,
AWS_REGION_EU_WEST_1,
AWS_REGION_US_EAST_1,
@@ -65,7 +64,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws
@@ -125,7 +128,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws
@@ -191,7 +198,11 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws

16
tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa_test.py
View File

@@ -4,7 +4,6 @@ from boto3 import client
from moto import mock_aws
from tests.providers.aws.audit_info_utils import (
AWS_ACCOUNT_ARN,
AWS_ACCOUNT_NUMBER,
AWS_REGION_EU_WEST_1,
AWS_REGION_US_EAST_1,
@@ -65,7 +64,10 @@ class Test_cloudwatch_log_metric_filter_sign_in_without_mfa:
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws
@@ -125,7 +127,10 @@ class Test_cloudwatch_log_metric_filter_sign_in_without_mfa:
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws
@@ -191,7 +196,10 @@ class Test_cloudwatch_log_metric_filter_sign_in_without_mfa:
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws

16
tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls_test.py
View File

@@ -4,7 +4,6 @@ from boto3 import client
from moto import mock_aws
from tests.providers.aws.audit_info_utils import (
AWS_ACCOUNT_ARN,
AWS_ACCOUNT_NUMBER,
AWS_REGION_EU_WEST_1,
AWS_REGION_US_EAST_1,
@@ -65,7 +64,10 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws
@@ -125,7 +127,10 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws
@@ -191,7 +196,10 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
== "No CloudWatch log groups found with metric filters or alarms associated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
)
assert result[0].region == AWS_REGION_EU_WEST_1
@mock_aws

60
tests/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled_test.py
View File

@@ -4,7 +4,6 @@ from boto3 import client
from moto import mock_aws
from tests.providers.aws.audit_info_utils import (
AWS_ACCOUNT_ARN,
AWS_ACCOUNT_NUMBER,
AWS_REGION_EU_SOUTH_2,
AWS_REGION_EU_WEST_1,
@@ -35,18 +34,33 @@ class Test_config_recorder_all_regions_enabled:
)
check = config_recorder_all_regions_enabled()
result = check.execute()
results = check.execute()
assert (
len(result) == 2
) # One fail result per region, since there are no recorders
assert result[0].status == "FAIL"
assert (
result[0].status_extended
== f"AWS Config recorder {AWS_ACCOUNT_NUMBER} is disabled."
)
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert len(results) == 2
for result in results:
if result.region == AWS_REGION_EU_WEST_1:
assert result.status == "FAIL"
assert (
result.status_extended
== f"AWS Config recorder {AWS_ACCOUNT_NUMBER} is disabled."
)
assert (
result.resource_arn
== f"arn:aws:config:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:recorder"
)
assert result.resource_id == AWS_ACCOUNT_NUMBER
if result.region == AWS_REGION_EU_WEST_1:
assert result.status == "FAIL"
assert (
result.status_extended
== f"AWS Config recorder {AWS_ACCOUNT_NUMBER} is disabled."
)
assert (
result.resource_arn
== f"arn:aws:config:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:recorder"
)
assert result.resource_id == AWS_ACCOUNT_NUMBER
@mock_aws
def test_config_one_recoder_disabled(self):
@@ -84,7 +98,10 @@ class Test_config_recorder_all_regions_enabled:
== "AWS Config recorder default is disabled."
)
assert recorder.resource_id == "default"
assert recorder.resource_arn == AWS_ACCOUNT_ARN
assert (
recorder.resource_arn
== f"arn:aws:config:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:recorder"
)
assert recorder.region == AWS_REGION_US_EAST_1
@mock_aws
@@ -128,7 +145,10 @@ class Test_config_recorder_all_regions_enabled:
== "AWS Config recorder default is enabled."
)
assert recorder.resource_id == "default"
assert recorder.resource_arn == AWS_ACCOUNT_ARN
assert (
recorder.resource_arn
== f"arn:aws:config:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:recorder"
)
assert recorder.region == AWS_REGION_US_EAST_1
@mock_aws
@@ -171,7 +191,10 @@ class Test_config_recorder_all_regions_enabled:
== f"AWS Config recorder {AWS_ACCOUNT_NUMBER} is disabled."
)
assert recorder.resource_id == AWS_ACCOUNT_NUMBER
assert recorder.resource_arn == AWS_ACCOUNT_ARN
assert (
recorder.resource_arn
== f"arn:aws:config:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:recorder"
)
assert recorder.region == AWS_REGION_US_EAST_1
else:
assert recorder.status == "FAIL"
@@ -180,5 +203,8 @@ class Test_config_recorder_all_regions_enabled:
== f"AWS Config recorder {AWS_ACCOUNT_NUMBER} is disabled."
)
assert recorder.resource_id == AWS_ACCOUNT_NUMBER
assert recorder.resource_arn == AWS_ACCOUNT_ARN
assert recorder.region == "eu-south-2"
assert (
recorder.resource_arn
== f"arn:aws:config:{AWS_REGION_EU_SOUTH_2}:{AWS_ACCOUNT_NUMBER}:recorder"
)
assert recorder.region == AWS_REGION_EU_SOUTH_2

12
tests/providers/aws/services/dlm/dlm_ebs_snapshot_lifecycle_policy_exists/dlm_ebs_snapshot_lifecycle_policy_exists_test.py
View File

@@ -75,6 +75,8 @@ class Test_dlm_ebs_snapshot_lifecycle_policy_exists:
dlm_client = mock.MagicMock
dlm_client.audited_account = AWS_ACCOUNT_NUMBER
dlm_client.audited_account_arn = AWS_ACCOUNT_ARN
dlm_client.region = AWS_REGION_US_EAST_1
dlm_client.audited_partition = "aws"
dlm_client.lifecycle_policies = {
AWS_REGION_US_EAST_1: {
LIFECYCLE_POLICY_ID: LifecyclePolicy(
@@ -85,7 +87,10 @@ class Test_dlm_ebs_snapshot_lifecycle_policy_exists:
)
}
}
dlm_client.lifecycle_policy_arn_template = f"arn:{dlm_client.audited_partition}:dlm:{dlm_client.region}:{dlm_client.audited_account}:policy"
dlm_client.__get_lifecycle_policy_arn_template__ = mock.MagicMock(
return_value=dlm_client.lifecycle_policy_arn_template
)
audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1])
from prowler.providers.aws.services.ec2.ec2_service import EC2
@@ -111,7 +116,10 @@ class Test_dlm_ebs_snapshot_lifecycle_policy_exists:
assert result[0].status_extended == "EBS snapshot lifecycle policies found."
assert result[0].region == AWS_REGION_US_EAST_1
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:dlm:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:policy"
)
@mock_aws
def test_one_ebs_snapshot_and_no_dlm_lifecycle_policy(self):

40
tests/providers/aws/services/drs/drs_job_exist/drs_job_exist_test.py
View File

@@ -13,6 +13,7 @@ class Test_drs_job_exist:
drs_client.audited_account = AWS_ACCOUNT_NUMBER
drs_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
drs_client.region = AWS_REGION
drs_client.audited_partition = "aws"
drs_client.drs_services = [
DRSservice(
id="DRS",
@@ -29,6 +30,10 @@ class Test_drs_job_exist:
],
)
]
drs_client.recovery_job_arn_template = f"arn:{drs_client.audited_partition}:drs:{drs_client.region}:{drs_client.audited_account}:recovery-job"
drs_client.__get_recovery_job_arn_template__ = mock.MagicMock(
return_value=drs_client.recovery_job_arn_template
)
with mock.patch(
"prowler.providers.aws.services.drs.drs_service.DRS",
new=drs_client,
@@ -47,7 +52,10 @@ class Test_drs_job_exist:
result[0].status_extended == "DRS is enabled for this region with jobs."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
assert (
result[0].resource_arn
== f"arn:aws:drs:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:recovery-job"
)
assert result[0].region == AWS_REGION
assert result[0].resource_tags == []
@@ -56,6 +64,7 @@ class Test_drs_job_exist:
drs_client.audited_account = AWS_ACCOUNT_NUMBER
drs_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
drs_client.region = AWS_REGION
drs_client.audited_partition = "aws"
drs_client.drs_services = [
DRSservice(
id="DRS",
@@ -64,6 +73,10 @@ class Test_drs_job_exist:
jobs=[],
)
]
drs_client.recovery_job_arn_template = f"arn:{drs_client.audited_partition}:drs:{drs_client.region}:{drs_client.audited_account}:recovery-job"
drs_client.__get_recovery_job_arn_template__ = mock.MagicMock(
return_value=drs_client.recovery_job_arn_template
)
with mock.patch(
"prowler.providers.aws.services.drs.drs_service.DRS",
new=drs_client,
@@ -83,7 +96,10 @@ class Test_drs_job_exist:
== "DRS is enabled for this region without jobs."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
assert (
result[0].resource_arn
== f"arn:aws:drs:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:recovery-job"
)
assert result[0].region == AWS_REGION
assert result[0].resource_tags == []
@@ -92,6 +108,7 @@ class Test_drs_job_exist:
drs_client.audited_account = AWS_ACCOUNT_NUMBER
drs_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
drs_client.region = AWS_REGION
drs_client.audited_partition = "aws"
drs_client.drs_services = [
DRSservice(
id="DRS",
@@ -100,6 +117,10 @@ class Test_drs_job_exist:
jobs=[],
)
]
drs_client.recovery_job_arn_template = f"arn:{drs_client.audited_partition}:drs:{drs_client.region}:{drs_client.audited_account}:recovery-job"
drs_client.__get_recovery_job_arn_template__ = mock.MagicMock(
return_value=drs_client.recovery_job_arn_template
)
with mock.patch(
"prowler.providers.aws.services.drs.drs_service.DRS",
new=drs_client,
@@ -116,7 +137,10 @@ class Test_drs_job_exist:
assert result[0].status == "FAIL"
assert result[0].status_extended == "DRS is not enabled for this region."
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
assert (
result[0].resource_arn
== f"arn:aws:drs:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:recovery-job"
)
assert result[0].region == AWS_REGION
assert result[0].resource_tags == []
@@ -125,6 +149,7 @@ class Test_drs_job_exist:
drs_client.audit_config = {"allowlist_non_default_regions": True}
drs_client.audited_account = AWS_ACCOUNT_NUMBER
drs_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
drs_client.audited_partition = "aws"
drs_client.region = "eu-west-2"
drs_client.drs_services = [
DRSservice(
@@ -134,6 +159,10 @@ class Test_drs_job_exist:
jobs=[],
)
]
drs_client.recovery_job_arn_template = f"arn:{drs_client.audited_partition}:drs:{drs_client.region}:{drs_client.audited_account}:recovery-job"
drs_client.__get_recovery_job_arn_template__ = mock.MagicMock(
return_value=drs_client.recovery_job_arn_template
)
with mock.patch(
"prowler.providers.aws.services.drs.drs_service.DRS",
new=drs_client,
@@ -150,6 +179,9 @@ class Test_drs_job_exist:
assert result[0].status == "WARNING"
assert result[0].status_extended == "DRS is not enabled for this region."
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
assert (
result[0].resource_arn
== f"arn:aws:drs:eu-west-2:{AWS_ACCOUNT_NUMBER}:recovery-job"
)
assert result[0].region == AWS_REGION
assert result[0].resource_tags == []

52
tests/providers/aws/services/ec2/ec2_ebs_default_encryption/ec2_ebs_default_encryption_test.py
View File

@@ -51,7 +51,19 @@ class Test_ec2_ebs_default_encryption:
)
assert result.resource_id == AWS_ACCOUNT_NUMBER
assert (
result.resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
result.resource_arn
== f"arn:aws:ec2:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:volume"
)
if result.region == AWS_REGION_EU_WEST_1:
assert result.status == "FAIL"
assert (
result.status_extended
== "EBS Default Encryption is not activated."
)
assert result.resource_id == AWS_ACCOUNT_NUMBER
assert (
result.resource_arn
== f"arn:aws:ec2:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:volume"
)
@mock_aws
@@ -75,16 +87,33 @@ class Test_ec2_ebs_default_encryption:
)
check = ec2_ebs_default_encryption()
result = check.execute()
results = check.execute()
# One result per region
assert len(result) == 2
assert result[0].status == "FAIL"
assert (
result[0].status_extended == "EBS Default Encryption is not activated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
assert len(results) == 2
for result in results:
if result.region == AWS_REGION_US_EAST_1:
assert result.status == "FAIL"
assert (
result.status_extended
== "EBS Default Encryption is not activated."
)
assert result.resource_id == AWS_ACCOUNT_NUMBER
assert (
result.resource_arn
== f"arn:aws:ec2:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:volume"
)
if result.region == AWS_REGION_EU_WEST_1:
assert result.status == "FAIL"
assert (
result.status_extended
== "EBS Default Encryption is not activated."
)
assert result.resource_id == AWS_ACCOUNT_NUMBER
assert (
result.resource_arn
== f"arn:aws:ec2:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:volume"
)
@mock_aws
def test_ec2_ebs_encryption_disabled_ignored(self):
@@ -148,4 +177,7 @@ class Test_ec2_ebs_default_encryption:
result[0].status_extended == "EBS Default Encryption is not activated."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
assert (
result[0].resource_arn
== f"arn:aws:ec2:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:volume"
)

12
tests/providers/aws/services/emr/emr_cluster_account_public_block_enabled/emr_cluster_account_public_block_enabled_test.py
View File

@@ -18,6 +18,12 @@ class Test_emr_cluster_account_public_block_enabled:
block_public_security_group_rules=True
)
}
emr_client.region = AWS_REGION_EU_WEST_1
emr_client.audited_partition = "aws"
emr_client.cluster_arn_template = f"arn:{emr_client.audited_partition}:elasticmapreduce:{emr_client.region}:{emr_client.audited_account}:cluster"
emr_client.__get_cluster_arn_template__ = mock.MagicMock(
return_value=emr_client.cluster_arn_template
)
with mock.patch(
"prowler.providers.aws.services.emr.emr_service.EMR",
new=emr_client,
@@ -47,6 +53,12 @@ class Test_emr_cluster_account_public_block_enabled:
block_public_security_group_rules=False
)
}
emr_client.region = AWS_REGION_EU_WEST_1
emr_client.audited_partition = "aws"
emr_client.cluster_arn_template = f"arn:{emr_client.audited_partition}:elasticmapreduce:{emr_client.region}:{emr_client.audited_account}:cluster"
emr_client.__get_cluster_arn_template__ = mock.MagicMock(
return_value=emr_client.cluster_arn_template
)
with mock.patch(
"prowler.providers.aws.services.emr.emr_service.EMR",
new=emr_client,

57
tests/providers/aws/services/fms/fms_policy_compliant/fms_policy_compliant_test.py
View File

@@ -34,11 +34,12 @@ class Test_fms_policy_compliant:
fms_client.audited_account = AWS_ACCOUNT_NUMBER
fms_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
fms_client.region = AWS_REGION_US_EAST_1
fms_client.audited_partition = "aws"
fms_client.fms_admin_account = True
fms_client.fms_policies = [
Policy(
arn="arn:aws:fms:us-east-1:12345678901",
id="12345678901",
arn=f"arn:aws:fms:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:policy",
id=AWS_ACCOUNT_NUMBER,
name="test",
resource_type="AWS::EC2::Instance",
service_type="WAF",
@@ -46,13 +47,17 @@ class Test_fms_policy_compliant:
delete_unused_managed_resources=True,
compliance_status=[
PolicyAccountComplianceStatus(
account_id="12345678901",
policy_id="12345678901",
account_id=AWS_ACCOUNT_NUMBER,
policy_id=AWS_ACCOUNT_NUMBER,
status="NON_COMPLIANT",
)
],
)
]
fms_client.policy_arn_template = f"arn:{fms_client.audited_partition}:fms:{fms_client.region}:{fms_client.audited_account}:policy"
fms_client.__get_policy_arn_template__ = mock.MagicMock(
return_value=fms_client.policy_arn_template
)
with mock.patch(
"prowler.providers.aws.services.fms.fms_service.FMS",
new=fms_client,
@@ -71,8 +76,11 @@ class Test_fms_policy_compliant:
result[0].status_extended
== f"FMS with non-compliant policy {fms_client.fms_policies[0].name} for account {fms_client.fms_policies[0].compliance_status[0].account_id}."
)
assert result[0].resource_id == "12345678901"
assert result[0].resource_arn == "arn:aws:fms:us-east-1:12345678901"
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert (
result[0].resource_arn
== f"arn:aws:fms:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:policy"
)
assert result[0].region == AWS_REGION_US_EAST_1
def test_fms_admin_with_compliant_policies(self):
@@ -80,6 +88,7 @@ class Test_fms_policy_compliant:
fms_client.audited_account = AWS_ACCOUNT_NUMBER
fms_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
fms_client.region = AWS_REGION_US_EAST_1
fms_client.audited_partition = "aws"
fms_client.fms_admin_account = True
fms_client.fms_policies = [
Policy(
@@ -99,6 +108,10 @@ class Test_fms_policy_compliant:
],
)
]
fms_client.policy_arn_template = f"arn:{fms_client.audited_partition}:fms:{fms_client.region}:{fms_client.audited_account}:policy"
fms_client.__get_policy_arn_template__ = mock.MagicMock(
return_value=fms_client.policy_arn_template
)
with mock.patch(
"prowler.providers.aws.services.fms.fms_service.FMS",
new=fms_client,
@@ -117,18 +130,22 @@ class Test_fms_policy_compliant:
result[0].status_extended == "FMS enabled with all compliant accounts."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
assert (
result[0].resource_arn
== f"arn:aws:fms:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:policy"
)
assert result[0].region == AWS_REGION_US_EAST_1
def test_fms_admin_with_non_and_compliant_policies(self):
fms_client = mock.MagicMock
fms_client.audited_account = AWS_ACCOUNT_NUMBER
fms_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
fms_client.audited_partition = "aws"
fms_client.region = AWS_REGION_US_EAST_1
fms_client.fms_admin_account = True
fms_client.fms_policies = [
Policy(
arn="arn:aws:fms:us-east-1:12345678901",
arn=f"arn:aws:fms:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:policy",
id="12345678901",
name="test",
resource_type="AWS::EC2::Instance",
@@ -149,6 +166,10 @@ class Test_fms_policy_compliant:
],
)
]
fms_client.policy_arn_template = f"arn:{fms_client.audited_partition}:fms:{fms_client.region}:{fms_client.audited_account}:policy"
fms_client.__get_policy_arn_template__ = mock.MagicMock(
return_value=fms_client.policy_arn_template
)
with mock.patch(
"prowler.providers.aws.services.fms.fms_service.FMS",
new=fms_client,
@@ -168,7 +189,10 @@ class Test_fms_policy_compliant:
== f"FMS with non-compliant policy {fms_client.fms_policies[0].name} for account {fms_client.fms_policies[0].compliance_status[0].account_id}."
)
assert result[0].resource_id == "12345678901"
assert result[0].resource_arn == "arn:aws:fms:us-east-1:12345678901"
assert (
result[0].resource_arn
== f"arn:aws:fms:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:policy"
)
assert result[0].region == AWS_REGION_US_EAST_1
def test_fms_admin_without_policies(self):
@@ -176,8 +200,13 @@ class Test_fms_policy_compliant:
fms_client.audited_account = AWS_ACCOUNT_NUMBER
fms_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
fms_client.region = AWS_REGION_US_EAST_1
fms_client.audited_partition = "aws"
fms_client.fms_admin_account = True
fms_client.fms_policies = []
fms_client.policy_arn_template = f"arn:{fms_client.audited_partition}:fms:{fms_client.region}:{fms_client.audited_account}:policy"
fms_client.__get_policy_arn_template__ = mock.MagicMock(
return_value=fms_client.policy_arn_template
)
with mock.patch(
"prowler.providers.aws.services.fms.fms_service.FMS",
new=fms_client,
@@ -197,13 +226,17 @@ class Test_fms_policy_compliant:
== f"FMS without any compliant policy for account {AWS_ACCOUNT_NUMBER}."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == fms_client.audited_account_arn
assert (
result[0].resource_arn
== f"arn:aws:fms:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:policy"
)
assert result[0].region == AWS_REGION_US_EAST_1
def test_fms_admin_with_policy_with_null_status(self):
fms_client = mock.MagicMock
fms_client.audited_account = AWS_ACCOUNT_NUMBER
fms_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
fms_client.audited_partition = "aws"
fms_client.region = AWS_REGION_US_EAST_1
fms_client.fms_admin_account = True
fms_client.fms_policies = [
@@ -224,6 +257,10 @@ class Test_fms_policy_compliant:
],
)
]
fms_client.policy_arn_template = f"arn:{fms_client.audited_partition}:fms:{fms_client.region}:{fms_client.audited_account}:policy"
fms_client.__get_policy_arn_template__ = mock.MagicMock(
return_value=fms_client.policy_arn_template
)
with mock.patch(
"prowler.providers.aws.services.fms.fms_service.FMS",
new=fms_client,

19
tests/providers/aws/services/glue/glue_data_catalogs_connection_passwords_encryption_enabled/glue_data_catalogs_connection_passwords_encryption_enabled_test.py
View File

@@ -41,7 +41,12 @@ class Test_glue_data_catalogs_connection_passwords_encryption_enabled:
)
]
glue_client.audited_account = "12345678912"
glue_client.audited_partition = "aws"
glue_client.region = AWS_REGION_US_EAST_1
glue_client.data_catalog_arn_template = f"arn:{glue_client.audited_partition}:glue:{glue_client.region}:{glue_client.audited_account}:data-catalog"
glue_client.__get_data_catalog_arn_template__ = mock.MagicMock(
return_value=glue_client.data_catalog_arn_template
)
with mock.patch(
"prowler.providers.aws.services.glue.glue_service.Glue",
glue_client,
@@ -77,6 +82,12 @@ class Test_glue_data_catalogs_connection_passwords_encryption_enabled:
)
]
glue_client.audited_account = "12345678912"
glue_client.audited_partition = "aws"
glue_client.region = AWS_REGION_US_EAST_1
glue_client.data_catalog_arn_template = f"arn:{glue_client.audited_partition}:glue:{glue_client.region}:{glue_client.audited_account}:data-catalog"
glue_client.__get_data_catalog_arn_template__ = mock.MagicMock(
return_value=glue_client.data_catalog_arn_template
)
glue_client.audit_info.ignore_unused_services = True
with mock.patch(
"prowler.providers.aws.services.glue.glue_service.Glue",
@@ -106,6 +117,12 @@ class Test_glue_data_catalogs_connection_passwords_encryption_enabled:
)
]
glue_client.audited_account = "12345678912"
glue_client.audited_partition = "aws"
glue_client.region = AWS_REGION_US_EAST_1
glue_client.data_catalog_arn_template = f"arn:{glue_client.audited_partition}:glue:{glue_client.region}:{glue_client.audited_account}:data-catalog"
glue_client.__get_data_catalog_arn_template__ = mock.MagicMock(
return_value=glue_client.data_catalog_arn_template
)
glue_client.audit_info.ignore_unused_services = True
with mock.patch(
"prowler.providers.aws.services.glue.glue_service.Glue",

28
tests/providers/aws/services/glue/glue_data_catalogs_metadata_encryption_enabled/glue_data_catalogs_metadata_encryption_enabled_test.py
View File

@@ -42,7 +42,12 @@ class Test_glue_data_catalogs_metadata_encryption_enabled:
)
]
glue_client.audited_account = "12345678912"
glue_client.audited_partition = "aws"
glue_client.region = AWS_REGION_US_EAST_1
glue_client.data_catalog_arn_template = f"arn:{glue_client.audited_partition}:glue:{glue_client.region}:{glue_client.audited_account}:data-catalog"
glue_client.__get_data_catalog_arn_template__ = mock.MagicMock(
return_value=glue_client.data_catalog_arn_template
)
with mock.patch(
"prowler.providers.aws.services.glue.glue_service.Glue",
glue_client,
@@ -79,7 +84,12 @@ class Test_glue_data_catalogs_metadata_encryption_enabled:
]
glue_client.audited_account = "12345678912"
glue_client.audit_info.ignore_unused_services = True
glue_client.audited_partition = "aws"
glue_client.region = AWS_REGION_US_EAST_1
glue_client.data_catalog_arn_template = f"arn:{glue_client.audited_partition}:glue:{glue_client.region}:{glue_client.audited_account}:data-catalog"
glue_client.__get_data_catalog_arn_template__ = mock.MagicMock(
return_value=glue_client.data_catalog_arn_template
)
with mock.patch(
"prowler.providers.aws.services.glue.glue_service.Glue",
glue_client,
@@ -109,7 +119,12 @@ class Test_glue_data_catalogs_metadata_encryption_enabled:
]
glue_client.audited_account = "12345678912"
glue_client.audit_info.ignore_unused_services = True
glue_client.audited_partition = "aws"
glue_client.region = AWS_REGION_US_EAST_1
glue_client.data_catalog_arn_template = f"arn:{glue_client.audited_partition}:glue:{glue_client.region}:{glue_client.audited_account}:data-catalog"
glue_client.__get_data_catalog_arn_template__ = mock.MagicMock(
return_value=glue_client.data_catalog_arn_template
)
with mock.patch(
"prowler.providers.aws.services.glue.glue_service.Glue",
glue_client,
@@ -145,7 +160,12 @@ class Test_glue_data_catalogs_metadata_encryption_enabled:
)
]
glue_client.audited_account = "12345678912"
glue_client.audited_partition = "aws"
glue_client.region = AWS_REGION_US_EAST_1
glue_client.data_catalog_arn_template = f"arn:{glue_client.audited_partition}:glue:{glue_client.region}:{glue_client.audited_account}:data-catalog"
glue_client.__get_data_catalog_arn_template__ = mock.MagicMock(
return_value=glue_client.data_catalog_arn_template
)
with mock.patch(
"prowler.providers.aws.services.glue.glue_service.Glue",
glue_client,

16
tests/providers/aws/services/iam/iam_password_policy_expires_passwords_within_90_days_or_less/iam_password_policy_expires_passwords_within_90_days_or_less_test.py
View File

@@ -4,7 +4,6 @@ from unittest import mock
from moto import mock_aws
from tests.providers.aws.audit_info_utils import (
AWS_ACCOUNT_ARN,
AWS_ACCOUNT_NUMBER,
AWS_REGION_US_EAST_1,
set_mocked_aws_audit_info,
@@ -47,7 +46,10 @@ class Test_iam_password_policy_expires_passwords_within_90_days_or_less:
assert len(result) == 1
assert result[0].status == "PASS"
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:iam:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:password-policy"
)
assert result[0].region == AWS_REGION_US_EAST_1
assert search(
"Password expiration is set lower than 90 days",
@@ -89,7 +91,10 @@ class Test_iam_password_policy_expires_passwords_within_90_days_or_less:
assert len(result) == 1
assert result[0].status == "FAIL"
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:iam:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:password-policy"
)
assert result[0].region == AWS_REGION_US_EAST_1
assert search(
"Password expiration is set greater than 90 days",
@@ -131,7 +136,10 @@ class Test_iam_password_policy_expires_passwords_within_90_days_or_less:
assert len(result) == 1
assert result[0].status == "PASS"
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:iam:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:password-policy"
)
assert result[0].region == AWS_REGION_US_EAST_1
assert search(
"Password expiration is set lower than 90 days",

11
tests/providers/aws/services/iam/iam_password_policy_lowercase/iam_password_policy_lowercase_test.py
View File

@@ -5,7 +5,6 @@ from boto3 import client
from moto import mock_aws
from tests.providers.aws.audit_info_utils import (
AWS_ACCOUNT_ARN,
AWS_ACCOUNT_NUMBER,
AWS_REGION_US_EAST_1,
set_mocked_aws_audit_info,
@@ -44,7 +43,10 @@ class Test_iam_password_policy_lowercase:
result[0].status_extended,
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:iam:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:password-policy"
)
assert result[0].region == AWS_REGION_US_EAST_1
@mock_aws
@@ -78,5 +80,8 @@ class Test_iam_password_policy_lowercase:
result[0].status_extended,
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:iam:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:password-policy"
)
assert result[0].region == AWS_REGION_US_EAST_1

16
tests/providers/aws/services/iam/iam_password_policy_minimum_length_14/iam_password_policy_minimum_length_14_test.py
View File

@@ -5,7 +5,6 @@ from boto3 import client
from moto import mock_aws
from tests.providers.aws.audit_info_utils import (
AWS_ACCOUNT_ARN,
AWS_ACCOUNT_NUMBER,
AWS_REGION_US_EAST_1,
set_mocked_aws_audit_info,
@@ -51,7 +50,10 @@ class Test_iam_password_policy_minimum_length_14:
result[0].status_extended,
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:iam:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:password-policy"
)
assert result[0].region == AWS_REGION_US_EAST_1
@mock_aws
@@ -85,7 +87,10 @@ class Test_iam_password_policy_minimum_length_14:
result[0].status_extended,
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:iam:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:password-policy"
)
assert result[0].region == AWS_REGION_US_EAST_1
@mock_aws
@@ -119,5 +124,8 @@ class Test_iam_password_policy_minimum_length_14:
result[0].status_extended,
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:iam:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:password-policy"
)
assert result[0].region == AWS_REGION_US_EAST_1

11
tests/providers/aws/services/iam/iam_password_policy_number/iam_password_policy_number_test.py
View File

@@ -5,7 +5,6 @@ from boto3 import client
from moto import mock_aws
from tests.providers.aws.audit_info_utils import (
AWS_ACCOUNT_ARN,
AWS_ACCOUNT_NUMBER,
AWS_REGION_US_EAST_1,
set_mocked_aws_audit_info,
@@ -51,7 +50,10 @@ class Test_iam_password_policy_number:
result[0].status_extended,
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:iam:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:password-policy"
)
assert result[0].region == AWS_REGION_US_EAST_1
@mock_aws
@@ -85,5 +87,8 @@ class Test_iam_password_policy_number:
result[0].status_extended,
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:iam:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:password-policy"
)
assert result[0].region == AWS_REGION_US_EAST_1

11
tests/providers/aws/services/iam/iam_password_policy_reuse_24/iam_password_policy_reuse_24_test.py
View File

@@ -4,7 +4,6 @@ from boto3 import client
from moto import mock_aws
from tests.providers.aws.audit_info_utils import (
AWS_ACCOUNT_ARN,
AWS_ACCOUNT_NUMBER,
AWS_REGION_US_EAST_1,
set_mocked_aws_audit_info,
@@ -49,7 +48,10 @@ class Test_iam_password_policy_reuse_24:
== "IAM password policy reuse prevention is equal to 24."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:iam:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:password-policy"
)
assert result[0].region == AWS_REGION_US_EAST_1
@mock_aws
@@ -82,5 +84,8 @@ class Test_iam_password_policy_reuse_24:
== "IAM password policy reuse prevention is less than 24 or not set."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:iam:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:password-policy"
)
assert result[0].region == AWS_REGION_US_EAST_1

11
tests/providers/aws/services/iam/iam_password_policy_symbol/iam_password_policy_symbol_test.py
View File

@@ -5,7 +5,6 @@ from boto3 import client
from moto import mock_aws
from tests.providers.aws.audit_info_utils import (
AWS_ACCOUNT_ARN,
AWS_ACCOUNT_NUMBER,
AWS_REGION_US_EAST_1,
set_mocked_aws_audit_info,
@@ -51,7 +50,10 @@ class Test_iam_password_policy_symbol:
result[0].status_extended,
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:iam:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:password-policy"
)
assert result[0].region == AWS_REGION_US_EAST_1
@mock_aws
@@ -85,5 +87,8 @@ class Test_iam_password_policy_symbol:
result[0].status_extended,
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:iam:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:password-policy"
)
assert result[0].region == AWS_REGION_US_EAST_1

11
tests/providers/aws/services/iam/iam_password_policy_uppercase/iam_password_policy_uppercase_test.py
View File

@@ -4,7 +4,6 @@ from boto3 import client
from moto import mock_aws
from tests.providers.aws.audit_info_utils import (
AWS_ACCOUNT_ARN,
AWS_ACCOUNT_NUMBER,
AWS_REGION_US_EAST_1,
set_mocked_aws_audit_info,
@@ -49,7 +48,10 @@ class Test_iam_password_policy_uppercase:
== "IAM password policy does not require at least one uppercase letter."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:iam:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:password-policy"
)
assert result[0].region == AWS_REGION_US_EAST_1
@mock_aws
@@ -82,5 +84,8 @@ class Test_iam_password_policy_uppercase:
== "IAM password policy requires at least one uppercase letter."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:iam:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:password-policy"
)
assert result[0].region == AWS_REGION_US_EAST_1

3
tests/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled_test.py
View File

@@ -5,6 +5,7 @@ from boto3 import client
from moto import mock_aws
from tests.providers.aws.audit_info_utils import (
AWS_ACCOUNT_NUMBER,
AWS_REGION_US_EAST_1,
set_mocked_aws_audit_info,
)
@@ -85,5 +86,5 @@ class Test_iam_root_hardware_mfa_enabled_test:
assert result[0].resource_id == "<root_account>"
assert (
result[0].resource_arn
== f"arn:aws:iam::{service_client.audited_account}:root"
== f"arn:aws:iam:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:mfa"
)

48
tests/providers/aws/services/macie/macie_is_enabled/macie_is_enabled_test.py
View File

@@ -23,12 +23,18 @@ class Test_macie_is_enabled:
macie_client.audit_info = set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1])
macie_client.audited_account = AWS_ACCOUNT_NUMBER
macie_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
macie_client.audited_partition = "aws"
macie_client.region = AWS_REGION_EU_WEST_1
macie_client.sessions = [
Session(
status="DISABLED",
region="eu-west-1",
)
]
macie_client.session_arn_template = f"arn:{macie_client.audited_partition}:macie:{macie_client.region}:{macie_client.audited_account}:session"
macie_client.__get_session_arn_template__ = mock.MagicMock(
return_value=macie_client.session_arn_template
)
current_audit_info = set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1])
with mock.patch(
@@ -53,6 +59,10 @@ class Test_macie_is_enabled:
assert result[0].status == "FAIL"
assert result[0].status_extended == "Macie is not enabled."
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert (
result[0].resource_arn
== f"arn:aws:macie:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:session"
)
@mock_aws
def test_macie_enabled(self):
@@ -65,12 +75,18 @@ class Test_macie_is_enabled:
macie_client.audit_info = set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1])
macie_client.audited_account = AWS_ACCOUNT_NUMBER
macie_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
macie_client.audited_partition = "aws"
macie_client.region = AWS_REGION_EU_WEST_1
macie_client.sessions = [
Session(
status="ENABLED",
region="eu-west-1",
)
]
macie_client.session_arn_template = f"arn:{macie_client.audited_partition}:macie:{macie_client.region}:{macie_client.audited_account}:session"
macie_client.__get_session_arn_template__ = mock.MagicMock(
return_value=macie_client.session_arn_template
)
current_audit_info = set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1])
with mock.patch(
@@ -95,6 +111,10 @@ class Test_macie_is_enabled:
assert result[0].status == "PASS"
assert result[0].status_extended == "Macie is enabled."
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert (
result[0].resource_arn
== f"arn:aws:macie:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:session"
)
@mock_aws
def test_macie_suspended_ignored(self):
@@ -107,6 +127,12 @@ class Test_macie_is_enabled:
macie_client.audit_info = set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1])
macie_client.audited_account = AWS_ACCOUNT_NUMBER
macie_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
macie_client.audited_partition = "aws"
macie_client.region = AWS_REGION_EU_WEST_1
macie_client.session_arn_template = f"arn:{macie_client.audited_partition}:macie:{macie_client.region}:{macie_client.audited_account}:session"
macie_client.__get_session_arn_template__ = mock.MagicMock(
return_value=macie_client.session_arn_template
)
macie_client.sessions = [
Session(
status="PAUSED",
@@ -154,13 +180,18 @@ class Test_macie_is_enabled:
macie_client.audit_info = set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1])
macie_client.audited_account = AWS_ACCOUNT_NUMBER
macie_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
macie_client.audited_partition = "aws"
macie_client.region = AWS_REGION_EU_WEST_1
macie_client.sessions = [
Session(
status="PAUSED",
region=AWS_REGION_EU_WEST_1,
)
]
macie_client.session_arn_template = f"arn:{macie_client.audited_partition}:macie:{macie_client.region}:{macie_client.audited_account}:session"
macie_client.__get_session_arn_template__ = mock.MagicMock(
return_value=macie_client.session_arn_template
)
macie_client.audit_info.ignore_unused_services = True
current_audit_info = set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1])
@@ -188,6 +219,10 @@ class Test_macie_is_enabled:
result[0].status_extended == "Macie is currently in a SUSPENDED state."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert (
result[0].resource_arn
== f"arn:aws:macie:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:session"
)
@mock_aws
def test_macie_suspended(self):
@@ -198,6 +233,8 @@ class Test_macie_is_enabled:
macie_client.audit_info = set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1])
macie_client.audited_account = AWS_ACCOUNT_NUMBER
macie_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
macie_client.audited_partition = "aws"
macie_client.region = AWS_REGION_EU_WEST_1
macie_client.sessions = [
Session(
status="PAUSED",
@@ -205,7 +242,10 @@ class Test_macie_is_enabled:
)
]
current_audit_info = set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1])
macie_client.session_arn_template = f"arn:{macie_client.audited_partition}:macie:{macie_client.region}:{macie_client.audited_account}:session"
macie_client.__get_session_arn_template__ = mock.MagicMock(
return_value=macie_client.session_arn_template
)
with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
@@ -230,3 +270,7 @@ class Test_macie_is_enabled:
result[0].status_extended == "Macie is currently in a SUSPENDED state."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert (
result[0].resource_arn
== f"arn:aws:macie:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:session"
)

15
tests/providers/aws/services/resourceexplorer2/resourceexplorer2_indexes_found/resourceexplorer2_indexes_found_test.py
View File

@@ -20,7 +20,12 @@ class Test_resourceexplorer2_indexes_found:
resourceexplorer2_client.audited_account_arn = (
f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
)
resourceexplorer2_client.audited_partition = "aws"
resourceexplorer2_client.region = AWS_REGION_US_EAST_1
resourceexplorer2_client.index_arn_template = f"arn:{resourceexplorer2_client.audited_partition}:resource-explorer:{resourceexplorer2_client.region}:{resourceexplorer2_client.audited_account}:index"
resourceexplorer2_client.__get_index_arn_template__ = mock.MagicMock(
return_value=resourceexplorer2_client.index_arn_template
)
with mock.patch(
"prowler.providers.aws.services.resourceexplorer2.resourceexplorer2_service.ResourceExplorer2",
new=resourceexplorer2_client,
@@ -38,7 +43,10 @@ class Test_resourceexplorer2_indexes_found:
assert result[0].status == "FAIL"
assert result[0].status_extended == "No Resource Explorer Indexes found."
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
assert (
result[0].resource_arn
== f"arn:aws:resource-explorer:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:index"
)
assert result[0].region == AWS_REGION_US_EAST_1
def test_one_index_found(self):
@@ -51,6 +59,11 @@ class Test_resourceexplorer2_indexes_found:
f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
)
resourceexplorer2_client.region = AWS_REGION_US_EAST_1
resourceexplorer2_client.audited_partition = "aws"
resourceexplorer2_client.index_arn_template = f"arn:{resourceexplorer2_client.audited_partition}:resource-explorer:{resourceexplorer2_client.region}:{resourceexplorer2_client.audited_account}:index"
resourceexplorer2_client.__get_index_arn_template__ = mock.MagicMock(
return_value=resourceexplorer2_client.index_arn_template
)
with mock.patch(
"prowler.providers.aws.services.resourceexplorer2.resourceexplorer2_service.ResourceExplorer2",
new=resourceexplorer2_client,

11
tests/providers/aws/services/s3/s3_account_level_public_access_blocks/s3_account_level_public_access_blocks_test.py
View File

@@ -4,7 +4,6 @@ from boto3 import client
from moto import mock_aws
from tests.providers.aws.audit_info_utils import (
AWS_ACCOUNT_ARN,
AWS_ACCOUNT_NUMBER,
AWS_REGION_US_EAST_1,
set_mocked_aws_audit_info,
@@ -54,7 +53,10 @@ class Test_s3_account_level_public_access_blocks:
== f"Block Public Access is configured for the account {AWS_ACCOUNT_NUMBER}."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:s3:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:account"
)
assert result[0].region == AWS_REGION_US_EAST_1
@mock_aws
@@ -99,7 +101,10 @@ class Test_s3_account_level_public_access_blocks:
== f"Block Public Access is not configured for the account {AWS_ACCOUNT_NUMBER}."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:s3:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:account"
)
assert result[0].region == AWS_REGION_US_EAST_1
@mock_aws

11
tests/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access_test.py
View File

@@ -5,7 +5,6 @@ from boto3 import client
from moto import mock_aws
from tests.providers.aws.audit_info_utils import (
AWS_ACCOUNT_ARN,
AWS_ACCOUNT_NUMBER,
AWS_REGION_US_EAST_1,
set_mocked_aws_audit_info,
@@ -85,7 +84,10 @@ class Test_s3_bucket_public_access:
== "All S3 public access blocked at account level."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:s3:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:account"
)
assert result[0].region == AWS_REGION_US_EAST_1
@mock_aws
@@ -135,7 +137,10 @@ class Test_s3_bucket_public_access:
== "All S3 public access blocked at account level."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:s3:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:account"
)
assert result[0].region == AWS_REGION_US_EAST_1
@mock_aws

11
tests/providers/aws/services/s3/s3_bucket_public_list_acl/s3_bucket_public_list_acl_test.py
View File

@@ -4,7 +4,6 @@ from boto3 import client
from moto import mock_aws
from tests.providers.aws.audit_info_utils import (
AWS_ACCOUNT_ARN,
AWS_ACCOUNT_NUMBER,
AWS_REGION_US_EAST_1,
set_mocked_aws_audit_info,
@@ -84,7 +83,10 @@ class Test_s3_bucket_public_list_acl:
== "All S3 public access blocked at account level."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:s3:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:account"
)
assert result[0].region == AWS_REGION_US_EAST_1
@mock_aws
@@ -134,7 +136,10 @@ class Test_s3_bucket_public_list_acl:
== "All S3 public access blocked at account level."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:s3:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:account"
)
assert result[0].region == AWS_REGION_US_EAST_1
@mock_aws

11
tests/providers/aws/services/s3/s3_bucket_public_write_acl/s3_bucket_public_write_acl_test.py
View File

@@ -4,7 +4,6 @@ from boto3 import client
from moto import mock_aws
from tests.providers.aws.audit_info_utils import (
AWS_ACCOUNT_ARN,
AWS_ACCOUNT_NUMBER,
AWS_REGION_US_EAST_1,
set_mocked_aws_audit_info,
@@ -84,7 +83,10 @@ class Test_s3_bucket_public_write_acl:
== "All S3 public access blocked at account level."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:s3:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:account"
)
assert result[0].region == AWS_REGION_US_EAST_1
@mock_aws
@@ -134,7 +136,10 @@ class Test_s3_bucket_public_write_acl:
== "All S3 public access blocked at account level."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:s3:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:account"
)
assert result[0].region == AWS_REGION_US_EAST_1
@mock_aws

25
tests/providers/aws/services/ssmincidents/ssmincidents_enabled_with_plans/ssmincidents_enabled_with_plans_test.py
View File

@@ -17,10 +17,15 @@ class Test_ssmincidents_enabled_with_plans:
def test_ssmincidents_no_replicationset(self):
ssmincidents_client = mock.MagicMock
ssmincidents_client.audited_account = AWS_ACCOUNT_NUMBER
ssmincidents_client.audited_partition = "aws"
ssmincidents_client.audited_account_arn = (
f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
)
ssmincidents_client.region = AWS_REGION_US_EAST_1
ssmincidents_client.replication_set_arn_template = f"arn:{ssmincidents_client.audited_partition}:ssm-incidents:{ssmincidents_client.region}:{ssmincidents_client.audited_account}:replication-set"
ssmincidents_client.__get_replication_set_arn_template__ = mock.MagicMock(
return_value=ssmincidents_client.replication_set_arn_template
)
ssmincidents_client.replication_set = []
with mock.patch(
"prowler.providers.aws.services.ssmincidents.ssmincidents_service.SSMIncidents",
@@ -40,7 +45,10 @@ class Test_ssmincidents_enabled_with_plans:
result[0].status_extended == "No SSM Incidents replication set exists."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
assert (
result[0].resource_arn
== f"arn:{ssmincidents_client.audited_partition}:ssm-incidents:{ssmincidents_client.region}:{ssmincidents_client.audited_account}:replication-set"
)
assert result[0].region == AWS_REGION_US_EAST_1
def test_ssmincidents_replicationset_not_active(self):
@@ -53,6 +61,11 @@ class Test_ssmincidents_enabled_with_plans:
ssmincidents_client.replication_set = [
ReplicationSet(arn=REPLICATION_SET_ARN, status="CREATING")
]
ssmincidents_client.audited_partition = "aws"
ssmincidents_client.replication_set_arn_template = f"arn:{ssmincidents_client.audited_partition}:ssm-incidents:{ssmincidents_client.region}:{ssmincidents_client.audited_account}:replication-set"
ssmincidents_client.__get_replication_set_arn_template__ = mock.MagicMock(
return_value=ssmincidents_client.replication_set_arn_template
)
with mock.patch(
"prowler.providers.aws.services.ssmincidents.ssmincidents_service.SSMIncidents",
new=ssmincidents_client,
@@ -85,6 +98,11 @@ class Test_ssmincidents_enabled_with_plans:
ssmincidents_client.replication_set = [
ReplicationSet(arn=REPLICATION_SET_ARN, status="ACTIVE")
]
ssmincidents_client.audited_partition = "aws"
ssmincidents_client.replication_set_arn_template = f"arn:{ssmincidents_client.audited_partition}:ssm-incidents:{ssmincidents_client.region}:{ssmincidents_client.audited_account}:replication-set"
ssmincidents_client.__get_replication_set_arn_template__ = mock.MagicMock(
return_value=ssmincidents_client.replication_set_arn_template
)
ssmincidents_client.response_plans = []
with mock.patch(
"prowler.providers.aws.services.ssmincidents.ssmincidents_service.SSMIncidents",
@@ -123,6 +141,11 @@ class Test_ssmincidents_enabled_with_plans:
arn=RESPONSE_PLAN_ARN, name="test", region=AWS_REGION_US_EAST_1
)
]
ssmincidents_client.audited_partition = "aws"
ssmincidents_client.replication_set_arn_template = f"arn:{ssmincidents_client.audited_partition}:ssm-incidents:{ssmincidents_client.region}:{ssmincidents_client.audited_account}:replication-set"
ssmincidents_client.__get_replication_set_arn_template__ = mock.MagicMock(
return_value=ssmincidents_client.replication_set_arn_template
)
with mock.patch(
"prowler.providers.aws.services.ssmincidents.ssmincidents_service.SSMIncidents",
new=ssmincidents_client,

14
tests/providers/aws/services/trustedadvisor/trustedadvisor_errors_and_warnings/trustedadvisor_errors_and_warnings_test.py
View File

@@ -11,6 +11,7 @@ from tests.providers.aws.audit_info_utils import (
)
CHECK_NAME = "test-check"
CHECK_ARN = "arn:aws:trusted-advisor:::check/test-check"
class Test_trustedadvisor_errors_and_warnings:
@@ -20,7 +21,12 @@ class Test_trustedadvisor_errors_and_warnings:
trustedadvisor_client.premium_support = PremiumSupport(enabled=False)
trustedadvisor_client.audited_account = AWS_ACCOUNT_NUMBER
trustedadvisor_client.audited_account_arn = AWS_ACCOUNT_ARN
trustedadvisor_client.audited_partition = "aws"
trustedadvisor_client.region = AWS_REGION_US_EAST_1
trustedadvisor_client.account_arn_template = f"arn:{trustedadvisor_client.audited_partition}:trusted-advisor:{trustedadvisor_client.region}:{trustedadvisor_client.audited_account}:account"
trustedadvisor_client.__get_account_arn_template__ = mock.MagicMock(
return_value=trustedadvisor_client.account_arn_template
)
with mock.patch(
"prowler.providers.aws.services.trustedadvisor.trustedadvisor_service.TrustedAdvisor",
trustedadvisor_client,
@@ -39,7 +45,10 @@ class Test_trustedadvisor_errors_and_warnings:
)
assert result[0].region == AWS_REGION_US_EAST_1
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:trusted-advisor:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:account"
)
def test_trustedadvisor_all_passed_checks(self):
trustedadvisor_client = mock.MagicMock
@@ -51,6 +60,7 @@ class Test_trustedadvisor_errors_and_warnings:
Check(
id=CHECK_NAME,
name=CHECK_NAME,
arn=CHECK_ARN,
region=AWS_REGION_US_EAST_1,
status="ok",
)
@@ -84,6 +94,7 @@ class Test_trustedadvisor_errors_and_warnings:
Check(
id=CHECK_NAME,
name=CHECK_NAME,
arn=CHECK_ARN,
region=AWS_REGION_US_EAST_1,
status="error",
)
@@ -117,6 +128,7 @@ class Test_trustedadvisor_errors_and_warnings:
Check(
id=CHECK_NAME,
name=CHECK_NAME,
arn=CHECK_ARN,
region=AWS_REGION_US_EAST_1,
status="not_available",
)

22
tests/providers/aws/services/trustedadvisor/trustedadvisor_premium_support_plan_subscribed/trustedadvisor_premium_support_plan_subscribed_test.py
View File

@@ -17,11 +17,15 @@ class Test_trustedadvisor_premium_support_plan_subscribed:
trustedadvisor_client.premium_support = PremiumSupport(enabled=False)
trustedadvisor_client.audited_account = AWS_ACCOUNT_NUMBER
trustedadvisor_client.audited_account_arn = AWS_ACCOUNT_ARN
trustedadvisor_client.audited_partition = "aws"
trustedadvisor_client.region = AWS_REGION_US_EAST_1
# Set verify_premium_support_plans config
trustedadvisor_client.audit_config = {"verify_premium_support_plans": True}
trustedadvisor_client.account_arn_template = f"arn:{trustedadvisor_client.audited_partition}:trusted-advisor:{trustedadvisor_client.region}:{trustedadvisor_client.audited_account}:account"
trustedadvisor_client.__get_account_arn_template__ = mock.MagicMock(
return_value=trustedadvisor_client.account_arn_template
)
with mock.patch(
"prowler.providers.aws.services.trustedadvisor.trustedadvisor_service.TrustedAdvisor",
trustedadvisor_client,
@@ -40,7 +44,10 @@ class Test_trustedadvisor_premium_support_plan_subscribed:
)
assert result[0].region == AWS_REGION_US_EAST_1
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:trusted-advisor:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:account"
)
def test_premium_support_susbcribed(self):
trustedadvisor_client = mock.MagicMock
@@ -48,11 +55,15 @@ class Test_trustedadvisor_premium_support_plan_subscribed:
trustedadvisor_client.premium_support = PremiumSupport(enabled=True)
trustedadvisor_client.audited_account = AWS_ACCOUNT_NUMBER
trustedadvisor_client.audited_account_arn = AWS_ACCOUNT_ARN
trustedadvisor_client.audited_partition = "aws"
trustedadvisor_client.region = AWS_REGION_US_EAST_1
# Set verify_premium_support_plans config
trustedadvisor_client.audit_config = {"verify_premium_support_plans": True}
trustedadvisor_client.account_arn_template = f"arn:{trustedadvisor_client.audited_partition}:trusted-advisor:{trustedadvisor_client.region}:{trustedadvisor_client.audited_account}:account"
trustedadvisor_client.__get_account_arn_template__ = mock.MagicMock(
return_value=trustedadvisor_client.account_arn_template
)
with mock.patch(
"prowler.providers.aws.services.trustedadvisor.trustedadvisor_service.TrustedAdvisor",
trustedadvisor_client,
@@ -71,4 +82,7 @@ class Test_trustedadvisor_premium_support_plan_subscribed:
)
assert result[0].region == AWS_REGION_US_EAST_1
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:trusted-advisor:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:account"
)

11
tests/providers/aws/services/vpc/vpc_different_regions/vpc_different_regions_test.py
View File

@@ -4,7 +4,6 @@ from boto3 import client
from moto import mock_aws
from tests.providers.aws.audit_info_utils import (
AWS_ACCOUNT_ARN,
AWS_ACCOUNT_NUMBER,
AWS_REGION_EU_WEST_1,
AWS_REGION_US_EAST_1,
@@ -80,7 +79,10 @@ class Test_vpc_different_regions:
result[0].status_extended == "VPCs found in more than one region."
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:ec2:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:vpc"
)
assert result[0].resource_tags == []
@mock_aws
@@ -116,5 +118,8 @@ class Test_vpc_different_regions:
assert result[0].region == AWS_REGION_US_EAST_1
assert result[0].status_extended == "VPCs found only in one region."
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == AWS_ACCOUNT_ARN
assert (
result[0].resource_arn
== f"arn:aws:ec2:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:vpc"
)
assert result[0].resource_tags == []