from unittest import mock from providers.aws.services.securityhub.securityhub_service import SecurityHubHub class Test_accessanalyzer_enabled_without_findings: def test_securityhub_hub_inactive(self): securityhub_client = mock.MagicMock securityhub_client.securityhubs = [ SecurityHubHub( "", "Security Hub", "NOT_AVAILABLE", "", "eu-west-1", ) ] with mock.patch( "providers.aws.services.securityhub.securityhub_service.SecurityHub", new=securityhub_client, ): # Test Check from providers.aws.services.securityhub.securityhub_enabled.securityhub_enabled import ( securityhub_enabled, ) check = securityhub_enabled() result = check.execute() assert result[0].status == "FAIL" assert result[0].status_extended == "Security Hub is not enabled" assert result[0].resource_id == "Security Hub" def test_securityhub_hub_active(self): securityhub_client = mock.MagicMock securityhub_client.securityhubs = [ SecurityHubHub( "arn:aws:securityhub:us-east-1:0123456789012:hub/default", "default", "ACTIVE", "cis-aws-foundations-benchmark/v/1.2.0", "eu-west-1", ) ] with mock.patch( "providers.aws.services.securityhub.securityhub_service.SecurityHub", new=securityhub_client, ): # Test Check from providers.aws.services.securityhub.securityhub_enabled.securityhub_enabled import ( securityhub_enabled, ) check = securityhub_enabled() result = check.execute() assert result[0].status == "PASS" assert ( result[0].status_extended == "Security Hub is enabled with standards cis-aws-foundations-benchmark/v/1.2.0" ) assert result[0].resource_id == "default"