fix tests

prowler-cloud · Mar 5, 2024 · 68924b3 · 68924b3
1 parent ac12434
commit 68924b3
Show file tree

Hide file tree

Showing 17 changed files with 138 additions and 5 deletions.
diff --git a/tests/providers/aws/services/backup/backup_plans_exist/backup_plans_exist_test.py b/tests/providers/aws/services/backup/backup_plans_exist/backup_plans_exist_test.py
@@ -16,6 +16,9 @@ def test_no_backup_plans(self):
         backup_client.audited_partition = "aws"
         backup_client.region = AWS_REGION
         backup_client.backup_plan_arn_template = f"arn:{backup_client.audited_partition}:backup:{backup_client.region}:{backup_client.audited_account}:backup-plan"
+        backup_client.__get_backup_plan_arn_template__ = mock.MagicMock(
+            return_value=backup_client.backup_plan_arn_template
+        )
         backup_client.backup_plans = []
         backup_client.backup_vaults = ["vault"]
         with mock.patch(

diff --git a/...s/providers/aws/services/backup/backup_reportplans_exist/backup_reportplans_exist_test.py b/...s/providers/aws/services/backup/backup_reportplans_exist/backup_reportplans_exist_test.py
@@ -37,6 +37,9 @@ def test_no_backup_report_plans(self):
         backup_client.region = AWS_REGION
         backup_client.audited_partition = "aws"
         backup_client.report_plan_arn_template = f"arn:{backup_client.audited_partition}:backup:{backup_client.region}:{backup_client.audited_account}:report-plan"
+        backup_client.__get_report_plan_arn_template__ = mock.MagicMock(
+            return_value=backup_client.report_plan_arn_template
+        )
         backup_plan_id = str(uuid4()).upper()
         backup_plan_arn = (
             f"arn:aws:backup:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:plan:{backup_plan_id}"
@@ -82,6 +85,9 @@ def test_one_backup_report_plan(self):
         backup_client.region = AWS_REGION
         backup_client.audited_partition = "aws"
         backup_client.report_plan_arn_template = f"arn:{backup_client.audited_partition}:backup:{backup_client.region}:{backup_client.audited_account}:report-plan"
+        backup_client.__get_report_plan_arn_template__ = mock.MagicMock(
+            return_value=backup_client.report_plan_arn_template
+        )
         backup_plan_id = str(uuid4()).upper()
         backup_plan_arn = (
             f"arn:aws:backup:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:plan:{backup_plan_id}"

diff --git a/tests/providers/aws/services/backup/backup_vaults_exist/backup_vaults_exist_test.py b/tests/providers/aws/services/backup/backup_vaults_exist/backup_vaults_exist_test.py
@@ -14,6 +14,9 @@ def test_no_backup_vaults(self):
         backup_client.region = AWS_REGION
         backup_client.audited_partition = "aws"
         backup_client.backup_vault_arn_template = f"arn:{backup_client.audited_partition}:backup:{backup_client.region}:{backup_client.audited_account}:backup-vault"
+        backup_client.__get_backup_vault_arn_template__ = mock.MagicMock(
+            return_value=backup_client.backup_vault_arn_template
+        )
         backup_client.backup_vaults = []
         with mock.patch(
             "prowler.providers.aws.services.backup.backup_service.Backup",
@@ -44,6 +47,9 @@ def test_one_backup_vault(self):
         backup_client.region = AWS_REGION
         backup_client.audited_partition = "aws"
         backup_client.backup_vault_arn_template = f"arn:{backup_client.audited_partition}:backup:{backup_client.region}:{backup_client.audited_account}:backup-vault"
+        backup_client.__get_backup_vault_arn_template__ = mock.MagicMock(
+            return_value=backup_client.backup_vault_arn_template
+        )
         backup_vault_arn = f"arn:aws:backup:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:backup-vault:MyBackupVault"
         backup_client.backup_vaults = [
             BackupVault(

diff --git a/...rvices/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled_test.py b/...rvices/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled_test.py
@@ -61,7 +61,7 @@ def test_no_trails(self):
                         assert report.resource_id == AWS_ACCOUNT_NUMBER
                         assert (
                             report.resource_arn
-                            == f"arn:aws:cloudtrail:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:trail"
+                            == f"arn:aws:cloudtrail:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:trail"
                         )
                         assert report.resource_tags == []
 
@@ -137,7 +137,7 @@ def test_various_trails_no_logging(self):
                         assert report.resource_id == AWS_ACCOUNT_NUMBER
                         assert (
                             report.resource_arn
-                            == f"arn:aws:cloudtrail:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:trail"
+                            == f"arn:aws:cloudtrail:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:trail"
                         )
                         assert report.resource_tags == []
 
@@ -213,7 +213,7 @@ def test_various_trails_with_and_without_logging(self):
                         assert report.resource_id == AWS_ACCOUNT_NUMBER
                         assert (
                             report.resource_arn
-                            == f"arn:aws:cloudtrail:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:trail"
+                            == f"arn:aws:cloudtrail:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:trail"
                         )
                         assert report.resource_tags == []
                         assert report.region == AWS_REGION_EU_WEST_1

diff --git a/...es/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled_test.py b/...es/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled_test.py
@@ -49,6 +49,16 @@ def test_config_no_recorders(self):
                 == f"arn:aws:config:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:recorder"
             )
             assert result[0].resource_id == AWS_ACCOUNT_NUMBER
+            assert result[1].status == "FAIL"
+            assert (
+                result[1].status_extended
+                == f"AWS Config recorder {AWS_ACCOUNT_NUMBER} is disabled."
+            )
+            assert (
+                result[1].resource_arn
+                == f"arn:aws:config:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:recorder"
+            )
+            assert result[1].resource_id == AWS_ACCOUNT_NUMBER
 
     @mock_aws
     def test_config_one_recoder_disabled(self):
@@ -181,7 +191,7 @@ def test_config_one_recorder_disabled_allowlisted(self):
                     assert recorder.resource_id == AWS_ACCOUNT_NUMBER
                     assert (
                         recorder.resource_arn
-                        == f"arn:aws:config:{AWS_REGION_EU_SOUTH_2}:{AWS_ACCOUNT_NUMBER}:recorder"
+                        == f"arn:aws:config:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:recorder"
                     )
                     assert recorder.region == AWS_REGION_US_EAST_1
                 else:

diff --git a/...dlm_ebs_snapshot_lifecycle_policy_exists/dlm_ebs_snapshot_lifecycle_policy_exists_test.py b/...dlm_ebs_snapshot_lifecycle_policy_exists/dlm_ebs_snapshot_lifecycle_policy_exists_test.py
@@ -88,6 +88,9 @@ def test_one_ebs_snapshot_and_dlm_lifecycle_policy(self):
             }
         }
         dlm_client.lifecycle_policy_arn_template = f"arn:{dlm_client.audited_partition}:dlm:{dlm_client.region}:{dlm_client.audited_account}:policy"
+        dlm_client.__get_lifecycle_policy_arn_template__ = mock.MagicMock(
+            return_value=dlm_client.lifecycle_policy_arn_template
+        )
         audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1])
 
         from prowler.providers.aws.services.ec2.ec2_service import EC2

diff --git a/tests/providers/aws/services/drs/drs_job_exist/drs_job_exist_test.py b/tests/providers/aws/services/drs/drs_job_exist/drs_job_exist_test.py
@@ -31,6 +31,9 @@ def test_drs_job_exist(self):
             )
         ]
         drs_client.recovery_job_arn_template = f"arn:{drs_client.audited_partition}:drs:{drs_client.region}:{drs_client.audited_account}:recovery-job"
+        drs_client.__get_recovery_job_arn_template__ = mock.MagicMock(
+            return_value=drs_client.recovery_job_arn_template
+        )
         with mock.patch(
             "prowler.providers.aws.services.drs.drs_service.DRS",
             new=drs_client,
@@ -71,6 +74,9 @@ def test_drs_no_jobs(self):
             )
         ]
         drs_client.recovery_job_arn_template = f"arn:{drs_client.audited_partition}:drs:{drs_client.region}:{drs_client.audited_account}:recovery-job"
+        drs_client.__get_recovery_job_arn_template__ = mock.MagicMock(
+            return_value=drs_client.recovery_job_arn_template
+        )
         with mock.patch(
             "prowler.providers.aws.services.drs.drs_service.DRS",
             new=drs_client,
@@ -112,6 +118,9 @@ def test_drs_disabled(self):
             )
         ]
         drs_client.recovery_job_arn_template = f"arn:{drs_client.audited_partition}:drs:{drs_client.region}:{drs_client.audited_account}:recovery-job"
+        drs_client.__get_recovery_job_arn_template__ = mock.MagicMock(
+            return_value=drs_client.recovery_job_arn_template
+        )
         with mock.patch(
             "prowler.providers.aws.services.drs.drs_service.DRS",
             new=drs_client,
@@ -151,6 +160,9 @@ def test_drs_disabled_allowlisted(self):
             )
         ]
         drs_client.recovery_job_arn_template = f"arn:{drs_client.audited_partition}:drs:{drs_client.region}:{drs_client.audited_account}:recovery-job"
+        drs_client.__get_recovery_job_arn_template__ = mock.MagicMock(
+            return_value=drs_client.recovery_job_arn_template
+        )
         with mock.patch(
             "prowler.providers.aws.services.drs.drs_service.DRS",
             new=drs_client,

diff --git a/.../providers/aws/services/ec2/ec2_ebs_default_encryption/ec2_ebs_default_encryption_test.py b/.../providers/aws/services/ec2/ec2_ebs_default_encryption/ec2_ebs_default_encryption_test.py
@@ -89,6 +89,15 @@ def test_ec2_ebs_encryption_disabled(self):
                 result[0].resource_arn
                 == f"arn:aws:ec2:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:volume"
             )
+            assert result[1].status == "FAIL"
+            assert (
+                result[1].status_extended == "EBS Default Encryption is not activated."
+            )
+            assert result[1].resource_id == AWS_ACCOUNT_NUMBER
+            assert (
+                result[1].resource_arn
+                == f"arn:aws:ec2:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:volume"
+            )
 
     @mock_aws
     def test_ec2_ebs_encryption_disabled_ignored(self):
@@ -154,5 +163,5 @@ def test_ec2_ebs_encryption_disabled_ignoring_with_volumes(self):
             assert result[0].resource_id == AWS_ACCOUNT_NUMBER
             assert (
                 result[0].resource_arn
-                == f"arn:aws:ec2:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:volume"
+                == f"arn:aws:ec2:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:volume"
             )
diff --git a/...emr_cluster_account_public_block_enabled/emr_cluster_account_public_block_enabled_test.py b/...emr_cluster_account_public_block_enabled/emr_cluster_account_public_block_enabled_test.py
@@ -21,6 +21,9 @@ def test_account_public_block_enabled(self):
         emr_client.region = AWS_REGION_EU_WEST_1
         emr_client.audited_partition = "aws"
         emr_client.cluster_arn_template = f"arn:{emr_client.audited_partition}:elasticmapreduce:{emr_client.region}:{emr_client.audited_account}:cluster"
+        emr_client.__get_cluster_arn_template__ = mock.MagicMock(
+            return_value=emr_client.cluster_arn_template
+        )
         with mock.patch(
             "prowler.providers.aws.services.emr.emr_service.EMR",
             new=emr_client,
@@ -53,6 +56,9 @@ def test_account_public_block_disabled(self):
         emr_client.region = AWS_REGION_EU_WEST_1
         emr_client.audited_partition = "aws"
         emr_client.cluster_arn_template = f"arn:{emr_client.audited_partition}:elasticmapreduce:{emr_client.region}:{emr_client.audited_account}:cluster"
+        emr_client.__get_cluster_arn_template__ = mock.MagicMock(
+            return_value=emr_client.cluster_arn_template
+        )
         with mock.patch(
             "prowler.providers.aws.services.emr.emr_service.EMR",
             new=emr_client,

diff --git a/tests/providers/aws/services/fms/fms_policy_compliant/fms_policy_compliant_test.py b/tests/providers/aws/services/fms/fms_policy_compliant/fms_policy_compliant_test.py
@@ -55,6 +55,9 @@ def test_fms_admin_with_non_compliant_policies(self):
             )
         ]
         fms_client.policy_arn_template = f"arn:{fms_client.audited_partition}:fms:{fms_client.region}:{fms_client.audited_account}:policy"
+        fms_client.__get_policy_arn_template__ = mock.MagicMock(
+            return_value=fms_client.policy_arn_template
+        )
         with mock.patch(
             "prowler.providers.aws.services.fms.fms_service.FMS",
             new=fms_client,
@@ -106,6 +109,9 @@ def test_fms_admin_with_compliant_policies(self):
             )
         ]
         fms_client.policy_arn_template = f"arn:{fms_client.audited_partition}:fms:{fms_client.region}:{fms_client.audited_account}:policy"
+        fms_client.__get_policy_arn_template__ = mock.MagicMock(
+            return_value=fms_client.policy_arn_template
+        )
         with mock.patch(
             "prowler.providers.aws.services.fms.fms_service.FMS",
             new=fms_client,
@@ -161,6 +167,9 @@ def test_fms_admin_with_non_and_compliant_policies(self):
             )
         ]
         fms_client.policy_arn_template = f"arn:{fms_client.audited_partition}:fms:{fms_client.region}:{fms_client.audited_account}:policy"
+        fms_client.__get_policy_arn_template__ = mock.MagicMock(
+            return_value=fms_client.policy_arn_template
+        )
         with mock.patch(
             "prowler.providers.aws.services.fms.fms_service.FMS",
             new=fms_client,
@@ -195,6 +204,9 @@ def test_fms_admin_without_policies(self):
         fms_client.fms_admin_account = True
         fms_client.fms_policies = []
         fms_client.policy_arn_template = f"arn:{fms_client.audited_partition}:fms:{fms_client.region}:{fms_client.audited_account}:policy"
+        fms_client.__get_policy_arn_template__ = mock.MagicMock(
+            return_value=fms_client.policy_arn_template
+        )
         with mock.patch(
             "prowler.providers.aws.services.fms.fms_service.FMS",
             new=fms_client,
@@ -246,6 +258,9 @@ def test_fms_admin_with_policy_with_null_status(self):
             )
         ]
         fms_client.policy_arn_template = f"arn:{fms_client.audited_partition}:fms:{fms_client.region}:{fms_client.audited_account}:policy"
+        fms_client.__get_policy_arn_template__ = mock.MagicMock(
+            return_value=fms_client.policy_arn_template
+        )
         with mock.patch(
             "prowler.providers.aws.services.fms.fms_service.FMS",
             new=fms_client,

diff --git a/...rds_encryption_enabled/glue_data_catalogs_connection_passwords_encryption_enabled_test.py b/...rds_encryption_enabled/glue_data_catalogs_connection_passwords_encryption_enabled_test.py
@@ -44,6 +44,9 @@ def test_glue_catalog_password_unencrypted(self):
         glue_client.audited_partition = "aws"
         glue_client.region = AWS_REGION_US_EAST_1
         glue_client.data_catalog_arn_template = f"arn:{glue_client.audited_partition}:glue:{glue_client.region}:{glue_client.audited_account}:data-catalog"
+        glue_client.__get_data_catalog_arn_template__ = mock.MagicMock(
+            return_value=glue_client.data_catalog_arn_template
+        )
         with mock.patch(
             "prowler.providers.aws.services.glue.glue_service.Glue",
             glue_client,
@@ -82,6 +85,9 @@ def test_glue_catalog_password_unencrypted_ignoring(self):
         glue_client.audited_partition = "aws"
         glue_client.region = AWS_REGION_US_EAST_1
         glue_client.data_catalog_arn_template = f"arn:{glue_client.audited_partition}:glue:{glue_client.region}:{glue_client.audited_account}:data-catalog"
+        glue_client.__get_data_catalog_arn_template__ = mock.MagicMock(
+            return_value=glue_client.data_catalog_arn_template
+        )
         glue_client.audit_info.ignore_unused_services = True
         with mock.patch(
             "prowler.providers.aws.services.glue.glue_service.Glue",
@@ -114,6 +120,9 @@ def test_glue_catalog_password_unencrypted_ignoring_with_tables(self):
         glue_client.audited_partition = "aws"
         glue_client.region = AWS_REGION_US_EAST_1
         glue_client.data_catalog_arn_template = f"arn:{glue_client.audited_partition}:glue:{glue_client.region}:{glue_client.audited_account}:data-catalog"
+        glue_client.__get_data_catalog_arn_template__ = mock.MagicMock(
+            return_value=glue_client.data_catalog_arn_template
+        )
         glue_client.audit_info.ignore_unused_services = True
         with mock.patch(
             "prowler.providers.aws.services.glue.glue_service.Glue",

diff --git a/...talogs_metadata_encryption_enabled/glue_data_catalogs_metadata_encryption_enabled_test.py b/...talogs_metadata_encryption_enabled/glue_data_catalogs_metadata_encryption_enabled_test.py
@@ -45,6 +45,9 @@ def test_glue_catalog_unencrypted(self):
         glue_client.audited_partition = "aws"
         glue_client.region = AWS_REGION_US_EAST_1
         glue_client.data_catalog_arn_template = f"arn:{glue_client.audited_partition}:glue:{glue_client.region}:{glue_client.audited_account}:data-catalog"
+        glue_client.__get_data_catalog_arn_template__ = mock.MagicMock(
+            return_value=glue_client.data_catalog_arn_template
+        )
         with mock.patch(
             "prowler.providers.aws.services.glue.glue_service.Glue",
             glue_client,
@@ -84,6 +87,9 @@ def test_glue_catalog_unencrypted_ignoring(self):
         glue_client.audited_partition = "aws"
         glue_client.region = AWS_REGION_US_EAST_1
         glue_client.data_catalog_arn_template = f"arn:{glue_client.audited_partition}:glue:{glue_client.region}:{glue_client.audited_account}:data-catalog"
+        glue_client.__get_data_catalog_arn_template__ = mock.MagicMock(
+            return_value=glue_client.data_catalog_arn_template
+        )
         with mock.patch(
             "prowler.providers.aws.services.glue.glue_service.Glue",
             glue_client,
@@ -116,6 +122,9 @@ def test_glue_catalog_unencrypted_ignoring_with_tables(self):
         glue_client.audited_partition = "aws"
         glue_client.region = AWS_REGION_US_EAST_1
         glue_client.data_catalog_arn_template = f"arn:{glue_client.audited_partition}:glue:{glue_client.region}:{glue_client.audited_account}:data-catalog"
+        glue_client.__get_data_catalog_arn_template__ = mock.MagicMock(
+            return_value=glue_client.data_catalog_arn_template
+        )
         with mock.patch(
             "prowler.providers.aws.services.glue.glue_service.Glue",
             glue_client,
@@ -154,6 +163,9 @@ def test_glue_catalog_encrypted(self):
         glue_client.audited_partition = "aws"
         glue_client.region = AWS_REGION_US_EAST_1
         glue_client.data_catalog_arn_template = f"arn:{glue_client.audited_partition}:glue:{glue_client.region}:{glue_client.audited_account}:data-catalog"
+        glue_client.__get_data_catalog_arn_template__ = mock.MagicMock(
+            return_value=glue_client.data_catalog_arn_template
+        )
         with mock.patch(
             "prowler.providers.aws.services.glue.glue_service.Glue",
             glue_client,

diff --git a/tests/providers/aws/services/macie/macie_is_enabled/macie_is_enabled_test.py b/tests/providers/aws/services/macie/macie_is_enabled/macie_is_enabled_test.py
@@ -32,6 +32,9 @@ def test_macie_disabled(self):
             )
         ]
         macie_client.session_arn_template = f"arn:{macie_client.audited_partition}:macie:{macie_client.region}:{macie_client.audited_account}:session"
+        macie_client.__get_session_arn_template__ = mock.MagicMock(
+            return_value=macie_client.session_arn_template
+        )
         current_audit_info = set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1])
 
         with mock.patch(
@@ -81,6 +84,9 @@ def test_macie_enabled(self):
             )
         ]
         macie_client.session_arn_template = f"arn:{macie_client.audited_partition}:macie:{macie_client.region}:{macie_client.audited_account}:session"
+        macie_client.__get_session_arn_template__ = mock.MagicMock(
+            return_value=macie_client.session_arn_template
+        )
         current_audit_info = set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1])
 
         with mock.patch(
@@ -124,6 +130,9 @@ def test_macie_suspended_ignored(self):
         macie_client.audited_partition = "aws"
         macie_client.region = AWS_REGION_EU_WEST_1
         macie_client.session_arn_template = f"arn:{macie_client.audited_partition}:macie:{macie_client.region}:{macie_client.audited_account}:session"
+        macie_client.__get_session_arn_template__ = mock.MagicMock(
+            return_value=macie_client.session_arn_template
+        )
         macie_client.sessions = [
             Session(
                 status="PAUSED",
@@ -180,6 +189,9 @@ def test_macie_suspended_ignored_with_buckets(self):
             )
         ]
         macie_client.session_arn_template = f"arn:{macie_client.audited_partition}:macie:{macie_client.region}:{macie_client.audited_account}:session"
+        macie_client.__get_session_arn_template__ = mock.MagicMock(
+            return_value=macie_client.session_arn_template
+        )
         macie_client.audit_info.ignore_unused_services = True
         current_audit_info = set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1])
 
@@ -231,6 +243,9 @@ def test_macie_suspended(self):
         ]
         current_audit_info = set_mocked_aws_audit_info([AWS_REGION_EU_WEST_1])
         macie_client.session_arn_template = f"arn:{macie_client.audited_partition}:macie:{macie_client.region}:{macie_client.audited_account}:session"
+        macie_client.__get_session_arn_template__ = mock.MagicMock(
+            return_value=macie_client.session_arn_template
+        )
         with mock.patch(
             "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
             new=current_audit_info,