Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test(audit_info): refactor kms #3157

Merged
merged 1 commit into from
Dec 5, 2023
Merged

test(audit_info): refactor kms #3157

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
56 changes: 12 additions & 44 deletions tests/providers/aws/services/kms/kms_cmk_are_used/kms_cmk_are_used_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,52 +1,20 @@
from unittest import mock

from boto3 import client, session
from boto3 import client
from moto import mock_kms

from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
from prowler.providers.common.models import Audit_Metadata

AWS_REGION = "us-east-1"
AWS_ACCOUNT_NUMBER = "123456789012"
from tests.providers.aws.audit_info_utils import (
AWS_REGION_US_EAST_1,
set_mocked_aws_audit_info,
)


class Test_kms_cmk_are_used:
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=session.Session(
profile_name=None,
botocore_session=None,
),
audited_account=AWS_ACCOUNT_NUMBER,
audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root",
audited_user_id=None,
audited_partition="aws",
audited_identity_arn=None,
profile=None,
profile_region=None,
credentials=None,
assumed_role_info=None,
audited_regions=["us-east-1", "eu-west-1"],
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)

return audit_info

@mock_kms
def test_kms_no_keys(self):
from prowler.providers.aws.services.kms.kms_service import KMS

current_audit_info = self.set_mocked_audit_info()
current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1])

with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
Expand All @@ -68,13 +36,13 @@ def test_kms_no_keys(self):
@mock_kms
def test_kms_cmk_are_used(self):
# Generate KMS Client
kms_client = client("kms", region_name=AWS_REGION)
kms_client = client("kms", region_name=AWS_REGION_US_EAST_1)
# Create enabled KMS key
key = kms_client.create_key()["KeyMetadata"]

from prowler.providers.aws.services.kms.kms_service import KMS

current_audit_info = self.set_mocked_audit_info()
current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1])

with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
Expand All @@ -100,14 +68,14 @@ def test_kms_cmk_are_used(self):
@mock_kms
def test_kms_key_with_deletion(self):
# Generate KMS Client
kms_client = client("kms", region_name=AWS_REGION)
kms_client = client("kms", region_name=AWS_REGION_US_EAST_1)
# Creaty KMS key with deletion
key = kms_client.create_key()["KeyMetadata"]
kms_client.schedule_key_deletion(KeyId=key["KeyId"])

from prowler.providers.aws.services.kms.kms_service import KMS

current_audit_info = self.set_mocked_audit_info()
current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1])

with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
Expand Down Expand Up @@ -136,14 +104,14 @@ def test_kms_key_with_deletion(self):
@mock_kms
def test_kms_disabled_key(self):
# Generate KMS Client
kms_client = client("kms", region_name=AWS_REGION)
kms_client = client("kms", region_name=AWS_REGION_US_EAST_1)
# Creaty KMS key with deletion
key = kms_client.create_key()["KeyMetadata"]
kms_client.disable_key(KeyId=key["KeyId"])

from prowler.providers.aws.services.kms.kms_service import KMS

current_audit_info = self.set_mocked_audit_info()
current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1])

with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
Expand Down
52 changes: 10 additions & 42 deletions tests/providers/aws/services/kms/kms_cmk_rotation_enabled/kms_cmk_rotation_enabled_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,52 +1,20 @@
from unittest import mock

from boto3 import client, session
from boto3 import client
from moto import mock_kms

from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
from prowler.providers.common.models import Audit_Metadata

AWS_REGION = "us-east-1"
AWS_ACCOUNT_NUMBER = "123456789012"
from tests.providers.aws.audit_info_utils import (
AWS_REGION_US_EAST_1,
set_mocked_aws_audit_info,
)


class Test_kms_cmk_rotation_enabled:
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=session.Session(
profile_name=None,
botocore_session=None,
),
audited_account=AWS_ACCOUNT_NUMBER,
audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root",
audited_user_id=None,
audited_partition="aws",
audited_identity_arn=None,
profile=None,
profile_region=None,
credentials=None,
assumed_role_info=None,
audited_regions=["us-east-1", "eu-west-1"],
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)

return audit_info

@mock_kms
def test_kms_no_key(self):
from prowler.providers.aws.services.kms.kms_service import KMS

current_audit_info = self.set_mocked_audit_info()
current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1])

with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
Expand All @@ -68,14 +36,14 @@ def test_kms_no_key(self):
@mock_kms
def test_kms_cmk_rotation_enabled(self):
# Generate KMS Client
kms_client = client("kms", region_name=AWS_REGION)
kms_client = client("kms", region_name=AWS_REGION_US_EAST_1)
# Creaty KMS key with rotation
key = kms_client.create_key()["KeyMetadata"]
kms_client.enable_key_rotation(KeyId=key["KeyId"])

from prowler.providers.aws.services.kms.kms_service import KMS

current_audit_info = self.set_mocked_audit_info()
current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1])

with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
Expand Down Expand Up @@ -104,13 +72,13 @@ def test_kms_cmk_rotation_enabled(self):
@mock_kms
def test_kms_cmk_rotation_disabled(self):
# Generate KMS Client
kms_client = client("kms", region_name=AWS_REGION)
kms_client = client("kms", region_name=AWS_REGION_US_EAST_1)
# Creaty KMS key without rotation
key = kms_client.create_key()["KeyMetadata"]

from prowler.providers.aws.services.kms.kms_service import KMS

current_audit_info = self.set_mocked_audit_info()
current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1])

with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
Expand Down
56 changes: 12 additions & 44 deletions .../aws/services/kms/kms_key_not_publicly_accessible/kms_key_not_publicly_accessible_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,53 +1,21 @@
import json
from unittest import mock

from boto3 import client, session
from boto3 import client
from moto import mock_kms

from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
from prowler.providers.common.models import Audit_Metadata

AWS_REGION = "us-east-1"
AWS_ACCOUNT_NUMBER = "123456789012"
from tests.providers.aws.audit_info_utils import (
AWS_REGION_US_EAST_1,
set_mocked_aws_audit_info,
)


class Test_kms_key_not_publicly_accessible:
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=session.Session(
profile_name=None,
botocore_session=None,
),
audited_account=AWS_ACCOUNT_NUMBER,
audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root",
audited_user_id=None,
audited_partition="aws",
audited_identity_arn=None,
profile=None,
profile_region=None,
credentials=None,
assumed_role_info=None,
audited_regions=["us-east-1", "eu-west-1"],
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)

return audit_info

@mock_kms
def test_no_kms_keys(self):
from prowler.providers.aws.services.kms.kms_service import KMS

current_audit_info = self.set_mocked_audit_info()
current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1])

with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
Expand All @@ -69,13 +37,13 @@ def test_no_kms_keys(self):
@mock_kms
def test_kms_key_not_publicly_accessible(self):
# Generate KMS Client
kms_client = client("kms", region_name=AWS_REGION)
kms_client = client("kms", region_name=AWS_REGION_US_EAST_1)
# Creaty KMS key without policy
key = kms_client.create_key()["KeyMetadata"]

from prowler.providers.aws.services.kms.kms_service import KMS

current_audit_info = self.set_mocked_audit_info()
current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1])

with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
Expand Down Expand Up @@ -104,7 +72,7 @@ def test_kms_key_not_publicly_accessible(self):
@mock_kms
def test_kms_key_public_accessible(self):
# Generate KMS Client
kms_client = client("kms", region_name=AWS_REGION)
kms_client = client("kms", region_name=AWS_REGION_US_EAST_1)
# Creaty KMS key with public policy
key = kms_client.create_key(
Policy=json.dumps(
Expand All @@ -126,7 +94,7 @@ def test_kms_key_public_accessible(self):

from prowler.providers.aws.services.kms.kms_service import KMS

current_audit_info = self.set_mocked_audit_info()
current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1])

with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
Expand Down Expand Up @@ -155,7 +123,7 @@ def test_kms_key_public_accessible(self):
@mock_kms
def test_kms_key_empty_principal(self):
# Generate KMS Client
kms_client = client("kms", region_name=AWS_REGION)
kms_client = client("kms", region_name=AWS_REGION_US_EAST_1)
# Creaty KMS key with public policy
key = kms_client.create_key(
Policy=json.dumps(
Expand All @@ -176,7 +144,7 @@ def test_kms_key_empty_principal(self):

from prowler.providers.aws.services.kms.kms_service import KMS

current_audit_info = self.set_mocked_audit_info()
current_audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1])

with mock.patch(
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
Expand Down