refactor(efs): Adjust old checks to filesystem change to dict. Change…

… efs_encryption_at_rest_enabled tests to use moto instead of magicMock
prowler-cloud · Oct 2, 2024 · c4865b9 · c4865b9
1 parent 228ee8b
commit c4865b9
Show file tree

Hide file tree

Showing 6 changed files with 132 additions and 126 deletions.
diff --git a/...oviders/aws/services/efs/efs_encryption_at_rest_enabled/efs_encryption_at_rest_enabled.py b/...oviders/aws/services/efs/efs_encryption_at_rest_enabled/efs_encryption_at_rest_enabled.py
@@ -5,7 +5,7 @@
 class efs_encryption_at_rest_enabled(Check):
     def execute(self):
         findings = []
-        for fs in efs_client.filesystems:
+        for fs in efs_client.filesystems.values():
             report = Check_Report_AWS(self.metadata())
             report.region = fs.region
             report.resource_id = fs.id

diff --git a/prowler/providers/aws/services/efs/efs_have_backup_enabled/efs_have_backup_enabled.py b/prowler/providers/aws/services/efs/efs_have_backup_enabled/efs_have_backup_enabled.py
@@ -5,7 +5,7 @@
 class efs_have_backup_enabled(Check):
     def execute(self):
         findings = []
-        for fs in efs_client.filesystems:
+        for fs in efs_client.filesystems.values():
             report = Check_Report_AWS(self.metadata())
             report.region = fs.region
             report.resource_id = fs.id

diff --git a/...ler/providers/aws/services/efs/efs_not_publicly_accessible/efs_not_publicly_accessible.py b/...ler/providers/aws/services/efs/efs_not_publicly_accessible/efs_not_publicly_accessible.py
@@ -6,7 +6,7 @@
 class efs_not_publicly_accessible(Check):
     def execute(self):
         findings = []
-        for fs in efs_client.filesystems:
+        for fs in efs_client.filesystems.values():
             report = Check_Report_AWS(self.metadata())
             report.region = fs.region
             report.resource_id = fs.id

diff --git a/...rs/aws/services/efs/efs_encryption_at_rest_enabled/efs_encryption_at_rest_enabled_test.py b/...rs/aws/services/efs/efs_encryption_at_rest_enabled/efs_encryption_at_rest_enabled_test.py
@@ -1,34 +1,37 @@
-from re import search
 from unittest import mock
 
-from prowler.providers.aws.services.efs.efs_service import FileSystem
+from boto3 import client
+from moto import mock_aws
 
-# Mock Test Region
-AWS_REGION = "eu-west-1"
-AWS_ACCOUNT_NUMBER = "123456789012"
+from tests.providers.aws.utils import (
+    AWS_ACCOUNT_NUMBER,
+    AWS_REGION_US_EAST_1,
+    set_mocked_aws_provider,
+)
 
-file_system_id = "fs-c7a0456e"
-
-backup_valid_policy_status = "ENABLED"
+CREATION_TOKEN = "fs-123"
 
 
 class Test_efs_encryption_at_rest_enabled:
+    @mock_aws
     def test_efs_encryption_enabled(self):
-        efs_client = mock.MagicMock
-        efs_arn = f"arn:aws:elasticfilesystem:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:file-system/{file_system_id}"
-        efs_client.filesystems = [
-            FileSystem(
-                id=file_system_id,
-                arn=efs_arn,
-                region=AWS_REGION,
-                policy=None,
-                backup_policy=backup_valid_policy_status,
-                encrypted=True,
-            )
-        ]
+        efs_client = client("efs", region_name=AWS_REGION_US_EAST_1)
+        filesystem = efs_client.create_file_system(
+            CreationToken=CREATION_TOKEN, Encrypted=True
+        )
+
+        efs_arn = f"arn:aws:elasticfilesystem:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:file-system/{filesystem['FileSystemId']}"
+
+        from prowler.providers.aws.services.efs.efs_service import EFS
+
+        aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
+
         with mock.patch(
-            "prowler.providers.aws.services.efs.efs_service.EFS",
-            efs_client,
+            "prowler.providers.common.provider.Provider.get_global_provider",
+            return_value=aws_provider,
+        ), mock.patch(
+            "prowler.providers.aws.services.efs.efs_encryption_at_rest_enabled.efs_encryption_at_rest_enabled.efs_client",
+            new=EFS(aws_provider),
         ):
             from prowler.providers.aws.services.efs.efs_encryption_at_rest_enabled.efs_encryption_at_rest_enabled import (
                 efs_encryption_at_rest_enabled,
@@ -38,26 +41,33 @@ def test_efs_encryption_enabled(self):
             result = check.execute()
             assert len(result) == 1
             assert result[0].status == "PASS"
-            assert search("has encryption at rest enabled", result[0].status_extended)
-            assert result[0].resource_id == file_system_id
+            assert result[0].region == AWS_REGION_US_EAST_1
+            assert (
+                result[0].status_extended
+                == f"EFS {filesystem['FileSystemId']} has encryption at rest enabled."
+            )
+            assert result[0].resource_id == filesystem["FileSystemId"]
             assert result[0].resource_arn == efs_arn
 
+    @mock_aws
     def test_efs_encryption_disabled(self):
-        efs_client = mock.MagicMock
-        efs_arn = f"arn:aws:elasticfilesystem:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:file-system/{file_system_id}"
-        efs_client.filesystems = [
-            FileSystem(
-                id=file_system_id,
-                arn=efs_arn,
-                region=AWS_REGION,
-                policy=None,
-                backup_policy=backup_valid_policy_status,
-                encrypted=False,
-            )
-        ]
+        efs_client = client("efs", region_name=AWS_REGION_US_EAST_1)
+        filesystem = efs_client.create_file_system(
+            CreationToken=CREATION_TOKEN, Encrypted=False
+        )
+
+        efs_arn = f"arn:aws:elasticfilesystem:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:file-system/{filesystem['FileSystemId']}"
+
+        from prowler.providers.aws.services.efs.efs_service import EFS
+
+        aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
+
         with mock.patch(
-            "prowler.providers.aws.services.efs.efs_service.EFS",
-            efs_client,
+            "prowler.providers.common.provider.Provider.get_global_provider",
+            return_value=aws_provider,
+        ), mock.patch(
+            "prowler.providers.aws.services.efs.efs_encryption_at_rest_enabled.efs_encryption_at_rest_enabled.efs_client",
+            new=EFS(aws_provider),
         ):
             from prowler.providers.aws.services.efs.efs_encryption_at_rest_enabled.efs_encryption_at_rest_enabled import (
                 efs_encryption_at_rest_enabled,
@@ -67,8 +77,10 @@ def test_efs_encryption_disabled(self):
             result = check.execute()
             assert len(result) == 1
             assert result[0].status == "FAIL"
-            assert search(
-                "does not have encryption at rest enabled", result[0].status_extended
+            assert result[0].region == AWS_REGION_US_EAST_1
+            assert (
+                result[0].status_extended
+                == f"EFS {filesystem['FileSystemId']} does not have encryption at rest enabled."
             )
-            assert result[0].resource_id == file_system_id
+            assert result[0].resource_id == filesystem["FileSystemId"]
             assert result[0].resource_arn == efs_arn
diff --git a/tests/providers/aws/services/efs/efs_have_backup_enabled/efs_have_backup_enabled_test.py b/tests/providers/aws/services/efs/efs_have_backup_enabled/efs_have_backup_enabled_test.py
@@ -17,17 +17,16 @@
 class Test_efs_have_backup_enabled:
     def test_efs_valid_backup_policy(self):
         efs_client = mock.MagicMock
+        efs_client.filesystems = {}
         efs_arn = f"arn:aws:elasticfilesystem:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:file-system/{file_system_id}"
-        efs_client.filesystems = [
-            FileSystem(
-                id=file_system_id,
-                arn=efs_arn,
-                region=AWS_REGION,
-                policy=None,
-                backup_policy=backup_valid_policy_status,
-                encrypted=True,
-            )
-        ]
+        efs_client.filesystems[efs_arn] = FileSystem(
+            id=file_system_id,
+            arn=efs_arn,
+            region=AWS_REGION,
+            policy=None,
+            backup_policy=backup_valid_policy_status,
+            encrypted=True,
+        )
         with mock.patch(
             "prowler.providers.aws.services.efs.efs_service.EFS",
             efs_client,
@@ -46,17 +45,16 @@ def test_efs_valid_backup_policy(self):
 
     def test_efs_invalid_policy_backup_1(self):
         efs_client = mock.MagicMock
+        efs_client.filesystems = {}
         efs_arn = f"arn:aws:elasticfilesystem:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:file-system/{file_system_id}"
-        efs_client.filesystems = [
-            FileSystem(
-                id=file_system_id,
-                arn=efs_arn,
-                region=AWS_REGION,
-                policy=None,
-                backup_policy=backup_valid_invalid_policy_status_1,
-                encrypted=True,
-            )
-        ]
+        efs_client.filesystems[efs_arn] = FileSystem(
+            id=file_system_id,
+            arn=efs_arn,
+            region=AWS_REGION,
+            policy=None,
+            backup_policy=backup_valid_invalid_policy_status_1,
+            encrypted=True,
+        )
         with mock.patch(
             "prowler.providers.aws.services.efs.efs_service.EFS",
             efs_client,
@@ -75,17 +73,16 @@ def test_efs_invalid_policy_backup_1(self):
 
     def test_efs_invalid_policy_backup_2(self):
         efs_client = mock.MagicMock
+        efs_client.filesystems = {}
         efs_arn = f"arn:aws:elasticfilesystem:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:file-system/{file_system_id}"
-        efs_client.filesystems = [
-            FileSystem(
-                id=file_system_id,
-                arn=efs_arn,
-                region=AWS_REGION,
-                policy=None,
-                backup_policy=backup_valid_invalid_policy_status_2,
-                encrypted=True,
-            )
-        ]
+        efs_client.filesystems[efs_arn] = FileSystem(
+            id=file_system_id,
+            arn=efs_arn,
+            region=AWS_REGION,
+            policy=None,
+            backup_policy=backup_valid_invalid_policy_status_2,
+            encrypted=True,
+        )
         with mock.patch(
             "prowler.providers.aws.services.efs.efs_service.EFS",
             efs_client,

diff --git a/...roviders/aws/services/efs/efs_not_publicly_accessible/efs_not_publicly_accessible_test.py b/...roviders/aws/services/efs/efs_not_publicly_accessible/efs_not_publicly_accessible_test.py
@@ -77,17 +77,16 @@
 class Test_efs_not_publicly_accessible:
     def test_efs_valid_policy(self):
         efs_client = mock.MagicMock
+        efs_client.filesystems = {}
         efs_arn = f"arn:aws:elasticfilesystem:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:file-system/{file_system_id}"
-        efs_client.filesystems = [
-            FileSystem(
-                id=file_system_id,
-                arn=efs_arn,
-                region=AWS_REGION,
-                policy=filesystem_policy,
-                backup_policy=None,
-                encrypted=True,
-            )
-        ]
+        efs_client.filesystems[efs_arn] = FileSystem(
+            id=file_system_id,
+            arn=efs_arn,
+            region=AWS_REGION,
+            policy=filesystem_policy,
+            backup_policy=None,
+            encrypted=True,
+        )
         with mock.patch(
             "prowler.providers.aws.services.efs.efs_service.EFS",
             efs_client,
@@ -111,20 +110,22 @@ def test_efs_valid_policy(self):
 
     def test_efs_valid_policy_with_mount_target_condition(self):
         efs_client = mock.MagicMock
+        efs_client.filesystems = {}
         efs_arn = f"arn:aws:elasticfilesystem:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:file-system/{file_system_id}"
-        efs_client.filesystems = [
-            FileSystem(
-                id=file_system_id,
-                arn=efs_arn,
-                region=AWS_REGION,
-                policy=filesystem_policy_with_mount_target_condition,
-                backup_policy=None,
-                encrypted=True,
-            )
-        ]
+        efs_client.filesystems[efs_arn] = FileSystem(
+            id=file_system_id,
+            arn=efs_arn,
+            region=AWS_REGION,
+            policy=filesystem_policy_with_mount_target_condition,
+            backup_policy=None,
+            encrypted=True,
+        )
         with mock.patch(
             "prowler.providers.aws.services.efs.efs_service.EFS",
-            efs_client,
+            new=efs_client,
+        ), mock.patch(
+            "prowler.providers.aws.services.efs.efs_client.efs_client",
+            new=efs_client,
         ):
             from prowler.providers.aws.services.efs.efs_not_publicly_accessible.efs_not_publicly_accessible import (
                 efs_not_publicly_accessible,
@@ -145,17 +146,16 @@ def test_efs_valid_policy_with_mount_target_condition(self):
 
     def test_efs_valid_policy_with_source_arn_condition(self):
         efs_client = mock.MagicMock
+        efs_client.filesystems = {}
         efs_arn = f"arn:aws:elasticfilesystem:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:file-system/{file_system_id}"
-        efs_client.filesystems = [
-            FileSystem(
-                id=file_system_id,
-                arn=efs_arn,
-                region=AWS_REGION,
-                policy=filesystem_policy_with_source_arn_condition,
-                backup_policy=None,
-                encrypted=True,
-            )
-        ]
+        efs_client.filesystems[efs_arn] = FileSystem(
+            id=file_system_id,
+            arn=efs_arn,
+            region=AWS_REGION,
+            policy=filesystem_policy_with_source_arn_condition,
+            backup_policy=None,
+            encrypted=True,
+        )
         with mock.patch(
             "prowler.providers.aws.services.efs.efs_service.EFS",
             efs_client,
@@ -179,18 +179,16 @@ def test_efs_valid_policy_with_source_arn_condition(self):
 
     def test_efs_invalid_policy(self):
         efs_client = mock.MagicMock
+        efs_client.filesystems = {}
         efs_arn = f"arn:aws:elasticfilesystem:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:file-system/{file_system_id}"
-
-        efs_client.filesystems = [
-            FileSystem(
-                id=file_system_id,
-                arn=efs_arn,
-                region=AWS_REGION,
-                policy=filesystem_invalid_policy,
-                backup_policy=None,
-                encrypted=True,
-            )
-        ]
+        efs_client.filesystems[efs_arn] = FileSystem(
+            id=file_system_id,
+            arn=efs_arn,
+            region=AWS_REGION,
+            policy=filesystem_invalid_policy,
+            backup_policy=None,
+            encrypted=True,
+        )
         with mock.patch(
             "prowler.providers.aws.services.efs.efs_service.EFS",
             efs_client,
@@ -214,17 +212,16 @@ def test_efs_invalid_policy(self):
 
     def test_efs_no_policy(self):
         efs_client = mock.MagicMock
+        efs_client.filesystems = {}
         efs_arn = f"arn:aws:elasticfilesystem:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:file-system/{file_system_id}"
-        efs_client.filesystems = [
-            FileSystem(
-                id=file_system_id,
-                arn=efs_arn,
-                region=AWS_REGION,
-                policy=None,
-                backup_policy=None,
-                encrypted=True,
-            )
-        ]
+        efs_client.filesystems[efs_arn] = FileSystem(
+            id=file_system_id,
+            arn=efs_arn,
+            region=AWS_REGION,
+            policy=None,
+            backup_policy=None,
+            encrypted=True,
+        )
         with mock.patch(
             "prowler.providers.aws.services.efs.efs_service.EFS",
             efs_client,