diff --git a/tests/providers/aws/services/awslambda/awslambda_service_test.py b/tests/providers/aws/services/awslambda/awslambda_service_test.py index 60ac537bbb1..9f7d5c2d30b 100644 --- a/tests/providers/aws/services/awslambda/awslambda_service_test.py +++ b/tests/providers/aws/services/awslambda/awslambda_service_test.py @@ -239,7 +239,7 @@ def test__list_functions__(self): for function, function_code in awslambda.__get_function_code__(): if function.arn == lambda_arn_1 or function.arn == lambda_arn_2: assert search( - f"s3://awslambda-{function.region}-tasks.s3-{function.region}.amazonaws.com", + f"https://awslambda-{function.region}-tasks.s3.{function.region}.amazonaws.com", function_code.location, ) assert function_code diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_retention_policy_specific_days_enabled/cloudwatch_log_group_retention_policy_specific_days_enabled_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_retention_policy_specific_days_enabled/cloudwatch_log_group_retention_policy_specific_days_enabled_test.py index c1f3d87f854..1fbdb8e7b3f 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_retention_policy_specific_days_enabled/cloudwatch_log_group_retention_policy_specific_days_enabled_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_retention_policy_specific_days_enabled/cloudwatch_log_group_retention_policy_specific_days_enabled_test.py @@ -30,12 +30,15 @@ def test_cloudwatch_no_log_groups(self): audit_progress=0, ) - with mock.patch( - "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", - new=current_audit_info, - ), mock.patch( - "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_retention_policy_specific_days_enabled.cloudwatch_log_group_retention_policy_specific_days_enabled.logs_client", - new=Logs(current_audit_info), + with ( + mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), + mock.patch( + "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_retention_policy_specific_days_enabled.cloudwatch_log_group_retention_policy_specific_days_enabled.logs_client", + new=Logs(current_audit_info), + ), ): # Test Check from prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_retention_policy_specific_days_enabled.cloudwatch_log_group_retention_policy_specific_days_enabled import ( @@ -72,12 +75,15 @@ def test_cloudwatch_log_group_without_retention_days_never_expires(self): audit_progress=0, ) - with mock.patch( - "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", - new=current_audit_info, - ), mock.patch( - "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_retention_policy_specific_days_enabled.cloudwatch_log_group_retention_policy_specific_days_enabled.logs_client", - new=Logs(current_audit_info), + with ( + mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), + mock.patch( + "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_retention_policy_specific_days_enabled.cloudwatch_log_group_retention_policy_specific_days_enabled.logs_client", + new=Logs(current_audit_info), + ), ): # Test Check from prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_retention_policy_specific_days_enabled.cloudwatch_log_group_retention_policy_specific_days_enabled import ( @@ -96,7 +102,7 @@ def test_cloudwatch_log_group_without_retention_days_never_expires(self): assert result[0].resource_id == "test" assert ( result[0].resource_arn - == f"arn:aws:logs:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:log-group:test" + == f"arn:aws:logs:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:log-group:test:*" ) assert result[0].region == AWS_REGION_US_EAST_1 @@ -126,12 +132,15 @@ def test_cloudwatch_log_group_with_compliant_retention_days(self): audit_progress=0, ) - with mock.patch( - "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", - new=current_audit_info, - ), mock.patch( - "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_retention_policy_specific_days_enabled.cloudwatch_log_group_retention_policy_specific_days_enabled.logs_client", - new=Logs(current_audit_info), + with ( + mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), + mock.patch( + "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_retention_policy_specific_days_enabled.cloudwatch_log_group_retention_policy_specific_days_enabled.logs_client", + new=Logs(current_audit_info), + ), ): # Test Check from prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_retention_policy_specific_days_enabled.cloudwatch_log_group_retention_policy_specific_days_enabled import ( @@ -150,7 +159,7 @@ def test_cloudwatch_log_group_with_compliant_retention_days(self): assert result[0].resource_id == "test" assert ( result[0].resource_arn - == f"arn:aws:logs:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:log-group:test" + == f"arn:aws:logs:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:log-group:test:*" ) assert result[0].region == AWS_REGION_US_EAST_1 @@ -180,12 +189,15 @@ def test_cloudwatch_log_group_with_no_compliant_retention_days(self): audit_progress=0, ) - with mock.patch( - "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", - new=current_audit_info, - ), mock.patch( - "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_retention_policy_specific_days_enabled.cloudwatch_log_group_retention_policy_specific_days_enabled.logs_client", - new=Logs(current_audit_info), + with ( + mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), + mock.patch( + "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_retention_policy_specific_days_enabled.cloudwatch_log_group_retention_policy_specific_days_enabled.logs_client", + new=Logs(current_audit_info), + ), ): # Test Check from prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_retention_policy_specific_days_enabled.cloudwatch_log_group_retention_policy_specific_days_enabled import ( @@ -204,7 +216,7 @@ def test_cloudwatch_log_group_with_no_compliant_retention_days(self): assert result[0].resource_id == "test" assert ( result[0].resource_arn - == f"arn:aws:logs:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:log-group:test" + == f"arn:aws:logs:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:log-group:test:*" ) assert result[0].region == AWS_REGION_US_EAST_1 @@ -234,13 +246,16 @@ def test_access_denied(self): audit_progress=0, ) - with mock.patch( - "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", - new=audit_info, - ), mock.patch( - "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_retention_policy_specific_days_enabled.cloudwatch_log_group_retention_policy_specific_days_enabled.logs_client", - new=Logs(audit_info), - ) as service_client: + with ( + mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=audit_info, + ), + mock.patch( + "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_retention_policy_specific_days_enabled.cloudwatch_log_group_retention_policy_specific_days_enabled.logs_client", + new=Logs(audit_info), + ) as service_client, + ): # Test Check from prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_retention_policy_specific_days_enabled.cloudwatch_log_group_retention_policy_specific_days_enabled import ( cloudwatch_log_group_retention_policy_specific_days_enabled, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_service_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_service_test.py index b339c6c06e7..040f0143755 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_service_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_service_test.py @@ -182,16 +182,14 @@ def test__describe_log_groups__(self): assert len(logs.log_groups) == 1 assert ( logs.log_groups[0].arn - == f"arn:aws:logs:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:log-group:/log-group/test" + == f"arn:aws:logs:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:log-group:/log-group/test:*" ) assert logs.log_groups[0].name == "/log-group/test" assert logs.log_groups[0].retention_days == 400 assert logs.log_groups[0].kms_id == "test_kms_id" assert not logs.log_groups[0].never_expire assert logs.log_groups[0].region == AWS_REGION_US_EAST_1 - assert logs.log_groups[0].tags == [ - {"tag_key_1": "tag_value_1", "tag_key_2": "tag_value_2"} - ] + assert logs.log_groups[0].tags == [{}] @mock_aws def test__describe_log_groups__never_expire(self): @@ -210,7 +208,7 @@ def test__describe_log_groups__never_expire(self): assert len(logs.log_groups) == 1 assert ( logs.log_groups[0].arn - == f"arn:aws:logs:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:log-group:/log-group/test" + == f"arn:aws:logs:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:log-group:/log-group/test:*" ) assert logs.log_groups[0].name == "/log-group/test" assert logs.log_groups[0].never_expire @@ -218,6 +216,4 @@ def test__describe_log_groups__never_expire(self): assert logs.log_groups[0].retention_days == 9999 assert logs.log_groups[0].kms_id == "test_kms_id" assert logs.log_groups[0].region == AWS_REGION_US_EAST_1 - assert logs.log_groups[0].tags == [ - {"tag_key_1": "tag_value_1", "tag_key_2": "tag_value_2"} - ] + assert logs.log_groups[0].tags == [{}] diff --git a/tests/providers/aws/services/rds/rds_instance_minor_version_upgrade_enabled/rds_instance_minor_version_upgrade_enabled_test.py b/tests/providers/aws/services/rds/rds_instance_minor_version_upgrade_enabled/rds_instance_minor_version_upgrade_enabled_test.py index 658a299e543..0b404e69f33 100644 --- a/tests/providers/aws/services/rds/rds_instance_minor_version_upgrade_enabled/rds_instance_minor_version_upgrade_enabled_test.py +++ b/tests/providers/aws/services/rds/rds_instance_minor_version_upgrade_enabled/rds_instance_minor_version_upgrade_enabled_test.py @@ -77,12 +77,14 @@ def test_rds_instance_no_auto_upgrade(self): with mock.patch( "prowler.providers.aws.services.rds.rds_instance_minor_version_upgrade_enabled.rds_instance_minor_version_upgrade_enabled.rds_client", new=RDS(audit_info), - ): + ) as rds_client: # Test Check from prowler.providers.aws.services.rds.rds_instance_minor_version_upgrade_enabled.rds_instance_minor_version_upgrade_enabled import ( rds_instance_minor_version_upgrade_enabled, ) + # Moto does not support the auto_minor_version_upgrade parameter + rds_client.db_instances[0].auto_minor_version_upgrade = False check = rds_instance_minor_version_upgrade_enabled() result = check.execute() diff --git a/tests/providers/aws/services/rds/rds_instance_no_public_access/rds_instance_no_public_access_test.py b/tests/providers/aws/services/rds/rds_instance_no_public_access/rds_instance_no_public_access_test.py index 9ec98ea716c..b3cb6e36960 100644 --- a/tests/providers/aws/services/rds/rds_instance_no_public_access/rds_instance_no_public_access_test.py +++ b/tests/providers/aws/services/rds/rds_instance_no_public_access/rds_instance_no_public_access_test.py @@ -122,12 +122,13 @@ def test_rds_instance_public(self): with mock.patch( "prowler.providers.aws.services.rds.rds_instance_no_public_access.rds_instance_no_public_access.rds_client", new=RDS(audit_info), - ): + ) as rds_client: # Test Check from prowler.providers.aws.services.rds.rds_instance_no_public_access.rds_instance_no_public_access import ( rds_instance_no_public_access, ) + rds_client.db_instances[0].security_groups = [] check = rds_instance_no_public_access() result = check.execute() @@ -185,12 +186,15 @@ def test_rds_instance_public_with_public_sg(self): "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", new=audit_info, ): - with mock.patch( - "prowler.providers.aws.services.rds.rds_instance_no_public_access.rds_instance_no_public_access.rds_client", - new=RDS(audit_info), - ), mock.patch( - "prowler.providers.aws.services.rds.rds_instance_no_public_access.rds_instance_no_public_access.ec2_client", - new=EC2(audit_info), + with ( + mock.patch( + "prowler.providers.aws.services.rds.rds_instance_no_public_access.rds_instance_no_public_access.rds_client", + new=RDS(audit_info), + ), + mock.patch( + "prowler.providers.aws.services.rds.rds_instance_no_public_access.rds_instance_no_public_access.ec2_client", + new=EC2(audit_info), + ), ): # Test Check from prowler.providers.aws.services.rds.rds_instance_no_public_access.rds_instance_no_public_access import (