def test_creates_results_with_correct_fields_for_multiple_users(self): db_instance1_fixture = { 'DBInstanceIdentifier': 'Any Identifier', 'DBInstanceArn': 'Any Arn', 'PubliclyAccessible': True, } db_instance2_fixture = { 'DBInstanceIdentifier': 'An Identifier', 'DBInstanceArn': 'An Arn', 'PubliclyAccessible': False, } db_instances = [db_instance1_fixture, db_instance2_fixture] data_fixture = { 'aws': { 'rds': { 'aws-global': { 'describe_db_instances': db_instances } } } } plugin = PublicDBInstancesPlugin({}) results = plugin.run(data_fixture) results_keys = list(results[0].keys()) expected = ['resource', 'severity', 'message', 'region'] self.assertCountEqual(results_keys, expected)
def test_public_db_instance(self): db_instance_fixture = { 'DBInstanceIdentifier': 'Any Identifier', 'DBInstanceArn': 'Any Arn', 'PubliclyAccessible': True, } data_fixture = { 'aws': { 'rds': { 'aws-global': { 'describe_db_instances': [db_instance_fixture] } } } } plugin = PublicDBInstancesPlugin({}) results = plugin.run(data_fixture) expected = [{ 'resource': db_instance_fixture['DBInstanceIdentifier'], 'region': 'aws-global', 'severity': 2, 'message': 'The DB instance {db_id} is publicly accessible'.format( db_id=db_instance_fixture['DBInstanceIdentifier']), }] self.assertEqual(results, expected)
def test_configure_non_public_db_instances_severity(self): db_instance_fixture = { 'DBInstanceIdentifier': 'Any Identifier', 'DBInstanceArn': 'Any Arn', 'PubliclyAccessible': False, } data_fixture = { 'aws': { 'rds': { 'aws-global': { 'describe_db_instances': [db_instance_fixture] } } } } config = {'non_public_db_instance_severity': 2} plugin = PublicDBInstancesPlugin({}, config) results = plugin.run(data_fixture) expected = [{ 'resource': db_instance_fixture['DBInstanceIdentifier'], 'region': 'aws-global', 'severity': 2, 'message': ('The DB instance {db_id} is not publicly ' 'accessible').format( db_id=db_instance_fixture['DBInstanceIdentifier'], ) }] self.assertEqual(results, expected)
def test_can_be_initialized_and_run_with_no_config(self): data_fixture = { 'aws': { 'rds': { 'aws-global': { 'describe_db_instances': [] } } } } plugin = PublicDBInstancesPlugin({}) results = plugin.run(data_fixture) results_keys = list(results[0].keys()) expected = ['resource', 'severity', 'message', 'region'] self.assertCountEqual(results_keys, expected)
def test_no_db_instances(self): data_fixture = { 'aws': { 'rds': { 'aws-global': { 'describe_db_instances': [] } } } } plugin = PublicDBInstancesPlugin({}) results = plugin.run(data_fixture) expected = [{ 'resource': 'None', 'region': 'aws-global', 'severity': 0, 'message': 'No DB instances found', }] self.assertEqual(results, expected)
def test_configure_no_db_instances_message(self): data_fixture = { 'aws': { 'rds': { 'aws-global': { 'describe_db_instances': [] } } } } config = {'no_db_instances_message': 'Overridden message'} plugin = PublicDBInstancesPlugin({}, config) results = plugin.run(data_fixture) expected = [{ 'resource': 'None', 'region': 'aws-global', 'severity': 0, 'message': 'Overridden message', }] self.assertEqual(results, expected)
def test_configure_public_db_instances_message(self): db_instance_fixture = { 'DBInstanceIdentifier': 'Any Identifier', 'DBInstanceArn': 'Any Arn', 'PubliclyAccessible': True, } data_fixture = { 'aws': { 'rds': { 'aws-global': { 'describe_db_instances': [db_instance_fixture] } } } } config = { 'public_db_instance_message': 'Overridden message for public DB instance {db_id}' } plugin = PublicDBInstancesPlugin({}, config) results = plugin.run(data_fixture) expected = [{ 'resource': db_instance_fixture['DBInstanceIdentifier'], 'region': 'aws-global', 'severity': 2, 'message': 'Overridden message for public DB instance {db_id}'.format( db_id=db_instance_fixture['DBInstanceIdentifier'], ) }] self.assertEqual(results, expected)