def test_get_encryption_non_compliant_s3_bucket_list(self, bucket):
        client = boto3.client('s3', region_name='ap-southeast-2')
        client.create_bucket(Bucket=bucket["Name"])

        s3_bucket_list = S3Encryption(client)
        compliant_s3_bucket_list = s3_bucket_list.get_encryp_comp_s3_bucket_list(
        )
        assert compliant_s3_bucket_list == [None]
    def test_get_encryption_compliant_s3_bucket_list(self, bucket,
                                                     encryption_bucket_policy):
        client = boto3.client('s3', region_name='ap-southeast-2')
        client.create_bucket(Bucket=bucket["Name"])
        client.put_bucket_policy(Bucket=bucket["Name"],
                                 Policy=json.dumps(encryption_bucket_policy))

        s3_bucket_list = S3Encryption(client)
        compliant_s3_bucket_list = s3_bucket_list.get_encryp_comp_s3_bucket_list(
        )
        assert compliant_s3_bucket_list == ['mock-s3-bucket']
    def test_get_compliance_type_non_compliant_bucket(self, bucket):
        client = boto3.client('s3', region_name='ap-southeast-2')
        client.create_bucket(Bucket=bucket["Name"])

        encrypted_bucket_list = S3Encryption(
            client).get_encryp_comp_s3_bucket_list()

        compliance_output = "NON_COMPLIANT"

        if bucket["Name"] in encrypted_bucket_list:
            compliance_output = "COMPLIANT"

        assert compliance_output == 'NON_COMPLIANT'
Exemple #4
0
    def test_get_s3_bucket_policy_statement(self, list_my_buckets, encryption_bucket_policy):

        s3 = boto3.client('s3')

        with Stubber(s3) as stubber:
                stubber.add_response('list_buckets', list_my_buckets, {})
                stubber.add_response('get_bucket_policy', encryption_bucket_policy)

                stubber.activate()
                policy_statements = S3Encryption(s3).get_s3_bucket_policy_statement('mock-s3-bucket')
                stubber.deactivate()

        assert policy_statements == json.loads(encryption_bucket_policy['Policy'])['Statement']
Exemple #5
0
    def test_get_default_encr_bucket_list(self, list_my_buckets, default_encryption):

        s3 = boto3.client('s3')

        with Stubber(s3) as stubber:
                stubber.add_response('list_buckets', list_my_buckets, {})
                stubber.add_response('get_bucket_encryption', default_encryption)

                stubber.activate()
                default_encr_bucket_list = S3Encryption(s3).get_default_encr_bucket_list('mock-s3-bucket')
                stubber.deactivate()

        assert default_encr_bucket_list == 'mock-s3-bucket'
Exemple #6
0
    def test_get_encr_policy_bucket_list_non_compliant(self, list_my_buckets):

        s3 = boto3.client('s3')

        with Stubber(s3) as stubber:
                stubber.add_response('list_buckets', list_my_buckets, {})

                stubber.activate()
                policy_statements = []

                encr_policy_bucket_list = S3Encryption(s3).get_encr_policy_bucket_list('mock-s3-bucket', policy_statements)

                stubber.deactivate()

        assert encr_policy_bucket_list ==  None
Exemple #7
0
    def test_encryption_noncompliant_bucket(self, list_my_buckets):

        s3 = boto3.client('s3')

        with Stubber(s3) as stubber:
                stubber.add_response('list_buckets', list_my_buckets, {})
                stubber.add_response('get_bucket_encryption', {})

                stubber.activate()
                policy_encrypted_buckets = S3Encryption(s3).get_encryp_comp_s3_bucket_list()
                stubber.deactivate()

        if 'mock-s3-bucket' not in policy_encrypted_buckets:
                compliance_output = "NONCOMPLIANT"

        assert compliance_output == 'NONCOMPLIANT'