def test_run_scanner_rotation_period_whitelist_match(
self, mock_output_results):
self.scanner = kms_scanner.KMSScanner(
{}, {}, self.service_config, self.model_name, '',
unittest_utils.get_datafile_path(
__file__, 'kms_scanner_whitelist_test.yaml'))
self.scanner.run()
crypto_key = self.scanner._retrieve()
violations = self.scanner._find_violations(crypto_key)
self.assertEquals(1, len(violations))
self.assertEquals(1, mock_output_results.call_count)
def test_run_scanner_purpose_match(self, mock_output_results):
self.scanner = kms_scanner.KMSScanner(
{}, {}, self.service_config, self.model_name, '',
unittest_utils.get_datafile_path(__file__,
'kms_scanner_test_purpose.yaml'))
self.scanner.run()
crypto_key = self.scanner._retrieve()
violations = self.scanner._find_violations(crypto_key)
for violation in violations:
self.assertEquals(violation.purpose, 'ENCRYPT_DECRYPT')
self.assertEquals(1, mock_output_results.call_count)
def test_run_scanner_protection_level_match(self, mock_output_results):
self.scanner = kms_scanner.KMSScanner(
{}, {}, self.service_config, self.model_name, '',
unittest_utils.get_datafile_path(
__file__, 'kms_scanner_test_protection_level.yaml'))
self.scanner.run()
crypto_key = self.scanner._retrieve()
violations = self.scanner._find_violations(crypto_key)
for violation in violations:
self.assertEqual(violation.protection_level, 'SOFTWARE')
self.assertEqual(1, mock_output_results.call_count)
def test_run_scanner_algo_match(self, mock_output_results):
self.scanner = kms_scanner.KMSScanner(
{}, {}, self.service_config, self.model_name, '',
unittest_utils.get_datafile_path(__file__,
'kms_scanner_test_algo.yaml'))
self.scanner.run()
crypto_key = self.scanner._retrieve()
violations = self.scanner._find_violations(crypto_key)
for violation in violations:
self.assertEquals(violation.algorithm,
'GOOGLE_SYMMETRIC_ENCRYPTION')
self.assertEquals(1, mock_output_results.call_count)
def test_run_scanner(self, mock_output_results):
self.scanner = kms_scanner.KMSScanner(
{}, {}, self.service_config, self.model_name, '',
unittest_utils.get_datafile_path(__file__,
'kms_scanner_test_rules.yaml'))
self.scanner.run()
crypto_key = self.scanner._retrieve()
violations = self.scanner._find_violations(crypto_key)
for violation in violations:
state = violation.primary_version.get('state')
self.assertEquals(state, 'ENABLED')
self.assertEquals(violation.resource_type, 'kms_cryptokey')
self.assertEquals(violation.violation_type, VIOLATION_TYPE)
self.assertEquals(1, mock_output_results.call_count)
