def test_run_scanner_rotation_period_whitelist_match(
            self, mock_output_results):
        self.scanner = kms_scanner.KMSScanner(
            {}, {}, self.service_config, self.model_name, '',
            unittest_utils.get_datafile_path(
                __file__, 'kms_scanner_whitelist_test.yaml'))

        self.scanner.run()
        crypto_key = self.scanner._retrieve()
        violations = self.scanner._find_violations(crypto_key)
        self.assertEquals(1, len(violations))
        self.assertEquals(1, mock_output_results.call_count)
    def test_run_scanner_purpose_match(self, mock_output_results):
        self.scanner = kms_scanner.KMSScanner(
            {}, {}, self.service_config, self.model_name, '',
            unittest_utils.get_datafile_path(__file__,
                                             'kms_scanner_test_purpose.yaml'))

        self.scanner.run()
        crypto_key = self.scanner._retrieve()
        violations = self.scanner._find_violations(crypto_key)
        for violation in violations:
            self.assertEquals(violation.purpose, 'ENCRYPT_DECRYPT')
        self.assertEquals(1, mock_output_results.call_count)
    def test_run_scanner_protection_level_match(self, mock_output_results):
        self.scanner = kms_scanner.KMSScanner(
            {}, {}, self.service_config, self.model_name, '',
            unittest_utils.get_datafile_path(
                __file__, 'kms_scanner_test_protection_level.yaml'))

        self.scanner.run()
        crypto_key = self.scanner._retrieve()
        violations = self.scanner._find_violations(crypto_key)
        for violation in violations:
            self.assertEqual(violation.protection_level, 'SOFTWARE')
        self.assertEqual(1, mock_output_results.call_count)
    def test_run_scanner_algo_match(self, mock_output_results):
        self.scanner = kms_scanner.KMSScanner(
            {}, {}, self.service_config, self.model_name, '',
            unittest_utils.get_datafile_path(__file__,
                                             'kms_scanner_test_algo.yaml'))

        self.scanner.run()
        crypto_key = self.scanner._retrieve()
        violations = self.scanner._find_violations(crypto_key)
        for violation in violations:
            self.assertEquals(violation.algorithm,
                              'GOOGLE_SYMMETRIC_ENCRYPTION')
        self.assertEquals(1, mock_output_results.call_count)
    def test_run_scanner(self, mock_output_results):
        self.scanner = kms_scanner.KMSScanner(
            {}, {}, self.service_config, self.model_name, '',
            unittest_utils.get_datafile_path(__file__,
                                             'kms_scanner_test_rules.yaml'))

        self.scanner.run()
        crypto_key = self.scanner._retrieve()
        violations = self.scanner._find_violations(crypto_key)
        for violation in violations:
            state = violation.primary_version.get('state')
            self.assertEquals(state, 'ENABLED')
            self.assertEquals(violation.resource_type, 'kms_cryptokey')
            self.assertEquals(violation.violation_type, VIOLATION_TYPE)
        self.assertEquals(1, mock_output_results.call_count)