Python KMSMasterKey示例

编程语言: Python

命名空间/包名称: security_monkey.watchers.kms

类/类型: KMSMasterKey

hotexamples.com的示例: 4

Python KMSMasterKey - 已找到4个示例。这些是从开源项目中提取的最受好评的security_monkey.watchers.kms.KMSMasterKey现实Python示例。您可以评价示例，以帮助我们提高示例质量。

常用方法

显示隐藏

KMSMasterKey(4)

常用方法

KMSMasterKey (4)

示例#1

显示文件

文件： test_kms.py 项目： kishorebolt03/security_monkey_netflix

    def test_check_for_kms_key_rotation(self):
        auditor = KMSAuditor(accounts=['unittestaccount'])
        item = KMSMasterKey(arn=ARN_PREFIX + ':kms:' + AWS_DEFAULT_REGION + ':123456789123:key/key_id',
                            config=key0)

        auditor.check_for_kms_key_rotation(item)
        self.assertEqual(len(item.audit_issues), 0)

        item = KMSMasterKey(arn='arn:aws:kms:us-east-1:123456789123:key/key_id',
                            config=key1)

        auditor.check_for_kms_key_rotation(item)

        self.assertEqual(len(item.audit_issues), 1)
        self.assertEqual(item.audit_issues[0].score, 1)

示例#2

显示文件

    def test_check_for_kms_policy_with_foreign_account_no_condition(self):
        auditor = KMSAuditor(accounts=['unittestaccount'])
        item = KMSMasterKey(
            arn='arn:aws:kms:us-east-1:123456789123:key/key_id',
            config=key_no_condition)

        self.assertEquals(len(item.audit_issues), 0)
        auditor.check_for_kms_policy_with_foreign_account(item)
        self.assertEquals(len(item.audit_issues), 1)

示例#3

显示文件

文件： test_kms.py 项目： kishorebolt03/security_monkey_netflix

    def test_check_internet_accessible(self):
        auditor = KMSAuditor(accounts=['TEST_ACCOUNT'])

        # Make sure it detects an internet accessible policy
        item = KMSMasterKey(
            arn=ARN_PREFIX + ':kms:' + AWS_DEFAULT_REGION + ':123456789123:key/key_id',
            config=key0)
        auditor.check_internet_accessible(item)

        self.assertEqual(len(item.audit_issues), 1)
        self.assertEqual(item.audit_issues[0].score, 10)

        # Copy of key0, but not internet accessible
        key0_fixed = deepcopy(key0)
        key0_fixed['Policies'][0]['Statement'][0]['Principal']['AWS'] \
            = 'arn:aws:iam::123456789123:role/SomeRole'
        item = KMSMasterKey(
            arn='arn:aws:kms:us-east-1:123456789123:key/key_id',
            config=key0_fixed)
        auditor.check_internet_accessible(item)
        self.assertEqual(len(item.audit_issues), 0)

示例#4

显示文件

文件： test_kms.py 项目： kishorebolt03/security_monkey_netflix

    def test_check_root_cross_account(self):
        auditor = KMSAuditor(accounts=['TEST_ACCOUNT'])
        auditor.prep_for_audit()

        key0_friendly_cross_account = deepcopy(key0)
        key0_friendly_cross_account['Policies'][0]['Statement'][0]['Principal']['AWS'] \
            = 'arn:aws:iam::222222222222:root'
        item = KMSMasterKey(
            account='TEST_ACCOUNT',
            arn='arn:aws:kms:us-east-1:123456789123:key/key_id',
            config=key0_friendly_cross_account)
        auditor.check_root_cross_account(item)
        self.assertEqual(len(item.audit_issues), 1)
        self.assertEqual(item.audit_issues[0].score, 6)