Skip to content

Commit

Permalink
Merge branch 'master' of https://github.com/disruptops/ElectricEye
Browse files Browse the repository at this point in the history
  • Loading branch information
@aclatham
aclatham committed Jun 15, 2020
2 parents 1006958 + 88c80cc commit 912b82d
Show file tree
Hide file tree
Showing 2 changed files with 54 additions and 59 deletions.
57 changes: 27 additions & 30 deletions auditors/tests/test_AWS_KMS_Auditor.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,51 +69,62 @@ def sts_stubber():
yield sts_stubber
sts_stubber.deactivate()


@pytest.fixture(scope="function")
def kms_stubber():
kms_stubber = Stubber(kms)
kms_stubber.activate()
yield kms_stubber
kms_stubber.deactivate()

def test_key_rotation_enabled(sts_stubber, kms_stubber):
sts_stubber.add_response("get_caller_identity", sts_response)
kms_stubber.add_response("list_keys", list_keys_response)
kms_stubber.add_response("get_key_rotation_status", get_key_rotation_status_response)
check = KMSKeyRotationCheck()
results = check.execute()
for result in results:
if "273e5d8e-4746-4ba9-be3a-4dce36783814" in result["Id"]:
print(result["Id"])
assert result["RecordState"] == "ARCHIVED"
else:
assert False
kms_stubber.assert_no_pending_responses()

def test_has_public_key(kms_stubber, sts_stubber):
def test_key_rotation_not_enabled(sts_stubber, kms_stubber):
sts_stubber.add_response("get_caller_identity", sts_response)
kms_stubber.add_response("list_aliases", list_aliases_response)
kms_stubber.add_response("get_key_policy", get_key_policy_public_response)
check = KMSKeyExposedCheck()
kms_stubber.add_response("list_keys", list_keys_response)
kms_stubber.add_response("get_key_rotation_status", get_key_rotation_status_response1)
check = KMSKeyRotationCheck()
results = check.execute()
for result in results:
if "s3" in result["Id"]:
if "273e5d8e-4746-4ba9-be3a-4dce36783814" in result["Id"]:
print(result["Id"])
assert result["RecordState"] == "ACTIVE"
else:
assert False
kms_stubber.assert_no_pending_responses()


def test_no_public_key(kms_stubber, sts_stubber):
def test_has_public_key(kms_stubber, sts_stubber):
sts_stubber.add_response("get_caller_identity", sts_response)
kms_stubber.add_response("list_aliases", list_aliases_response)
kms_stubber.add_response("get_key_policy", get_key_policy_not_public_response)
kms_stubber.add_response("get_key_policy", get_key_policy_public_response)
check = KMSKeyExposedCheck()
results = check.execute()
for result in results:
if "s3" in result["Id"]:
print(result["Id"])
assert result["RecordState"] == "ARCHIVED"
assert result["RecordState"] == "ACTIVE"
else:
assert False
kms_stubber.assert_no_pending_responses()

def test_key_rotation_enabled(sts_stubber, kms_stubber):
def test_no_public_key(kms_stubber, sts_stubber):
sts_stubber.add_response("get_caller_identity", sts_response)
kms_stubber.add_response("list_keys", list_keys_response)
kms_stubber.add_response("get_key_rotation_status", get_key_rotation_status_response)
check = KMSKeyRotationCheck()
kms_stubber.add_response("list_aliases", list_aliases_response)
kms_stubber.add_response("get_key_policy", get_key_policy_not_public_response)
check = KMSKeyExposedCheck()
results = check.execute()
for result in results:
if "273e5d8e-4746-4ba9-be3a-4dce36783814" in result["Id"]:
if "s3" in result["Id"]:
print(result["Id"])
assert result["RecordState"] == "ARCHIVED"
else:
Expand Down Expand Up @@ -145,17 +156,3 @@ def test_no_AWS(kms_stubber, sts_stubber):
else:
assert False
kms_stubber.assert_no_pending_responses()

def test_key_rotation_not_enabled(sts_stubber, kms_stubber):
sts_stubber.add_response("get_caller_identity", sts_response)
kms_stubber.add_response("list_keys", list_keys_response)
kms_stubber.add_response("get_key_rotation_status", get_key_rotation_status_response1)
check = KMSKeyRotationCheck()
results = check.execute()
for result in results:
if "273e5d8e-4746-4ba9-be3a-4dce36783814" in result["Id"]:
print(result["Id"])
assert result["RecordState"] == "ACTIVE"
else:
assert False
kms_stubber.assert_no_pending_responses()
56 changes: 27 additions & 29 deletions govcloud-auditors/tests/test_AWS_KMS_Auditor.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,43 +77,55 @@ def kms_stubber():
yield kms_stubber
kms_stubber.deactivate()

def test_key_rotation_enabled(sts_stubber, kms_stubber):
sts_stubber.add_response("get_caller_identity", sts_response)
kms_stubber.add_response("list_keys", list_keys_response)
kms_stubber.add_response("get_key_rotation_status", get_key_rotation_status_response)
check = KMSKeyRotationCheck()
results = check.execute()
for result in results:
if "273e5d8e-4746-4ba9-be3a-4dce36783814" in result["Id"]:
print(result["Id"])
assert result["RecordState"] == "ARCHIVED"
else:
assert False
kms_stubber.assert_no_pending_responses()

def test_has_public_key(kms_stubber, sts_stubber):
def test_key_rotation_not_enabled(sts_stubber, kms_stubber):
sts_stubber.add_response("get_caller_identity", sts_response)
kms_stubber.add_response("list_aliases", list_aliases_response)
kms_stubber.add_response("get_key_policy", get_key_policy_public_response)
check = KMSKeyExposedCheck()
kms_stubber.add_response("list_keys", list_keys_response)
kms_stubber.add_response("get_key_rotation_status", get_key_rotation_status_response1)
check = KMSKeyRotationCheck()
results = check.execute()
for result in results:
if "s3" in result["Id"]:
if "273e5d8e-4746-4ba9-be3a-4dce36783814" in result["Id"]:
print(result["Id"])
assert result["RecordState"] == "ACTIVE"
else:
assert False
kms_stubber.assert_no_pending_responses()


def test_no_public_key(kms_stubber, sts_stubber):
def test_has_public_key(kms_stubber, sts_stubber):
sts_stubber.add_response("get_caller_identity", sts_response)
kms_stubber.add_response("list_aliases", list_aliases_response)
kms_stubber.add_response("get_key_policy", get_key_policy_not_public_response)
kms_stubber.add_response("get_key_policy", get_key_policy_public_response)
check = KMSKeyExposedCheck()
results = check.execute()
for result in results:
if "s3" in result["Id"]:
print(result["Id"])
assert result["RecordState"] == "ARCHIVED"
assert result["RecordState"] == "ACTIVE"
else:
assert False
kms_stubber.assert_no_pending_responses()

def test_key_rotation_enabled(sts_stubber, kms_stubber):
def test_no_public_key(kms_stubber, sts_stubber):
sts_stubber.add_response("get_caller_identity", sts_response)
kms_stubber.add_response("list_keys", list_keys_response)
kms_stubber.add_response("get_key_rotation_status", get_key_rotation_status_response)
check = KMSKeyRotationCheck()
kms_stubber.add_response("list_aliases", list_aliases_response)
kms_stubber.add_response("get_key_policy", get_key_policy_not_public_response)
check = KMSKeyExposedCheck()
results = check.execute()
for result in results:
if "273e5d8e-4746-4ba9-be3a-4dce36783814" in result["Id"]:
if "s3" in result["Id"]:
print(result["Id"])
assert result["RecordState"] == "ARCHIVED"
else:
Expand Down Expand Up @@ -145,17 +157,3 @@ def test_no_AWS(kms_stubber, sts_stubber):
else:
assert False
kms_stubber.assert_no_pending_responses()

def test_key_rotation_not_enabled(sts_stubber, kms_stubber):
sts_stubber.add_response("get_caller_identity", sts_response)
kms_stubber.add_response("list_keys", list_keys_response)
kms_stubber.add_response("get_key_rotation_status", get_key_rotation_status_response1)
check = KMSKeyRotationCheck()
results = check.execute()
for result in results:
if "273e5d8e-4746-4ba9-be3a-4dce36783814" in result["Id"]:
print(result["Id"])
assert result["RecordState"] == "ACTIVE"
else:
assert False
kms_stubber.assert_no_pending_responses()

0 comments on commit 912b82d

Please sign in to comment.