diff --git a/auditors/tests/test_AWS_KMS_Auditor.py b/auditors/tests/test_AWS_KMS_Auditor.py index afb1b3e1..8963519e 100644 --- a/auditors/tests/test_AWS_KMS_Auditor.py +++ b/auditors/tests/test_AWS_KMS_Auditor.py @@ -69,7 +69,6 @@ def sts_stubber(): yield sts_stubber sts_stubber.deactivate() - @pytest.fixture(scope="function") def kms_stubber(): kms_stubber = Stubber(kms) @@ -77,43 +76,55 @@ def kms_stubber(): yield kms_stubber kms_stubber.deactivate() +def test_key_rotation_enabled(sts_stubber, kms_stubber): + sts_stubber.add_response("get_caller_identity", sts_response) + kms_stubber.add_response("list_keys", list_keys_response) + kms_stubber.add_response("get_key_rotation_status", get_key_rotation_status_response) + check = KMSKeyRotationCheck() + results = check.execute() + for result in results: + if "273e5d8e-4746-4ba9-be3a-4dce36783814" in result["Id"]: + print(result["Id"]) + assert result["RecordState"] == "ARCHIVED" + else: + assert False + kms_stubber.assert_no_pending_responses() -def test_has_public_key(kms_stubber, sts_stubber): +def test_key_rotation_not_enabled(sts_stubber, kms_stubber): sts_stubber.add_response("get_caller_identity", sts_response) - kms_stubber.add_response("list_aliases", list_aliases_response) - kms_stubber.add_response("get_key_policy", get_key_policy_public_response) - check = KMSKeyExposedCheck() + kms_stubber.add_response("list_keys", list_keys_response) + kms_stubber.add_response("get_key_rotation_status", get_key_rotation_status_response1) + check = KMSKeyRotationCheck() results = check.execute() for result in results: - if "s3" in result["Id"]: + if "273e5d8e-4746-4ba9-be3a-4dce36783814" in result["Id"]: + print(result["Id"]) assert result["RecordState"] == "ACTIVE" else: assert False kms_stubber.assert_no_pending_responses() - -def test_no_public_key(kms_stubber, sts_stubber): +def test_has_public_key(kms_stubber, sts_stubber): sts_stubber.add_response("get_caller_identity", sts_response) kms_stubber.add_response("list_aliases", list_aliases_response) - kms_stubber.add_response("get_key_policy", get_key_policy_not_public_response) + kms_stubber.add_response("get_key_policy", get_key_policy_public_response) check = KMSKeyExposedCheck() results = check.execute() for result in results: if "s3" in result["Id"]: - print(result["Id"]) - assert result["RecordState"] == "ARCHIVED" + assert result["RecordState"] == "ACTIVE" else: assert False kms_stubber.assert_no_pending_responses() -def test_key_rotation_enabled(sts_stubber, kms_stubber): +def test_no_public_key(kms_stubber, sts_stubber): sts_stubber.add_response("get_caller_identity", sts_response) - kms_stubber.add_response("list_keys", list_keys_response) - kms_stubber.add_response("get_key_rotation_status", get_key_rotation_status_response) - check = KMSKeyRotationCheck() + kms_stubber.add_response("list_aliases", list_aliases_response) + kms_stubber.add_response("get_key_policy", get_key_policy_not_public_response) + check = KMSKeyExposedCheck() results = check.execute() for result in results: - if "273e5d8e-4746-4ba9-be3a-4dce36783814" in result["Id"]: + if "s3" in result["Id"]: print(result["Id"]) assert result["RecordState"] == "ARCHIVED" else: @@ -145,17 +156,3 @@ def test_no_AWS(kms_stubber, sts_stubber): else: assert False kms_stubber.assert_no_pending_responses() - -def test_key_rotation_not_enabled(sts_stubber, kms_stubber): - sts_stubber.add_response("get_caller_identity", sts_response) - kms_stubber.add_response("list_keys", list_keys_response) - kms_stubber.add_response("get_key_rotation_status", get_key_rotation_status_response1) - check = KMSKeyRotationCheck() - results = check.execute() - for result in results: - if "273e5d8e-4746-4ba9-be3a-4dce36783814" in result["Id"]: - print(result["Id"]) - assert result["RecordState"] == "ACTIVE" - else: - assert False - kms_stubber.assert_no_pending_responses() diff --git a/govcloud-auditors/tests/test_AWS_KMS_Auditor.py b/govcloud-auditors/tests/test_AWS_KMS_Auditor.py index afb1b3e1..219080b3 100644 --- a/govcloud-auditors/tests/test_AWS_KMS_Auditor.py +++ b/govcloud-auditors/tests/test_AWS_KMS_Auditor.py @@ -77,43 +77,55 @@ def kms_stubber(): yield kms_stubber kms_stubber.deactivate() +def test_key_rotation_enabled(sts_stubber, kms_stubber): + sts_stubber.add_response("get_caller_identity", sts_response) + kms_stubber.add_response("list_keys", list_keys_response) + kms_stubber.add_response("get_key_rotation_status", get_key_rotation_status_response) + check = KMSKeyRotationCheck() + results = check.execute() + for result in results: + if "273e5d8e-4746-4ba9-be3a-4dce36783814" in result["Id"]: + print(result["Id"]) + assert result["RecordState"] == "ARCHIVED" + else: + assert False + kms_stubber.assert_no_pending_responses() -def test_has_public_key(kms_stubber, sts_stubber): +def test_key_rotation_not_enabled(sts_stubber, kms_stubber): sts_stubber.add_response("get_caller_identity", sts_response) - kms_stubber.add_response("list_aliases", list_aliases_response) - kms_stubber.add_response("get_key_policy", get_key_policy_public_response) - check = KMSKeyExposedCheck() + kms_stubber.add_response("list_keys", list_keys_response) + kms_stubber.add_response("get_key_rotation_status", get_key_rotation_status_response1) + check = KMSKeyRotationCheck() results = check.execute() for result in results: - if "s3" in result["Id"]: + if "273e5d8e-4746-4ba9-be3a-4dce36783814" in result["Id"]: + print(result["Id"]) assert result["RecordState"] == "ACTIVE" else: assert False kms_stubber.assert_no_pending_responses() - -def test_no_public_key(kms_stubber, sts_stubber): +def test_has_public_key(kms_stubber, sts_stubber): sts_stubber.add_response("get_caller_identity", sts_response) kms_stubber.add_response("list_aliases", list_aliases_response) - kms_stubber.add_response("get_key_policy", get_key_policy_not_public_response) + kms_stubber.add_response("get_key_policy", get_key_policy_public_response) check = KMSKeyExposedCheck() results = check.execute() for result in results: if "s3" in result["Id"]: - print(result["Id"]) - assert result["RecordState"] == "ARCHIVED" + assert result["RecordState"] == "ACTIVE" else: assert False kms_stubber.assert_no_pending_responses() -def test_key_rotation_enabled(sts_stubber, kms_stubber): +def test_no_public_key(kms_stubber, sts_stubber): sts_stubber.add_response("get_caller_identity", sts_response) - kms_stubber.add_response("list_keys", list_keys_response) - kms_stubber.add_response("get_key_rotation_status", get_key_rotation_status_response) - check = KMSKeyRotationCheck() + kms_stubber.add_response("list_aliases", list_aliases_response) + kms_stubber.add_response("get_key_policy", get_key_policy_not_public_response) + check = KMSKeyExposedCheck() results = check.execute() for result in results: - if "273e5d8e-4746-4ba9-be3a-4dce36783814" in result["Id"]: + if "s3" in result["Id"]: print(result["Id"]) assert result["RecordState"] == "ARCHIVED" else: @@ -145,17 +157,3 @@ def test_no_AWS(kms_stubber, sts_stubber): else: assert False kms_stubber.assert_no_pending_responses() - -def test_key_rotation_not_enabled(sts_stubber, kms_stubber): - sts_stubber.add_response("get_caller_identity", sts_response) - kms_stubber.add_response("list_keys", list_keys_response) - kms_stubber.add_response("get_key_rotation_status", get_key_rotation_status_response1) - check = KMSKeyRotationCheck() - results = check.execute() - for result in results: - if "273e5d8e-4746-4ba9-be3a-4dce36783814" in result["Id"]: - print(result["Id"]) - assert result["RecordState"] == "ACTIVE" - else: - assert False - kms_stubber.assert_no_pending_responses()