From 5a60e89d8f78558375f2240ac43a6d67d96e8811 Mon Sep 17 00:00:00 2001 From: Patrick Brazil Date: Mon, 15 Jun 2020 15:18:30 -0500 Subject: [PATCH 1/2] fixed order on kms tests --- auditors/tests/test_AWS_KMS_Auditor.py | 57 ++++++++++++-------------- 1 file changed, 27 insertions(+), 30 deletions(-) diff --git a/auditors/tests/test_AWS_KMS_Auditor.py b/auditors/tests/test_AWS_KMS_Auditor.py index afb1b3e1..8963519e 100644 --- a/auditors/tests/test_AWS_KMS_Auditor.py +++ b/auditors/tests/test_AWS_KMS_Auditor.py @@ -69,7 +69,6 @@ def sts_stubber(): yield sts_stubber sts_stubber.deactivate() - @pytest.fixture(scope="function") def kms_stubber(): kms_stubber = Stubber(kms) @@ -77,43 +76,55 @@ def kms_stubber(): yield kms_stubber kms_stubber.deactivate() +def test_key_rotation_enabled(sts_stubber, kms_stubber): + sts_stubber.add_response("get_caller_identity", sts_response) + kms_stubber.add_response("list_keys", list_keys_response) + kms_stubber.add_response("get_key_rotation_status", get_key_rotation_status_response) + check = KMSKeyRotationCheck() + results = check.execute() + for result in results: + if "273e5d8e-4746-4ba9-be3a-4dce36783814" in result["Id"]: + print(result["Id"]) + assert result["RecordState"] == "ARCHIVED" + else: + assert False + kms_stubber.assert_no_pending_responses() -def test_has_public_key(kms_stubber, sts_stubber): +def test_key_rotation_not_enabled(sts_stubber, kms_stubber): sts_stubber.add_response("get_caller_identity", sts_response) - kms_stubber.add_response("list_aliases", list_aliases_response) - kms_stubber.add_response("get_key_policy", get_key_policy_public_response) - check = KMSKeyExposedCheck() + kms_stubber.add_response("list_keys", list_keys_response) + kms_stubber.add_response("get_key_rotation_status", get_key_rotation_status_response1) + check = KMSKeyRotationCheck() results = check.execute() for result in results: - if "s3" in result["Id"]: + if "273e5d8e-4746-4ba9-be3a-4dce36783814" in result["Id"]: + print(result["Id"]) assert result["RecordState"] == "ACTIVE" else: assert False kms_stubber.assert_no_pending_responses() - -def test_no_public_key(kms_stubber, sts_stubber): +def test_has_public_key(kms_stubber, sts_stubber): sts_stubber.add_response("get_caller_identity", sts_response) kms_stubber.add_response("list_aliases", list_aliases_response) - kms_stubber.add_response("get_key_policy", get_key_policy_not_public_response) + kms_stubber.add_response("get_key_policy", get_key_policy_public_response) check = KMSKeyExposedCheck() results = check.execute() for result in results: if "s3" in result["Id"]: - print(result["Id"]) - assert result["RecordState"] == "ARCHIVED" + assert result["RecordState"] == "ACTIVE" else: assert False kms_stubber.assert_no_pending_responses() -def test_key_rotation_enabled(sts_stubber, kms_stubber): +def test_no_public_key(kms_stubber, sts_stubber): sts_stubber.add_response("get_caller_identity", sts_response) - kms_stubber.add_response("list_keys", list_keys_response) - kms_stubber.add_response("get_key_rotation_status", get_key_rotation_status_response) - check = KMSKeyRotationCheck() + kms_stubber.add_response("list_aliases", list_aliases_response) + kms_stubber.add_response("get_key_policy", get_key_policy_not_public_response) + check = KMSKeyExposedCheck() results = check.execute() for result in results: - if "273e5d8e-4746-4ba9-be3a-4dce36783814" in result["Id"]: + if "s3" in result["Id"]: print(result["Id"]) assert result["RecordState"] == "ARCHIVED" else: @@ -145,17 +156,3 @@ def test_no_AWS(kms_stubber, sts_stubber): else: assert False kms_stubber.assert_no_pending_responses() - -def test_key_rotation_not_enabled(sts_stubber, kms_stubber): - sts_stubber.add_response("get_caller_identity", sts_response) - kms_stubber.add_response("list_keys", list_keys_response) - kms_stubber.add_response("get_key_rotation_status", get_key_rotation_status_response1) - check = KMSKeyRotationCheck() - results = check.execute() - for result in results: - if "273e5d8e-4746-4ba9-be3a-4dce36783814" in result["Id"]: - print(result["Id"]) - assert result["RecordState"] == "ACTIVE" - else: - assert False - kms_stubber.assert_no_pending_responses() From 88c80cc44031c24bfd6c21499e7fb416aa81bf95 Mon Sep 17 00:00:00 2001 From: Patrick Brazil Date: Mon, 15 Jun 2020 15:20:20 -0500 Subject: [PATCH 2/2] fixed govcloud kms test order --- .../tests/test_AWS_KMS_Auditor.py | 56 +++++++++---------- 1 file changed, 27 insertions(+), 29 deletions(-) diff --git a/govcloud-auditors/tests/test_AWS_KMS_Auditor.py b/govcloud-auditors/tests/test_AWS_KMS_Auditor.py index afb1b3e1..219080b3 100644 --- a/govcloud-auditors/tests/test_AWS_KMS_Auditor.py +++ b/govcloud-auditors/tests/test_AWS_KMS_Auditor.py @@ -77,43 +77,55 @@ def kms_stubber(): yield kms_stubber kms_stubber.deactivate() +def test_key_rotation_enabled(sts_stubber, kms_stubber): + sts_stubber.add_response("get_caller_identity", sts_response) + kms_stubber.add_response("list_keys", list_keys_response) + kms_stubber.add_response("get_key_rotation_status", get_key_rotation_status_response) + check = KMSKeyRotationCheck() + results = check.execute() + for result in results: + if "273e5d8e-4746-4ba9-be3a-4dce36783814" in result["Id"]: + print(result["Id"]) + assert result["RecordState"] == "ARCHIVED" + else: + assert False + kms_stubber.assert_no_pending_responses() -def test_has_public_key(kms_stubber, sts_stubber): +def test_key_rotation_not_enabled(sts_stubber, kms_stubber): sts_stubber.add_response("get_caller_identity", sts_response) - kms_stubber.add_response("list_aliases", list_aliases_response) - kms_stubber.add_response("get_key_policy", get_key_policy_public_response) - check = KMSKeyExposedCheck() + kms_stubber.add_response("list_keys", list_keys_response) + kms_stubber.add_response("get_key_rotation_status", get_key_rotation_status_response1) + check = KMSKeyRotationCheck() results = check.execute() for result in results: - if "s3" in result["Id"]: + if "273e5d8e-4746-4ba9-be3a-4dce36783814" in result["Id"]: + print(result["Id"]) assert result["RecordState"] == "ACTIVE" else: assert False kms_stubber.assert_no_pending_responses() - -def test_no_public_key(kms_stubber, sts_stubber): +def test_has_public_key(kms_stubber, sts_stubber): sts_stubber.add_response("get_caller_identity", sts_response) kms_stubber.add_response("list_aliases", list_aliases_response) - kms_stubber.add_response("get_key_policy", get_key_policy_not_public_response) + kms_stubber.add_response("get_key_policy", get_key_policy_public_response) check = KMSKeyExposedCheck() results = check.execute() for result in results: if "s3" in result["Id"]: - print(result["Id"]) - assert result["RecordState"] == "ARCHIVED" + assert result["RecordState"] == "ACTIVE" else: assert False kms_stubber.assert_no_pending_responses() -def test_key_rotation_enabled(sts_stubber, kms_stubber): +def test_no_public_key(kms_stubber, sts_stubber): sts_stubber.add_response("get_caller_identity", sts_response) - kms_stubber.add_response("list_keys", list_keys_response) - kms_stubber.add_response("get_key_rotation_status", get_key_rotation_status_response) - check = KMSKeyRotationCheck() + kms_stubber.add_response("list_aliases", list_aliases_response) + kms_stubber.add_response("get_key_policy", get_key_policy_not_public_response) + check = KMSKeyExposedCheck() results = check.execute() for result in results: - if "273e5d8e-4746-4ba9-be3a-4dce36783814" in result["Id"]: + if "s3" in result["Id"]: print(result["Id"]) assert result["RecordState"] == "ARCHIVED" else: @@ -145,17 +157,3 @@ def test_no_AWS(kms_stubber, sts_stubber): else: assert False kms_stubber.assert_no_pending_responses() - -def test_key_rotation_not_enabled(sts_stubber, kms_stubber): - sts_stubber.add_response("get_caller_identity", sts_response) - kms_stubber.add_response("list_keys", list_keys_response) - kms_stubber.add_response("get_key_rotation_status", get_key_rotation_status_response1) - check = KMSKeyRotationCheck() - results = check.execute() - for result in results: - if "273e5d8e-4746-4ba9-be3a-4dce36783814" in result["Id"]: - print(result["Id"]) - assert result["RecordState"] == "ACTIVE" - else: - assert False - kms_stubber.assert_no_pending_responses()