2019-06-11 22:24:35 +00:00
|
|
|
require "helper"
|
|
|
|
require "inspec/resource"
|
|
|
|
require "resources/aws/aws_iam_root_user"
|
2017-06-13 05:44:11 +00:00
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
require "resource_support/aws"
|
2019-05-21 00:19:38 +00:00
|
|
|
|
2017-06-13 05:44:11 +00:00
|
|
|
class AwsIamRootUserTest < Minitest::Test
|
|
|
|
def setup
|
2017-07-05 20:31:27 +00:00
|
|
|
@mock_conn = Minitest::Mock.new
|
|
|
|
@mock_client = Minitest::Mock.new
|
2017-06-13 05:44:11 +00:00
|
|
|
|
2017-07-05 20:31:27 +00:00
|
|
|
@mock_conn.expect :iam_client, @mock_client
|
2017-06-13 05:44:11 +00:00
|
|
|
end
|
|
|
|
|
2018-01-23 16:01:51 +00:00
|
|
|
def test_has_access_key_returns_true_from_summary_account
|
2017-07-05 20:31:27 +00:00
|
|
|
test_summary_map = OpenStruct.new(
|
2019-06-11 22:24:35 +00:00
|
|
|
summary_map: { "AccountAccessKeysPresent" => 1 }
|
2017-07-05 20:31:27 +00:00
|
|
|
)
|
|
|
|
@mock_client.expect :get_account_summary, test_summary_map
|
2017-06-13 05:44:11 +00:00
|
|
|
|
2018-01-23 16:01:51 +00:00
|
|
|
assert_equal true, AwsIamRootUser.new(@mock_conn).has_access_key?
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_has_access_key_returns_false_from_summary_account
|
|
|
|
test_summary_map = OpenStruct.new(
|
2019-06-11 22:24:35 +00:00
|
|
|
summary_map: { "AccountAccessKeysPresent" => 0 }
|
2018-01-23 16:01:51 +00:00
|
|
|
)
|
|
|
|
@mock_client.expect :get_account_summary, test_summary_map
|
|
|
|
|
|
|
|
assert_equal false, AwsIamRootUser.new(@mock_conn).has_access_key?
|
2017-06-13 05:44:11 +00:00
|
|
|
end
|
2017-08-16 09:53:44 +00:00
|
|
|
|
|
|
|
def test_has_mfa_enabled_returns_true_when_account_mfa_devices_is_one
|
|
|
|
test_summary_map = OpenStruct.new(
|
2019-06-11 22:24:35 +00:00
|
|
|
summary_map: { "AccountMFAEnabled" => 1 }
|
2017-08-16 09:53:44 +00:00
|
|
|
)
|
|
|
|
@mock_client.expect :get_account_summary, test_summary_map
|
|
|
|
|
|
|
|
assert_equal true, AwsIamRootUser.new(@mock_conn).has_mfa_enabled?
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_has_mfa_enabled_returns_false_when_account_mfa_devices_is_zero
|
|
|
|
test_summary_map = OpenStruct.new(
|
2019-06-11 22:24:35 +00:00
|
|
|
summary_map: { "AccountMFAEnabled" => 0 }
|
2017-08-16 09:53:44 +00:00
|
|
|
)
|
|
|
|
@mock_client.expect :get_account_summary, test_summary_map
|
|
|
|
|
|
|
|
assert_equal false, AwsIamRootUser.new(@mock_conn).has_mfa_enabled?
|
|
|
|
end
|
2018-04-03 13:13:52 +00:00
|
|
|
|
|
|
|
def test_has_virtual_mfa_enabled_returns_true_when_account_vmfa_devices_is_one
|
|
|
|
test_list_virtual_mfa_devices = OpenStruct.new(
|
|
|
|
virtual_mfa_devices: [Aws::IAM::Types::VirtualMFADevice.new(
|
2019-06-11 22:24:35 +00:00
|
|
|
serial_number: "arn:aws:iam::123456789011:mfa/root-account-mfa-device",
|
2018-04-03 13:13:52 +00:00
|
|
|
user: Aws::IAM::Types::User.new(
|
2019-06-11 22:24:35 +00:00
|
|
|
user_id: "123456789011",
|
|
|
|
arn: "arn:aws:iam::123456789011:root"
|
2018-04-03 13:13:52 +00:00
|
|
|
)
|
|
|
|
)]
|
|
|
|
)
|
|
|
|
@mock_client.expect :list_virtual_mfa_devices, test_list_virtual_mfa_devices
|
|
|
|
|
|
|
|
assert_equal true, AwsIamRootUser.new(@mock_conn).has_virtual_mfa_enabled?
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_has_virtual_mfa_enabled_returns_false_when_account_vmfa_devices_is_zero
|
|
|
|
test_list_virtual_mfa_devices = OpenStruct.new(
|
|
|
|
virtual_mfa_devices: []
|
|
|
|
)
|
|
|
|
@mock_client.expect :list_virtual_mfa_devices, test_list_virtual_mfa_devices
|
|
|
|
|
|
|
|
assert_equal false, AwsIamRootUser.new(@mock_conn).has_virtual_mfa_enabled?
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_has_hardware_mfa_enabled_returns_true_when_account_hardware_devices_is_one
|
|
|
|
test_list_virtual_mfa_devices = OpenStruct.new(
|
|
|
|
virtual_mfa_devices: []
|
|
|
|
)
|
|
|
|
test_summary_map = OpenStruct.new(
|
2019-06-11 22:24:35 +00:00
|
|
|
summary_map: { "AccountMFAEnabled" => 1 }
|
2018-04-03 13:13:52 +00:00
|
|
|
)
|
|
|
|
@mock_client.expect :list_virtual_mfa_devices, test_list_virtual_mfa_devices
|
|
|
|
@mock_client.expect :get_account_summary, test_summary_map
|
|
|
|
|
|
|
|
assert_equal true, AwsIamRootUser.new(@mock_conn).has_hardware_mfa_enabled?
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_has_hardware_mfa_enabled_returns_false_when_account_hardware_devices_is_zero
|
|
|
|
test_list_virtual_mfa_devices = OpenStruct.new(
|
|
|
|
virtual_mfa_devices: []
|
|
|
|
)
|
|
|
|
test_summary_map = OpenStruct.new(
|
2019-06-11 22:24:35 +00:00
|
|
|
summary_map: { "AccountMFAEnabled" => 0 }
|
2018-04-03 13:13:52 +00:00
|
|
|
)
|
|
|
|
@mock_client.expect :get_account_summary, test_summary_map
|
|
|
|
@mock_client.expect :list_virtual_mfa_devices, test_list_virtual_mfa_devices
|
|
|
|
|
|
|
|
assert_equal false, AwsIamRootUser.new(@mock_conn).has_hardware_mfa_enabled?
|
|
|
|
end
|
2017-07-05 20:31:27 +00:00
|
|
|
end
|