mirror of
https://github.com/inspec/inspec
synced 2024-11-23 21:23:29 +00:00
27203110cd
* Add AWS hardware MFA matcher Adding a hardware as well as a virtual MFA matcher for aws_iam_root_user resource * Add New AWS Root Matcher Docs - Add documentation for new root MFA matchers - Fix logic for checking MFA devices from feedback on PR * Add Integration tests for MFA matchers - Add integration tests for virtual and hardware MFA matchers - Clean up logic for has_virtual_mfa_enabled? method Signed-off-by: Paul Welch <pwelch@chef.io>
97 lines
3.3 KiB
Ruby
97 lines
3.3 KiB
Ruby
# author: Miles Tjandrawidjaja
|
|
require 'helper'
|
|
|
|
class AwsIamRootUserTest < Minitest::Test
|
|
def setup
|
|
@mock_conn = Minitest::Mock.new
|
|
@mock_client = Minitest::Mock.new
|
|
|
|
@mock_conn.expect :iam_client, @mock_client
|
|
end
|
|
|
|
def test_has_access_key_returns_true_from_summary_account
|
|
test_summary_map = OpenStruct.new(
|
|
summary_map: { 'AccountAccessKeysPresent' => 1 },
|
|
)
|
|
@mock_client.expect :get_account_summary, test_summary_map
|
|
|
|
assert_equal true, AwsIamRootUser.new(@mock_conn).has_access_key?
|
|
end
|
|
|
|
def test_has_access_key_returns_false_from_summary_account
|
|
test_summary_map = OpenStruct.new(
|
|
summary_map: { 'AccountAccessKeysPresent' => 0 },
|
|
)
|
|
@mock_client.expect :get_account_summary, test_summary_map
|
|
|
|
assert_equal false, AwsIamRootUser.new(@mock_conn).has_access_key?
|
|
end
|
|
|
|
def test_has_mfa_enabled_returns_true_when_account_mfa_devices_is_one
|
|
test_summary_map = OpenStruct.new(
|
|
summary_map: { 'AccountMFAEnabled' => 1 },
|
|
)
|
|
@mock_client.expect :get_account_summary, test_summary_map
|
|
|
|
assert_equal true, AwsIamRootUser.new(@mock_conn).has_mfa_enabled?
|
|
end
|
|
|
|
def test_has_mfa_enabled_returns_false_when_account_mfa_devices_is_zero
|
|
test_summary_map = OpenStruct.new(
|
|
summary_map: { 'AccountMFAEnabled' => 0 },
|
|
)
|
|
@mock_client.expect :get_account_summary, test_summary_map
|
|
|
|
assert_equal false, AwsIamRootUser.new(@mock_conn).has_mfa_enabled?
|
|
end
|
|
|
|
def test_has_virtual_mfa_enabled_returns_true_when_account_vmfa_devices_is_one
|
|
test_list_virtual_mfa_devices = OpenStruct.new(
|
|
virtual_mfa_devices: [Aws::IAM::Types::VirtualMFADevice.new(
|
|
serial_number: 'arn:aws:iam::123456789011:mfa/root-account-mfa-device',
|
|
user: Aws::IAM::Types::User.new(
|
|
user_id: '123456789011',
|
|
arn: 'arn:aws:iam::123456789011:root',
|
|
)
|
|
)]
|
|
)
|
|
@mock_client.expect :list_virtual_mfa_devices, test_list_virtual_mfa_devices
|
|
|
|
assert_equal true, AwsIamRootUser.new(@mock_conn).has_virtual_mfa_enabled?
|
|
end
|
|
|
|
def test_has_virtual_mfa_enabled_returns_false_when_account_vmfa_devices_is_zero
|
|
test_list_virtual_mfa_devices = OpenStruct.new(
|
|
virtual_mfa_devices: []
|
|
)
|
|
@mock_client.expect :list_virtual_mfa_devices, test_list_virtual_mfa_devices
|
|
|
|
assert_equal false, AwsIamRootUser.new(@mock_conn).has_virtual_mfa_enabled?
|
|
end
|
|
|
|
def test_has_hardware_mfa_enabled_returns_true_when_account_hardware_devices_is_one
|
|
test_list_virtual_mfa_devices = OpenStruct.new(
|
|
virtual_mfa_devices: []
|
|
)
|
|
test_summary_map = OpenStruct.new(
|
|
summary_map: { 'AccountMFAEnabled' => 1 },
|
|
)
|
|
@mock_client.expect :list_virtual_mfa_devices, test_list_virtual_mfa_devices
|
|
@mock_client.expect :get_account_summary, test_summary_map
|
|
|
|
assert_equal true, AwsIamRootUser.new(@mock_conn).has_hardware_mfa_enabled?
|
|
end
|
|
|
|
def test_has_hardware_mfa_enabled_returns_false_when_account_hardware_devices_is_zero
|
|
test_list_virtual_mfa_devices = OpenStruct.new(
|
|
virtual_mfa_devices: []
|
|
)
|
|
test_summary_map = OpenStruct.new(
|
|
summary_map: { 'AccountMFAEnabled' => 0 },
|
|
)
|
|
@mock_client.expect :get_account_summary, test_summary_map
|
|
@mock_client.expect :list_virtual_mfa_devices, test_list_virtual_mfa_devices
|
|
|
|
assert_equal false, AwsIamRootUser.new(@mock_conn).has_hardware_mfa_enabled?
|
|
end
|
|
end
|