prowler-test-sdk
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseGeneric Patterns: For base pytest patterns (fixtures, mocking, parametrize, markers), see theskill. This skill covers Prowler-specific conventions only.pytestFull Documentation:docs/developer-guide/unit-testing.mdx
通用模式:关于基础pytest模式(fixtures、mocking、parametrize、markers),请查看相关技能文档。 本技能仅涵盖Prowler专属的约定规范。pytest完整文档:docs/developer-guide/unit-testing.mdx
CRITICAL: Provider-Specific Testing
重点:云厂商专属测试
| Provider | Mocking Approach | Decorator |
|---|---|---|
| AWS | | |
| Azure, GCP, K8s, others | | None |
NEVER use moto for non-AWS providers. NEVER use MagicMock for AWS.
| 云厂商 | 模拟方式 | 装饰器 |
|---|---|---|
| AWS | | |
| Azure、GCP、K8s及其他 | | 无 |
绝对不要为非AWS云厂商使用moto,也绝对不要为AWS使用MagicMock。
AWS Check Test Pattern
AWS检查项测试模式
python
from unittest import mock
from boto3 import client
from moto import mock_aws
from tests.providers.aws.utils import AWS_REGION_US_EAST_1, set_mocked_aws_provider
class Test_{check_name}:
@mock_aws
def test_no_resources(self):
from prowler.providers.aws.services.{service}.{service}_service import {ServiceClass}
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
with mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
):
with mock.patch(
"prowler.providers.aws.services.{service}.{check_name}.{check_name}.{service}_client",
new={ServiceClass}(aws_provider),
):
from prowler.providers.aws.services.{service}.{check_name}.{check_name} import (
{check_name},
)
check = {check_name}()
result = check.execute()
assert len(result) == 0
@mock_aws
def test_{check_name}_pass(self):
# Setup AWS resources with moto
{service}_client = client("{service}", region_name=AWS_REGION_US_EAST_1)
# Create compliant resource...
from prowler.providers.aws.services.{service}.{service}_service import {ServiceClass}
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
with mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
):
with mock.patch(
"prowler.providers.aws.services.{service}.{check_name}.{check_name}.{service}_client",
new={ServiceClass}(aws_provider),
):
from prowler.providers.aws.services.{service}.{check_name}.{check_name} import (
{check_name},
)
check = {check_name}()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
@mock_aws
def test_{check_name}_fail(self):
# Setup AWS resources with moto
{service}_client = client("{service}", region_name=AWS_REGION_US_EAST_1)
# Create non-compliant resource...
from prowler.providers.aws.services.{service}.{service}_service import {ServiceClass}
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
with mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
):
with mock.patch(
"prowler.providers.aws.services.{service}.{check_name}.{check_name}.{service}_client",
new={ServiceClass}(aws_provider),
):
from prowler.providers.aws.services.{service}.{check_name}.{check_name} import (
{check_name},
)
check = {check_name}()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"Critical: Always import the check INSIDE the mock.patch context to ensure proper client mocking.
python
from unittest import mock
from boto3 import client
from moto import mock_aws
from tests.providers.aws.utils import AWS_REGION_US_EAST_1, set_mocked_aws_provider
class Test_{check_name}:
@mock_aws
def test_no_resources(self):
from prowler.providers.aws.services.{service}.{service}_service import {ServiceClass}
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
with mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
):
with mock.patch(
"prowler.providers.aws.services.{service}.{check_name}.{check_name}.{service}_client",
new={ServiceClass}(aws_provider),
):
from prowler.providers.aws.services.{service}.{check_name}.{check_name} import (
{check_name},
)
check = {check_name}()
result = check.execute()
assert len(result) == 0
@mock_aws
def test_{check_name}_pass(self):
# Setup AWS resources with moto
{service}_client = client("{service}", region_name=AWS_REGION_US_EAST_1)
# Create compliant resource...
from prowler.providers.aws.services.{service}.{service}_service import {ServiceClass}
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
with mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
):
with mock.patch(
"prowler.providers.aws.services.{service}.{check_name}.{check_name}.{service}_client",
new={ServiceClass}(aws_provider),
):
from prowler.providers.aws.services.{service}.{check_name}.{check_name} import (
{check_name},
)
check = {check_name}()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
@mock_aws
def test_{check_name}_fail(self):
# Setup AWS resources with moto
{service}_client = client("{service}", region_name=AWS_REGION_US_EAST_1)
# Create non-compliant resource...
from prowler.providers.aws.services.{service}.{service}_service import {ServiceClass}
aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
with mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=aws_provider,
):
with mock.patch(
"prowler.providers.aws.services.{service}.{check_name}.{check_name}.{service}_client",
new={ServiceClass}(aws_provider),
):
from prowler.providers.aws.services.{service}.{check_name}.{check_name} import (
{check_name},
)
check = {check_name}()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"重点提示:务必在mock.patch上下文内导入检查项,以确保客户端模拟生效。
Azure Check Test Pattern
Azure检查项测试模式
NO moto decorator. Use MagicMock to mock the service client directly.
python
from unittest import mock
from uuid import uuid4
from prowler.providers.azure.services.{service}.{service}_service import {ResourceModel}
from tests.providers.azure.azure_fixtures import (
AZURE_SUBSCRIPTION_ID,
set_mocked_azure_provider,
)
class Test_{check_name}:
def test_no_resources(self):
{service}_client = mock.MagicMock
{service}_client.{resources} = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_azure_provider(),
),
mock.patch(
"prowler.providers.azure.services.{service}.{check_name}.{check_name}.{service}_client",
new={service}_client,
),
):
from prowler.providers.azure.services.{service}.{check_name}.{check_name} import (
{check_name},
)
check = {check_name}()
result = check.execute()
assert len(result) == 0
def test_{check_name}_pass(self):
resource_id = str(uuid4())
resource_name = "Test Resource"
{service}_client = mock.MagicMock
{service}_client.{resources} = {
AZURE_SUBSCRIPTION_ID: {
resource_id: {ResourceModel}(
id=resource_id,
name=resource_name,
location="westeurope",
# ... compliant attributes
)
}
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_azure_provider(),
),
mock.patch(
"prowler.providers.azure.services.{service}.{check_name}.{check_name}.{service}_client",
new={service}_client,
),
):
from prowler.providers.azure.services.{service}.{check_name}.{check_name} import (
{check_name},
)
check = {check_name}()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
assert result[0].subscription == AZURE_SUBSCRIPTION_ID
assert result[0].resource_name == resource_name
def test_{check_name}_fail(self):
resource_id = str(uuid4())
resource_name = "Test Resource"
{service}_client = mock.MagicMock
{service}_client.{resources} = {
AZURE_SUBSCRIPTION_ID: {
resource_id: {ResourceModel}(
id=resource_id,
name=resource_name,
location="westeurope",
# ... non-compliant attributes
)
}
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_azure_provider(),
),
mock.patch(
"prowler.providers.azure.services.{service}.{check_name}.{check_name}.{service}_client",
new={service}_client,
),
):
from prowler.providers.azure.services.{service}.{check_name}.{check_name} import (
{check_name},
)
check = {check_name}()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"不要使用moto装饰器。直接使用MagicMock模拟服务客户端。
python
from unittest import mock
from uuid import uuid4
from prowler.providers.azure.services.{service}.{service}_service import {ResourceModel}
from tests.providers.azure.azure_fixtures import (
AZURE_SUBSCRIPTION_ID,
set_mocked_azure_provider,
)
class Test_{check_name}:
def test_no_resources(self):
{service}_client = mock.MagicMock
{service}_client.{resources} = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_azure_provider(),
),
mock.patch(
"prowler.providers.azure.services.{service}.{check_name}.{check_name}.{service}_client",
new={service}_client,
),
):
from prowler.providers.azure.services.{service}.{check_name}.{check_name} import (
{check_name},
)
check = {check_name}()
result = check.execute()
assert len(result) == 0
def test_{check_name}_pass(self):
resource_id = str(uuid4())
resource_name = "Test Resource"
{service}_client = mock.MagicMock
{service}_client.{resources} = {
AZURE_SUBSCRIPTION_ID: {
resource_id: {ResourceModel}(
id=resource_id,
name=resource_name,
location="westeurope",
# ... compliant attributes
)
}
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_azure_provider(),
),
mock.patch(
"prowler.providers.azure.services.{service}.{check_name}.{check_name}.{service}_client",
new={service}_client,
),
):
from prowler.providers.azure.services.{service}.{check_name}.{check_name} import (
{check_name},
)
check = {check_name}()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
assert result[0].subscription == AZURE_SUBSCRIPTION_ID
assert result[0].resource_name == resource_name
def test_{check_name}_fail(self):
resource_id = str(uuid4())
resource_name = "Test Resource"
{service}_client = mock.MagicMock
{service}_client.{resources} = {
AZURE_SUBSCRIPTION_ID: {
resource_id: {ResourceModel}(
id=resource_id,
name=resource_name,
location="westeurope",
# ... non-compliant attributes
)
}
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_azure_provider(),
),
mock.patch(
"prowler.providers.azure.services.{service}.{check_name}.{check_name}.{service}_client",
new={service}_client,
),
):
from prowler.providers.azure.services.{service}.{check_name}.{check_name} import (
{check_name},
)
check = {check_name}()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"GCP/Kubernetes/Other Providers
GCP/ Kubernetes/ 其他云厂商
Follow the same MagicMock pattern as Azure:
python
from tests.providers.gcp.gcp_fixtures import set_mocked_gcp_provider, GCP_PROJECT_ID
from tests.providers.kubernetes.kubernetes_fixtures import set_mocked_kubernetes_providerKey difference: Each provider has its own fixtures file with .
set_mocked_{provider}_provider遵循与Azure相同的MagicMock模式:
python
from tests.providers.gcp.gcp_fixtures import set_mocked_gcp_provider, GCP_PROJECT_ID
from tests.providers.kubernetes.kubernetes_fixtures import set_mocked_kubernetes_provider核心差异:每个云厂商都有自己的fixtures文件,包含方法。
set_mocked_{provider}_providerProvider Fixtures Reference
云厂商Fixtures参考
| Provider | Fixtures File | Key Constants |
|---|---|---|
| AWS | | |
| Azure | | |
| GCP | | |
| K8s | | - |
| 云厂商 | Fixtures文件 | 关键常量 |
|---|---|---|
| AWS | | |
| Azure | | |
| GCP | | |
| K8s | | - |
Test File Structure
测试文件结构
tests/providers/{provider}/services/{service}/
├── {service}_service_test.py # Service tests
└── {check_name}/
└── {check_name}_test.py # Check testsNOTE: Do not create a file in the test folder.
__init__.pytests/providers/{provider}/services/{service}/
├── {service}_service_test.py # 服务测试
└── {check_name}/
└── {check_name}_test.py # 检查项测试注意:不要在测试文件夹中创建文件。
__init__.pyRequired Test Scenarios
必须覆盖的测试场景
Every check MUST test:
| Scenario | Expected |
|---|---|
| Resource compliant | |
| Resource non-compliant | |
| No resources | |
每个检查项都必须测试以下场景:
| 场景 | 预期结果 |
|---|---|
| 资源合规 | |
| 资源不合规 | |
| 无相关资源 | |
Assertions to Include
需包含的断言
python
undefinedpython
undefinedAlways verify these
Always verify these
assert result[0].status == "PASS" # or "FAIL"
assert result[0].status_extended == "Expected message..."
assert result[0].resource_id == expected_id
assert result[0].resource_name == expected_name
assert result[0].status == "PASS" # or "FAIL"
assert result[0].status_extended == "Expected message..."
assert result[0].resource_id == expected_id
assert result[0].resource_name == expected_name
Provider-specific
Provider-specific
assert result[0].region == "us-east-1" # AWS
assert result[0].subscription == AZURE_SUBSCRIPTION_ID # Azure
assert result[0].project_id == GCP_PROJECT_ID # GCP
---assert result[0].region == "us-east-1" # AWS
assert result[0].subscription == AZURE_SUBSCRIPTION_ID # Azure
assert result[0].project_id == GCP_PROJECT_ID # GCP
---Commands
命令
bash
undefinedbash
undefinedAll SDK tests
所有SDK测试
poetry run pytest -n auto -vvv tests/
poetry run pytest -n auto -vvv tests/
Specific provider
指定云厂商
poetry run pytest tests/providers/{provider}/ -v
poetry run pytest tests/providers/{provider}/ -v
Specific check
指定检查项
poetry run pytest tests/providers/{provider}/services/{service}/{check_name}/ -v
poetry run pytest tests/providers/{provider}/services/{service}/{check_name}/ -v
Stop on first failure
遇到第一个失败即停止
poetry run pytest -x tests/
undefinedpoetry run pytest -x tests/
undefinedResources
资源
- Templates: See assets/ for complete test templates (AWS with moto, Azure/GCP with MagicMock)
- Documentation: See references/testing-docs.md for official Prowler Developer Guide links
- 模板:查看assets/获取完整测试模板(AWS使用moto,Azure/GCP使用MagicMock)
- 文档:查看references/testing-docs.md获取官方Prowler开发者指南链接",