Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[8.15](backport #2600) Skip Azure PostgreSQL tests #2622

Merged
merged 2 commits into from
Oct 23, 2024
Merged

[8.15](backport #2600) Skip Azure PostgreSQL tests #2622

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0f31bb4
Skip Azure PostgreSQL tests (#2600)
gurevichdmitry Oct 14, 2024
e5fd551
Merge branch '8.15' into mergify/bp/8.15/pr-2600
moukoublen Oct 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions security-policies/RULES.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -404,7 +404,7 @@

#### Manual rules: 0/74 (0%)

#### Integration Tests Coverage: 100/302 (33%)
#### Integration Tests Coverage: 94/302 (31%)

<details><summary><h3>Full Table 📋</h3></summary>

Expand Down Expand Up @@ -495,12 +495,12 @@
| 4.2.5 | SQL Server - Microsoft Defender for SQL | Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server | :x: | Passed :x: / Failed :x: | Automated |
| [4.3.1](bundle/compliance/cis_azure/rules/cis_4_3_1) | PostgreSQL Database Server | Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server | :white_check_mark: | Passed :x: / Failed :x: | Automated |
| [4.3.2](bundle/compliance/cis_azure/rules/cis_4_3_2) | PostgreSQL Database Server | Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server | :white_check_mark: | Passed :white_check_mark: / Failed :white_check_mark: | Automated |
| [4.3.3](bundle/compliance/cis_azure/rules/cis_4_3_3) | PostgreSQL Database Server | Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server | :white_check_mark: | Passed :white_check_mark: / Failed :white_check_mark: | Automated |
| [4.3.4](bundle/compliance/cis_azure/rules/cis_4_3_4) | PostgreSQL Database Server | Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server | :white_check_mark: | Passed :white_check_mark: / Failed :white_check_mark: | Automated |
| [4.3.3](bundle/compliance/cis_azure/rules/cis_4_3_3) | PostgreSQL Database Server | Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server | :white_check_mark: | Passed :white_check_mark: / Failed :x: | Automated |
| [4.3.4](bundle/compliance/cis_azure/rules/cis_4_3_4) | PostgreSQL Database Server | Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server | :white_check_mark: | Passed :white_check_mark: / Failed :x: | Automated |
| [4.3.5](bundle/compliance/cis_azure/rules/cis_4_3_5) | PostgreSQL Database Server | Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server | :white_check_mark: | Passed :white_check_mark: / Failed :white_check_mark: | Automated |
| [4.3.6](bundle/compliance/cis_azure/rules/cis_4_3_6) | PostgreSQL Database Server | Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server | :white_check_mark: | Passed :white_check_mark: / Failed :white_check_mark: | Automated |
| [4.3.7](bundle/compliance/cis_azure/rules/cis_4_3_7) | PostgreSQL Database Server | Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled | :white_check_mark: | Passed :white_check_mark: / Failed :white_check_mark: | Automated |
| [4.3.8](bundle/compliance/cis_azure/rules/cis_4_3_8) | PostgreSQL Database Server | Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' | :white_check_mark: | Passed :x: / Failed :white_check_mark: | Automated |
| [4.3.6](bundle/compliance/cis_azure/rules/cis_4_3_6) | PostgreSQL Database Server | Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server | :white_check_mark: | Passed :x: / Failed :x: | Automated |
| [4.3.7](bundle/compliance/cis_azure/rules/cis_4_3_7) | PostgreSQL Database Server | Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled | :white_check_mark: | Passed :white_check_mark: / Failed :x: | Automated |
| [4.3.8](bundle/compliance/cis_azure/rules/cis_4_3_8) | PostgreSQL Database Server | Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' | :white_check_mark: | Passed :x: / Failed :x: | Automated |
| [4.4.1](bundle/compliance/cis_azure/rules/cis_4_4_1) | MySQL Database | Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server | :white_check_mark: | Passed :x: / Failed :x: | Automated |
| [4.4.2](bundle/compliance/cis_azure/rules/cis_4_4_2) | MySQL Database | Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server | :white_check_mark: | Passed :white_check_mark: / Failed :x: | Automated |
| 4.4.3 | MySQL Database | Ensure server parameter 'audit_log_enabled' is set to 'ON' for MySQL Database Server | :x: | Passed :x: / Failed :x: | Manual |
Expand Down
122 changes: 66 additions & 56 deletions tests/product/tests/data/azure/azure_database_service_test_cases.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -210,17 +210,19 @@
expected=RULE_PASS_STATUS,
)

cis_azure_4_3_3_fail = AzureServiceCase(
rule_tag=CIS_4_3_3,
case_identifier="test-postgresql-single-server-failpgserver",
expected=RULE_FAIL_STATUS,
)
# TODO: This will be cleaned up in issue https://github.com/elastic/cloudbeat/issues/2544
# cis_azure_4_3_3_fail = AzureServiceCase(
# rule_tag=CIS_4_3_3,
# case_identifier="test-postgresql-single-server-failpgserver",
# expected=RULE_FAIL_STATUS,
# )

cis_azure_4_3_3 = {
"""4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for
PostgreSQL Database Server (Automated) expect: passed""": cis_azure_4_3_3_pass,
"""4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for
PostgreSQL Database Server (Automated) expect: failed""": cis_azure_4_3_3_fail,
# TODO: This will be cleaned up in issue https://github.com/elastic/cloudbeat/issues/2544
# """4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for
# PostgreSQL Database Server (Automated) expect: failed""": cis_azure_4_3_3_fail,
}

cis_azure_4_3_4_pass = AzureServiceCase(
Expand All @@ -229,24 +231,27 @@
expected=RULE_PASS_STATUS,
)

cis_azure_4_3_4_fail = AzureServiceCase(
rule_tag=CIS_4_3_4,
case_identifier="test-postgresql-single-server-failpgserver",
expected=RULE_FAIL_STATUS,
)
# TODO: This will be cleaned up in issue https://github.com/elastic/cloudbeat/issues/2544
# cis_azure_4_3_4_fail = AzureServiceCase(
# rule_tag=CIS_4_3_4,
# case_identifier="test-postgresql-single-server-failpgserver",
# expected=RULE_FAIL_STATUS,
# )

cis_azure_4_3_4 = {
"""4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for
PostgreSQL Database Server (Automated) expect: passed""": cis_azure_4_3_4_pass,
"""4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for
PostgreSQL Database Server (Automated) expect: failed""": cis_azure_4_3_4_fail,
# TODO: This will be cleaned up in issue https://github.com/elastic/cloudbeat/issues/2544
# """4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for
# PostgreSQL Database Server (Automated) expect: failed""": cis_azure_4_3_4_fail,
}

cis_azure_4_3_5_pass_single_server = AzureServiceCase(
rule_tag=CIS_4_3_5,
case_identifier="test-postgresql-single-server",
expected=RULE_PASS_STATUS,
)
# TODO: This will be cleaned up in issue https://github.com/elastic/cloudbeat/issues/2544
# cis_azure_4_3_5_pass_single_server = AzureServiceCase(
# rule_tag=CIS_4_3_5,
# case_identifier="test-postgresql-single-server",
# expected=RULE_PASS_STATUS,
# )

cis_azure_4_3_5_fail_single_server = AzureServiceCase(
rule_tag=CIS_4_3_5,
Expand All @@ -267,8 +272,9 @@
)

cis_azure_4_3_5 = {
"""4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server
(Automated) [SINGLE SERVER] expect: passed""": cis_azure_4_3_5_pass_single_server,
# TODO: This will be cleaned up in issue https://github.com/elastic/cloudbeat/issues/2544
# """4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server
# (Automated) [SINGLE SERVER] expect: passed""": cis_azure_4_3_5_pass_single_server,
"""4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server
(Automated) [SINGLE SERVER] expect: failed""": cis_azure_4_3_5_fail_single_server,
"""4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server
Expand All @@ -277,55 +283,59 @@
(Automated) [FLEXIBLE SERVER] expect: failed""": cis_azure_4_3_5_fail_flexible_server,
}

cis_azure_4_3_6_pass = AzureServiceCase(
rule_tag=CIS_4_3_6,
case_identifier="test-postgresql-single-server",
expected=RULE_PASS_STATUS,
)
# TODO: This will be cleaned up in issue https://github.com/elastic/cloudbeat/issues/2544
# cis_azure_4_3_6_pass = AzureServiceCase(
# rule_tag=CIS_4_3_6,
# case_identifier="test-postgresql-single-server",
# expected=RULE_PASS_STATUS,
# )

cis_azure_4_3_6_fail = AzureServiceCase(
rule_tag=CIS_4_3_6,
case_identifier="test-postgresql-single-server-failpgserver",
expected=RULE_FAIL_STATUS,
)
# cis_azure_4_3_6_fail = AzureServiceCase(
# rule_tag=CIS_4_3_6,
# case_identifier="test-postgresql-single-server-failpgserver",
# expected=RULE_FAIL_STATUS,
# )

cis_azure_4_3_6 = {
"""4.3.6 Ensure Server Parameter 'log_retention_days' is greater
than 3 days for PostgreSQL Database Server (Automated) expect: passed""": cis_azure_4_3_6_pass,
"""4.3.6 Ensure Server Parameter 'log_retention_days' is greater
than 3 days for PostgreSQL Database Server (Automated) expect: failed""": cis_azure_4_3_6_fail,
}
# cis_azure_4_3_6 = {
# """4.3.6 Ensure Server Parameter 'log_retention_days' is greater
# than 3 days for PostgreSQL Database Server (Automated) expect: passed""": cis_azure_4_3_6_pass,
# """4.3.6 Ensure Server Parameter 'log_retention_days' is greater
# than 3 days for PostgreSQL Database Server (Automated) expect: failed""": cis_azure_4_3_6_fail,
# }

cis_azure_4_3_7_pass = AzureServiceCase(
rule_tag=CIS_4_3_7,
case_identifier="test-pgdb-pass",
expected=RULE_PASS_STATUS,
)

cis_azure_4_3_7_fail = AzureServiceCase(
rule_tag=CIS_4_3_7,
case_identifier="test-postgresql-single-server-failpgserver",
expected=RULE_FAIL_STATUS,
)
# TODO: This will be cleaned up in issue https://github.com/elastic/cloudbeat/issues/2544
# cis_azure_4_3_7_fail = AzureServiceCase(
# rule_tag=CIS_4_3_7,
# case_identifier="test-postgresql-single-server-failpgserver",
# expected=RULE_FAIL_STATUS,
# )

cis_azure_4_3_7 = {
"""4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL
Database Server is disabled (Automated) expect: passed""": cis_azure_4_3_7_pass,
"""4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL
Database Server is disabled (Automated) expect: failed""": cis_azure_4_3_7_fail,
# TODO: This will be cleaned up in issue https://github.com/elastic/cloudbeat/issues/2544
# """4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL
# Database Server is disabled (Automated) expect: failed""": cis_azure_4_3_7_fail,
}

cis_azure_4_3_8_fail = AzureServiceCase(
rule_tag=CIS_4_3_8,
case_identifier="test-postgresql-single-server-failpgserver",
expected=RULE_FAIL_STATUS,
)
# TODO: This will be cleaned up in issue https://github.com/elastic/cloudbeat/issues/2544
# cis_azure_4_3_8_fail = AzureServiceCase(
# rule_tag=CIS_4_3_8,
# case_identifier="test-postgresql-single-server-failpgserver",
# expected=RULE_FAIL_STATUS,
# )

cis_azure_4_3_8 = {
# Can't test this rule passing, motivation: https://github.com/elastic/cloudbeat/pull/1797
"""4.3.8 Ensure 'Infrastructure double encryption' for PostgreSQL
Database Server is 'Enabled' (Automated) expect: failed""": cis_azure_4_3_8_fail,
}
# cis_azure_4_3_8 = {
# # Can't test this rule passing, motivation: https://github.com/elastic/cloudbeat/pull/1797
# """4.3.8 Ensure 'Infrastructure double encryption' for PostgreSQL
# Database Server is 'Enabled' (Automated) expect: failed""": cis_azure_4_3_8_fail,
# }

# 4.4.* Rules ====================================

Expand Down Expand Up @@ -394,9 +404,9 @@
**cis_azure_4_3_3,
**cis_azure_4_3_4,
**cis_azure_4_3_5,
**cis_azure_4_3_6,
# **cis_azure_4_3_6,
**cis_azure_4_3_7,
**cis_azure_4_3_8,
# **cis_azure_4_3_8,
# **cis_azure_4_4_1,
**cis_azure_4_4_2,
**cis_azure_4_5_1,
Expand Down
Loading