Skip Azure PostgreSQL tests (#2600)

elastic · Oct 14, 2024 · 2ec360f · 2ec360f
1 parent 664120e
commit 2ec360f
Show file tree

Hide file tree

Showing 2 changed files with 72 additions and 62 deletions.
diff --git a/security-policies/RULES.md b/security-policies/RULES.md
@@ -404,7 +404,7 @@
 
 #### Manual rules: 0/74 (0%)
 
-#### Integration Tests Coverage: 100/302 (33%)
+#### Integration Tests Coverage: 94/302 (31%)
 
 <details><summary><h3>Full Table 📋</h3></summary>
 
@@ -495,12 +495,12 @@
 |                         4.2.5                          | SQL Server - Microsoft Defender for SQL | Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server         |        :x:         |                Passed :x: / Failed :x:                | Automated |
 |  [4.3.1](bundle/compliance/cis_azure/rules/cis_4_3_1)  | PostgreSQL Database Server              | Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server                                                                     | :white_check_mark: |                Passed :x: / Failed :x:                | Automated |
 |  [4.3.2](bundle/compliance/cis_azure/rules/cis_4_3_2)  | PostgreSQL Database Server              | Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server                                                                | :white_check_mark: | Passed :white_check_mark: / Failed :white_check_mark: | Automated |
-|  [4.3.3](bundle/compliance/cis_azure/rules/cis_4_3_3)  | PostgreSQL Database Server              | Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server                                                                | :white_check_mark: | Passed :white_check_mark: / Failed :white_check_mark: | Automated |
-|  [4.3.4](bundle/compliance/cis_azure/rules/cis_4_3_4)  | PostgreSQL Database Server              | Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server                                                             | :white_check_mark: | Passed :white_check_mark: / Failed :white_check_mark: | Automated |
+|  [4.3.3](bundle/compliance/cis_azure/rules/cis_4_3_3)  | PostgreSQL Database Server              | Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server                                                                | :white_check_mark: |        Passed :white_check_mark: / Failed :x:         | Automated |
+|  [4.3.4](bundle/compliance/cis_azure/rules/cis_4_3_4)  | PostgreSQL Database Server              | Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server                                                             | :white_check_mark: |        Passed :white_check_mark: / Failed :x:         | Automated |
 |  [4.3.5](bundle/compliance/cis_azure/rules/cis_4_3_5)  | PostgreSQL Database Server              | Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server                                                          | :white_check_mark: | Passed :white_check_mark: / Failed :white_check_mark: | Automated |
-|  [4.3.6](bundle/compliance/cis_azure/rules/cis_4_3_6)  | PostgreSQL Database Server              | Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server                                                     | :white_check_mark: | Passed :white_check_mark: / Failed :white_check_mark: | Automated |
-|  [4.3.7](bundle/compliance/cis_azure/rules/cis_4_3_7)  | PostgreSQL Database Server              | Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled                                                                     | :white_check_mark: | Passed :white_check_mark: / Failed :white_check_mark: | Automated |
-|  [4.3.8](bundle/compliance/cis_azure/rules/cis_4_3_8)  | PostgreSQL Database Server              | Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled'                                                                  | :white_check_mark: |        Passed :x: / Failed :white_check_mark:         | Automated |
+|  [4.3.6](bundle/compliance/cis_azure/rules/cis_4_3_6)  | PostgreSQL Database Server              | Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server                                                     | :white_check_mark: |                Passed :x: / Failed :x:                | Automated |
+|  [4.3.7](bundle/compliance/cis_azure/rules/cis_4_3_7)  | PostgreSQL Database Server              | Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled                                                                     | :white_check_mark: |        Passed :white_check_mark: / Failed :x:         | Automated |
+|  [4.3.8](bundle/compliance/cis_azure/rules/cis_4_3_8)  | PostgreSQL Database Server              | Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled'                                                                  | :white_check_mark: |                Passed :x: / Failed :x:                | Automated |
 |  [4.4.1](bundle/compliance/cis_azure/rules/cis_4_4_1)  | MySQL Database                          | Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server                                                                 | :white_check_mark: |                Passed :x: / Failed :x:                | Automated |
 |  [4.4.2](bundle/compliance/cis_azure/rules/cis_4_4_2)  | MySQL Database                          | Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server                                                                            | :white_check_mark: |        Passed :white_check_mark: / Failed :x:         | Automated |
 |                         4.4.3                          | MySQL Database                          | Ensure server parameter 'audit_log_enabled' is set to 'ON' for MySQL Database Server                                                                   |        :x:         |                Passed :x: / Failed :x:                | Manual    |

diff --git a/tests/product/tests/data/azure/azure_database_service_test_cases.py b/tests/product/tests/data/azure/azure_database_service_test_cases.py
@@ -210,17 +210,19 @@
     expected=RULE_PASS_STATUS,
 )
 
-cis_azure_4_3_3_fail = AzureServiceCase(
-    rule_tag=CIS_4_3_3,
-    case_identifier="test-postgresql-single-server-failpgserver",
-    expected=RULE_FAIL_STATUS,
-)
+# TODO: This will be cleaned up in issue https://github.com/elastic/cloudbeat/issues/2544
+# cis_azure_4_3_3_fail = AzureServiceCase(
+#     rule_tag=CIS_4_3_3,
+#     case_identifier="test-postgresql-single-server-failpgserver",
+#     expected=RULE_FAIL_STATUS,
+# )
 
 cis_azure_4_3_3 = {
     """4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for
         PostgreSQL Database Server (Automated) expect: passed""": cis_azure_4_3_3_pass,
-    """4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for
-        PostgreSQL Database Server (Automated) expect: failed""": cis_azure_4_3_3_fail,
+    # TODO: This will be cleaned up in issue https://github.com/elastic/cloudbeat/issues/2544
+    # """4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for
+    #     PostgreSQL Database Server (Automated) expect: failed""": cis_azure_4_3_3_fail,
 }
 
 cis_azure_4_3_4_pass = AzureServiceCase(
@@ -229,24 +231,27 @@
     expected=RULE_PASS_STATUS,
 )
 
-cis_azure_4_3_4_fail = AzureServiceCase(
-    rule_tag=CIS_4_3_4,
-    case_identifier="test-postgresql-single-server-failpgserver",
-    expected=RULE_FAIL_STATUS,
-)
+# TODO: This will be cleaned up in issue https://github.com/elastic/cloudbeat/issues/2544
+# cis_azure_4_3_4_fail = AzureServiceCase(
+#     rule_tag=CIS_4_3_4,
+#     case_identifier="test-postgresql-single-server-failpgserver",
+#     expected=RULE_FAIL_STATUS,
+# )
 
 cis_azure_4_3_4 = {
     """4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for
         PostgreSQL Database Server (Automated) expect: passed""": cis_azure_4_3_4_pass,
-    """4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for
-        PostgreSQL Database Server (Automated) expect: failed""": cis_azure_4_3_4_fail,
+    # TODO: This will be cleaned up in issue https://github.com/elastic/cloudbeat/issues/2544
+    # """4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for
+    #     PostgreSQL Database Server (Automated) expect: failed""": cis_azure_4_3_4_fail,
 }
 
-cis_azure_4_3_5_pass_single_server = AzureServiceCase(
-    rule_tag=CIS_4_3_5,
-    case_identifier="test-postgresql-single-server",
-    expected=RULE_PASS_STATUS,
-)
+# TODO: This will be cleaned up in issue https://github.com/elastic/cloudbeat/issues/2544
+# cis_azure_4_3_5_pass_single_server = AzureServiceCase(
+#     rule_tag=CIS_4_3_5,
+#     case_identifier="test-postgresql-single-server",
+#     expected=RULE_PASS_STATUS,
+# )
 
 cis_azure_4_3_5_fail_single_server = AzureServiceCase(
     rule_tag=CIS_4_3_5,
@@ -267,8 +272,9 @@
 )
 
 cis_azure_4_3_5 = {
-    """4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server
-    (Automated) [SINGLE SERVER] expect: passed""": cis_azure_4_3_5_pass_single_server,
+    # TODO: This will be cleaned up in issue https://github.com/elastic/cloudbeat/issues/2544
+    # """4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server
+    # (Automated) [SINGLE SERVER] expect: passed""": cis_azure_4_3_5_pass_single_server,
     """4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server
     (Automated) [SINGLE SERVER] expect: failed""": cis_azure_4_3_5_fail_single_server,
     """4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server
@@ -277,55 +283,59 @@
     (Automated) [FLEXIBLE SERVER] expect: failed""": cis_azure_4_3_5_fail_flexible_server,
 }
 
-cis_azure_4_3_6_pass = AzureServiceCase(
-    rule_tag=CIS_4_3_6,
-    case_identifier="test-postgresql-single-server",
-    expected=RULE_PASS_STATUS,
-)
+# TODO: This will be cleaned up in issue https://github.com/elastic/cloudbeat/issues/2544
+# cis_azure_4_3_6_pass = AzureServiceCase(
+#     rule_tag=CIS_4_3_6,
+#     case_identifier="test-postgresql-single-server",
+#     expected=RULE_PASS_STATUS,
+# )
 
-cis_azure_4_3_6_fail = AzureServiceCase(
-    rule_tag=CIS_4_3_6,
-    case_identifier="test-postgresql-single-server-failpgserver",
-    expected=RULE_FAIL_STATUS,
-)
+# cis_azure_4_3_6_fail = AzureServiceCase(
+#     rule_tag=CIS_4_3_6,
+#     case_identifier="test-postgresql-single-server-failpgserver",
+#     expected=RULE_FAIL_STATUS,
+# )
 
-cis_azure_4_3_6 = {
-    """4.3.6 Ensure Server Parameter 'log_retention_days' is greater
-        than 3 days for PostgreSQL Database Server (Automated) expect: passed""": cis_azure_4_3_6_pass,
-    """4.3.6 Ensure Server Parameter 'log_retention_days' is greater
-        than 3 days for PostgreSQL Database Server (Automated) expect: failed""": cis_azure_4_3_6_fail,
-}
+# cis_azure_4_3_6 = {
+#     """4.3.6 Ensure Server Parameter 'log_retention_days' is greater
+#         than 3 days for PostgreSQL Database Server (Automated) expect: passed""": cis_azure_4_3_6_pass,
+#     """4.3.6 Ensure Server Parameter 'log_retention_days' is greater
+#         than 3 days for PostgreSQL Database Server (Automated) expect: failed""": cis_azure_4_3_6_fail,
+# }
 
 cis_azure_4_3_7_pass = AzureServiceCase(
     rule_tag=CIS_4_3_7,
     case_identifier="test-pgdb-pass",
     expected=RULE_PASS_STATUS,
 )
 
-cis_azure_4_3_7_fail = AzureServiceCase(
-    rule_tag=CIS_4_3_7,
-    case_identifier="test-postgresql-single-server-failpgserver",
-    expected=RULE_FAIL_STATUS,
-)
+# TODO: This will be cleaned up in issue https://github.com/elastic/cloudbeat/issues/2544
+# cis_azure_4_3_7_fail = AzureServiceCase(
+#     rule_tag=CIS_4_3_7,
+#     case_identifier="test-postgresql-single-server-failpgserver",
+#     expected=RULE_FAIL_STATUS,
+# )
 
 cis_azure_4_3_7 = {
     """4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL
         Database Server is disabled (Automated) expect: passed""": cis_azure_4_3_7_pass,
-    """4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL
-        Database Server is disabled (Automated) expect: failed""": cis_azure_4_3_7_fail,
+    # TODO: This will be cleaned up in issue https://github.com/elastic/cloudbeat/issues/2544
+    # """4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL
+    #     Database Server is disabled (Automated) expect: failed""": cis_azure_4_3_7_fail,
 }
 
-cis_azure_4_3_8_fail = AzureServiceCase(
-    rule_tag=CIS_4_3_8,
-    case_identifier="test-postgresql-single-server-failpgserver",
-    expected=RULE_FAIL_STATUS,
-)
+# TODO: This will be cleaned up in issue https://github.com/elastic/cloudbeat/issues/2544
+# cis_azure_4_3_8_fail = AzureServiceCase(
+#     rule_tag=CIS_4_3_8,
+#     case_identifier="test-postgresql-single-server-failpgserver",
+#     expected=RULE_FAIL_STATUS,
+# )
 
-cis_azure_4_3_8 = {
-    # Can't test this rule passing, motivation: https://github.com/elastic/cloudbeat/pull/1797
-    """4.3.8 Ensure 'Infrastructure double encryption' for PostgreSQL
-        Database Server is 'Enabled' (Automated) expect: failed""": cis_azure_4_3_8_fail,
-}
+# cis_azure_4_3_8 = {
+#     # Can't test this rule passing, motivation: https://github.com/elastic/cloudbeat/pull/1797
+#     """4.3.8 Ensure 'Infrastructure double encryption' for PostgreSQL
+#         Database Server is 'Enabled' (Automated) expect: failed""": cis_azure_4_3_8_fail,
+# }
 
 # 4.4.* Rules ====================================
 
@@ -394,9 +404,9 @@
     **cis_azure_4_3_3,
     **cis_azure_4_3_4,
     **cis_azure_4_3_5,
-    **cis_azure_4_3_6,
+    # **cis_azure_4_3_6,
     **cis_azure_4_3_7,
-    **cis_azure_4_3_8,
+    # **cis_azure_4_3_8,
     # **cis_azure_4_4_1,
     **cis_azure_4_4_2,
     **cis_azure_4_5_1,