prowler-cloud · MarioRgzLpz · Dec 27, 2024 · Dec 27, 2024 · Jan 3, 2025
@@ -0,0 +1,4 @@
+from prowler.providers.common.provider import Provider
+from prowler.providers.microsoft365.services.entra.entra_service import Entra
+
+entra_client = Entra(Provider.get_global_provider())
@@ -0,0 +1,61 @@
+from asyncio import gather, get_event_loop
+from typing import Optional
+
+from msgraph.generated.models.default_user_role_permissions import (
+    DefaultUserRolePermissions,
+)
+from pydantic import BaseModel
+
+from prowler.lib.logger import logger
+from prowler.providers.microsoft365.lib.service.service import Microsoft365Service
+from prowler.providers.microsoft365.microsoft365_provider import Microsoft365Provider
+
+
+class Entra(Microsoft365Service):
+    def __init__(self, provider: Microsoft365Provider):
+        super().__init__(provider)
+
+        loop = get_event_loop()
+
+        attributes = loop.run_until_complete(
+            gather(
+                self._get_authorization_policy(),
+            )
+        )
+
+        self.authorization_policy = attributes[0]
+
+    async def _get_authorization_policy(self):
+        logger.info("Entra - Getting authorization policy...")
+
+        authorization_policy = {}
+        try:
+            auth_policy = await self.client.policies.authorization_policy.get()
+            authorization_policy.update(
+                {
+                    auth_policy.id: AuthorizationPolicy(
+                        id=auth_policy.id,
+                        name=auth_policy.display_name,
+                        description=auth_policy.description,
+                        default_user_role_permissions=getattr(
+                            auth_policy, "default_user_role_permissions", None
+                        ),
+                    )
+                }
+            )
+        except Exception as error:
+            logger.error(
+                f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+            )
+
+        return authorization_policy
+
+
+class AuthorizationPolicy(BaseModel):
+    id: str
+    name: str
+    description: str
+    default_user_role_permissions: Optional[DefaultUserRolePermissions]
+
+    class Config:
+        arbitrary_types_allowed = True
@@ -0,0 +1,45 @@
+from unittest.mock import patch
+
+from prowler.providers.microsoft365.models import Microsoft365IdentityInfo
+from prowler.providers.microsoft365.services.entra.entra_service import (
+    AuthorizationPolicy,
+    Entra,
+)
+from tests.providers.microsoft365.microsoft365_fixtures import (
+    DOMAIN,
+    set_mocked_microsoft365_provider,
+)
+
+
+async def mock_entra_get_authorization_policy(_):
+    return {
+        "id-1": AuthorizationPolicy(
+            id="id-1",
+            name="Name 1",
+            description="Description 1",
+            default_user_role_permissions=None,
+        )
+    }
+
+
+@patch(
+    "prowler.providers.microsoft365.services.entra.entra_service.Entra._get_authorization_policy",
+    new=mock_entra_get_authorization_policy,
+)
+class Test_Entra_Service:
+    def test_get_client(self):
+        admincenter_client = Entra(
+            set_mocked_microsoft365_provider(
+                identity=Microsoft365IdentityInfo(tenant_domain=DOMAIN)
+            )
+        )
+        assert admincenter_client.client.__class__.__name__ == "GraphServiceClient"
+
+    def test_get_authorization_policy(self):
+        entra_client = Entra(set_mocked_microsoft365_provider())
+        assert entra_client.authorization_policy["id-1"].id == "id-1"
+        assert entra_client.authorization_policy["id-1"].name == "Name 1"
+        assert entra_client.authorization_policy["id-1"].description == "Description 1"
+        assert not entra_client.authorization_policy[
+            "id-1"
+        ].default_user_role_permissions