From fa059363c7e06891900569eddc88a2056e00a10d Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Thu, 22 Aug 2024 09:34:39 -0400
Subject: [PATCH] chore(test): improve `iam_root_hardware_mfa_enabled` tests
 (#4835)

Co-authored-by: Sergio Garcia <38561120+sergargar@users.noreply.github.com>
---
 .../iam_root_hardware_mfa_enabled_test.py     | 42 +++++++++++++++----
 1 file changed, 35 insertions(+), 7 deletions(-)

diff --git a/tests/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled_test.py b/tests/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled_test.py
index ebd2923f7e1..f2b39875c25 100644
--- a/tests/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled_test.py
+++ b/tests/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled_test.py
@@ -1,4 +1,3 @@
-from re import search
 from unittest import mock
 
 from tests.providers.aws.utils import (
@@ -46,12 +45,14 @@ def test_root_virtual_mfa_enabled(self):
 
             check = iam_root_hardware_mfa_enabled()
             result = check.execute()
+            assert len(result) == 1
             assert result[0].status == "FAIL"
-            assert search(
-                "Root account has a virtual MFA instead of a hardware MFA device enabled.",
-                result[0].status_extended,
+            assert (
+                result[0].status_extended
+                == "Root account has a virtual MFA instead of a hardware MFA device enabled."
             )
             assert result[0].resource_id == "<root_account>"
+            assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:mfa"
 
     def test_root_hardware_mfa_enabled(self):
         iam_client = mock.MagicMock
@@ -78,9 +79,36 @@ def test_root_hardware_mfa_enabled(self):
 
             check = iam_root_hardware_mfa_enabled()
             result = check.execute()
+            assert len(result) == 1
             assert result[0].status == "PASS"
-            assert search(
-                "Root account has a hardware MFA device enabled.",
-                result[0].status_extended,
+            assert (
+                result[0].status_extended
+                == "Root account has a hardware MFA device enabled."
             )
             assert result[0].resource_id == "<root_account>"
+            assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:mfa"
+
+    def test_root_hardware_mfa_enabled_none_summary(self):
+        iam_client = mock.MagicMock
+        iam_client.account_summary = None
+        iam_client.virtual_mfa_devices = []
+        iam_client.audited_partition = "aws"
+        iam_client.region = AWS_REGION_US_EAST_1
+        iam_client.mfa_arn_template = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:mfa"
+
+        aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
+
+        with mock.patch(
+            "prowler.providers.common.provider.Provider.get_global_provider",
+            return_value=aws_provider,
+        ), mock.patch(
+            "prowler.providers.aws.services.iam.iam_root_hardware_mfa_enabled.iam_root_hardware_mfa_enabled.iam_client",
+            new=iam_client,
+        ):
+            from prowler.providers.aws.services.iam.iam_root_hardware_mfa_enabled.iam_root_hardware_mfa_enabled import (
+                iam_root_hardware_mfa_enabled,
+            )
+
+            check = iam_root_hardware_mfa_enabled()
+            result = check.execute()
+            assert len(result) == 0