moto/tests/test_guardduty/test_guardduty.py

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

146 lines
4.4 KiB
Python
Raw Permalink Normal View History

2021-12-07 12:10:43 +00:00
import boto3
2022-05-27 10:28:08 +00:00
import pytest
from botocore.exceptions import ClientError
2024-01-07 12:03:33 +00:00
from moto import mock_aws
2021-12-07 12:10:43 +00:00
2024-01-07 12:03:33 +00:00
@mock_aws
2021-12-07 12:10:43 +00:00
def test_create_detector():
client = boto3.client("guardduty", region_name="us-east-1")
response = client.create_detector(
Enable=True,
ClientToken="745645734574758463758",
FindingPublishingFrequency="ONE_HOUR",
DataSources={"S3Logs": {"Enable": True}},
Tags={},
)
assert "DetectorId" in response
assert response["DetectorId"] is not None
2021-12-07 12:10:43 +00:00
2024-01-07 12:03:33 +00:00
@mock_aws
2021-12-07 12:10:43 +00:00
def test_create_detector_with_minimal_params():
client = boto3.client("guardduty", region_name="us-east-1")
response = client.create_detector(Enable=True)
assert "DetectorId" in response
assert response["DetectorId"] is not None
2021-12-07 12:10:43 +00:00
2024-01-07 12:03:33 +00:00
@mock_aws
2022-05-27 10:28:08 +00:00
def test_get_detector_with_s3():
client = boto3.client("guardduty", region_name="us-east-1")
detector_id = client.create_detector(
Enable=True,
ClientToken="745645734574758463758",
FindingPublishingFrequency="ONE_HOUR",
DataSources={"S3Logs": {"Enable": True}},
Tags={},
)["DetectorId"]
resp = client.get_detector(DetectorId=detector_id)
assert resp["FindingPublishingFrequency"] == "ONE_HOUR"
assert resp["DataSources"]["S3Logs"] == {"Status": "ENABLED"}
assert "CreatedAt" in resp
2022-05-27 10:28:08 +00:00
2024-01-07 12:03:33 +00:00
@mock_aws
2022-05-27 10:28:08 +00:00
def test_get_detector_with_all_data_sources():
client = boto3.client("guardduty", region_name="us-east-1")
detector_id = client.create_detector(
Enable=True,
ClientToken="745645734574758463758",
FindingPublishingFrequency="ONE_HOUR",
DataSources={
"S3Logs": {"Enable": True},
"Kubernetes": {"AuditLogs": {"Enable": True}},
},
Tags={},
)["DetectorId"]
resp = client.get_detector(DetectorId=detector_id)
assert resp["FindingPublishingFrequency"] == "ONE_HOUR"
assert resp["DataSources"]["S3Logs"] == {"Status": "ENABLED"}
assert resp["DataSources"]["Kubernetes"]["AuditLogs"] == {"Status": "ENABLED"}
assert "CreatedAt" in resp
2022-05-27 10:28:08 +00:00
2024-01-07 12:03:33 +00:00
@mock_aws
2022-05-27 10:28:08 +00:00
def test_update_detector():
client = boto3.client("guardduty", region_name="us-east-1")
detector_id = client.create_detector(
Enable=True,
ClientToken="745645734574758463758",
FindingPublishingFrequency="ONE_HOUR",
Tags={},
)["DetectorId"]
client.update_detector(
DetectorId=detector_id,
Enable=False,
FindingPublishingFrequency="SIX_HOURS",
DataSources={
"S3Logs": {"Enable": True},
"Kubernetes": {"AuditLogs": {"Enable": False}},
},
)
resp = client.get_detector(DetectorId=detector_id)
assert resp["FindingPublishingFrequency"] == "SIX_HOURS"
assert resp["DataSources"]["S3Logs"] == {"Status": "ENABLED"}
assert resp["DataSources"]["Kubernetes"]["AuditLogs"] == {"Status": "DISABLED"}
2022-05-27 10:28:08 +00:00
2024-01-07 12:03:33 +00:00
@mock_aws
2021-12-07 12:10:43 +00:00
def test_list_detectors_initial():
client = boto3.client("guardduty", region_name="us-east-1")
response = client.list_detectors()
assert response["DetectorIds"] == []
2021-12-07 12:10:43 +00:00
2024-01-07 12:03:33 +00:00
@mock_aws
2021-12-07 12:10:43 +00:00
def test_list_detectors():
client = boto3.client("guardduty", region_name="us-east-1")
d1 = client.create_detector(
Enable=True,
ClientToken="745645734574758463758",
FindingPublishingFrequency="ONE_HOUR",
DataSources={"S3Logs": {"Enable": True}},
Tags={},
)["DetectorId"]
d2 = client.create_detector(Enable=False)["DetectorId"]
response = client.list_detectors()
assert set(response["DetectorIds"]) == {d1, d2}
2022-05-27 10:28:08 +00:00
2024-01-07 12:03:33 +00:00
@mock_aws
2022-05-27 10:28:08 +00:00
def test_delete_detector():
client = boto3.client("guardduty", region_name="us-east-1")
detector_id = client.create_detector(
Enable=True,
ClientToken="745645734574758463758",
FindingPublishingFrequency="ONE_HOUR",
DataSources={
"S3Logs": {"Enable": True},
"Kubernetes": {"AuditLogs": {"Enable": True}},
},
Tags={},
)["DetectorId"]
client.get_detector(DetectorId=detector_id)
client.delete_detector(DetectorId=detector_id)
with pytest.raises(ClientError) as exc:
client.get_detector(DetectorId=detector_id)
err = exc.value.response["Error"]
assert err["Code"] == "BadRequestException"
assert (
err["Message"]
== "The request is rejected because the input detectorId is not owned by the current account."
2022-05-27 10:28:08 +00:00
)
assert client.list_detectors()["DetectorIds"] == []