2021-12-07 12:10:43 +00:00
|
|
|
import boto3
|
2022-05-27 10:28:08 +00:00
|
|
|
import pytest
|
|
|
|
from botocore.exceptions import ClientError
|
2023-11-30 15:55:51 +00:00
|
|
|
|
2021-12-07 12:10:43 +00:00
|
|
|
from moto import mock_guardduty
|
|
|
|
|
|
|
|
|
|
|
|
@mock_guardduty
|
|
|
|
def test_create_detector():
|
|
|
|
client = boto3.client("guardduty", region_name="us-east-1")
|
|
|
|
response = client.create_detector(
|
|
|
|
Enable=True,
|
|
|
|
ClientToken="745645734574758463758",
|
|
|
|
FindingPublishingFrequency="ONE_HOUR",
|
|
|
|
DataSources={"S3Logs": {"Enable": True}},
|
|
|
|
Tags={},
|
|
|
|
)
|
2023-07-29 23:04:49 +00:00
|
|
|
assert "DetectorId" in response
|
|
|
|
assert response["DetectorId"] is not None
|
2021-12-07 12:10:43 +00:00
|
|
|
|
|
|
|
|
|
|
|
@mock_guardduty
|
|
|
|
def test_create_detector_with_minimal_params():
|
|
|
|
client = boto3.client("guardduty", region_name="us-east-1")
|
|
|
|
response = client.create_detector(Enable=True)
|
2023-07-29 23:04:49 +00:00
|
|
|
assert "DetectorId" in response
|
|
|
|
assert response["DetectorId"] is not None
|
2021-12-07 12:10:43 +00:00
|
|
|
|
|
|
|
|
2022-05-27 10:28:08 +00:00
|
|
|
@mock_guardduty
|
|
|
|
def test_get_detector_with_s3():
|
|
|
|
client = boto3.client("guardduty", region_name="us-east-1")
|
|
|
|
detector_id = client.create_detector(
|
|
|
|
Enable=True,
|
|
|
|
ClientToken="745645734574758463758",
|
|
|
|
FindingPublishingFrequency="ONE_HOUR",
|
|
|
|
DataSources={"S3Logs": {"Enable": True}},
|
|
|
|
Tags={},
|
|
|
|
)["DetectorId"]
|
|
|
|
|
|
|
|
resp = client.get_detector(DetectorId=detector_id)
|
2023-07-29 23:04:49 +00:00
|
|
|
assert resp["FindingPublishingFrequency"] == "ONE_HOUR"
|
|
|
|
assert resp["DataSources"]["S3Logs"] == {"Status": "ENABLED"}
|
|
|
|
assert "CreatedAt" in resp
|
2022-05-27 10:28:08 +00:00
|
|
|
|
|
|
|
|
|
|
|
@mock_guardduty
|
|
|
|
def test_get_detector_with_all_data_sources():
|
|
|
|
client = boto3.client("guardduty", region_name="us-east-1")
|
|
|
|
detector_id = client.create_detector(
|
|
|
|
Enable=True,
|
|
|
|
ClientToken="745645734574758463758",
|
|
|
|
FindingPublishingFrequency="ONE_HOUR",
|
|
|
|
DataSources={
|
|
|
|
"S3Logs": {"Enable": True},
|
|
|
|
"Kubernetes": {"AuditLogs": {"Enable": True}},
|
|
|
|
},
|
|
|
|
Tags={},
|
|
|
|
)["DetectorId"]
|
|
|
|
|
|
|
|
resp = client.get_detector(DetectorId=detector_id)
|
2023-07-29 23:04:49 +00:00
|
|
|
assert resp["FindingPublishingFrequency"] == "ONE_HOUR"
|
|
|
|
assert resp["DataSources"]["S3Logs"] == {"Status": "ENABLED"}
|
|
|
|
assert resp["DataSources"]["Kubernetes"]["AuditLogs"] == {"Status": "ENABLED"}
|
|
|
|
assert "CreatedAt" in resp
|
2022-05-27 10:28:08 +00:00
|
|
|
|
|
|
|
|
|
|
|
@mock_guardduty
|
|
|
|
def test_update_detector():
|
|
|
|
client = boto3.client("guardduty", region_name="us-east-1")
|
|
|
|
detector_id = client.create_detector(
|
|
|
|
Enable=True,
|
|
|
|
ClientToken="745645734574758463758",
|
|
|
|
FindingPublishingFrequency="ONE_HOUR",
|
|
|
|
Tags={},
|
|
|
|
)["DetectorId"]
|
|
|
|
|
|
|
|
client.update_detector(
|
|
|
|
DetectorId=detector_id,
|
|
|
|
Enable=False,
|
|
|
|
FindingPublishingFrequency="SIX_HOURS",
|
|
|
|
DataSources={
|
|
|
|
"S3Logs": {"Enable": True},
|
|
|
|
"Kubernetes": {"AuditLogs": {"Enable": False}},
|
|
|
|
},
|
|
|
|
)
|
|
|
|
|
|
|
|
resp = client.get_detector(DetectorId=detector_id)
|
2023-07-29 23:04:49 +00:00
|
|
|
assert resp["FindingPublishingFrequency"] == "SIX_HOURS"
|
|
|
|
assert resp["DataSources"]["S3Logs"] == {"Status": "ENABLED"}
|
|
|
|
assert resp["DataSources"]["Kubernetes"]["AuditLogs"] == {"Status": "DISABLED"}
|
2022-05-27 10:28:08 +00:00
|
|
|
|
|
|
|
|
2021-12-07 12:10:43 +00:00
|
|
|
@mock_guardduty
|
|
|
|
def test_list_detectors_initial():
|
|
|
|
client = boto3.client("guardduty", region_name="us-east-1")
|
|
|
|
|
|
|
|
response = client.list_detectors()
|
2023-07-29 23:04:49 +00:00
|
|
|
assert response["DetectorIds"] == []
|
2021-12-07 12:10:43 +00:00
|
|
|
|
|
|
|
|
|
|
|
@mock_guardduty
|
|
|
|
def test_list_detectors():
|
|
|
|
client = boto3.client("guardduty", region_name="us-east-1")
|
|
|
|
d1 = client.create_detector(
|
|
|
|
Enable=True,
|
|
|
|
ClientToken="745645734574758463758",
|
|
|
|
FindingPublishingFrequency="ONE_HOUR",
|
|
|
|
DataSources={"S3Logs": {"Enable": True}},
|
|
|
|
Tags={},
|
|
|
|
)["DetectorId"]
|
|
|
|
d2 = client.create_detector(Enable=False)["DetectorId"]
|
|
|
|
|
|
|
|
response = client.list_detectors()
|
2023-07-29 23:04:49 +00:00
|
|
|
assert set(response["DetectorIds"]) == {d1, d2}
|
2022-05-27 10:28:08 +00:00
|
|
|
|
|
|
|
|
|
|
|
@mock_guardduty
|
|
|
|
def test_delete_detector():
|
|
|
|
client = boto3.client("guardduty", region_name="us-east-1")
|
|
|
|
detector_id = client.create_detector(
|
|
|
|
Enable=True,
|
|
|
|
ClientToken="745645734574758463758",
|
|
|
|
FindingPublishingFrequency="ONE_HOUR",
|
|
|
|
DataSources={
|
|
|
|
"S3Logs": {"Enable": True},
|
|
|
|
"Kubernetes": {"AuditLogs": {"Enable": True}},
|
|
|
|
},
|
|
|
|
Tags={},
|
|
|
|
)["DetectorId"]
|
|
|
|
|
|
|
|
client.get_detector(DetectorId=detector_id)
|
|
|
|
|
|
|
|
client.delete_detector(DetectorId=detector_id)
|
|
|
|
|
|
|
|
with pytest.raises(ClientError) as exc:
|
|
|
|
client.get_detector(DetectorId=detector_id)
|
|
|
|
err = exc.value.response["Error"]
|
2023-07-29 23:04:49 +00:00
|
|
|
assert err["Code"] == "BadRequestException"
|
|
|
|
assert (
|
|
|
|
err["Message"]
|
|
|
|
== "The request is rejected because the input detectorId is not owned by the current account."
|
2022-05-27 10:28:08 +00:00
|
|
|
)
|
|
|
|
|
2023-07-29 23:04:49 +00:00
|
|
|
assert client.list_detectors()["DetectorIds"] == []
|