moto/tests/test_guardduty/test_guardduty.py

import boto3
import pytest
import sure  # noqa # pylint: disable=unused-import

from botocore.exceptions import ClientError
from moto import mock_guardduty


@mock_guardduty
def test_create_detector():
    client = boto3.client("guardduty", region_name="us-east-1")
    response = client.create_detector(
        Enable=True,
        ClientToken="745645734574758463758",
        FindingPublishingFrequency="ONE_HOUR",
        DataSources={"S3Logs": {"Enable": True}},
        Tags={},
    )
    response.should.have.key("DetectorId")
    response["DetectorId"].shouldnt.equal(None)


@mock_guardduty
def test_create_detector_with_minimal_params():
    client = boto3.client("guardduty", region_name="us-east-1")
    response = client.create_detector(Enable=True)
    response.should.have.key("DetectorId")
    response["DetectorId"].shouldnt.equal(None)


@mock_guardduty
def test_get_detector_with_s3():
    client = boto3.client("guardduty", region_name="us-east-1")
    detector_id = client.create_detector(
        Enable=True,
        ClientToken="745645734574758463758",
        FindingPublishingFrequency="ONE_HOUR",
        DataSources={"S3Logs": {"Enable": True}},
        Tags={},
    )["DetectorId"]

    resp = client.get_detector(DetectorId=detector_id)
    resp.should.have.key("FindingPublishingFrequency").equals("ONE_HOUR")
    resp.should.have.key("DataSources")
    resp["DataSources"].should.have.key("S3Logs").equals({"Status": "ENABLED"})
    resp.should.have.key("CreatedAt")


@mock_guardduty
def test_get_detector_with_all_data_sources():
    client = boto3.client("guardduty", region_name="us-east-1")
    detector_id = client.create_detector(
        Enable=True,
        ClientToken="745645734574758463758",
        FindingPublishingFrequency="ONE_HOUR",
        DataSources={
            "S3Logs": {"Enable": True},
            "Kubernetes": {"AuditLogs": {"Enable": True}},
        },
        Tags={},
    )["DetectorId"]

    resp = client.get_detector(DetectorId=detector_id)
    resp.should.have.key("FindingPublishingFrequency").equals("ONE_HOUR")
    resp.should.have.key("DataSources")
    resp["DataSources"].should.have.key("S3Logs").equals({"Status": "ENABLED"})
    resp["DataSources"].should.have.key("Kubernetes")
    resp["DataSources"]["Kubernetes"].should.have.key("AuditLogs").equals(
        {"Status": "ENABLED"}
    )
    resp.should.have.key("CreatedAt")


@mock_guardduty
def test_update_detector():
    client = boto3.client("guardduty", region_name="us-east-1")
    detector_id = client.create_detector(
        Enable=True,
        ClientToken="745645734574758463758",
        FindingPublishingFrequency="ONE_HOUR",
        Tags={},
    )["DetectorId"]

    client.update_detector(
        DetectorId=detector_id,
        Enable=False,
        FindingPublishingFrequency="SIX_HOURS",
        DataSources={
            "S3Logs": {"Enable": True},
            "Kubernetes": {"AuditLogs": {"Enable": False}},
        },
    )

    resp = client.get_detector(DetectorId=detector_id)
    resp.should.have.key("FindingPublishingFrequency").equals("SIX_HOURS")
    resp.should.have.key("DataSources")
    resp["DataSources"].should.have.key("S3Logs").equals({"Status": "ENABLED"})
    resp["DataSources"].should.have.key("Kubernetes")
    resp["DataSources"]["Kubernetes"].should.have.key("AuditLogs").equals(
        {"Status": "DISABLED"}
    )


@mock_guardduty
def test_list_detectors_initial():
    client = boto3.client("guardduty", region_name="us-east-1")

    response = client.list_detectors()
    response.should.have.key("DetectorIds").equals([])


@mock_guardduty
def test_list_detectors():
    client = boto3.client("guardduty", region_name="us-east-1")
    d1 = client.create_detector(
        Enable=True,
        ClientToken="745645734574758463758",
        FindingPublishingFrequency="ONE_HOUR",
        DataSources={"S3Logs": {"Enable": True}},
        Tags={},
    )["DetectorId"]
    d2 = client.create_detector(Enable=False)["DetectorId"]

    response = client.list_detectors()
    response.should.have.key("DetectorIds")
    set(response["DetectorIds"]).should.equal({d1, d2})


@mock_guardduty
def test_delete_detector():
    client = boto3.client("guardduty", region_name="us-east-1")
    detector_id = client.create_detector(
        Enable=True,
        ClientToken="745645734574758463758",
        FindingPublishingFrequency="ONE_HOUR",
        DataSources={
            "S3Logs": {"Enable": True},
            "Kubernetes": {"AuditLogs": {"Enable": True}},
        },
        Tags={},
    )["DetectorId"]

    client.get_detector(DetectorId=detector_id)

    client.delete_detector(DetectorId=detector_id)

    with pytest.raises(ClientError) as exc:
        client.get_detector(DetectorId=detector_id)
    err = exc.value.response["Error"]
    err["Code"].should.equal("BadRequestException")
    err["Message"].should.equal(
        "The request is rejected because the input detectorId is not owned by the current account."
    )

    client.list_detectors().should.have.key("DetectorIds").equals([])
Feature: Guardduty (#4667) 2021-12-07 11:10:43 -01:00			`import boto3`
GuardDuty - additional methods (#5175) 2022-05-27 10:28:08 +00:00			`import pytest`
Feature: Guardduty (#4667) 2021-12-07 11:10:43 -01:00			`import sure # noqa # pylint: disable=unused-import`

GuardDuty - additional methods (#5175) 2022-05-27 10:28:08 +00:00			`from botocore.exceptions import ClientError`
Feature: Guardduty (#4667) 2021-12-07 11:10:43 -01:00			`from moto import mock_guardduty`


			`@mock_guardduty`
			`def test_create_detector():`
			`client = boto3.client("guardduty", region_name="us-east-1")`
			`response = client.create_detector(`
			`Enable=True,`
			`ClientToken="745645734574758463758",`
			`FindingPublishingFrequency="ONE_HOUR",`
			`DataSources={"S3Logs": {"Enable": True}},`
			`Tags={},`
			`)`
			`response.should.have.key("DetectorId")`
			`response["DetectorId"].shouldnt.equal(None)`


			`@mock_guardduty`
			`def test_create_detector_with_minimal_params():`
			`client = boto3.client("guardduty", region_name="us-east-1")`
			`response = client.create_detector(Enable=True)`
			`response.should.have.key("DetectorId")`
			`response["DetectorId"].shouldnt.equal(None)`


GuardDuty - additional methods (#5175) 2022-05-27 10:28:08 +00:00			`@mock_guardduty`
			`def test_get_detector_with_s3():`
			`client = boto3.client("guardduty", region_name="us-east-1")`
			`detector_id = client.create_detector(`
			`Enable=True,`
			`ClientToken="745645734574758463758",`
			`FindingPublishingFrequency="ONE_HOUR",`
			`DataSources={"S3Logs": {"Enable": True}},`
			`Tags={},`
			`)["DetectorId"]`

			`resp = client.get_detector(DetectorId=detector_id)`
			`resp.should.have.key("FindingPublishingFrequency").equals("ONE_HOUR")`
			`resp.should.have.key("DataSources")`
			`resp["DataSources"].should.have.key("S3Logs").equals({"Status": "ENABLED"})`
			`resp.should.have.key("CreatedAt")`


			`@mock_guardduty`
			`def test_get_detector_with_all_data_sources():`
			`client = boto3.client("guardduty", region_name="us-east-1")`
			`detector_id = client.create_detector(`
			`Enable=True,`
			`ClientToken="745645734574758463758",`
			`FindingPublishingFrequency="ONE_HOUR",`
			`DataSources={`
			`"S3Logs": {"Enable": True},`
			`"Kubernetes": {"AuditLogs": {"Enable": True}},`
			`},`
			`Tags={},`
			`)["DetectorId"]`

			`resp = client.get_detector(DetectorId=detector_id)`
			`resp.should.have.key("FindingPublishingFrequency").equals("ONE_HOUR")`
			`resp.should.have.key("DataSources")`
			`resp["DataSources"].should.have.key("S3Logs").equals({"Status": "ENABLED"})`
			`resp["DataSources"].should.have.key("Kubernetes")`
			`resp["DataSources"]["Kubernetes"].should.have.key("AuditLogs").equals(`
			`{"Status": "ENABLED"}`
			`)`
			`resp.should.have.key("CreatedAt")`


			`@mock_guardduty`
			`def test_update_detector():`
			`client = boto3.client("guardduty", region_name="us-east-1")`
			`detector_id = client.create_detector(`
			`Enable=True,`
			`ClientToken="745645734574758463758",`
			`FindingPublishingFrequency="ONE_HOUR",`
			`Tags={},`
			`)["DetectorId"]`

			`client.update_detector(`
			`DetectorId=detector_id,`
			`Enable=False,`
			`FindingPublishingFrequency="SIX_HOURS",`
			`DataSources={`
			`"S3Logs": {"Enable": True},`
			`"Kubernetes": {"AuditLogs": {"Enable": False}},`
			`},`
			`)`

			`resp = client.get_detector(DetectorId=detector_id)`
			`resp.should.have.key("FindingPublishingFrequency").equals("SIX_HOURS")`
			`resp.should.have.key("DataSources")`
			`resp["DataSources"].should.have.key("S3Logs").equals({"Status": "ENABLED"})`
			`resp["DataSources"].should.have.key("Kubernetes")`
			`resp["DataSources"]["Kubernetes"].should.have.key("AuditLogs").equals(`
			`{"Status": "DISABLED"}`
			`)`


Feature: Guardduty (#4667) 2021-12-07 11:10:43 -01:00			`@mock_guardduty`
			`def test_list_detectors_initial():`
			`client = boto3.client("guardduty", region_name="us-east-1")`

			`response = client.list_detectors()`
			`response.should.have.key("DetectorIds").equals([])`


			`@mock_guardduty`
			`def test_list_detectors():`
			`client = boto3.client("guardduty", region_name="us-east-1")`
			`d1 = client.create_detector(`
			`Enable=True,`
			`ClientToken="745645734574758463758",`
			`FindingPublishingFrequency="ONE_HOUR",`
			`DataSources={"S3Logs": {"Enable": True}},`
			`Tags={},`
			`)["DetectorId"]`
Update Black + formatting (#4926) 2022-03-10 13:39:59 -01:00			`d2 = client.create_detector(Enable=False)["DetectorId"]`
Feature: Guardduty (#4667) 2021-12-07 11:10:43 -01:00
			`response = client.list_detectors()`
			`response.should.have.key("DetectorIds")`
			`set(response["DetectorIds"]).should.equal({d1, d2})`
GuardDuty - additional methods (#5175) 2022-05-27 10:28:08 +00:00

			`@mock_guardduty`
			`def test_delete_detector():`
			`client = boto3.client("guardduty", region_name="us-east-1")`
			`detector_id = client.create_detector(`
			`Enable=True,`
			`ClientToken="745645734574758463758",`
			`FindingPublishingFrequency="ONE_HOUR",`
			`DataSources={`
			`"S3Logs": {"Enable": True},`
			`"Kubernetes": {"AuditLogs": {"Enable": True}},`
			`},`
			`Tags={},`
			`)["DetectorId"]`

			`client.get_detector(DetectorId=detector_id)`

			`client.delete_detector(DetectorId=detector_id)`

			`with pytest.raises(ClientError) as exc:`
			`client.get_detector(DetectorId=detector_id)`
			`err = exc.value.response["Error"]`
			`err["Code"].should.equal("BadRequestException")`
			`err["Message"].should.equal(`
			`"The request is rejected because the input detectorId is not owned by the current account."`
			`)`

			`client.list_detectors().should.have.key("DetectorIds").equals([])`