Test apigateway rest api client certificate enabled#305
Conversation
…ation-for-tevico-community
…ation-for-tevico-community
…ation-for-tevico-community
…ation-for-tevico-community
…ation-for-tevico-community
…ation-for-tevico-community
feat+fix: updated checks
feat: checks refactored and updated
Report changes
Dev to Main: (feat: masked access key IDs in report summaries)
| self.mock_apigw = MagicMock() | ||
| self.mock_session.client.return_value = self.mock_apigw | ||
|
|
||
| @patch("boto3.Session.client") |
There was a problem hiding this comment.
@patch("boto3.Session.client") is unnecessary since you're already mocking session.client directly in setup_method.
| assert report.resource_ids_status == [] | ||
|
|
||
| @patch("boto3.Session.client") | ||
| def test_waf_acl_attached(self, mock_client): |
There was a problem hiding this comment.
You are mocking get_rest_api, but the real check uses get_stages().
| @patch("boto3.Session.client") | ||
| def test_waf_acl_attached(self, mock_client): | ||
| """Test when all REST APIs have WAF ACL attached.""" | ||
| self.mock_apigw.get_rest_apis.return_value = { |
There was a problem hiding this comment.
This test does not validate WAF attachment logic and always returns FAILED.
There was a problem hiding this comment.
Validates that the check correctly detects WAF ACL attachment at stage level and returns PASSED when the required tag is present.
| self.mock_apigw.get_rest_apis.side_effect = ClientError({"Error": {"Code": "AccessDenied"}}, "GetRestApis") | ||
| report = self.check.execute(self.mock_session) | ||
| assert report.status == CheckStatus.UNKNOWN | ||
| assert report.resource_ids_status[0].summary |
There was a problem hiding this comment.
Correct mocking target (get_stages)
Add realistic mock returns for WAF presence/absence
Improve assertions to include summary text
Add missing cases (exception on get_stages, no stages)
…tation-for-tevico-community
…ion-create-github-pages-documentation-for-tevico-community 76 documentation create GitHub pages documentation for tevico community
…tevico-community'
| assert report.status == CheckStatus.UNKNOWN | ||
| assert len(report.resource_ids_status) == 1 | ||
| assert report.resource_ids_status[0].status == CheckStatus.UNKNOWN | ||
| assert "API Gateway listing error." in report.resource_ids_status[0].summary |
There was a problem hiding this comment.
- Pagination Test – Simulate two pages of REST APIs using position.
- Missing stageName – Stage object without stageName key.
- Assert exception message – In both get_stages and get_rest_apis error scenarios.
There was a problem hiding this comment.
Addressed pagination handling via position, covered missing stageName case based on actual check logic (where clientCertificateId drives pass/fail), and asserted that exception messages are captured in resource_ids_status for both get_stages and get_rest_apis.
4 participants
Context
Adding unit tests for the
apigateway_rest_api_client_certificate_enabledcheck to validate its correctness across different API Gateway scenarios. Ensures that the check behaves as expected and improves confidence during future modifications or refactoring.Description
This PR adds a new test suite
test_apigateway_rest_api_client_certificate_enabled.pyto verify the behavior of the check in various conditions:ClientError(check status is unknown)Mocks are used to simulate the AWS API responses from the
apigatewayclient.No external dependencies added.
Covers both positive and negative test scenarios.
Checklist
License
I confirm that my contribution is made under the terms of the Apache 2.0 license.