Skip to content

Add Unit Tests for cloudtrail_cloudwatch_logging_enabled Check #288

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
prajwal-choudhari-comprinno wants to merge 3 commits into
base: testcases_dev
Choose a base branch
from
Open

Add Unit Tests for cloudtrail_cloudwatch_logging_enabled Check #288

prajwal-choudhari-comprinno wants to merge 3 commits into from

Conversation

@prajwal-choudhari-comprinno
Copy link

@prajwal-choudhari-comprinno prajwal-choudhari-comprinno commented Jun 26, 2025

This PR introduces unit test coverage for the cloudtrail_cloudwatch_logging_enabled check, ensuring its behavior is validated across multiple CloudTrail trail configurations.

Description

These tests confirm the check's response when:

  • No trails exist
  • Trails are configured correctly with CloudWatch logging
  • Trails are missing CloudWatch logging
  • AWS API access fails (ClientError)
  • Added a dedicated test class TestCloudTrailCloudWatchLoggingEnabled

Checklist

License

I confirm that my contribution is made under the terms of the Apache 2.0 license.

aafaq-rashid-comprinno
aafaq-rashid-comprinno reviewed Jul 14, 2025
View reviewed changes
library/aws/tests/cloudtrail/test_cloudtrail_cloudwatch_logging_enabled.py Outdated
)
report = self.check.execute(self.mock_session)
assert report.status == CheckStatus.UNKNOWN
assert report.resource_ids_status[0].summary == "Error retrieving CloudTrail details."
Copy link
Contributor

@aafaq-rashid-comprinno aafaq-rashid-comprinno Jul 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Your test test_cloudwatch_logging_enabled has only the log group ARN but not the role ARN, so it's incorrectly expected to pass.

Add a test case with both compliant and non-compliant trails to validate cumulative status logic (FAILED if any fail).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aafaq-rashid-comprinno aafaq-rashid-comprinno aafaq-rashid-comprinno approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@prajwal-choudhari-comprinno @aafaq-rashid-comprinno