Skip to content

Add Unit Tests for cloudfront_access_logging_enabled Check #302

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
prajwal-choudhari-comprinno wants to merge 2 commits into
base: testcases_dev
Choose a base branch
from
Open

Add Unit Tests for cloudfront_access_logging_enabled Check #302

prajwal-choudhari-comprinno wants to merge 2 commits into from

Conversation

@prajwal-choudhari-comprinno
Copy link

@prajwal-choudhari-comprinno prajwal-choudhari-comprinno commented Jun 27, 2025

This PR adds unit tests for the cloudfront_access_logging_enabled check. It covers different scenarios to ensure the check behaves correctly for CloudFront distributions.

Test Cases Included:

No distributions present
Access logging is enabled
Access logging disabled
Client error from AWS
File Added:
library/aws/tests/cloudfront/test_cloudfront_access_logging_enabled.py

aafaq-rashid-comprinno
aafaq-rashid-comprinno reviewed Jul 15, 2025
View reviewed changes
library/aws/tests/cloudfront/test_cloudfront_access_logging_enabled.py
"""Test error handling when a ClientError occurs."""
self.mock_cf.list_distributions.side_effect = ClientError({"Error": {"Code": "AccessDenied"}}, "ListDistributions")
report = self.check.execute(self.mock_session)
assert report.status == CheckStatus.UNKNOWN
Copy link
Contributor

@aafaq-rashid-comprinno aafaq-rashid-comprinno Jul 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. ❌ Missing Test Case for RealtimeLogConfigArn Enabled

    • The implementation checks if either Logging.Enabled or RealtimeLogConfigArn is present.

    • Missing test where:

      • Logging.Enabled = False

      • RealtimeLogConfigArn is set
        ➤ This path is untested and may introduce blind spots.

  1. ⚠️ No Test Case for Exception in get_distribution_config

    • You handle exceptions in get_distribution_config() (per distribution), but no test simulates a failure at this level.
      ➤ Add a test to mock exception only for get_distribution_config.

  1. ⚠️ ClientError Test Only Covers list_distributions

    • While the ClientError is tested for list_distributions, there’s no test where get_distribution_config raises ClientError for one distribution.
      ➤ Add test for error during config fetch per distribution.

  1. ⚠️ Missing Mixed Scenario Test

    • No test checks for mixed results (e.g., one distribution with logging, one without).
      ➤ This is important to confirm how report.status behaves when some distributions pass and others fail.

✅ Improvements to Make

Issue Suggested Improvement
Missing Realtime log check Add a test where RealtimeLogConfigArn is enabled and legacy logging is disabled
No partial failure test Add a test where get_distribution_config fails for one distribution
Only one error type tested Add ClientError or general exception test for get_distribution_config
No mixed outcome Add test with multiple distributions with mixed logging states

Copy link
Author

@prajwal-choudhari-comprinno prajwal-choudhari-comprinno Jul 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cover all the points

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aafaq-rashid-comprinno aafaq-rashid-comprinno aafaq-rashid-comprinno left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@prajwal-choudhari-comprinno @aafaq-rashid-comprinno