Fix outdated tests

[tblakex01]

Summary

• update tests for compliance report and key rotation modules
• adjust expected behaviors and add missing mocks

Testing

• black tests/test_compliance_report.py tests/test_key_rotation.py
• flake8 scripts/ lambda/ tests/ --max-line-length=120 --ignore=E501,W503,E203
• mypy scripts/ lambda/
• bandit -r scripts/ lambda/
• pytest

---

https://chatgpt.com/codex/tasks/task_e_686974023b7483329893bea53c1eb47b

Summary by Sourcery

Update and fix outdated tests for IAM compliance report and key rotation modules to align with recent API and behavior changes

Tests:

• Refresh compliance report tests to reload module state, use calculate_compliance_metrics and parse_credential_report methods, and assert overall_compliance statuses
• Adjust compliance export tests to use Path for file operations, check generated_at JSON field, verify updated CSV format and table title
• Refactor key rotation tests to reset _iam_client, patch boto3.client instead of Session, and validate client caching across calls

Summary by CodeRabbit

• Tests
  • Updated tests to align with changes in compliance reporting and key rotation modules, including method renaming, data structure updates, and improved mocking.
  • Enhanced environment isolation in compliance report tests.
  • Adjusted expectations for data types, file handling, and error messages.
  • Improved test coverage for export formats and summary displays.
  • Refined mocking strategies for IAM client and configuration handling.

[sourcery-ai]

Reviewer's Guide

This PR overhauls the outdated tests in the compliance_report and key_rotation modules to align with recent refactors, including reloading modules for threshold tests, shifting from status dictionaries to compliance metrics, updating test data schemas and method names, and tightening mocks and assertions.

File-Level Changes

Change	Details	Files
Reload compliance module in threshold initialization tests	Added importlib.reload calls before and after instantiating IAMComplianceReport to pick up environment-based thresholds	tests/test_compliance_report.py
Update credential report tests to expect string responses	Changed generate_credential_report return type assertion from bytes to str in success and main tests	tests/test_compliance_report.py
Refactor compliance calculation tests to use calculate_compliance_metrics and new data schema	Replaced calculate_compliance_status calls with calculate_compliance_metrics Updated user_data keys to access_key_1_active/last_rotated, access_key_2_..., password_enabled/last_changed Adjusted assertions to check metrics["overall_compliance"] and individual metric fields	tests/test_compliance_report.py
Refine parse credential report test	Replaced process_users_data with parse_credential_report invocation Mocked get_iam_client and list_user_tags/list_access_keys instead of Progress bar Updated CSV header and rows to match extended columns	tests/test_compliance_report.py
Enhance export_json and export_csv tests	Use pathlib.Path for file paths in open() calls Changed JSON field name from report_date to generated_at Expanded CSV fixtures with new fields and adjusted open parameters	tests/test_compliance_report.py
Adjust display_summary title test	Updated expected table title from 'IAM Compliance Summary' to 'Compliance Overview'	tests/test_compliance_report.py
Revise main() tests for exit codes and method changes	Wrap compliance.main() in assertRaises(SystemExit) with expected codes Verify parse_credential_report and display_detailed_report are called instead of old methods Update error message assertion to '[red]Error:[/red] ...' format	tests/test_compliance_report.py
Refactor key_rotation get_iam_client tests and config parser mocks	Switch caching test to boto3.client instead of Session Assert boto3.client('iam') is called once and reused Use MagicMock for ConfigParser and remove setitem assertion	tests/test_key_rotation.py

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[coderabbitai]

Walkthrough

The test suites for IAM compliance reporting and key rotation were updated to align with recent implementation changes. Updates include improved module reloading for environment isolation, changes in expected data formats, refactoring of test logic to match new method names and data structures, and adjustments to mocking approaches. No public API changes were made.

Changes

File(s)	Change Summary
tests/test_compliance_report.py	Updated tests for module reloading, expected data formats (string vs bytes), method renaming, data structure changes, and improved mocking. Assertions and test logic were refactored to match implementation updates.
tests/test_key_rotation.py	Adjusted tests for internal client caching, mocking approach, and assertion updates. Changed mock types and removed obsolete assertions.

Poem

In the warren of tests, we burrow and play,
Tweaking our mocks for a brighter new day.
Strings not bytes, and metrics anew,
Compliance and keys—fresh carrots to chew!
With modules reloaded, our code’s in fine fettle,
Hip-hop hooray for each passing test petal!
🥕

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[sourcery-ai]

Hey @tblakex01 - I've reviewed your changes - here's some feedback:

• The tests contain a lot of repeated user_data setup; consider extracting a helper or fixture (or using pytest parametrization) to reduce duplication and improve readability.
• Avoid using importlib.reload to reset module state for threshold tests and instead use monkeypatch or dependency injection to override environment variables more cleanly.
• Relying on datetime.now in tests makes them non-deterministic—consider freezing time or injecting a clock to ensure consistent, repeatable results.

Prompt for AI Agents

Please address the comments from this code review:
## Overall Comments
- The tests contain a lot of repeated user_data setup; consider extracting a helper or fixture (or using pytest parametrization) to reduce duplication and improve readability.
- Avoid using importlib.reload to reset module state for threshold tests and instead use monkeypatch or dependency injection to override environment variables more cleanly.
- Relying on datetime.now in tests makes them non-deterministic—consider freezing time or injecting a clock to ensure consistent, repeatable results.

## Individual Comments

### Comment 1
<location> `tests/test_compliance_report.py:234` </location>
<code_context>

-    @patch("aws_iam_compliance_report.Progress")
-    def test_process_users_data(self, mock_progress_class):
+        self.assertIsNone(metrics["password_age"])
+
+    @patch.object(compliance, "get_iam_client")
</code_context>

<issue_to_address>
No test for invalid or malformed date input in age calculation.

Add a test case for malformed or invalid date strings to verify error handling during parsing.
</issue_to_address>

<suggested_fix>
<<<<<<< SEARCH
        self.assertIsNone(metrics["password_age"])

    @patch.object(compliance, "get_iam_client")
    def test_parse_credential_report(self, mock_get_client):
=======
        self.assertIsNone(metrics["password_age"])

    def test_calculate_compliance_metrics_with_invalid_date(self):
        """Test that invalid or malformed date strings are handled gracefully in age calculation."""
        report = compliance.IAMComplianceReport()
        # Malformed date string for password_last_changed
        user_data = {
            "user": "test-user",
            "password_enabled": True,
            "password_last_changed": "not-a-date",
            "access_key_1_active": False,
            "access_key_1_last_rotated": None,
            "access_key_2_active": False,
            "access_key_2_last_rotated": None,
        }
        metrics = report.calculate_compliance_metrics(user_data)
        # Expect password_age to be None or handled gracefully
        self.assertIsNone(metrics["password_age"])

    @patch.object(compliance, "get_iam_client")
    def test_parse_credential_report(self, mock_get_client):
>>>>>>> REPLACE

</suggested_fix>

### Comment 2
<location> `tests/test_compliance_report.py:429` </location>
<code_context>
+        mock_report.summary_stats = {"expired_keys": 0, "expired_passwords": 0}

-        compliance.main()
+        with self.assertRaises(SystemExit) as cm:
+            compliance.main()
+        self.assertEqual(cm.exception.code, 0)

         # Verify methods were called
</code_context>

<issue_to_address>
Test for main function does not cover all CLI argument combinations.

Please add tests for additional CLI options like CSV export, detailed report, and summary only to ensure all code paths are tested.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

suggestion (testing): No test for invalid or malformed date input in age calculation.

Add a test case for malformed or invalid date strings to verify error handling during parsing.

Suggested change

	self.assertIsNone(metrics["password_age"])
	@patch.object(compliance, "get_iam_client")
	def test_parse_credential_report(self, mock_get_client):
	self.assertIsNone(metrics["password_age"])
	def test_calculate_compliance_metrics_with_invalid_date(self):
	"""Test that invalid or malformed date strings are handled gracefully in age calculation."""
	report = compliance.IAMComplianceReport()
	# Malformed date string for password_last_changed
	user_data = {
	"user": "test-user",
	"password_enabled": True,
	"password_last_changed": "not-a-date",
	"access_key_1_active": False,
	"access_key_1_last_rotated": None,
	"access_key_2_active": False,
	"access_key_2_last_rotated": None,
	}
	metrics = report.calculate_compliance_metrics(user_data)
	# Expect password_age to be None or handled gracefully
	self.assertIsNone(metrics["password_age"])
	@patch.object(compliance, "get_iam_client")
	def test_parse_credential_report(self, mock_get_client):

[sourcery-ai]

suggestion (testing): Test for main function does not cover all CLI argument combinations.

Please add tests for additional CLI options like CSV export, detailed report, and summary only to ensure all code paths are tested.

[Copilot]

Pull Request Overview

This PR updates and fixes outdated tests for the IAM compliance report and key rotation modules to align with recent API and behavior changes. The changes ensure tests work correctly with the updated module interfaces and expected data structures.

Key changes include:

• Updated compliance report tests to use new method names (calculate_compliance_metrics, parse_credential_report) and data structures
• Modified key rotation tests to patch the correct boto3 methods and update client caching behavior
• Adjusted test assertions to match new compliance status values and CSV export formats

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

File	Description
tests/test_key_rotation.py	Updates client mocking to patch boto3.client directly, changes Mock to MagicMock, and removes outdated assertion
tests/test_compliance_report.py	Extensive updates to match new API methods, data structures, compliance status values, and export formats

[Copilot]

Using importlib.reload() in tests can lead to unpredictable behavior and side effects. Consider using dependency injection or mocking environment variables instead of relying on module reloading.

Suggested change

	import importlib
	importlib.reload(compliance)

[Copilot]

Using importlib.reload() in tests can lead to unpredictable behavior and side effects. Consider using dependency injection or mocking environment variables instead of relying on module reloading.

Suggested change

	import importlib
	importlib.reload(compliance)

[Copilot]

Using importlib.reload() in tests can lead to unpredictable behavior and side effects. Consider using dependency injection or mocking environment variables instead of relying on module reloading.

Suggested change

	import importlib
	importlib.reload(compliance)
	try:
	report = compliance.IAMComplianceReport()
	self.assertEqual(report.KEY_WARNING_THRESHOLD, 60)
	self.assertEqual(report.KEY_NON_COMPLIANT_THRESHOLD, 80)
	self.assertEqual(report.PASSWORD_WARNING_THRESHOLD, 70)
	self.assertEqual(report.PASSWORD_NON_COMPLIANT_THRESHOLD, 85)
	self.assertEqual(report.KEY_WARNING_THRESHOLD, 60)
	self.assertEqual(report.KEY_NON_COMPLIANT_THRESHOLD, 80)
	self.assertEqual(report.PASSWORD_WARNING_THRESHOLD, 70)
	self.assertEqual(report.PASSWORD_NON_COMPLIANT_THRESHOLD, 85)
	finally:
	importlib.reload(compliance)
	report = compliance.IAMComplianceReport(
	key_warning_threshold=60,
	key_non_compliant_threshold=80,
	password_warning_threshold=70,
	password_non_compliant_threshold=85,
	)
	self.assertEqual(report.KEY_WARNING_THRESHOLD, 60)
	self.assertEqual(report.KEY_NON_COMPLIANT_THRESHOLD, 80)
	self.assertEqual(report.PASSWORD_WARNING_THRESHOLD, 70)
	self.assertEqual(report.PASSWORD_NON_COMPLIANT_THRESHOLD, 85)

[Copilot]

[nitpick] The empty dictionary in the list could be more explicit about what AccessKeyMetadata structure is expected. Consider using a more realistic mock structure with actual key fields.

Suggested change

	mock_client.list_access_keys.return_value = {"AccessKeyMetadata": [{}]}
	mock_client.list_access_keys.return_value = {
	"AccessKeyMetadata": [
	{
	"AccessKeyId": "AKIAEXAMPLE123456",
	"Status": "Active",
	"CreateDate": "2023-01-01T00:00:00+00:00"
	}
	]
	}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

tests/test_key_rotation.py (1)

24-25: Update the outdated comment to match the code change.

The comment still refers to "global session" but the code now resets _iam_client. This inconsistency should be fixed for clarity.

-    def setUp(self):
-        """Reset global session before each test"""
-        key_rotation._iam_client = None
+    def setUp(self):
+        """Reset global IAM client before each test"""
+        key_rotation._iam_client = None

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c5f2dc5 and fed713b.

📒 Files selected for processing (2)

• tests/test_compliance_report.py (12 hunks)
• tests/test_key_rotation.py (3 hunks)

🧰 Additional context used

🧠 Learnings (3)

📓 Common learnings

Learnt from: CR
PR: tblakex01/iam-key-rotation#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-02T14:07:15.163Z
Learning: Applies to scripts/aws_iam_self_service_key_rotation.py : Scripts follow AWS best practices for key rotation.

tests/test_key_rotation.py (2)

Learnt from: CR
PR: tblakex01/iam-key-rotation#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-02T14:07:15.163Z
Learning: Applies to scripts/aws_iam_self_service_key_rotation.py : Scripts follow AWS best practices for key rotation.

Learnt from: CR
PR: tblakex01/iam-key-rotation#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-02T14:07:15.163Z
Learning: Applies to scripts/aws_iam_{self_service,user}_password_reset.py : Password generation uses Python's `secrets` module for cryptographic security.

tests/test_compliance_report.py (1)

Learnt from: CR
PR: tblakex01/iam-key-rotation#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-02T14:07:15.163Z
Learning: Applies to lambda/password_notification/password_notification.py : Lambda function must have an IAM role with 'iam:GenerateCredentialReport', 'iam:GetCredentialReport', 'iam:ListUserTags', and 'ses:SendEmail' permissions.

🧬 Code Graph Analysis (1)

tests/test_key_rotation.py (1)

tests/integration/conftest.py (1)

• mock_client (33-36)

🔇 Additional comments (10)

tests/test_key_rotation.py (2)

7-7: Good addition of MagicMock import.

The addition of MagicMock is appropriate for mocking objects that need to support magic methods like __setitem__ and __getitem__.

---

498-501: Good use of MagicMock for ConfigParser.

The change to MagicMock() is appropriate for mocking ConfigParser's dictionary-like behavior. The explicit setup of __contains__ and __getitem__ ensures proper test behavior.

tests/test_compliance_report.py (8)

28-30: Excellent test isolation using module reload.

The use of importlib.reload() with a try-finally pattern ensures proper environment variable isolation between tests. This prevents test pollution when modules read environment variables at import time.

Also applies to: 53-64

---

90-90: Correct assertion for string return type.

The test properly validates that generate_credential_report now returns a decoded string instead of bytes, which simplifies downstream CSV parsing.

---

124-136: Well-structured compliance metrics refactoring.

The migration from calculate_compliance_status to calculate_compliance_metrics with detailed user data structures improves testability and provides richer compliance information. The explicit fields for each access key make the data model clearer.

Also applies to: 143-155, 162-175

---

236-244: Good use of patch.object for explicit mocking.

The use of @patch.object clearly indicates what's being mocked, and the mock client setup includes all necessary IAM operations for the test.

---

247-260: Comprehensive CSV test data structure.

The updated CSV content includes additional access key usage fields (last_used_date, region, service) which align with AWS credential report format and enable more detailed compliance monitoring.

---

288-290: Good adoption of pathlib for file operations.

Using pathlib.Path objects instead of strings for file operations is a Python best practice that provides better cross-platform compatibility and cleaner APIs.

Also applies to: 335-340

---

429-431: Explicit exit code validation improves test precision.

Testing for SystemExit with specific exit codes (0 for success, 1 for error) makes the expected behavior clearer and follows CLI best practices.

Also applies to: 457-459, 487-489

---

493-493: Cleaner error message formatting.

The simplified error format with [red]Error:[/red] prefix provides better separation between the error indicator and the actual message.

[coderabbitai]

🛠️ Refactor suggestion

Update test method name and docstring to reflect client creation instead of session.

The test method name and docstring still reference "session" but the implementation now creates an IAM client directly.

-    @patch("aws_iam_self_service_key_rotation.boto3.client")
-    def test_get_iam_client_creates_session(self, mock_boto_client):
-        """Test that IAM client creates and caches session"""
+    @patch("aws_iam_self_service_key_rotation.boto3.client")
+    def test_get_iam_client_creates_and_caches_client(self, mock_boto_client):
+        """Test that IAM client creates and caches client"""

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	@patch("aws_iam_self_service_key_rotation.boto3.client")
	def test_get_iam_client_creates_session(self, mock_boto_client):
	"""Test that IAM client creates and caches session"""
	@patch("aws_iam_self_service_key_rotation.boto3.client")
	def test_get_iam_client_creates_and_caches_client(self, mock_boto_client):
	"""Test that IAM client creates and caches client"""

🤖 Prompt for AI Agents

In tests/test_key_rotation.py around lines 27 to 29, the test method name and
docstring incorrectly mention "session" while the code actually creates an IAM
client. Rename the test method to reflect client creation instead of session and
update the docstring accordingly to describe testing IAM client creation and
caching.