Skip to content

test: add unit tests for aws sdk service client#1240

Merged
muddlebee merged 2 commits intoTracer-Cloud:mainfrom
4arjun:test/aws-sdk-client-unit-tests
May 3, 2026
Merged

test: add unit tests for aws sdk service client#1240
muddlebee merged 2 commits intoTracer-Cloud:mainfrom
4arjun:test/aws-sdk-client-unit-tests

Conversation

@4arjun
Copy link
Copy Markdown
Contributor

@4arjun 4arjun commented May 3, 2026
edited
Loading

Fixes #884

Describe the changes you have made in this PR -

This PR adds offline unit tests for app/services/aws_sdk_client.py, which acts as the critical safety boundary for the generic read-only AWS tool.

The tests cover:

  • Allowlist & Blocklist Validation: Guarantees that only safe describe_, list_, get_ (etc.) operations are permitted, and explicitly verifies that destructive operations (e.g., delete_, terminate_, modify_) are blocked even if they match an allowed prefix.
  • Payload Sanitization: Direct tests for _sanitize_response() confirming that datetimes are converted to ISO strings, binary bytes are replaced with safe placeholders, deep recursive nesting is caught to prevent stack overflows, and oversized lists are truncated.
  • Execution & Error Handling: Directly tests execute_aws_sdk_call() using a fake boto3 client to simulate happy paths, credential failures (NoCredentialsError), parameter validation failures (ParamValidationError), and generic API client errors. All tests are 100% offline.

Demo/Screenshot for feature changes and bug fixes -

Screenshot 2026-05-03 at 7 00 24 PM

Code Understanding and AI Usage

Did you use AI assistance (ChatGPT, Claude, Copilot, etc.) to write any part of this code?

  • No, I wrote all the code myself
  • Yes, I used AI assistance (continue below)

If you used AI assistance:

  • I have reviewed every single line of the AI-generated code
  • I can explain the purpose and logic of each function/component I added
  • I have tested edge cases and understand how the code handles them
  • I have modified the AI output to follow this project's coding standards and conventions

Explain your implementation approach:

  • What problem does your code solve? The aws_sdk_client.py module acts as the primary safety boundary for our generic AWS tool. Because this client is generic, it lacked direct, offline unit tests to mathematically guarantee that dangerous operations are never executed and that excessively large payloads don't crash the agent.

  • Why did you choose this specific implementation? I chose standard pytest parametrization and unittest.mock.MagicMock to fully isolate the boto3 client. This guarantees the tests remain 100% offline without hitting live AWS endpoints, executing rapidly as regression tests.

  • What are the key functions/components and what do they do?

    • TestIsOperationAllowedAllowlist and TestIsOperationAllowedBlocklist Evaluate string matching to ensure destructive operations are preemptively blocked.
    • TestSanitizeResponse*Tests bounds limits like depth recursion cutoffs, list truncations, and type casting.
    • TestExecuteAwsSdkCall*: Mocks the boto3 client to force various botocore.exceptions (like NoCredentialsError and ParamValidationError) to ensure our client handles downstream exceptions cleanly.

Checklist before requesting a review

  • I have added proper PR title and linked to the issue
  • I have performed a self-review of my code
  • I can explain the purpose of every function, class, and logic block I added
  • I understand why my changes work and have tested them thoroughly
  • I have considered potential edge cases and how my code handles them
  • If it is a core feature, I have added thorough tests
  • My code follows the project's style guidelines and conventions

Note: Please check Allow edits from maintainers if you would like us to assist in the PR.

@4arjun 4arjun marked this pull request as ready for review May 3, 2026 13:06
@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps Bot commented May 3, 2026

Greptile Summary

This PR adds a new offline unit test suite (tests/services/test_aws_sdk_client.py) covering the allowlist/blocklist validation, response sanitization, and error-handling paths of app/services/aws_sdk_client.py. All tests are properly isolated with unittest.mock and no live AWS calls are made. The implementation logic and assertions are correct throughout; only minor style concerns were found.

Confidence Score: 4/5

Safe to merge; only P2 style issues found, no logic errors or runtime failures.

All test assertions match the source implementation correctly. Two P2 style findings (misleading variable name and magic numbers) do not affect test correctness or safety. No P0/P1 issues present.

No files require special attention.

Important Files Changed

Filename Overview
tests/services/test_aws_sdk_client.py New test file providing comprehensive offline unit tests for aws_sdk_client; logic is sound with two minor style issues (misleading variable name in case-insensitivity test, magic numbers in depth test).

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[execute_aws_sdk_call] --> B{service/op empty?}
    B -- yes --> ERR1[return success=False\nrequired fields missing]
    B -- no --> C{_is_operation_allowed}
    C --> D{blocklist match?}
    D -- yes --> ERR2[return success=False\nblocked pattern]
    D -- no --> E{allowlist match?}
    E -- no --> ERR3[return success=False\nno allowed pattern]
    E -- yes --> F[boto3.client]
    F -- NoCredentialsError --> ERR4[return success=False\ncredentials]
    F --> G{hasattr client op?}
    G -- no --> ERR5[return success=False\nop not found]
    G -- yes --> H[call operation]
    H -- ParamValidationError --> ERR6[return success=False\nvalidation]
    H -- ClientError --> ERR7[return success=False\nclient_error]
    H -- Exception --> ERR8[return success=False\nunexpected]
    H -- success --> I[_sanitize_response]
    I --> J[return success=True\nwith sanitized data]
Loading

Reviews (1): Last reviewed commit: "add direct unit tests for aws sdk client..." | Re-trigger Greptile

greptile-apps[bot]
greptile-apps Bot reviewed May 3, 2026
View reviewed changes
Comment thread tests/services/test_aws_sdk_client.py
Comment thread tests/services/test_aws_sdk_client.py
@4arjun
Copy link
Copy Markdown
Contributor Author

4arjun commented May 3, 2026

@muddlebee Could you take a look? There hasn’t been a PR for this in about a week, so I went ahead and started working on it.

@muddlebee muddlebee merged commit 62e34a8 into Tracer-Cloud:main May 3, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 3, 2026

🚀 Houston, we have a merge. @4arjun your PR is in orbit. Thanks for launching this one!

👋 Join us on Discord - OpenSRE : hang out, contribute, or hunt for features and issues. Everyone's welcome.

@muddlebee
Copy link
Copy Markdown
Collaborator

muddlebee commented May 3, 2026

@4arjun thank you. Welcome to opensre.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add direct unit tests for app/services/aws_sdk_client.py

2 participants

@4arjun @muddlebee