regscale-cli 6.21.2.0__py3-none-any.whl → 6.28.2.1__py3-none-any.whl

tests/regscale/integrations/commercial/aws/test_audit_manager_evidence_aggregation.py

@@ -0,0 +1,341 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+"""Unit tests for AWS Audit Manager Evidence-Based Compliance Aggregation."""
+
+import unittest
+
+from regscale.integrations.commercial.aws.audit_manager_compliance import AWSAuditManagerComplianceItem
+
+
+class TestEvidenceAggregation(unittest.TestCase):
+    """Test cases for evidence-based compliance aggregation logic."""
+
+    def setUp(self):
+        """Set up test fixtures."""
+        self.assessment_data = {
+            "name": "Test Assessment",
+            "arn": "arn:aws:auditmanager:us-east-1:123456789012:assessment/test",
+            "framework": {"type": "Standard", "metadata": {"name": "NIST SP 800-53 Revision 5"}},
+            "complianceType": "NIST800-53",
+            "awsAccount": {"id": "123456789012", "name": "Test Account"},
+        }
+
+        self.control_data = {
+            "id": "test-control-id",
+            "name": "CP-10(2) - Transaction Recovery",
+            "description": "Control description",
+            "status": "REVIEWED",  # Workflow status - not used for compliance
+            "evidenceCount": 8,
+        }
+
+    def test_all_compliant_evidence_passes(self):
+        """Test that all COMPLIANT evidence results in PASS."""
+        evidence = [
+            {"complianceCheck": "COMPLIANT", "dataSource": "AWS Security Hub"},
+            {"complianceCheck": "COMPLIANT", "dataSource": "AWS Config"},
+            {"complianceCheck": "COMPLIANT", "dataSource": "AWS Security Hub"},
+            {"complianceCheck": "COMPLIANT", "dataSource": "AWS Config"},
+        ]
+
+        item = AWSAuditManagerComplianceItem(self.assessment_data, self.control_data, evidence)
+        self.assertEqual(item.compliance_result, "PASS")
+
+    def test_any_failed_evidence_fails_control(self):
+        """Test that ANY FAILED evidence causes control to FAIL."""
+        evidence = [
+            {"complianceCheck": "COMPLIANT", "dataSource": "AWS Config"},
+            {"complianceCheck": "COMPLIANT", "dataSource": "AWS Config"},
+            {"complianceCheck": "COMPLIANT", "dataSource": "AWS Config"},
+            {"complianceCheck": "FAILED", "dataSource": "AWS Security Hub"},  # ONE failure
+        ]
+
+        item = AWSAuditManagerComplianceItem(self.assessment_data, self.control_data, evidence)
+        self.assertEqual(item.compliance_result, "FAIL")
+
+    def test_multiple_failed_evidence_fails_control(self):
+        """Test that multiple FAILED evidence items causes control to FAIL."""
+        evidence = [
+            {"complianceCheck": "FAILED", "dataSource": "AWS Security Hub"},
+            {"complianceCheck": "FAILED", "dataSource": "AWS Security Hub"},
+            {"complianceCheck": "FAILED", "dataSource": "AWS Security Hub"},
+            {"complianceCheck": "COMPLIANT", "dataSource": "AWS Config"},
+        ]
+
+        item = AWSAuditManagerComplianceItem(self.assessment_data, self.control_data, evidence)
+        self.assertEqual(item.compliance_result, "FAIL")
+
+    def test_all_failed_evidence_fails_control(self):
+        """Test that all FAILED evidence results in FAIL."""
+        evidence = [
+            {"complianceCheck": "FAILED", "dataSource": "AWS Security Hub"},
+            {"complianceCheck": "FAILED", "dataSource": "AWS Security Hub"},
+            {"complianceCheck": "FAILED", "dataSource": "AWS Security Hub"},
+        ]
+
+        item = AWSAuditManagerComplianceItem(self.assessment_data, self.control_data, evidence)
+        self.assertEqual(item.compliance_result, "FAIL")
+
+    def test_no_evidence_returns_none(self):
+        """Test that no evidence results in None (control should not be updated)."""
+        evidence = []
+
+        item = AWSAuditManagerComplianceItem(self.assessment_data, self.control_data, evidence)
+        self.assertIsNone(item.compliance_result)
+
+    def test_none_evidence_returns_none(self):
+        """Test that None evidence results in None (control should not be updated)."""
+        item = AWSAuditManagerComplianceItem(self.assessment_data, self.control_data, None)
+        self.assertIsNone(item.compliance_result)
+
+    def test_inconclusive_evidence_only_returns_none(self):
+        """Test that only inconclusive evidence (null checks) results in None (control should not be updated)."""
+        evidence = [
+            {"dataSource": "AWS CloudTrail"},  # No complianceCheck field
+            {"complianceCheck": None, "dataSource": "Manual"},
+            {"dataSource": "API Call"},  # No complianceCheck field
+        ]
+
+        item = AWSAuditManagerComplianceItem(self.assessment_data, self.control_data, evidence)
+        self.assertIsNone(item.compliance_result)
+
+    def test_compliant_with_inconclusive_passes(self):
+        """Test that COMPLIANT evidence with some inconclusive results in PASS."""
+        evidence = [
+            {"complianceCheck": "COMPLIANT", "dataSource": "AWS Security Hub"},
+            {"complianceCheck": "COMPLIANT", "dataSource": "AWS Config"},
+            {"dataSource": "AWS CloudTrail"},  # No complianceCheck
+            {"complianceCheck": None, "dataSource": "Manual"},  # Null check
+        ]
+
+        item = AWSAuditManagerComplianceItem(self.assessment_data, self.control_data, evidence)
+        self.assertEqual(item.compliance_result, "PASS")
+
+    def test_failed_with_inconclusive_fails(self):
+        """Test that FAILED evidence with inconclusive results in FAIL."""
+        evidence = [
+            {"complianceCheck": "COMPLIANT", "dataSource": "AWS Config"},
+            {"complianceCheck": "FAILED", "dataSource": "AWS Security Hub"},
+            {"dataSource": "AWS CloudTrail"},  # No complianceCheck
+            {"complianceCheck": None, "dataSource": "Manual"},  # Null check
+        ]
+
+        item = AWSAuditManagerComplianceItem(self.assessment_data, self.control_data, evidence)
+        self.assertEqual(item.compliance_result, "FAIL")
+
+    def test_real_world_mixed_evidence_cp10(self):
+        """Test real-world scenario: CP-10(2) with 4 COMPLIANT and 4 FAILED."""
+        # Based on actual audit_manager_evidence_cp_10(2)_2025-10-17.jsonl data
+        evidence = [
+            {"complianceCheck": "FAILED", "dataSource": "AWS Security Hub"},
+            {"complianceCheck": "COMPLIANT", "dataSource": "AWS Config"},
+            {"complianceCheck": "FAILED", "dataSource": "AWS Security Hub"},
+            {"complianceCheck": "COMPLIANT", "dataSource": "AWS Config"},
+            {"complianceCheck": "COMPLIANT", "dataSource": "AWS Config"},
+            {"complianceCheck": "FAILED", "dataSource": "AWS Security Hub"},
+            {"complianceCheck": "FAILED", "dataSource": "AWS Security Hub"},
+            {"complianceCheck": "COMPLIANT", "dataSource": "AWS Config"},
+        ]
+
+        item = AWSAuditManagerComplianceItem(self.assessment_data, self.control_data, evidence)
+        # Should FAIL because there are FAILED evidence items
+        self.assertEqual(item.compliance_result, "FAIL")
+
+    def test_workflow_status_not_used_for_compliance(self):
+        """Test that control workflow status (REVIEWED) does NOT determine compliance."""
+        # Control marked as REVIEWED (workflow status) but has failing evidence
+        self.control_data["status"] = "REVIEWED"
+        evidence = [
+            {"complianceCheck": "FAILED", "dataSource": "AWS Security Hub"},
+        ]
+
+        item = AWSAuditManagerComplianceItem(self.assessment_data, self.control_data, evidence)
+        # Should FAIL based on evidence, not REVIEWED status
+        self.assertEqual(item.compliance_result, "FAIL")
+        # Verify workflow status is still REVIEWED
+        self.assertEqual(item.control_status, "REVIEWED")
+
+    def test_under_review_with_passing_evidence(self):
+        """Test that UNDER_REVIEW workflow status with passing evidence results in PASS."""
+        self.control_data["status"] = "UNDER_REVIEW"
+        evidence = [
+            {"complianceCheck": "COMPLIANT", "dataSource": "AWS Config"},
+            {"complianceCheck": "COMPLIANT", "dataSource": "AWS Security Hub"},
+        ]
+
+        item = AWSAuditManagerComplianceItem(self.assessment_data, self.control_data, evidence)
+        # Should PASS based on evidence, regardless of UNDER_REVIEW status
+        self.assertEqual(item.compliance_result, "PASS")
+        # Verify workflow status is still UNDER_REVIEW
+        self.assertEqual(item.control_status, "UNDER_REVIEW")
+
+    def test_compliance_result_caching(self):
+        """Test that compliance result is cached after first calculation."""
+        evidence = [
+            {"complianceCheck": "COMPLIANT", "dataSource": "AWS Config"},
+        ]
+
+        item = AWSAuditManagerComplianceItem(self.assessment_data, self.control_data, evidence)
+
+        # First call
+        result1 = item.compliance_result
+        self.assertEqual(result1, "PASS")
+
+        # Verify cached value is used
+        self.assertEqual(item._aggregated_compliance_result, "PASS")
+
+        # Second call should return same cached result
+        result2 = item.compliance_result
+        self.assertEqual(result2, "PASS")
+
+    def test_severity_when_passed(self):
+        """Test that severity is None when control passes."""
+        evidence = [
+            {"complianceCheck": "COMPLIANT", "dataSource": "AWS Config"},
+        ]
+
+        item = AWSAuditManagerComplianceItem(self.assessment_data, self.control_data, evidence)
+        self.assertIsNone(item.severity)
+
+    def test_severity_when_failed(self):
+        """Test that severity is set when control fails."""
+        evidence = [
+            {"complianceCheck": "FAILED", "dataSource": "AWS Security Hub"},
+        ]
+
+        item = AWSAuditManagerComplianceItem(self.assessment_data, self.control_data, evidence)
+        self.assertEqual(item.severity, "MEDIUM")
+
+
+class TestEvidenceAggregationEdgeCases(unittest.TestCase):
+    """Test edge cases for evidence aggregation."""
+
+    def setUp(self):
+        """Set up test fixtures."""
+        self.assessment_data = {
+            "name": "Edge Case Assessment",
+            "arn": "arn:aws:auditmanager:us-east-1:123456789012:assessment/test",
+            "framework": {"type": "Standard", "metadata": {"name": "NIST SP 800-53 Revision 5"}},
+            "complianceType": "NIST800-53",
+            "awsAccount": {"id": "123456789012"},
+        }
+
+        self.control_data = {
+            "id": "test-control-id",
+            "name": "AC-2 - Account Management",
+            "description": "Control description",
+            "status": "REVIEWED",
+        }
+
+    def test_case_sensitivity_compliant(self):
+        """Test that complianceCheck is case-sensitive (COMPLIANT vs compliant)."""
+        evidence = [
+            {"complianceCheck": "compliant", "dataSource": "AWS Config"},  # lowercase
+        ]
+
+        item = AWSAuditManagerComplianceItem(self.assessment_data, self.control_data, evidence)
+        # Lowercase "compliant" should NOT match "COMPLIANT", treated as inconclusive
+        self.assertIsNone(item.compliance_result)
+
+    def test_case_sensitivity_failed(self):
+        """Test that complianceCheck is case-sensitive (FAILED vs failed)."""
+        evidence = [
+            {"complianceCheck": "failed", "dataSource": "AWS Security Hub"},  # lowercase
+        ]
+
+        item = AWSAuditManagerComplianceItem(self.assessment_data, self.control_data, evidence)
+        # Lowercase "failed" should NOT match "FAILED", treated as inconclusive
+        self.assertIsNone(item.compliance_result)
+
+    def test_empty_string_compliance_check(self):
+        """Test that empty string complianceCheck is treated as inconclusive."""
+        evidence = [
+            {"complianceCheck": "", "dataSource": "AWS Config"},
+        ]
+
+        item = AWSAuditManagerComplianceItem(self.assessment_data, self.control_data, evidence)
+        self.assertIsNone(item.compliance_result)
+
+    def test_whitespace_compliance_check(self):
+        """Test that whitespace-only complianceCheck is treated as inconclusive."""
+        evidence = [
+            {"complianceCheck": "   ", "dataSource": "AWS Config"},
+        ]
+
+        item = AWSAuditManagerComplianceItem(self.assessment_data, self.control_data, evidence)
+        self.assertIsNone(item.compliance_result)
+
+    def test_unexpected_compliance_check_value(self):
+        """Test that unexpected values are treated as inconclusive."""
+        evidence = [
+            {"complianceCheck": "UNKNOWN", "dataSource": "AWS Config"},
+            {"complianceCheck": "PENDING", "dataSource": "AWS Config"},
+            {"complianceCheck": 123, "dataSource": "AWS Config"},  # Number instead of string
+        ]
+
+        item = AWSAuditManagerComplianceItem(self.assessment_data, self.control_data, evidence)
+        self.assertIsNone(item.compliance_result)
+
+    def test_large_number_of_evidence_items(self):
+        """Test aggregation with large number of evidence items."""
+        # Create 1000 evidence items
+        evidence = [{"complianceCheck": "COMPLIANT", "dataSource": "AWS Config"} for _ in range(1000)]
+
+        item = AWSAuditManagerComplianceItem(self.assessment_data, self.control_data, evidence)
+        self.assertEqual(item.compliance_result, "PASS")
+
+    def test_large_number_with_one_failure(self):
+        """Test that one failure in many evidence items still causes FAIL."""
+        evidence = [{"complianceCheck": "COMPLIANT", "dataSource": "AWS Config"} for _ in range(999)]
+        evidence.append({"complianceCheck": "FAILED", "dataSource": "AWS Security Hub"})  # One failure
+
+        item = AWSAuditManagerComplianceItem(self.assessment_data, self.control_data, evidence)
+        self.assertEqual(item.compliance_result, "FAIL")
+
+
+class TestComplianceItemCreation(unittest.TestCase):
+    """Test creating compliance items with evidence."""
+
+    def setUp(self):
+        """Set up test fixtures."""
+        self.assessment_data = {
+            "name": "Test Assessment",
+            "arn": "arn:aws:auditmanager:us-east-1:123456789012:assessment/test",
+            "framework": {"type": "Standard", "metadata": {"name": "NIST 800-53"}},
+            "awsAccount": {"id": "123456789012"},
+        }
+
+        self.control_data = {
+            "id": "test-id",
+            "name": "AC-2 - Account Management",
+            "status": "REVIEWED",
+        }
+
+    def test_create_with_evidence(self):
+        """Test creating compliance item with evidence."""
+        evidence = [{"complianceCheck": "COMPLIANT", "dataSource": "AWS Config"}]
+
+        item = AWSAuditManagerComplianceItem(self.assessment_data, self.control_data, evidence)
+
+        self.assertEqual(item.control_id, "AC-2")
+        self.assertEqual(len(item.evidence_items), 1)
+        self.assertEqual(item.compliance_result, "PASS")
+
+    def test_create_without_evidence(self):
+        """Test creating compliance item without evidence (backward compatibility)."""
+        item = AWSAuditManagerComplianceItem(self.assessment_data, self.control_data)
+
+        self.assertEqual(item.control_id, "AC-2")
+        self.assertEqual(len(item.evidence_items), 0)
+        self.assertIsNone(item.compliance_result)  # No evidence = None (skip update)
+
+    def test_create_with_explicit_none_evidence(self):
+        """Test creating compliance item with explicit None evidence."""
+        item = AWSAuditManagerComplianceItem(self.assessment_data, self.control_data, None)
+
+        self.assertEqual(item.control_id, "AC-2")
+        self.assertEqual(len(item.evidence_items), 0)
+        self.assertIsNone(item.compliance_result)  # No evidence = None (skip update)
+
+
+if __name__ == "__main__":
+    unittest.main()

tests/regscale/integrations/commercial/aws/test_aws_analytics_collector.py

@@ -0,0 +1,260 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+"""Unit tests for AWS Analytics Collector."""
+
+import logging
+from datetime import datetime
+from unittest.mock import MagicMock, patch
+
+import pytest
+from botocore.exceptions import ClientError
+
+from regscale.integrations.commercial.aws.inventory.resources.analytics import AnalyticsCollector
+
+logger = logging.getLogger("regscale")
+
+
+class TestAnalyticsCollector:
+    """Test suite for AnalyticsCollector class."""
+
+    @pytest.fixture
+    def mock_session(self):
+        """Create a mock boto3 session."""
+        return MagicMock()
+
+    @pytest.fixture
+    def collector(self, mock_session):
+        """Create an AnalyticsCollector instance."""
+        return AnalyticsCollector(session=mock_session, region="us-east-1", account_id=None)
+
+    @pytest.fixture
+    def collector_with_filters(self, mock_session):
+        """Create an AnalyticsCollector instance with filters."""
+        return AnalyticsCollector(
+            session=mock_session,
+            region="us-east-1",
+            account_id="123456789012",
+            tags={"Environment": "Production"},
+        )
+
+    # Test initialization
+    def test_collector_initialization(self, mock_session):
+        """Test collector initialization."""
+        collector = AnalyticsCollector(session=mock_session, region="us-west-2")
+        assert collector.session == mock_session
+        assert collector.region == "us-west-2"
+        assert collector.account_id is None
+        assert collector.tags == {}
+
+    def test_collector_initialization_with_filters(self, mock_session):
+        """Test collector initialization with filters."""
+        collector = AnalyticsCollector(
+            session=mock_session,
+            region="us-east-1",
+            account_id="123456789012",
+            tags={"Environment": "Production"},
+        )
+        assert collector.account_id == "123456789012"
+        assert collector.tags == {"Environment": "Production"}
+
+    # Test EMR clusters
+    def test_get_emr_clusters_success(self, collector):
+        """Test successful EMR cluster collection."""
+        mock_client = MagicMock()
+        collector._get_client = MagicMock(return_value=mock_client)
+
+        mock_paginator = MagicMock()
+        mock_client.get_paginator.return_value = mock_paginator
+        mock_paginator.paginate.return_value = [{"Clusters": [{"Id": "j-123456", "Name": "test-cluster"}]}]
+
+        mock_client.describe_cluster.return_value = {
+            "Cluster": {
+                "Id": "j-123456",
+                "Name": "test-cluster",
+                "ClusterArn": "arn:aws:elasticmapreduce:us-east-1:123456789012:cluster/j-123456",
+                "Status": {"State": "RUNNING"},
+                "Tags": [{"Key": "Environment", "Value": "Test"}],
+            }
+        }
+
+        clusters = collector.get_emr_clusters()
+        assert len(clusters) == 1
+        assert clusters[0]["ClusterId"] == "j-123456"
+        assert clusters[0]["Name"] == "test-cluster"
+
+    def test_get_emr_clusters_with_account_filter(self, collector_with_filters):
+        """Test EMR cluster collection with account filtering."""
+        mock_client = MagicMock()
+        collector_with_filters._get_client = MagicMock(return_value=mock_client)
+
+        mock_paginator = MagicMock()
+        mock_client.get_paginator.return_value = mock_paginator
+        mock_paginator.paginate.return_value = [{"Clusters": [{"Id": "j-123456"}]}]
+
+        mock_client.describe_cluster.return_value = {
+            "Cluster": {
+                "ClusterArn": "arn:aws:elasticmapreduce:us-east-1:999999999999:cluster/j-123456",
+                "Tags": [],
+            }
+        }
+
+        clusters = collector_with_filters.get_emr_clusters()
+        assert len(clusters) == 0
+
+    # Test Kinesis Data Streams
+    def test_get_kinesis_streams_success(self, collector):
+        """Test successful Kinesis stream collection."""
+        mock_client = MagicMock()
+        collector._get_client = MagicMock(return_value=mock_client)
+
+        mock_paginator = MagicMock()
+        mock_client.get_paginator.return_value = mock_paginator
+        mock_paginator.paginate.return_value = [{"StreamNames": ["test-stream"]}]
+
+        mock_client.describe_stream.return_value = {
+            "StreamDescription": {
+                "StreamName": "test-stream",
+                "StreamARN": "arn:aws:kinesis:us-east-1:123456789012:stream/test-stream",
+                "StreamStatus": "ACTIVE",
+                "RetentionPeriodHours": 24,
+            }
+        }
+
+        mock_client.list_tags_for_stream.return_value = {"Tags": [{"Key": "Environment", "Value": "Test"}]}
+
+        streams = collector.get_kinesis_streams()
+        assert len(streams) == 1
+        assert streams[0]["StreamName"] == "test-stream"
+        assert streams[0]["StreamStatus"] == "ACTIVE"
+
+    # Test Kinesis Firehose
+    def test_get_kinesis_firehose_streams_success(self, collector):
+        """Test successful Kinesis Firehose stream collection."""
+        mock_client = MagicMock()
+        collector._get_client = MagicMock(return_value=mock_client)
+
+        mock_paginator = MagicMock()
+        mock_client.get_paginator.return_value = mock_paginator
+        mock_paginator.paginate.return_value = [{"DeliveryStreamNames": ["test-firehose"]}]
+
+        mock_client.describe_delivery_stream.return_value = {
+            "DeliveryStreamDescription": {
+                "DeliveryStreamName": "test-firehose",
+                "DeliveryStreamARN": "arn:aws:firehose:us-east-1:123456789012:deliverystream/test-firehose",
+                "DeliveryStreamStatus": "ACTIVE",
+            }
+        }
+
+        mock_client.list_tags_for_delivery_stream.return_value = {"Tags": [{"Key": "Team", "Value": "DataEng"}]}
+
+        streams = collector.get_kinesis_firehose_streams()
+        assert len(streams) == 1
+        assert streams[0]["DeliveryStreamName"] == "test-firehose"
+
+    # Test Glue Databases
+    def test_get_glue_databases_success(self, collector):
+        """Test successful Glue database collection."""
+        mock_client = MagicMock()
+        collector._get_client = MagicMock(return_value=mock_client)
+
+        mock_paginator = MagicMock()
+        mock_client.get_paginator.return_value = mock_paginator
+        mock_paginator.paginate.return_value = [{"DatabaseList": [{"Name": "test-db", "Description": "Test database"}]}]
+
+        mock_client.get_tags.return_value = {"Tags": {"Environment": "Dev"}}
+
+        databases = collector.get_glue_databases()
+        assert len(databases) == 1
+        assert databases[0]["DatabaseName"] == "test-db"
+
+    # Test Athena Workgroups
+    def test_get_athena_workgroups_success(self, collector):
+        """Test successful Athena workgroup collection."""
+        mock_client = MagicMock()
+        collector._get_client = MagicMock(return_value=mock_client)
+
+        mock_paginator = MagicMock()
+        mock_client.get_paginator.return_value = mock_paginator
+        mock_paginator.paginate.return_value = [{"WorkGroups": [{"Name": "primary"}]}]
+
+        mock_client.get_work_group.return_value = {
+            "WorkGroup": {
+                "Name": "primary",
+                "State": "ENABLED",
+                "Description": "Primary workgroup",
+            }
+        }
+
+        mock_client.list_tags_for_resource.return_value = {"Tags": [{"Key": "Type", "Value": "Analytics"}]}
+
+        workgroups = collector.get_athena_workgroups()
+        assert len(workgroups) == 1
+        assert workgroups[0]["WorkGroupName"] == "primary"
+
+    # Test MSK Clusters
+    def test_get_msk_clusters_success(self, collector):
+        """Test successful MSK cluster collection."""
+        mock_client = MagicMock()
+        collector._get_client = MagicMock(return_value=mock_client)
+
+        mock_paginator = MagicMock()
+        mock_client.get_paginator.return_value = mock_paginator
+        mock_paginator.paginate.return_value = [
+            {
+                "ClusterInfoList": [
+                    {
+                        "ClusterName": "test-msk",
+                        "ClusterArn": "arn:aws:kafka:us-east-1:123456789012:cluster/test-msk",
+                        "State": "ACTIVE",
+                        "Tags": {"Environment": "Production"},
+                    }
+                ]
+            }
+        ]
+
+        clusters = collector.get_msk_clusters()
+        assert len(clusters) == 1
+        assert clusters[0]["ClusterName"] == "test-msk"
+
+    # Test error handling
+    def test_get_emr_clusters_error_handling(self, collector):
+        """Test EMR cluster collection error handling."""
+        mock_client = MagicMock()
+        collector._get_client = MagicMock(return_value=mock_client)
+
+        mock_paginator = MagicMock()
+        mock_client.get_paginator.return_value = mock_paginator
+        mock_paginator.paginate.side_effect = ClientError(
+            {"Error": {"Code": "AccessDenied", "Message": "Access denied"}}, "ListClusters"
+        )
+
+        clusters = collector.get_emr_clusters()
+        assert clusters == []
+
+    # Test collect method
+    def test_collect_all_services(self, collector):
+        """Test collecting all analytics services."""
+        with patch.object(collector, "get_emr_clusters", return_value=[{"Id": "j-123"}]):
+            with patch.object(collector, "get_kinesis_streams", return_value=[{"Name": "stream"}]):
+                with patch.object(collector, "get_kinesis_firehose_streams", return_value=[]):
+                    with patch.object(collector, "get_glue_databases", return_value=[]):
+                        with patch.object(collector, "get_athena_workgroups", return_value=[]):
+                            with patch.object(collector, "get_msk_clusters", return_value=[]):
+                                result = collector.collect()
+
+        assert "EMRClusters" in result
+        assert "KinesisStreams" in result
+        assert len(result["EMRClusters"]) == 1
+        assert len(result["KinesisStreams"]) == 1
+
+    def test_collect_with_disabled_services(self, mock_session):
+        """Test collecting with some services disabled."""
+        collector = AnalyticsCollector(
+            session=mock_session, region="us-east-1", enabled_services={"emr": False, "kinesis_streams": True}
+        )
+
+        with patch.object(collector, "get_kinesis_streams", return_value=[{"Name": "stream"}]):
+            result = collector.collect()
+
+        assert "EMRClusters" not in result
+        assert "KinesisStreams" in result