From ca458c68af4c0e38d7a411b8ee0de13dfad9037a Mon Sep 17 00:00:00 2001
From: DanielConnelly <DanielConnelly@users.noreply.github.com>
Date: Tue, 2 Jun 2026 16:10:43 +0100
Subject: [PATCH] [ISS-1258][DC] update tests for coverage

---
 .../aws_temp_credentials_secrets_file.json    |  7 +++++
 tests/detect_aws_credentials_test.py          | 26 +++++++++++++++++++
 2 files changed, 33 insertions(+)
 create mode 100644 testing/resources/aws_temp_credentials_secrets_file.json

diff --git a/testing/resources/aws_temp_credentials_secrets_file.json b/testing/resources/aws_temp_credentials_secrets_file.json
new file mode 100644
index 0000000..8f34727
--- /dev/null
+++ b/testing/resources/aws_temp_credentials_secrets_file.json
@@ -0,0 +1,7 @@
+{
+  "Credentials": {
+    "AccessKeyId": "tempAccessKeyId",
+    "SecretAccessKey": "tempSecretAccessKey",
+    "SessionToken": "tempSessionToken"
+  }
+}
diff --git a/tests/detect_aws_credentials_test.py b/tests/detect_aws_credentials_test.py
index ea4dfaa..ce6c7be 100644
--- a/tests/detect_aws_credentials_test.py
+++ b/tests/detect_aws_credentials_test.py
@@ -80,6 +80,14 @@ def test_get_aws_secrets_from_env(env_vars, values):
                 'tempSessionToken',
             },
         ),
+        (
+            'aws_temp_credentials_secrets_file.json',
+            {
+                'tempAccessKeyId',
+                'tempSecretAccessKey',
+                'tempSessionToken',
+            },
+        ),
         ('nonsense.txt', set()),
         ('ok_json.json', set()),
     ),
@@ -141,6 +149,8 @@ def test_detect_aws_credentials(filename, expected_retval):
         get_resource_path(filename),
         '--credentials-file',
         'testing/resources/aws_config_with_multiple_sections.ini',
+        '--json-credentials-dir',
+        'testing/resources/',
     ))
     assert ret == expected_retval
 
@@ -167,6 +177,7 @@ def test_non_existent_credentials(mock_secrets_env, mock_secrets_file, capsys):
     ret = main((
         get_resource_path('aws_config_without_secrets.ini'),
         '--credentials-file=testing/resources/credentailsfilethatdoesntexist',
+        '--json-credentials-dir=directorythatdoesnotexist',
     ))
     assert ret == 2
     out, _ = capsys.readouterr()
@@ -190,3 +201,18 @@ def test_non_existent_credentials_with_allow_flag(
         '--allow-missing-credentials',
     ))
     assert ret == 0
+
+
+@patch('pre_commit_hooks.detect_aws_credentials.get_aws_secrets_from_file')
+@patch('pre_commit_hooks.detect_aws_credentials.get_aws_secrets_from_env')
+def test_non_existent_json_credentials_with_allow_flag(
+        mock_secrets_env, mock_secrets_file,
+):
+    mock_secrets_env.return_value = set()
+    mock_secrets_file.return_value = set()
+    ret = main((
+        get_resource_path('aws_config_without_secrets.ini'),
+        '--json-credentials-file=credentailsfilethatdoesntexist',
+        '--allow-missing-credentials',
+    ))
+    assert ret == 0