2023-09-20 07:23:17 +00:00
import os
from unittest import mock
2023-07-17 09:31:05 +00:00
import boto3
2020-10-06 05:54:49 +00:00
import pytest
2023-07-17 09:31:05 +00:00
from botocore . exceptions import ClientError
2014-07-31 21:41:30 +00:00
2023-09-20 07:23:17 +00:00
from moto import mock_ec2 , settings
2014-07-31 21:41:30 +00:00
2021-09-25 11:13:07 +00:00
def create_vpx_pcx ( ec2 , client ) :
vpc = ec2 . create_vpc ( CidrBlock = " 10.0.0.0/16 " )
peer_vpc = ec2 . create_vpc ( CidrBlock = " 11.0.0.0/16 " )
vpc_pcx = client . create_vpc_peering_connection ( VpcId = vpc . id , PeerVpcId = peer_vpc . id )
vpc_pcx = vpc_pcx [ " VpcPeeringConnection " ]
return vpc_pcx
@mock_ec2
def test_vpc_peering_connections_boto3 ( ) :
ec2 = boto3 . resource ( " ec2 " , region_name = " us-east-1 " )
client = boto3 . client ( " ec2 " , region_name = " us-east-1 " )
vpc_pcx = create_vpx_pcx ( ec2 , client )
2023-07-17 09:31:05 +00:00
assert " VpcPeeringConnectionId " in vpc_pcx
assert vpc_pcx [ " Status " ] [ " Code " ] == " initiating-request "
2021-09-25 11:13:07 +00:00
@mock_ec2
def test_vpc_peering_connections_get_all_boto3 ( ) :
ec2 = boto3 . resource ( " ec2 " , region_name = " us-east-1 " )
client = boto3 . client ( " ec2 " , region_name = " us-east-1 " )
vpc_pcx = create_vpx_pcx ( ec2 , client )
2021-10-05 17:11:07 +00:00
vpc_pcx_id = vpc_pcx [ " VpcPeeringConnectionId " ]
2021-09-25 11:13:07 +00:00
2021-10-05 17:11:07 +00:00
all_vpc_pcxs = retrieve_all ( client )
2023-07-17 09:31:05 +00:00
assert vpc_pcx_id in [ vpc_pcx [ " VpcPeeringConnectionId " ] for vpc_pcx in all_vpc_pcxs ]
2021-10-05 17:11:07 +00:00
my_vpc_pcx = [
vpc_pcx
for vpc_pcx in all_vpc_pcxs
if vpc_pcx [ " VpcPeeringConnectionId " ] == vpc_pcx_id
] [ 0 ]
2023-07-17 09:31:05 +00:00
assert my_vpc_pcx [ " Status " ] [ " Code " ] == " pending-acceptance "
2023-09-20 07:23:17 +00:00
assert my_vpc_pcx [ " Status " ] [ " Message " ] == " Pending Acceptance by 123456789012 "
2021-09-25 11:13:07 +00:00
@mock_ec2
def test_vpc_peering_connections_accept_boto3 ( ) :
ec2 = boto3 . resource ( " ec2 " , region_name = " us-east-1 " )
client = boto3 . client ( " ec2 " , region_name = " us-east-1 " )
vpc_pcx = create_vpx_pcx ( ec2 , client )
vpc_pcx_id = vpc_pcx [ " VpcPeeringConnectionId " ]
vpc_pcx = client . accept_vpc_peering_connection ( VpcPeeringConnectionId = vpc_pcx_id )
vpc_pcx = vpc_pcx [ " VpcPeeringConnection " ]
2023-07-17 09:31:05 +00:00
assert vpc_pcx [ " Status " ] [ " Code " ] == " active "
2021-09-25 11:13:07 +00:00
with pytest . raises ( ClientError ) as ex :
client . reject_vpc_peering_connection ( VpcPeeringConnectionId = vpc_pcx_id )
2023-07-17 09:31:05 +00:00
assert ex . value . response [ " ResponseMetadata " ] [ " HTTPStatusCode " ] == 400
assert " RequestId " in ex . value . response [ " ResponseMetadata " ]
assert ex . value . response [ " Error " ] [ " Code " ] == " InvalidStateTransition "
2021-09-25 11:13:07 +00:00
2021-10-05 17:11:07 +00:00
my_vpc_pcxs = client . describe_vpc_peering_connections (
VpcPeeringConnectionIds = [ vpc_pcx_id ]
) [ " VpcPeeringConnections " ]
2023-07-17 09:31:05 +00:00
assert len ( my_vpc_pcxs ) == 1
assert my_vpc_pcxs [ 0 ] [ " Status " ] [ " Code " ] == " active "
2021-09-25 11:13:07 +00:00
@mock_ec2
def test_vpc_peering_connections_reject_boto3 ( ) :
ec2 = boto3 . resource ( " ec2 " , region_name = " us-east-1 " )
client = boto3 . client ( " ec2 " , region_name = " us-east-1 " )
vpc_pcx = create_vpx_pcx ( ec2 , client )
vpc_pcx_id = vpc_pcx [ " VpcPeeringConnectionId " ]
client . reject_vpc_peering_connection ( VpcPeeringConnectionId = vpc_pcx_id )
with pytest . raises ( ClientError ) as ex :
client . accept_vpc_peering_connection ( VpcPeeringConnectionId = vpc_pcx_id )
2023-07-17 09:31:05 +00:00
assert ex . value . response [ " ResponseMetadata " ] [ " HTTPStatusCode " ] == 400
assert " RequestId " in ex . value . response [ " ResponseMetadata " ]
assert ex . value . response [ " Error " ] [ " Code " ] == " InvalidStateTransition "
2021-09-25 11:13:07 +00:00
2021-10-05 17:11:07 +00:00
my_pcxs = client . describe_vpc_peering_connections (
VpcPeeringConnectionIds = [ vpc_pcx_id ]
) [ " VpcPeeringConnections " ]
2023-07-17 09:31:05 +00:00
assert len ( my_pcxs ) == 1
assert my_pcxs [ 0 ] [ " Status " ] [ " Code " ] == " rejected "
2021-09-25 11:13:07 +00:00
@mock_ec2
def test_vpc_peering_connections_delete_boto3 ( ) :
ec2 = boto3 . resource ( " ec2 " , region_name = " us-east-1 " )
client = boto3 . client ( " ec2 " , region_name = " us-east-1 " )
vpc_pcx = create_vpx_pcx ( ec2 , client )
vpc_pcx_id = vpc_pcx [ " VpcPeeringConnectionId " ]
client . delete_vpc_peering_connection ( VpcPeeringConnectionId = vpc_pcx_id )
2021-10-05 17:11:07 +00:00
all_vpc_pcxs = retrieve_all ( client )
2023-07-17 09:31:05 +00:00
assert vpc_pcx_id in [ vpcx [ " VpcPeeringConnectionId " ] for vpcx in all_vpc_pcxs ]
2021-10-05 17:11:07 +00:00
my_vpcx = [
vpcx for vpcx in all_vpc_pcxs if vpcx [ " VpcPeeringConnectionId " ] == vpc_pcx_id
] [ 0 ]
2023-07-17 09:31:05 +00:00
assert my_vpcx [ " Status " ] [ " Code " ] == " deleted "
2021-09-25 11:13:07 +00:00
with pytest . raises ( ClientError ) as ex :
client . delete_vpc_peering_connection ( VpcPeeringConnectionId = " pcx-1234abcd " )
2023-07-17 09:31:05 +00:00
assert ex . value . response [ " ResponseMetadata " ] [ " HTTPStatusCode " ] == 400
assert " RequestId " in ex . value . response [ " ResponseMetadata " ]
assert (
ex . value . response [ " Error " ] [ " Code " ] == " InvalidVpcPeeringConnectionId.NotFound "
2021-09-25 11:13:07 +00:00
)
2018-09-21 15:29:04 +00:00
@mock_ec2
2023-09-20 07:23:17 +00:00
@pytest.mark.parametrize (
" account1,account2 " ,
[
pytest . param ( " 111111111111 " , " 111111111111 " , id = " within account " ) ,
pytest . param ( " 111111111111 " , " 222222222222 " , id = " across accounts " ) ,
] ,
)
@pytest.mark.skipif (
settings . TEST_SERVER_MODE , reason = " Cannot set account ID in server mode "
)
def test_vpc_peering_connections_cross_region ( account1 , account2 ) :
2018-09-21 15:29:04 +00:00
# create vpc in us-west-1 and ap-northeast-1
2023-09-20 07:23:17 +00:00
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account1 } ) :
ec2_usw1 = boto3 . resource ( " ec2 " , region_name = " us-west-1 " )
vpc_usw1 = ec2_usw1 . create_vpc ( CidrBlock = " 10.90.0.0/16 " )
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account2 } ) :
ec2_apn1 = boto3 . resource ( " ec2 " , region_name = " ap-northeast-1 " )
vpc_apn1 = ec2_apn1 . create_vpc ( CidrBlock = " 10.20.0.0/16 " )
2018-09-21 15:29:04 +00:00
# create peering
2023-09-20 07:23:17 +00:00
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account1 } ) :
ec2_usw1 = boto3 . client ( " ec2 " , region_name = " us-west-1 " )
vpc_pcx_usw1 = ec2_usw1 . create_vpc_peering_connection (
VpcId = vpc_usw1 . id ,
PeerVpcId = vpc_apn1 . id ,
PeerRegion = " ap-northeast-1 " ,
PeerOwnerId = account2 ,
)
assert (
vpc_pcx_usw1 [ " VpcPeeringConnection " ] [ " Status " ] [ " Code " ] == " initiating-request "
)
assert (
vpc_pcx_usw1 [ " VpcPeeringConnection " ] [ " Status " ] [ " Message " ]
== f " Initiating Request to { account2 } "
)
assert (
vpc_pcx_usw1 [ " VpcPeeringConnection " ] [ " RequesterVpcInfo " ] [ " VpcId " ] == vpc_usw1 . id
)
assert (
vpc_pcx_usw1 [ " VpcPeeringConnection " ] [ " RequesterVpcInfo " ] [ " CidrBlock " ]
== " 10.90.0.0/16 "
)
assert (
vpc_pcx_usw1 [ " VpcPeeringConnection " ] [ " RequesterVpcInfo " ] [ " OwnerId " ] == account1
)
assert (
vpc_pcx_usw1 [ " VpcPeeringConnection " ] [ " RequesterVpcInfo " ] [ " Region " ]
== " us-west-1 "
)
assert (
vpc_pcx_usw1 [ " VpcPeeringConnection " ] [ " AccepterVpcInfo " ] [ " VpcId " ] == vpc_apn1 . id
)
assert (
vpc_pcx_usw1 [ " VpcPeeringConnection " ] [ " AccepterVpcInfo " ] [ " CidrBlock " ]
== " 10.20.0.0/16 "
)
assert (
vpc_pcx_usw1 [ " VpcPeeringConnection " ] [ " AccepterVpcInfo " ] [ " OwnerId " ] == account2
)
assert (
vpc_pcx_usw1 [ " VpcPeeringConnection " ] [ " AccepterVpcInfo " ] [ " Region " ]
== " ap-northeast-1 "
2018-09-21 15:29:04 +00:00
)
2023-09-20 07:23:17 +00:00
2019-05-25 09:21:57 +00:00
# test cross region vpc peering connection exist
2023-09-20 07:23:17 +00:00
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account2 } ) :
vpc_pcx_apn1 = ec2_apn1 . VpcPeeringConnection (
vpc_pcx_usw1 [ " VpcPeeringConnection " ] [ " VpcPeeringConnectionId " ]
)
assert (
vpc_pcx_apn1 . id
== vpc_pcx_usw1 [ " VpcPeeringConnection " ] [ " VpcPeeringConnectionId " ]
)
assert vpc_pcx_apn1 . requester_vpc . id == vpc_usw1 . id
assert vpc_pcx_apn1 . accepter_vpc . id == vpc_apn1 . id
2021-08-27 10:28:10 +00:00
# Quick check to verify the options have a default value
accepter_options = vpc_pcx_apn1 . accepter_vpc_info [ " PeeringOptions " ]
2023-07-17 09:31:05 +00:00
assert accepter_options [ " AllowDnsResolutionFromRemoteVpc " ] is False
assert accepter_options [ " AllowEgressFromLocalClassicLinkToRemoteVpc " ] is False
assert accepter_options [ " AllowEgressFromLocalVpcToRemoteClassicLink " ] is False
2021-08-27 10:28:10 +00:00
requester_options = vpc_pcx_apn1 . requester_vpc_info [ " PeeringOptions " ]
2023-07-17 09:31:05 +00:00
assert requester_options [ " AllowDnsResolutionFromRemoteVpc " ] is False
assert requester_options [ " AllowEgressFromLocalClassicLinkToRemoteVpc " ] is False
assert requester_options [ " AllowEgressFromLocalVpcToRemoteClassicLink " ] is False
2021-08-27 10:28:10 +00:00
@mock_ec2
2023-09-20 07:23:17 +00:00
@pytest.mark.parametrize (
" account1,account2 " ,
[
pytest . param ( " 111111111111 " , " 111111111111 " , id = " within account " ) ,
pytest . param ( " 111111111111 " , " 222222222222 " , id = " across accounts " ) ,
] ,
)
@pytest.mark.skipif (
settings . TEST_SERVER_MODE , reason = " Cannot set account ID in server mode "
)
def test_modify_vpc_peering_connections_accepter_only ( account1 , account2 ) :
2021-08-27 10:28:10 +00:00
# create vpc in us-west-1 and ap-northeast-1
2023-09-20 07:23:17 +00:00
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account1 } ) :
ec2_usw1 = boto3 . resource ( " ec2 " , region_name = " us-west-1 " )
client = boto3 . client ( " ec2 " , region_name = " us-west-1 " )
vpc_usw1 = ec2_usw1 . create_vpc ( CidrBlock = " 10.90.0.0/16 " )
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account2 } ) :
ec2_apn1 = boto3 . resource ( " ec2 " , region_name = " ap-northeast-1 " )
vpc_apn1 = ec2_apn1 . create_vpc ( CidrBlock = " 10.20.0.0/16 " )
2021-08-27 10:28:10 +00:00
# create peering
2023-09-20 07:23:17 +00:00
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account1 } ) :
vpc_pcx_usw1 = ec2_usw1 . create_vpc_peering_connection (
VpcId = vpc_usw1 . id ,
PeerVpcId = vpc_apn1 . id ,
PeerRegion = " ap-northeast-1 " ,
PeerOwnerId = account2 ,
)
# modify peering connection options
client . modify_vpc_peering_connection_options (
VpcPeeringConnectionId = vpc_pcx_usw1 . id ,
AccepterPeeringConnectionOptions = { " AllowDnsResolutionFromRemoteVpc " : True } ,
)
# Accepter options are different
vpc_pcx_usw1 . reload ( )
2021-08-27 10:28:10 +00:00
accepter_options = vpc_pcx_usw1 . accepter_vpc_info [ " PeeringOptions " ]
2023-07-17 09:31:05 +00:00
assert accepter_options [ " AllowDnsResolutionFromRemoteVpc " ] is True
assert accepter_options [ " AllowEgressFromLocalClassicLinkToRemoteVpc " ] is False
assert accepter_options [ " AllowEgressFromLocalVpcToRemoteClassicLink " ] is False
2023-09-20 07:23:17 +00:00
2021-08-27 10:28:10 +00:00
# Requester options are untouched
requester_options = vpc_pcx_usw1 . requester_vpc_info [ " PeeringOptions " ]
2023-07-17 09:31:05 +00:00
assert requester_options [ " AllowDnsResolutionFromRemoteVpc " ] is False
assert requester_options [ " AllowEgressFromLocalClassicLinkToRemoteVpc " ] is False
assert requester_options [ " AllowEgressFromLocalVpcToRemoteClassicLink " ] is False
2021-08-27 10:28:10 +00:00
@mock_ec2
2023-09-20 07:23:17 +00:00
@pytest.mark.parametrize (
" account1,account2 " ,
[
pytest . param ( " 111111111111 " , " 111111111111 " , id = " within account " ) ,
pytest . param ( " 111111111111 " , " 222222222222 " , id = " across accounts " ) ,
] ,
)
@pytest.mark.skipif (
settings . TEST_SERVER_MODE , reason = " Cannot set account ID in server mode "
)
def test_modify_vpc_peering_connections_requester_only ( account1 , account2 ) :
2021-08-27 10:28:10 +00:00
# create vpc in us-west-1 and ap-northeast-1
2023-09-20 07:23:17 +00:00
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account1 } ) :
ec2_usw1 = boto3 . resource ( " ec2 " , region_name = " us-west-1 " )
client = boto3 . client ( " ec2 " , region_name = " us-west-1 " )
vpc_usw1 = ec2_usw1 . create_vpc ( CidrBlock = " 10.90.0.0/16 " )
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account2 } ) :
ec2_apn1 = boto3 . resource ( " ec2 " , region_name = " ap-northeast-1 " )
vpc_apn1 = ec2_apn1 . create_vpc ( CidrBlock = " 10.20.0.0/16 " )
2021-08-27 10:28:10 +00:00
# create peering
2023-09-20 07:23:17 +00:00
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account1 } ) :
vpc_pcx_usw1 = ec2_usw1 . create_vpc_peering_connection (
VpcId = vpc_usw1 . id ,
PeerVpcId = vpc_apn1 . id ,
PeerRegion = " ap-northeast-1 " ,
PeerOwnerId = account2 ,
)
#
client . modify_vpc_peering_connection_options (
VpcPeeringConnectionId = vpc_pcx_usw1 . id ,
RequesterPeeringConnectionOptions = {
" AllowEgressFromLocalVpcToRemoteClassicLink " : True ,
} ,
)
# Requester options are different
vpc_pcx_usw1 . reload ( )
2021-08-27 10:28:10 +00:00
requester_options = vpc_pcx_usw1 . requester_vpc_info [ " PeeringOptions " ]
2023-07-17 09:31:05 +00:00
assert requester_options [ " AllowDnsResolutionFromRemoteVpc " ] is False
assert requester_options [ " AllowEgressFromLocalClassicLinkToRemoteVpc " ] is False
assert requester_options [ " AllowEgressFromLocalVpcToRemoteClassicLink " ] is True
2023-09-20 07:23:17 +00:00
2021-08-27 10:28:10 +00:00
# Accepter options are untouched
accepter_options = vpc_pcx_usw1 . accepter_vpc_info [ " PeeringOptions " ]
2023-07-17 09:31:05 +00:00
assert accepter_options [ " AllowDnsResolutionFromRemoteVpc " ] is False
assert accepter_options [ " AllowEgressFromLocalClassicLinkToRemoteVpc " ] is False
assert accepter_options [ " AllowEgressFromLocalVpcToRemoteClassicLink " ] is False
2021-08-27 10:28:10 +00:00
@mock_ec2
2023-09-20 07:23:17 +00:00
@pytest.mark.parametrize (
" account1,account2 " ,
[
pytest . param ( " 111111111111 " , " 111111111111 " , id = " within account " ) ,
pytest . param ( " 111111111111 " , " 222222222222 " , id = " across accounts " ) ,
] ,
)
@pytest.mark.skipif (
settings . TEST_SERVER_MODE , reason = " Cannot set account ID in server mode "
)
def test_modify_vpc_peering_connections_unknown_vpc ( account1 , account2 ) :
2021-08-27 10:28:10 +00:00
# create vpc in us-west-1 and ap-northeast-1
2023-09-20 07:23:17 +00:00
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account1 } ) :
ec2_usw1 = boto3 . resource ( " ec2 " , region_name = " us-west-1 " )
client = boto3 . client ( " ec2 " , region_name = " us-west-1 " )
vpc_usw1 = ec2_usw1 . create_vpc ( CidrBlock = " 10.90.0.0/16 " )
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account2 } ) :
ec2_apn1 = boto3 . resource ( " ec2 " , region_name = " ap-northeast-1 " )
vpc_apn1 = ec2_apn1 . create_vpc ( CidrBlock = " 10.20.0.0/16 " )
2021-08-27 10:28:10 +00:00
# create peering
2023-09-20 07:23:17 +00:00
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account1 } ) :
ec2_usw1 . create_vpc_peering_connection (
VpcId = vpc_usw1 . id ,
PeerVpcId = vpc_apn1 . id ,
PeerRegion = " ap-northeast-1 " ,
PeerOwnerId = account2 ,
2021-08-27 10:28:10 +00:00
)
2023-09-20 07:23:17 +00:00
with pytest . raises ( ClientError ) as ex :
client . modify_vpc_peering_connection_options (
VpcPeeringConnectionId = " vpx-unknown " ,
RequesterPeeringConnectionOptions = { } ,
)
2021-08-27 10:28:10 +00:00
err = ex . value . response [ " Error " ]
2023-07-17 09:31:05 +00:00
assert err [ " Code " ] == " InvalidVpcPeeringConnectionId.NotFound "
assert err [ " Message " ] == " VpcPeeringConnectionID vpx-unknown does not exist. "
2018-09-21 15:29:04 +00:00
@mock_ec2
2023-09-20 07:23:17 +00:00
@pytest.mark.parametrize (
" account1,account2 " ,
[
pytest . param ( " 111111111111 " , " 111111111111 " , id = " within account " ) ,
pytest . param ( " 111111111111 " , " 222222222222 " , id = " across accounts " ) ,
] ,
)
@pytest.mark.skipif (
settings . TEST_SERVER_MODE , reason = " Cannot set account ID in server mode "
)
def test_vpc_peering_connections_cross_region_fail ( account1 , account2 ) :
2018-09-21 15:29:04 +00:00
# create vpc in us-west-1 and ap-northeast-1
2023-09-20 07:23:17 +00:00
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account1 } ) :
ec2_usw1 = boto3 . resource ( " ec2 " , region_name = " us-west-1 " )
vpc_usw1 = ec2_usw1 . create_vpc ( CidrBlock = " 10.90.0.0/16 " )
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account2 } ) :
ec2_apn1 = boto3 . resource ( " ec2 " , region_name = " ap-northeast-1 " )
vpc_apn1 = ec2_apn1 . create_vpc ( CidrBlock = " 10.20.0.0/16 " )
2018-09-21 15:29:04 +00:00
# create peering wrong region with no vpc
2020-10-06 05:54:49 +00:00
with pytest . raises ( ClientError ) as cm :
2023-09-20 07:23:17 +00:00
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account1 } ) :
ec2_usw1 . create_vpc_peering_connection (
VpcId = vpc_usw1 . id ,
PeerVpcId = vpc_apn1 . id ,
PeerRegion = " ap-northeast-2 " ,
PeerOwnerId = account2 ,
)
2023-07-17 09:31:05 +00:00
assert cm . value . response [ " Error " ] [ " Code " ] == " InvalidVpcID.NotFound "
2019-05-25 09:21:57 +00:00
2021-08-27 13:56:31 +00:00
@mock_ec2
2023-09-20 07:23:17 +00:00
@pytest.mark.parametrize (
" account1,account2 " ,
[
pytest . param ( " 111111111111 " , " 111111111111 " , id = " within account " ) ,
pytest . param ( " 111111111111 " , " 222222222222 " , id = " across accounts " ) ,
] ,
)
@pytest.mark.skipif (
settings . TEST_SERVER_MODE , reason = " Cannot set account ID in server mode "
)
def test_describe_vpc_peering_connections_only_returns_requested_id ( account1 , account2 ) :
2021-08-27 13:56:31 +00:00
# create vpc in us-west-1 and ap-northeast-1
2023-09-20 07:23:17 +00:00
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account1 } ) :
ec2_usw1 = boto3 . resource ( " ec2 " , region_name = " us-west-1 " )
vpc_usw1 = ec2_usw1 . create_vpc ( CidrBlock = " 10.90.0.0/16 " )
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account2 } ) :
ec2_apn1 = boto3 . resource ( " ec2 " , region_name = " ap-northeast-1 " )
vpc_apn1 = ec2_apn1 . create_vpc ( CidrBlock = " 10.20.0.0/16 " )
2021-08-27 13:56:31 +00:00
# create peering
2023-09-20 07:23:17 +00:00
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account1 } ) :
vpc_pcx_usw1 = ec2_usw1 . create_vpc_peering_connection (
VpcId = vpc_usw1 . id ,
PeerVpcId = vpc_apn1 . id ,
PeerRegion = " ap-northeast-1 " ,
PeerOwnerId = account2 ,
)
vpc_pcx_usw2 = ec2_usw1 . create_vpc_peering_connection (
VpcId = vpc_usw1 . id ,
PeerVpcId = vpc_apn1 . id ,
PeerRegion = " ap-northeast-1 " ,
PeerOwnerId = account2 ,
)
2021-08-27 13:56:31 +00:00
2023-09-20 07:23:17 +00:00
# describe peering
ec2_usw1 = boto3 . client ( " ec2 " , region_name = " us-west-1 " )
our_vpcx = [ vpcx [ " VpcPeeringConnectionId " ] for vpcx in retrieve_all ( ec2_usw1 ) ]
assert vpc_pcx_usw1 . id in our_vpcx
assert vpc_pcx_usw2 . id in our_vpcx
assert vpc_apn1 . id not in our_vpcx
both_pcx = ec2_usw1 . describe_vpc_peering_connections (
VpcPeeringConnectionIds = [ vpc_pcx_usw1 . id , vpc_pcx_usw2 . id ]
) [ " VpcPeeringConnections " ]
assert len ( both_pcx ) == 2
one_pcx = ec2_usw1 . describe_vpc_peering_connections (
VpcPeeringConnectionIds = [ vpc_pcx_usw1 . id ]
) [ " VpcPeeringConnections " ]
assert len ( one_pcx ) == 1
2021-08-27 13:56:31 +00:00
2019-05-25 09:21:57 +00:00
@mock_ec2
2023-09-20 07:23:17 +00:00
@pytest.mark.parametrize (
" account1,account2 " ,
[
pytest . param ( " 111111111111 " , " 111111111111 " , id = " within account " ) ,
pytest . param ( " 111111111111 " , " 222222222222 " , id = " across accounts " ) ,
] ,
)
@pytest.mark.skipif (
settings . TEST_SERVER_MODE , reason = " Cannot set account ID in server mode "
)
def test_vpc_peering_connections_cross_region_accept ( account1 , account2 ) :
2019-05-25 09:21:57 +00:00
# create vpc in us-west-1 and ap-northeast-1
2023-09-20 07:23:17 +00:00
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account1 } ) :
ec2_usw1 = boto3 . resource ( " ec2 " , region_name = " us-west-1 " )
vpc_usw1 = ec2_usw1 . create_vpc ( CidrBlock = " 10.90.0.0/16 " )
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account2 } ) :
ec2_apn1 = boto3 . resource ( " ec2 " , region_name = " ap-northeast-1 " )
vpc_apn1 = ec2_apn1 . create_vpc ( CidrBlock = " 10.20.0.0/16 " )
2019-05-25 09:21:57 +00:00
# create peering
2023-09-20 07:23:17 +00:00
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account1 } ) :
vpc_pcx_usw1 = ec2_usw1 . create_vpc_peering_connection (
VpcId = vpc_usw1 . id ,
PeerVpcId = vpc_apn1 . id ,
PeerRegion = " ap-northeast-1 " ,
PeerOwnerId = account2 ,
)
2019-05-25 09:21:57 +00:00
# accept peering from ap-northeast-1
2023-09-20 07:23:17 +00:00
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account2 } ) :
ec2_apn1 = boto3 . client ( " ec2 " , region_name = " ap-northeast-1 " )
acp_pcx_apn1 = ec2_apn1 . accept_vpc_peering_connection (
VpcPeeringConnectionId = vpc_pcx_usw1 . id
)
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account1 } ) :
ec2_usw1 = boto3 . client ( " ec2 " , region_name = " us-west-1 " )
des_pcx_apn1 = ec2_usw1 . describe_vpc_peering_connections (
VpcPeeringConnectionIds = [ vpc_pcx_usw1 . id ]
)
des_pcx_usw1 = ec2_usw1 . describe_vpc_peering_connections (
VpcPeeringConnectionIds = [ vpc_pcx_usw1 . id ]
)
2023-07-17 09:31:05 +00:00
assert acp_pcx_apn1 [ " VpcPeeringConnection " ] [ " Status " ] [ " Code " ] == " active "
assert (
acp_pcx_apn1 [ " VpcPeeringConnection " ] [ " AccepterVpcInfo " ] [ " Region " ]
== " ap-northeast-1 "
2020-07-05 16:04:34 +00:00
)
2023-07-17 09:31:05 +00:00
assert (
acp_pcx_apn1 [ " VpcPeeringConnection " ] [ " RequesterVpcInfo " ] [ " Region " ]
== " us-west-1 "
2020-07-05 16:04:34 +00:00
)
2023-07-17 09:31:05 +00:00
assert des_pcx_apn1 [ " VpcPeeringConnections " ] [ 0 ] [ " Status " ] [ " Code " ] == " active "
assert (
des_pcx_apn1 [ " VpcPeeringConnections " ] [ 0 ] [ " AccepterVpcInfo " ] [ " Region " ]
== " ap-northeast-1 "
2020-07-05 16:04:34 +00:00
)
2023-07-17 09:31:05 +00:00
assert (
des_pcx_apn1 [ " VpcPeeringConnections " ] [ 0 ] [ " RequesterVpcInfo " ] [ " Region " ]
== " us-west-1 "
2020-07-05 16:04:34 +00:00
)
2023-07-17 09:31:05 +00:00
assert des_pcx_usw1 [ " VpcPeeringConnections " ] [ 0 ] [ " Status " ] [ " Code " ] == " active "
assert (
des_pcx_usw1 [ " VpcPeeringConnections " ] [ 0 ] [ " AccepterVpcInfo " ] [ " Region " ]
== " ap-northeast-1 "
2020-07-05 16:04:34 +00:00
)
2023-07-17 09:31:05 +00:00
assert (
des_pcx_usw1 [ " VpcPeeringConnections " ] [ 0 ] [ " RequesterVpcInfo " ] [ " Region " ]
== " us-west-1 "
2020-07-05 16:04:34 +00:00
)
2019-05-25 09:21:57 +00:00
@mock_ec2
2023-09-20 07:23:17 +00:00
@pytest.mark.parametrize (
" account1,account2 " ,
[
pytest . param ( " 111111111111 " , " 111111111111 " , id = " within account " ) ,
pytest . param ( " 111111111111 " , " 222222222222 " , id = " across accounts " ) ,
] ,
)
@pytest.mark.skipif (
settings . TEST_SERVER_MODE , reason = " Cannot set account ID in server mode "
)
def test_vpc_peering_connections_cross_region_reject ( account1 , account2 ) :
2019-05-25 09:21:57 +00:00
# create vpc in us-west-1 and ap-northeast-1
2023-09-20 07:23:17 +00:00
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account1 } ) :
ec2_usw1 = boto3 . resource ( " ec2 " , region_name = " us-west-1 " )
vpc_usw1 = ec2_usw1 . create_vpc ( CidrBlock = " 10.90.0.0/16 " )
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account2 } ) :
ec2_apn1 = boto3 . resource ( " ec2 " , region_name = " ap-northeast-1 " )
vpc_apn1 = ec2_apn1 . create_vpc ( CidrBlock = " 10.20.0.0/16 " )
2019-05-25 09:21:57 +00:00
# create peering
2023-09-20 07:23:17 +00:00
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account1 } ) :
vpc_pcx_usw1 = ec2_usw1 . create_vpc_peering_connection (
VpcId = vpc_usw1 . id ,
PeerVpcId = vpc_apn1 . id ,
PeerRegion = " ap-northeast-1 " ,
PeerOwnerId = account2 ,
)
2019-05-25 09:21:57 +00:00
# reject peering from ap-northeast-1
2023-09-20 07:23:17 +00:00
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account2 } ) :
ec2_apn1 = boto3 . client ( " ec2 " , region_name = " ap-northeast-1 " )
rej_pcx_apn1 = ec2_apn1 . reject_vpc_peering_connection (
VpcPeeringConnectionId = vpc_pcx_usw1 . id
)
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account1 } ) :
ec2_usw1 = boto3 . client ( " ec2 " , region_name = " us-west-1 " )
des_pcx_apn1 = ec2_usw1 . describe_vpc_peering_connections (
VpcPeeringConnectionIds = [ vpc_pcx_usw1 . id ]
)
des_pcx_usw1 = ec2_usw1 . describe_vpc_peering_connections (
VpcPeeringConnectionIds = [ vpc_pcx_usw1 . id ]
)
2023-07-17 09:31:05 +00:00
assert rej_pcx_apn1 [ " Return " ] is True
assert des_pcx_apn1 [ " VpcPeeringConnections " ] [ 0 ] [ " Status " ] [ " Code " ] == " rejected "
assert des_pcx_usw1 [ " VpcPeeringConnections " ] [ 0 ] [ " Status " ] [ " Code " ] == " rejected "
2019-05-25 09:21:57 +00:00
@mock_ec2
2023-09-20 07:23:17 +00:00
@pytest.mark.parametrize (
" account1,account2 " ,
[
pytest . param ( " 111111111111 " , " 111111111111 " , id = " within account " ) ,
pytest . param ( " 111111111111 " , " 222222222222 " , id = " across accounts " ) ,
] ,
)
@pytest.mark.skipif (
settings . TEST_SERVER_MODE , reason = " Cannot set account ID in server mode "
)
def test_vpc_peering_connections_cross_region_delete ( account1 , account2 ) :
2019-05-25 09:21:57 +00:00
# create vpc in us-west-1 and ap-northeast-1
2023-09-20 07:23:17 +00:00
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account1 } ) :
ec2_usw1 = boto3 . resource ( " ec2 " , region_name = " us-west-1 " )
vpc_usw1 = ec2_usw1 . create_vpc ( CidrBlock = " 10.90.0.0/16 " )
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account2 } ) :
ec2_apn1 = boto3 . resource ( " ec2 " , region_name = " ap-northeast-1 " )
vpc_apn1 = ec2_apn1 . create_vpc ( CidrBlock = " 10.20.0.0/16 " )
2019-05-25 09:21:57 +00:00
# create peering
2023-09-20 07:23:17 +00:00
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account1 } ) :
vpc_pcx_usw1 = ec2_usw1 . create_vpc_peering_connection (
VpcId = vpc_usw1 . id ,
PeerVpcId = vpc_apn1 . id ,
PeerRegion = " ap-northeast-1 " ,
PeerOwnerId = account2 ,
)
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account2 } ) :
# reject peering from ap-northeast-1
ec2_apn1 = boto3 . client ( " ec2 " , region_name = " ap-northeast-1 " )
del_pcx_apn1 = ec2_apn1 . delete_vpc_peering_connection (
VpcPeeringConnectionId = vpc_pcx_usw1 . id
)
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account1 } ) :
ec2_usw1 = boto3 . client ( " ec2 " , region_name = " us-west-1 " )
des_pcx_apn1 = ec2_usw1 . describe_vpc_peering_connections (
VpcPeeringConnectionIds = [ vpc_pcx_usw1 . id ]
)
des_pcx_usw1 = ec2_usw1 . describe_vpc_peering_connections (
VpcPeeringConnectionIds = [ vpc_pcx_usw1 . id ]
)
2023-07-17 09:31:05 +00:00
assert del_pcx_apn1 [ " Return " ] is True
assert des_pcx_apn1 [ " VpcPeeringConnections " ] [ 0 ] [ " Status " ] [ " Code " ] == " deleted "
2023-09-20 07:23:17 +00:00
assert (
des_pcx_apn1 [ " VpcPeeringConnections " ] [ 0 ] [ " Status " ] [ " Message " ]
== f " Deleted by { account2 } "
)
2023-07-17 09:31:05 +00:00
assert des_pcx_usw1 [ " VpcPeeringConnections " ] [ 0 ] [ " Status " ] [ " Code " ] == " deleted "
2023-09-20 07:23:17 +00:00
assert (
des_pcx_usw1 [ " VpcPeeringConnections " ] [ 0 ] [ " Status " ] [ " Message " ]
== f " Deleted by { account2 } "
)
2019-05-25 09:21:57 +00:00
@mock_ec2
2023-09-20 07:23:17 +00:00
@pytest.mark.parametrize (
" account1,account2 " ,
[
pytest . param ( " 111111111111 " , " 111111111111 " , id = " within account " ) ,
pytest . param ( " 111111111111 " , " 222222222222 " , id = " across accounts " ) ,
] ,
)
@pytest.mark.skipif (
settings . TEST_SERVER_MODE , reason = " Cannot set account ID in server mode "
)
def test_vpc_peering_connections_cross_region_accept_wrong_region ( account1 , account2 ) :
2019-05-25 09:21:57 +00:00
# create vpc in us-west-1 and ap-northeast-1
2023-09-20 07:23:17 +00:00
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account1 } ) :
ec2_usw1 = boto3 . resource ( " ec2 " , region_name = " us-west-1 " )
vpc_usw1 = ec2_usw1 . create_vpc ( CidrBlock = " 10.90.0.0/16 " )
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account2 } ) :
ec2_apn1 = boto3 . resource ( " ec2 " , region_name = " ap-northeast-1 " )
vpc_apn1 = ec2_apn1 . create_vpc ( CidrBlock = " 10.20.0.0/16 " )
2019-05-25 09:21:57 +00:00
# create peering
2023-09-20 07:23:17 +00:00
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account1 } ) :
vpc_pcx_usw1 = ec2_usw1 . create_vpc_peering_connection (
VpcId = vpc_usw1 . id ,
PeerVpcId = vpc_apn1 . id ,
PeerRegion = " ap-northeast-1 " ,
PeerOwnerId = account2 ,
)
2019-05-25 09:21:57 +00:00
# accept wrong peering from us-west-1 which will raise error
2023-09-20 07:23:17 +00:00
# only applicable for cross-region intra-account peering.
if account1 == account2 :
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account1 } ) :
ec2_usw1 = boto3 . client ( " ec2 " , region_name = " us-west-1 " )
with pytest . raises ( ClientError ) as cm :
ec2_usw1 . accept_vpc_peering_connection (
VpcPeeringConnectionId = vpc_pcx_usw1 . id
)
assert cm . value . response [ " Error " ] [ " Code " ] == " OperationNotPermitted "
exp_msg = f " Incorrect region (us-west-1) specified for this request. VPC peering connection { vpc_pcx_usw1 . id } must be accepted in region ap-northeast-1 "
assert cm . value . response [ " Error " ] [ " Message " ] == exp_msg
# Ensure accepting peering from requester account raises
# only applicable for cross-region inter-account peering.
if account1 != account2 :
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account1 } ) :
ec2_usw1 = boto3 . client ( " ec2 " , region_name = " us-west-1 " )
with pytest . raises ( ClientError ) as cm :
ec2_usw1 . accept_vpc_peering_connection (
VpcPeeringConnectionId = vpc_pcx_usw1 . id
)
assert cm . value . response [ " Error " ] [ " Code " ] == " OperationNotPermitted "
exp_msg = f " User ( { account1 } ) cannot accept peering { vpc_pcx_usw1 . id } "
assert cm . value . response [ " Error " ] [ " Message " ] == exp_msg
2019-05-25 09:21:57 +00:00
@mock_ec2
2023-09-20 07:23:17 +00:00
@pytest.mark.parametrize (
" account1,account2 " ,
[
pytest . param ( " 111111111111 " , " 111111111111 " , id = " within account " ) ,
pytest . param ( " 111111111111 " , " 222222222222 " , id = " across accounts " ) ,
] ,
)
@pytest.mark.skipif (
settings . TEST_SERVER_MODE , reason = " Cannot set account ID in server mode "
)
def test_vpc_peering_connections_cross_region_reject_wrong_region ( account1 , account2 ) :
2019-05-25 09:21:57 +00:00
# create vpc in us-west-1 and ap-northeast-1
2023-09-20 07:23:17 +00:00
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account1 } ) :
ec2_usw1 = boto3 . resource ( " ec2 " , region_name = " us-west-1 " )
vpc_usw1 = ec2_usw1 . create_vpc ( CidrBlock = " 10.90.0.0/16 " )
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account2 } ) :
ec2_apn1 = boto3 . resource ( " ec2 " , region_name = " ap-northeast-1 " )
vpc_apn1 = ec2_apn1 . create_vpc ( CidrBlock = " 10.20.0.0/16 " )
2019-05-25 09:21:57 +00:00
# create peering
2023-09-20 07:23:17 +00:00
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account1 } ) :
vpc_pcx_usw1 = ec2_usw1 . create_vpc_peering_connection (
VpcId = vpc_usw1 . id ,
PeerVpcId = vpc_apn1 . id ,
PeerRegion = " ap-northeast-1 " ,
PeerOwnerId = account2 ,
)
# reject wrong peering from us-west-1 which will raise error.
# only applicable for cross-region intra-account peering.
if account1 == account2 :
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account1 } ) :
ec2_usw1 = boto3 . client ( " ec2 " , region_name = " us-west-1 " )
with pytest . raises ( ClientError ) as cm :
ec2_usw1 . reject_vpc_peering_connection (
VpcPeeringConnectionId = vpc_pcx_usw1 . id
)
assert cm . value . response [ " Error " ] [ " Code " ] == " OperationNotPermitted "
exp_msg = f " Incorrect region (us-west-1) specified for this request. VPC peering connection { vpc_pcx_usw1 . id } must be accepted or rejected in region ap-northeast-1 "
assert cm . value . response [ " Error " ] [ " Message " ] == exp_msg
# Ensure rejecting peering from requester account raises
# only applicable for cross-region inter-account peering.
if account1 != account2 :
with mock . patch . dict ( os . environ , { " MOTO_ACCOUNT_ID " : account1 } ) :
ec2_usw1 = boto3 . client ( " ec2 " , region_name = " us-west-1 " )
with pytest . raises ( ClientError ) as cm :
ec2_usw1 . reject_vpc_peering_connection (
VpcPeeringConnectionId = vpc_pcx_usw1 . id
)
assert cm . value . response [ " Error " ] [ " Code " ] == " OperationNotPermitted "
exp_msg = f " User ( { account1 } ) cannot reject peering { vpc_pcx_usw1 . id } "
assert cm . value . response [ " Error " ] [ " Message " ] == exp_msg
2021-10-05 17:11:07 +00:00
def retrieve_all ( client ) :
resp = client . describe_vpc_peering_connections ( )
all_vpx = resp [ " VpcPeeringConnections " ]
token = resp . get ( " NextToken " )
while token :
resp = client . describe_vpc_peering_connections ( NextToken = token )
all_vpx . extend ( resp [ " VpcPeeringConnections " ] )
token = resp . get ( " NextToken " )
return all_vpx