260 lines
11 KiB
Python
260 lines
11 KiB
Python
|
"""Unit tests specific to VPC endpoint services."""
|
||
|
import pytest
|
||
|
|
||
|
import boto3
|
||
|
from botocore.exceptions import ClientError
|
||
|
|
||
|
from moto import mock_ec2
|
||
|
|
||
|
|
||
|
@mock_ec2
|
||
|
def test_describe_vpc_endpoint_services_bad_args():
|
||
|
"""Verify exceptions are raised for bad arguments."""
|
||
|
ec2 = boto3.client("ec2", region_name="us-west-1")
|
||
|
|
||
|
# Bad service name -- a default service would typically be of the format:
|
||
|
# 'com.amazonaws.<region>.<service_name>'.
|
||
|
with pytest.raises(ClientError) as exc:
|
||
|
ec2.describe_vpc_endpoint_services(ServiceNames=["s3"])
|
||
|
err = exc.value.response["Error"]
|
||
|
assert err["Code"] == "InvalidServiceName"
|
||
|
assert "The Vpc Endpoint Service 's3' does not exist" in err["Message"]
|
||
|
|
||
|
# Bad filter specification -- the filter name should be "service-type"
|
||
|
# not "ServiceType".
|
||
|
with pytest.raises(ClientError) as exc:
|
||
|
ec2.describe_vpc_endpoint_services(
|
||
|
ServiceNames=["com.amazonaws.us-west-1.s3"],
|
||
|
Filters=[{"Name": "ServiceType", "Values": ["Gateway"]}],
|
||
|
)
|
||
|
err = exc.value.response["Error"]
|
||
|
assert err["Code"] == "InvalidFilter"
|
||
|
assert "The filter 'ServiceType' is invalid" in err["Message"]
|
||
|
|
||
|
# Bad token -- a token of "foo" has no correlation with this data.
|
||
|
with pytest.raises(ClientError) as exc:
|
||
|
ec2.describe_vpc_endpoint_services(
|
||
|
ServiceNames=["com.amazonaws.us-west-1.s3"],
|
||
|
Filters=[{"Name": "service-type", "Values": ["Gateway"]}],
|
||
|
NextToken="foo",
|
||
|
)
|
||
|
err = exc.value.response["Error"]
|
||
|
assert err["Code"] == "InvalidNextToken"
|
||
|
assert "The token 'foo' is invalid" in err["Message"]
|
||
|
|
||
|
|
||
|
def fake_endpoint_services():
|
||
|
"""Return a dummy list of default VPC endpoint services."""
|
||
|
return [
|
||
|
{
|
||
|
"AcceptanceRequired": False,
|
||
|
"AvailabilityZones": ["us-west-1a", "us-west-1b"],
|
||
|
"BaseEndpointDnsNames": ["access-analyzer.us-west-1.vpce.amazonaws.com"],
|
||
|
"ManagesVpcEndpoints": False,
|
||
|
"Owner": "amazon",
|
||
|
"PrivateDnsName": "access-analyzer.us-west-1.amazonaws.com",
|
||
|
"PrivateDnsNameVerificationState": "verified",
|
||
|
"PrivateDnsNames": [
|
||
|
{"PrivateDnsName": "access-analyzer.us-west-1.amazonaws.com"},
|
||
|
],
|
||
|
"ServiceId": "vpce-svc-1",
|
||
|
"ServiceName": "com.amazonaws.us-west-1.access-analyzer",
|
||
|
"ServiceType": [{"ServiceType": "Interface"}],
|
||
|
"Tags": [],
|
||
|
"VpcEndpointPolicySupported": True,
|
||
|
},
|
||
|
{
|
||
|
"AcceptanceRequired": False,
|
||
|
"AvailabilityZones": ["us-west-1a", "us-west-1b"],
|
||
|
"BaseEndpointDnsNames": ["config.us-west-1.vpce.amazonaws.com"],
|
||
|
"ManagesVpcEndpoints": False,
|
||
|
"Owner": "amazon",
|
||
|
"PrivateDnsName": "config.us-west-1.amazonaws.com",
|
||
|
"PrivateDnsNameVerificationState": "verified",
|
||
|
"PrivateDnsNames": [{"PrivateDnsName": "config.us-west-1.amazonaws.com"}],
|
||
|
"ServiceId": "vpce-svc-2",
|
||
|
"ServiceName": "com.amazonaws.us-west-1.config",
|
||
|
"ServiceType": [{"ServiceType": "Interface"}],
|
||
|
"Tags": [],
|
||
|
"VpcEndpointPolicySupported": True,
|
||
|
},
|
||
|
{
|
||
|
"AcceptanceRequired": True,
|
||
|
"AvailabilityZones": ["us-west-1a", "us-west-1b"],
|
||
|
"BaseEndpointDnsNames": ["s3.us-west-1.amazonaws.com"],
|
||
|
"ManagesVpcEndpoints": True,
|
||
|
"Owner": "amazon",
|
||
|
"ServiceId": "vpce-svc-3",
|
||
|
"ServiceName": "com.amazonaws.us-west-1.s3",
|
||
|
"ServiceType": [{"ServiceType": "Gateway"}],
|
||
|
"Tags": [{"Key": "Name", "Value": "s3_gw"}],
|
||
|
"VpcEndpointPolicySupported": False,
|
||
|
},
|
||
|
{
|
||
|
"AcceptanceRequired": False,
|
||
|
"AvailabilityZones": ["us-west-1a", "us-west-1b"],
|
||
|
"BaseEndpointDnsNames": ["s3.us-west-1.vpce.amazonaws.com"],
|
||
|
"ManagesVpcEndpoints": False,
|
||
|
"Owner": "amazon",
|
||
|
"ServiceId": "vpce-svc-4",
|
||
|
"ServiceName": "com.amazonaws.us-west-1.s3",
|
||
|
"ServiceType": [{"ServiceType": "Interface"}],
|
||
|
"Tags": [
|
||
|
{"Key": "Name", "Value": "s3_if"},
|
||
|
{"Key": "Environ", "Value": "test"},
|
||
|
],
|
||
|
"VpcEndpointPolicySupported": True,
|
||
|
},
|
||
|
]
|
||
|
|
||
|
|
||
|
def validate_s3_service_endpoint_gateway(details):
|
||
|
"""Validate response contains appropriate s3 Gateway service details."""
|
||
|
assert details["AcceptanceRequired"] is True
|
||
|
assert details["AvailabilityZones"] == ["us-west-1a", "us-west-1b"]
|
||
|
assert details["BaseEndpointDnsNames"] == ["s3.us-west-1.amazonaws.com"]
|
||
|
assert details["ManagesVpcEndpoints"] is True
|
||
|
assert details["Owner"] == "amazon"
|
||
|
assert details["ServiceId"] == "vpce-svc-3"
|
||
|
assert details["ServiceName"] == "com.amazonaws.us-west-1.s3"
|
||
|
assert details["ServiceType"] == [{"ServiceType": "Gateway"}]
|
||
|
assert details["VpcEndpointPolicySupported"] is False
|
||
|
assert details["Tags"][0] == {"Key": "Name", "Value": "s3_gw"}
|
||
|
|
||
|
|
||
|
def validate_s3_service_endpoint_interface(details):
|
||
|
"""Validate response contains appropriate s3 Gateway service details."""
|
||
|
assert details["AcceptanceRequired"] is False
|
||
|
assert details["AvailabilityZones"] == ["us-west-1a", "us-west-1b"]
|
||
|
assert details["BaseEndpointDnsNames"] == ["s3.us-west-1.vpce.amazonaws.com"]
|
||
|
assert details["ManagesVpcEndpoints"] is False
|
||
|
assert details["Owner"] == "amazon"
|
||
|
assert details["ServiceId"] == "vpce-svc-4"
|
||
|
assert details["ServiceName"] == "com.amazonaws.us-west-1.s3"
|
||
|
assert details["ServiceType"] == [{"ServiceType": "Interface"}]
|
||
|
assert details["VpcEndpointPolicySupported"] is True
|
||
|
assert details["Tags"][0] == {"Key": "Name", "Value": "s3_if"}
|
||
|
assert details["Tags"][1] == {"Key": "Environ", "Value": "test"}
|
||
|
|
||
|
|
||
|
@mock_ec2
|
||
|
def test_describe_vpc_endpoint_services_filters():
|
||
|
"""Verify that different type of filters return the expected results."""
|
||
|
from moto.ec2.models import ec2_backends # pylint: disable=import-outside-toplevel
|
||
|
|
||
|
ec2_backend = ec2_backends["us-west-1"]
|
||
|
test_data = fake_endpoint_services()
|
||
|
|
||
|
# Allow access to _filter_endpoint_services as it provides the best
|
||
|
# means of testing this logic.
|
||
|
# pylint: disable=protected-access
|
||
|
|
||
|
# Test a service name filter, using s3 as the service name.
|
||
|
filtered_services = ec2_backend._filter_endpoint_services(
|
||
|
["com.amazonaws.us-west-1.s3"], [], test_data,
|
||
|
)
|
||
|
assert len(filtered_services) == 2
|
||
|
validate_s3_service_endpoint_gateway(filtered_services[0])
|
||
|
validate_s3_service_endpoint_interface(filtered_services[1])
|
||
|
|
||
|
# Test a service type filter.
|
||
|
filtered_services = ec2_backend._filter_endpoint_services(
|
||
|
[], [{"Name": "service-type", "Value": ["Gateway"]}], test_data,
|
||
|
)
|
||
|
assert len(filtered_services) == 1
|
||
|
validate_s3_service_endpoint_gateway(filtered_services[0])
|
||
|
|
||
|
# Test a tag key/value filter.
|
||
|
filtered_services = ec2_backend._filter_endpoint_services(
|
||
|
[], [{"Name": "tag-key", "Value": ["Name"]}], test_data,
|
||
|
)
|
||
|
assert len(filtered_services) == 2
|
||
|
validate_s3_service_endpoint_gateway(filtered_services[0])
|
||
|
validate_s3_service_endpoint_interface(filtered_services[1])
|
||
|
|
||
|
# Test a tag key filter.
|
||
|
filtered_services = ec2_backend._filter_endpoint_services(
|
||
|
[], [{"Name": "tag:Environ", "Value": ["test"]}], test_data,
|
||
|
)
|
||
|
assert len(filtered_services) == 1
|
||
|
validate_s3_service_endpoint_interface(filtered_services[0])
|
||
|
|
||
|
# Test when there are no filters.
|
||
|
filtered_services = ec2_backend._filter_endpoint_services([], [], test_data)
|
||
|
assert len(filtered_services) == 4
|
||
|
|
||
|
# Test a combo of service name and multiple filters.
|
||
|
filtered_services = ec2_backend._filter_endpoint_services(
|
||
|
["com.amazonaws.us-west-1.s3"],
|
||
|
[{"Name": "tag:Environ", "Value": ["test"]}],
|
||
|
test_data,
|
||
|
)
|
||
|
assert len(filtered_services) == 1
|
||
|
validate_s3_service_endpoint_interface(filtered_services[0])
|
||
|
|
||
|
|
||
|
@mock_ec2
|
||
|
def test_describe_vpc_default_endpoint_services():
|
||
|
"""Test successfull calls as well as the next_token arg."""
|
||
|
ec2 = boto3.client("ec2", region_name="us-west-1")
|
||
|
|
||
|
# Verify the major components of the response. The unit test for filters
|
||
|
# verifies the contents of some of the ServicesDetails entries, so the
|
||
|
# focus of this unit test will be the larger components of the response.
|
||
|
all_services = ec2.describe_vpc_endpoint_services()
|
||
|
assert set(all_services.keys()) == set(
|
||
|
["ServiceNames", "ServiceDetails", "ResponseMetadata"]
|
||
|
)
|
||
|
assert len(all_services["ServiceDetails"]) == len(all_services["ServiceNames"])
|
||
|
all_names = [x["ServiceName"] for x in all_services["ServiceDetails"]]
|
||
|
assert set(all_names) == set(all_services["ServiceNames"])
|
||
|
|
||
|
# Verify the handling of the next token.
|
||
|
partial_services = ec2.describe_vpc_endpoint_services(MaxResults=2)
|
||
|
assert len(partial_services["ServiceDetails"]) == 2
|
||
|
assert len(partial_services["ServiceNames"]) == 2
|
||
|
assert all_names[0] == partial_services["ServiceNames"][0]
|
||
|
assert all_names[1] == partial_services["ServiceNames"][1]
|
||
|
assert all_names[0] == partial_services["ServiceDetails"][0]["ServiceName"]
|
||
|
assert all_names[1] == partial_services["ServiceDetails"][1]["ServiceName"]
|
||
|
assert partial_services["NextToken"] == (
|
||
|
all_services["ServiceDetails"][2]["ServiceId"]
|
||
|
)
|
||
|
|
||
|
# Use the next token to receive another service.
|
||
|
more_services = ec2.describe_vpc_endpoint_services(
|
||
|
MaxResults=1, NextToken=partial_services["NextToken"]
|
||
|
)
|
||
|
assert len(more_services["ServiceDetails"]) == 1
|
||
|
assert len(more_services["ServiceNames"]) == 1
|
||
|
assert all_names[2] == more_services["ServiceNames"][0]
|
||
|
assert all_names[2] == more_services["ServiceDetails"][0]["ServiceName"]
|
||
|
assert more_services["NextToken"] == all_services["ServiceDetails"][3]["ServiceId"]
|
||
|
|
||
|
# Use the next token to receive the remaining services.
|
||
|
remaining_services = ec2.describe_vpc_endpoint_services(
|
||
|
NextToken=more_services["NextToken"]
|
||
|
)
|
||
|
assert len(remaining_services["ServiceDetails"]) == len(all_names) - 3
|
||
|
assert "NextToken" not in remaining_services
|
||
|
|
||
|
# Extract one service and verify all the fields. This time the data is
|
||
|
# extracted from the actual response.
|
||
|
config_service = ec2.describe_vpc_endpoint_services(
|
||
|
ServiceNames=["com.amazonaws.us-west-1.config"]
|
||
|
)
|
||
|
details = config_service["ServiceDetails"][0]
|
||
|
assert details["AcceptanceRequired"] is False
|
||
|
assert details["AvailabilityZones"] == ["us-west-1a", "us-west-1b"]
|
||
|
assert details["BaseEndpointDnsNames"] == ["config.us-west-1.vpce.amazonaws.com"]
|
||
|
assert details["ManagesVpcEndpoints"] is False
|
||
|
assert details["Owner"] == "amazon"
|
||
|
assert details["PrivateDnsName"] == "config.us-west-1.amazonaws.com"
|
||
|
assert details["PrivateDnsNames"] == [
|
||
|
{"PrivateDnsName": "config.us-west-1.amazonaws.com"}
|
||
|
]
|
||
|
assert details["PrivateDnsNameVerificationState"] == "verified"
|
||
|
assert details["ServiceName"] == "com.amazonaws.us-west-1.config"
|
||
|
assert details["ServiceType"] == [{"ServiceType": "Interface"}]
|
||
|
assert details["VpcEndpointPolicySupported"] is True
|