SSM param type validation (#5835)

2023-01-12 23:06:40 +11:00 · 2023-01-12 23:06:40 +11:00 · 5d2f2bca8c
commit 5d2f2bca8c
parent 6da12892a3
4 changed files with 32 additions and 1 deletions
--- a/.gitignore
+++ b/.gitignore
@ -29,3 +29,4 @@ htmlcov/
 .coverage*
 docs/_build
 moto_recording
+.hypothesis
--- a/docs/docs/contributing/architecture.rst
+++ b/docs/docs/contributing/architecture.rst
@ -31,7 +31,7 @@ For each request we need to know two things:
 #. Which service is this request for?
 #. Which feature is called?

-When using one ore more decorators, Moto will load all urls from `{service}/urls.py::url_bases`.
+When using one or more decorators, Moto will load all urls from `{service}/urls.py::url_bases`.
 Incoming requests are matched against those to figure out which service the request has to go to.
 After that, we try to find right feature by looking at:

--- a/moto/ssm/models.py
+++ b/moto/ssm/models.py
@ -851,6 +851,14 @@ def _document_filter_match(account_id, filters, ssm_doc):
    return True


+def _valid_parameter_type(type_):
+    """
+    Parameter Type field only allows `SecureString`, `StringList` and `String` (not `str`) values
+
+    """
+    return type_ in ("SecureString", "StringList", "String")
+
+
 def _valid_parameter_data_type(data_type):
    """
    Parameter DataType field allows only `text` and `aws:ec2:image` values
@ -1794,6 +1802,11 @@ class SimpleSystemManagerBackend(BaseBackend):
                )
            raise ValidationException(invalid_prefix_error)

+        if not _valid_parameter_type(parameter_type):
+            raise ValidationException(
+                f"1 validation error detected: Value '{parameter_type}' at 'type' failed to satisfy constraint: Member must satisfy enum value set: [SecureString, StringList, String]",
+            )
+
        if not _valid_parameter_data_type(data_type):
            # The check of the existence of an AMI ID in the account for a parameter of DataType `aws:ec2:image`
            # is not supported. The parameter will be created.
--- a/tests/test_ssm/test_ssm_boto3.py
+++ b/tests/test_ssm/test_ssm_boto3.py
@ -414,6 +414,23 @@ def test_put_parameter_invalid_data_type(bad_data_type):
    )


+@mock_ssm
+def test_put_parameter_invalid_type():
+    client = boto3.client("ssm", region_name="us-east-1")
+    bad_type = "str"  # correct value is String
+    with pytest.raises(ClientError) as e:
+        client.put_parameter(
+            Name="test_name", Value="some_value", Type=bad_type, DataType="text"
+        )
+    ex = e.value
+    ex.operation_name.should.equal("PutParameter")
+    ex.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400)
+    ex.response["Error"]["Code"].should.contain("ValidationException")
+    ex.response["Error"]["Message"].should.equal(
+        f"1 validation error detected: Value '{bad_type}' at 'type' failed to satisfy constraint: Member must satisfy enum value set: [SecureString, StringList, String]"
+    )
+
+
@mock_ssm
 def test_get_parameter():
    client = boto3.client("ssm", region_name="us-east-1")