Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SSM param type validation (#5835)

Browse Source
This commit is contained in:
Matthew Davis 2023-01-12 23:06:40 +11:00 committed by GitHub
parent 6da12892a3
commit 5d2f2bca8c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 32 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -29,3 +29,4 @@ htmlcov/
.coverage* .coverage*
docs/_build docs/_build
moto_recording moto_recording
.hypothesis

2
docs/docs/contributing/architecture.rst
View File

@ -31,7 +31,7 @@ For each request we need to know two things:
#. Which service is this request for? #. Which service is this request for?
#. Which feature is called? #. Which feature is called?
When using one ore more decorators, Moto will load all urls from `{service}/urls.py::url_bases`. When using one or more decorators, Moto will load all urls from `{service}/urls.py::url_bases`.
Incoming requests are matched against those to figure out which service the request has to go to. Incoming requests are matched against those to figure out which service the request has to go to.
After that, we try to find right feature by looking at: After that, we try to find right feature by looking at:

13
moto/ssm/models.py
View File

@ -851,6 +851,14 @@ def _document_filter_match(account_id, filters, ssm_doc):
return True return True
def _valid_parameter_type(type_):
"""
Parameter Type field only allows `SecureString`, `StringList` and `String` (not `str`) values
"""
return type_ in ("SecureString", "StringList", "String")
def _valid_parameter_data_type(data_type): def _valid_parameter_data_type(data_type):
""" """
Parameter DataType field allows only `text` and `aws:ec2:image` values Parameter DataType field allows only `text` and `aws:ec2:image` values
@ -1794,6 +1802,11 @@ class SimpleSystemManagerBackend(BaseBackend):
) )
raise ValidationException(invalid_prefix_error) raise ValidationException(invalid_prefix_error)
if not _valid_parameter_type(parameter_type):
raise ValidationException(
f"1 validation error detected: Value '{parameter_type}' at 'type' failed to satisfy constraint: Member must satisfy enum value set: [SecureString, StringList, String]",
)
if not _valid_parameter_data_type(data_type): if not _valid_parameter_data_type(data_type):
# The check of the existence of an AMI ID in the account for a parameter of DataType `aws:ec2:image` # The check of the existence of an AMI ID in the account for a parameter of DataType `aws:ec2:image`
# is not supported. The parameter will be created. # is not supported. The parameter will be created.

17
tests/test_ssm/test_ssm_boto3.py
View File

@ -414,6 +414,23 @@ def test_put_parameter_invalid_data_type(bad_data_type):
) )
@mock_ssm
def test_put_parameter_invalid_type():
client = boto3.client("ssm", region_name="us-east-1")
bad_type = "str" # correct value is String
with pytest.raises(ClientError) as e:
client.put_parameter(
Name="test_name", Value="some_value", Type=bad_type, DataType="text"
)
ex = e.value
ex.operation_name.should.equal("PutParameter")
ex.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400)
ex.response["Error"]["Code"].should.contain("ValidationException")
ex.response["Error"]["Message"].should.equal(
f"1 validation error detected: Value '{bad_type}' at 'type' failed to satisfy constraint: Member must satisfy enum value set: [SecureString, StringList, String]"
)
@mock_ssm @mock_ssm
def test_get_parameter(): def test_get_parameter():
client = boto3.client("ssm", region_name="us-east-1") client = boto3.client("ssm", region_name="us-east-1")