Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

EC2: create_vpc_endpoint() should use default policy document if not provided (#6022)

Browse Source
This commit is contained in:
Bert Blommers 2023-03-06 23:21:02 -01:00 committed by GitHub
parent 33ce02056d
commit adfbff1095
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 40 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
moto/ec2/models/vpcs.py
View File

@ -40,6 +40,14 @@ DEFAULT_VPC_ENDPOINT_SERVICES: List[Dict[str, str]] = []
class VPCEndPoint(TaggedEC2Resource, CloudFormationModel): class VPCEndPoint(TaggedEC2Resource, CloudFormationModel):
DEFAULT_POLICY = {
"Version": "2008-10-17",
"Statement ": [
{"Effect": "Allow", "Principal": "*", "Action": "*", "Resource": "*"}
],
}
def __init__( def __init__(
self, self,
ec2_backend: Any, ec2_backend: Any,
@ -64,7 +72,7 @@ class VPCEndPoint(TaggedEC2Resource, CloudFormationModel):
self.service_name = service_name self.service_name = service_name
self.endpoint_type = endpoint_type self.endpoint_type = endpoint_type
self.state = "available" self.state = "available"
self.policy_document = policy_document self.policy_document = policy_document or json.dumps(VPCEndPoint.DEFAULT_POLICY)
self.route_table_ids = route_table_ids self.route_table_ids = route_table_ids
self.network_interface_ids = network_interface_ids or [] self.network_interface_ids = network_interface_ids or []
self.subnet_ids = subnet_ids self.subnet_ids = subnet_ids

32
tests/test_ec2/test_vpcs.py
View File

@ -2,7 +2,7 @@ import pytest
from botocore.exceptions import ClientError from botocore.exceptions import ClientError
import boto3 import boto3
import json
import sure # noqa # pylint: disable=unused-import import sure # noqa # pylint: disable=unused-import
import random import random
@ -1006,6 +1006,36 @@ def test_describe_classic_link_dns_support_multiple():
) )
@mock_ec2
def test_create_vpc_endpoint__policy():
ec2 = boto3.client("ec2", region_name="us-west-1")
vpc_id = ec2.create_vpc(CidrBlock="10.0.0.0/16")["Vpc"]["VpcId"]
# create without policy --> verify the default policy is created
default_policy = {
"Version": "2008-10-17",
"Statement ": [
{"Effect": "Allow", "Principal": "*", "Action": "*", "Resource": "*"}
],
}
vpc_end_point = ec2.create_vpc_endpoint(
VpcId=vpc_id,
ServiceName="com.amazonaws.us-east-1.s3",
VpcEndpointType="Gateway",
)["VpcEndpoint"]
vpc_end_point.should.have.key("PolicyDocument")
json.loads(vpc_end_point["PolicyDocument"]).should.equal(default_policy)
# create with policy --> verify the passed policy is returned
vpc_end_point = ec2.create_vpc_endpoint(
VpcId=vpc_id,
ServiceName="com.amazonaws.us-east-1.s3",
PolicyDocument="my policy document",
VpcEndpointType="Gateway",
)["VpcEndpoint"]
vpc_end_point.should.have.key("PolicyDocument").equals("my policy document")
@mock_ec2 @mock_ec2
def test_describe_vpc_gateway_end_points(): def test_describe_vpc_gateway_end_points():
ec2 = boto3.client("ec2", region_name="us-west-1") ec2 = boto3.client("ec2", region_name="us-west-1")