Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Prep release 4.2.3 (#6814)

Browse Source
This commit is contained in:
Bert Blommers 2023-09-15 17:56:03 +00:00 committed by GitHub
parent 2bae13bf5b
commit b7cedf6480
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 85 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
CHANGELOG.md
View File

@ -1,6 +1,49 @@
Moto Changelog Moto Changelog
============== ==============
4.2.3
-----
Docker Digest for 4.2.3: <autopopulateddigest>
New Services:
* RoboMaker:
* create_robot_application()
* delete_robot_application()
* describe_robot_application()
* list_robot_applications()
New Methods:
* ElasticBeanstalk:
* delete_application()
* Events:
* create_partner_event_source()
* delete_partner_event_source()
* describe_event_source()
* describe_partner_event_source()
* put_partner_events()
Miscellaneous:
* Core: The mocked ACCESS_KEY has been changed from `foobar_key` to `FOOBARKEY`, to align with AWS guidelines
* Core: set_initial_no_auth_action_count() now supports SSM actions
* Core: Fixed a memory leak when comparing requests (introduced in 4.1.13)
* Athena: get_query_execution() now returns a StatementType dependent on the provided query
* DynamoDB: query() now throws an exception when the KeyConditionExpression contains a literal value
* EBS: put_snapshot_block() now supports random bytes
* EC2: describe_transit_gateways() now supports filtering by tags
* ELBv2: describe_target_groups() now throws an exception for invalid input parameters
* ELBv2: describe_target_groups() now sorts the result before returning it
* ELBv2: create_target_group() now has improved validation and default values
* ELBv2: create_rule() now creates links between the TargetGroups and LoadBalancers
* Events: put_events() now support HTTP targets
* IAM policy validation now takes the provided Resource-argument into account when validating access to STS-resources
* IAM: get_role() now returns the LastUsed-parameter, provided the role was assumed and used
* KMS: sign/verify now uses the original message when signing, not the base64-version
* Lambda: invoke() now loads any Layers provided in the create_function()
* S3: put_bucket_logging() now supports bucket policies (as well as ACP's)
* S3: Range requests are now more permissive (following AWS' behaviour)
* SFN: list_executions() now returns the StopDate-attribute
4.2.2 4.2.2
------ ------
Docker Digest for 4.2.2: <autopopulateddigest> Docker Digest for 4.2.2: <autopopulateddigest>

4
IMPLEMENTATION_COVERAGE.md
View File

@ -2763,7 +2763,7 @@
## elasticbeanstalk ## elasticbeanstalk
<details> <details>
<summary>12% implemented</summary> <summary>14% implemented</summary>
- [ ] abort_environment_update - [ ] abort_environment_update
- [ ] apply_environment_managed_action - [ ] apply_environment_managed_action
@ -2776,7 +2776,7 @@
- [X] create_environment - [X] create_environment
- [ ] create_platform_version - [ ] create_platform_version
- [ ] create_storage_location - [ ] create_storage_location
- [ ] delete_application - [X] delete_application
- [ ] delete_application_version - [ ] delete_application_version
- [ ] delete_configuration_template - [ ] delete_configuration_template
- [ ] delete_environment_configuration - [ ] delete_environment_configuration

2
docs/docs/services/elasticbeanstalk.rst
View File

@ -36,7 +36,7 @@ elasticbeanstalk
- [X] create_environment - [X] create_environment
- [ ] create_platform_version - [ ] create_platform_version
- [ ] create_storage_location - [ ] create_storage_location
- [x] delete_application - [X] delete_application
- [ ] delete_application_version - [ ] delete_application_version
- [ ] delete_configuration_template - [ ] delete_configuration_template
- [ ] delete_environment_configuration - [ ] delete_environment_configuration

6
docs/docs/services/kms.rst
View File

@ -78,9 +78,8 @@ kms
- [X] revoke_grant - [X] revoke_grant
- [X] schedule_key_deletion - [X] schedule_key_deletion
- [X] sign - [X] sign
Sign message using generated private key.
- signing_algorithm is ignored and hardcoded to RSASSA_PSS_SHA_256 Sign message using generated private key.
- grant_tokens are not implemented - grant_tokens are not implemented
@ -92,9 +91,8 @@ kms
- [X] update_key_description - [X] update_key_description
- [ ] update_primary_region - [ ] update_primary_region
- [X] verify - [X] verify
Verify message using public key from generated private key.
- signing_algorithm is ignored and hardcoded to RSASSA_PSS_SHA_256 Verify message using public key from generated private key.
- grant_tokens are not implemented - grant_tokens are not implemented

2
docs/docs/services/robomaker.rst
View File

@ -12,8 +12,6 @@
robomaker robomaker
========= =========
.. autoclass:: moto.robomaker.models.RoboMakerBackend
|start-h3| Example usage |end-h3| |start-h3| Example usage |end-h3|
.. sourcecode:: python .. sourcecode:: python

16
tests/test_elbv2/test_elbv2_target_groups.py
View File

@ -375,6 +375,7 @@ def test_target_group_attributes():
# check if Names filter works # check if Names filter works
response = conn.describe_target_groups(Names=[]) response = conn.describe_target_groups(Names=[])
assert len(response["TargetGroups"]) == 1
response = conn.describe_target_groups(Names=["a-target"]) response = conn.describe_target_groups(Names=["a-target"])
assert len(response["TargetGroups"]) == 1 assert len(response["TargetGroups"]) == 1
target_group_arn = target_group["TargetGroupArn"] target_group_arn = target_group["TargetGroupArn"]
@ -466,7 +467,6 @@ def test_describe_target_groups():
response, vpc, _, _, _, conn = create_load_balancer() response, vpc, _, _, _, conn = create_load_balancer()
lb_arn = response["LoadBalancers"][0]["LoadBalancerArn"] lb_arn = response["LoadBalancers"][0]["LoadBalancerArn"]
assert "LoadBalancerArn" in response["LoadBalancers"][0]
groups = conn.describe_target_groups()["TargetGroups"] groups = conn.describe_target_groups()["TargetGroups"]
assert len(groups) == 0 assert len(groups) == 0
@ -564,6 +564,20 @@ def test_describe_target_groups():
assert groups[1]["TargetGroupName"] == "d-target" assert groups[1]["TargetGroupName"] == "d-target"
@mock_elbv2
@mock_ec2
def test_describe_target_groups_with_empty_load_balancer():
response, _, _, _, _, conn = create_load_balancer()
lb_arn = response["LoadBalancers"][0]["LoadBalancerArn"]
with pytest.raises(ClientError) as exc:
conn.describe_target_groups(LoadBalancerArn=lb_arn)
err = exc.value.response["Error"]
assert err["Code"] == "TargetGroupNotFound"
assert err["Message"] == "One or more target groups not found"
@mock_elbv2 @mock_elbv2
@mock_ec2 @mock_ec2
def test_modify_target_group(): def test_modify_target_group():

57
tests/test_s3/test_s3_bucket_policy.py
View File

@ -34,54 +34,37 @@ class TestBucketPolicy:
def teardown_class(cls): def teardown_class(cls):
cls.server.stop() cls.server.stop()
xfail_reason = "S3 logic for resource-based policy is not yet correctly implemented, see https://github.com/getmoto/moto/pull/6799#issuecomment-1712799688"
@pytest.mark.parametrize( @pytest.mark.parametrize(
"kwargs,status", "kwargs,boto3_status,unauthorized_status",
[ [
({}, 200), # The default policy is to allow access to 'mybucket/*'
({"resource": "arn:aws:s3:::mybucket/test_txt"}, 200), ({}, 200, 200),
pytest.param( # We'll also allow access to the specific key
{"resource": "arn:aws:s3:::notmybucket/*"}, ({"resource": "arn:aws:s3:::mybucket/test_txt"}, 200, 200),
403, # We're allowing authorized access to an unrelated bucket
marks=pytest.mark.xfail(reason=xfail_reason), # Accessing our key is allowed for authenticated users, as there is no explicit deny
), # It should block unauthenticated (public) users, as there is no explicit allow
pytest.param( ({"resource": "arn:aws:s3:::notmybucket/*"}, 200, 403),
{"resource": "arn:aws:s3:::mybucket/other*"}, # Verify public access when the policy contains multiple resources
403, ({"resource": ["arn:aws:s3:::other", "arn:aws:s3:::mybucket/*"]}, 200, 200),
marks=pytest.mark.xfail(reason=xfail_reason), # Deny all access, for any resource
), ({"effect": "Deny"}, 403, 403),
({"resource": ["arn:aws:s3:::mybucket", "arn:aws:s3:::mybucket/*"]}, 200), # We don't explicitly deny authenticated access
pytest.param( # We'll deny an unrelated resource, but that should not affect anyone
{ # It should block unauthorized users, as there is no explicit allow
"resource": [ ({"resource": "arn:aws:s3:::notmybucket/*", "effect": "Deny"}, 200, 403),
"arn:aws:s3:::notmybucket",
"arn:aws:s3:::notmybucket/*",
]
},
403,
marks=pytest.mark.xfail(reason=xfail_reason),
),
pytest.param(
{"resource": ["arn:aws:s3:::mybucket", "arn:aws:s3:::notmybucket/*"]},
403,
marks=pytest.mark.xfail(reason=xfail_reason),
),
pytest.param(
{"effect": "Deny"}, 403, marks=pytest.mark.xfail(reason=xfail_reason)
),
], ],
) )
def test_block_or_allow_get_object(self, kwargs, status): def test_block_or_allow_get_object(self, kwargs, boto3_status, unauthorized_status):
self._put_policy(**kwargs) self._put_policy(**kwargs)
if status == 200: if boto3_status == 200:
self.client.get_object(Bucket="mybucket", Key="test_txt") self.client.get_object(Bucket="mybucket", Key="test_txt")
else: else:
with pytest.raises(ClientError): with pytest.raises(ClientError):
self.client.get_object(Bucket="mybucket", Key="test_txt") self.client.get_object(Bucket="mybucket", Key="test_txt")
assert requests.get(self.key_name).status_code == status assert requests.get(self.key_name).status_code == unauthorized_status
def test_block_put_object(self): def test_block_put_object(self):
# Block Put-access # Block Put-access