* Fix:SES-Added params check in template
* Added more tests and handled message
* linting
* fixed tests
* fix attribute name in message
* fix logic for exception
* Fix sqs message retention logic
* Apply lint to moto/sqs/models.py
* Fix failed tests because of freezing time
* Fix freezing time in test_publish_to_sqs_in_different_region
* Dont fail if CodeCov fails - for now
* CI - Force cache rebuild
* Bump werkzeug to latest version
* CI - Enforce cache flush
* ManagedBlockchain - fix error format
* ManagedBlockchain - Fix tests to use pytest.raises paradigm
* Revert "Lock Flask (#3925)"
This reverts commit 8bb0feb956.
* CI - Enforce cache rebuild
* Support rotating secrets using Lambda
The Secrets manager rotation process uses an AWS Lambda function
to perform the rotation of a secret. [1]
In fact, it's not possible to trigger rotation of a Secret
without specifying a Lambda function at some point in the life
of the secret:
```
$ aws secretsmanager rotate-secret --secret-id /rotationTest
An error occurred (InvalidRequestException) when calling the RotateSecret operation: No Lambda rotation function ARN is associated with this secret.
```
`moto` can be a little more lenient in this regard and allow
`rotate_secret` to be called without a Lambda function being
present, if only to allow simulation of the `AWSCURRENT` and
`AWSPREVIOUS` labels moving across versions.
However, if a lambda function _has_ been specified when calling
`rotate_secret`, it should be invoked therefore providing the
developer with the full multi-stage process [3] which can be
used to test the Lambda function itself and ensuring that full
end-to-end testing is performed. Without this there's no easy
way to configure the Secret in the state needed to provide the
Lambda function with the data in the format it needs to be in
at each step of the invocation process.
[1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-lambda-function-overview.html
[2]: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/secretsmanager.html#SecretsManager.Client.rotate_secret
[3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-lambda-function-overview.html#rotation-explanation-of-steps
* Run `black` over `secretsmanager/models.py`
* Make `lambda_backends` import local to the condition
* Implement `update_secret_version_stage`
Allow a staging label to be moved across versions.
https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/secretsmanager.html#SecretsManager.Client.update_secret_version_stage
* Add an integration test for Secrets Manager & Lambda
* Support passing `ClientRequestToken` to `put_secret_value`
By passing `ClientRequestToken` to `put_secret_value` within
the lambda function invoked by calling `rotate_secret`, one
can update the value associated with the existing (pending)
version, without causing a new secret version to be created.
* Add application logic for `AWSPENDING`
The rotation function must end with the versions of the secret
in one of two states:
- The `AWSPENDING` and `AWSCURRENT` staging labels are
attached to the same version of the secret, or
- The `AWSPENDING` staging label is not attached to any
version of the secret.
If the `AWSPENDING` staging label is present but not attached
to the same version as `AWSCURRENT` then any later invocation
of RotateSecret assumes that a previous rotation request is
still in progress and returns an error.
* Update `default_version_id` after Lambda rotation concludes
Call `set_default_version_id` directly, rather than going
through `reset_default_version` as the Lambda function is
responsible for moving the version labels around, not `rotate_secret`.
* Run `black` over changed files
* Fix Python 2.7 compatibility
* Add additional test coverage for Secrets Manager
* Fix bug found by tests
AWSPENDING + AWSCURRENT check wasn't using `version_stages`.
Also tidy up the AWSCURRENT moving in `update_secret_version_stage`
to remove AWSPREVIOUS it from the new stage.
* Run `black` over changed files
* Add additional `rotate_secret` tests
* Skip `test_rotate_secret_lambda_invocations` in test server mode
* Add test for invalid Lambda ARN
* implement user pool mfa actions
* Add messages to errors
Add messages to errors
Fix error message
* Change exception type
* fix validation & add more tests
Co-authored-by: George Lewis <glewis@evertz.com>
* add test that fails with FilterNotImplementedError
* describe_network_acls: add support for owner-id filter
Co-authored-by: Kevin Neal <Kevin_Neal@intuit.com>
* `nextToken` value in `logs:describeLogStreams` response
Modified the pagination for FilterLogEvents to more closely follow
the real AWS behaviour.
* Make assertions work in py2 and py3.
* Fix : Remove Invalid request error
* Fix test and review commanets
* Remove duplicate put_integration_template
* API Gateway - Body can be None or empty
Co-authored-by: Bert Blommers <info@bertblommers.nl>
* Fix: `nextToken` value in `logs:FilterLogEvents` response
Plagiarizing freely from @bpandola and his PR #3398, I have
modified the pagination for FilterLogEvents to more closely follow
the real AWS behaviour.
Fixes#3882
* Black reformatted my code.
* Remove timezone for python2.7 compatibility.
* Hopefully fix python2.7 compatibility for real.
* Additional test for a non-matching log group name in the nextToken.
* Implemented list instances in EMR
* removed import from tests
* make format
* fix W291 trailing whitespace
* removed to work for py2.7
* Storing only ec2_id and instance group in Fake instance
Co-authored-by: J <jdeepe@147dda1b0833.ant.amazon.com>
* Create SageMaker EndpointConfig with CloudFormation
Implement attributes for SM Endpoint Configs with CloudFormation
Delete SM Endpoint Configs with CloudFormation
Update SM Endpoint Configs with CloudFormation
* Fix typos in SM CF Model update test and refactor helper function for CF stack outputs
* Fixup weird commas in SM CF Test Configs from using black
* Create SageMaker Endpoints with CloudFormation
* Fix typos in SM CF update tests
* Create a formal interface for SM Cloudformation test configurations
* Create SageMaker Models with CloudFormation
* Utilize six for adding metaclass to TestConfig
* Update SM backend to return Model objects instead of response objects
* Create SageMaker Notebook Instance Lifecycle Configs with CloudFormation
Implement attributes for SM Notebook Instance Lifecycle Config in CloudFormation
Delete SM Notebook Instance Lifecycle Configs with CloudFormation
Update SM Notebook Instance Lifecycle Configs with CloudFormation
Also fixed error in create_from method where the properties where not
being referenced when setting OnCreate and OnStart.
Factor out template for SM Notebook Lifecycle Config CF tests
* Refactor SM CloudFormation create tests to use pytest.mark.parametrize
* Refactor SM CloudFormation get_attr tests to use pytest.mark.parametrize
Also update the NotebookInstance template function to use Name and Arn
for the output IDs so that the parametrization is easier.
* Refactor SM CloudFormation delete tests to use pytest.mark.parametrize
* Move event pattern validation into EventPattern class and apply enhanced pattern logic to all Rules
* Fix exists filtering logic to only match leaf nodes in event
* Apply black formatting
* Replace JSONDecodeError with ValueError for Python2 compatibility
* Update unit test names
* Move event pattern tests into test_event_pattern.py
* Apply black formatting
Co-authored-by: TSNoble <tom.noble@bjss.com>
* Make it possible to customize the ACM cert validation wait time.
Signed-off-by: Kai Xia <kaix+github@fastmail.com>
* address PR comments & change requests.
Signed-off-by: Kai Xia <kaix+github@fastmail.com>
* make tests work.
Signed-off-by: Kai Xia <kaix+github@fastmail.com>
* Create SageMaker Notebook Instances with CloudFormation
* Implement attributes for SageMaker notebook instance in Cloudformation
* Delete SageMaker Notebook Instances with CloudFormation
* Update SageMaker Notebook Instances with CloudFormation
* Factor out template into function for SageMaker notebook instance tests
* Py3: use unittest.mock instead of mock
* noqa
* oops
* just pull in patch()
* ignore RuntimeError when stopping patch
* ignore RuntimeError from default_session_mock.stop()
* Add prefix and numeric filtering logic for Archive EventPattern
* Pull EventPattern logic out into class and test logic more directly
* Apply black formatting
Co-authored-by: Tom Noble <tom.noble@bjss.com>
* Add exists filtering functionality to Archive. Add test case and refactor existing Archive EventPattern test cases
* Apply black formatting
* Change NotImplementedError to warning
* Simplify unimplemented warning for filters
* Change str check to six.string_types check for python2.7
Co-authored-by: Tom Noble <tom.noble@bjss.com>
* Add _does_event_match_pattern() to EventsBackend and use when determining whether to archive an event
* Add comment to _does_event_item_match_pattern_item()
* Expand test case for Archive EventFilter
* Apply black formatting
Co-authored-by: Tom Noble <tom.noble@bjss.com>
* Make security rules consistent between direct (backend) and indirect (api) boundaries
Security rules added directly via the backend were unable to be revoked via the API
because the port values were being stored as strings but were always coerced back
to integers by the botocore model. `"0" != 0`, so the rules would never match,
raising an `InvalidPermissionNotFoundError`.
This change ensures that the port values for a security group rule are always of type
`Union[int, None]`.
No tests needed to be modified as a result of this change. A new test was added that
explicitly covers the behavior that had been failing.
* Skip test in server mode
* Modify put_parameter() to raise ValidationError when value is empty string
* Simplify empty string check
Co-authored-by: Tom Noble <tom.noble@bjss.com>
The `InvalidPermission.Duplicate` error was already implemented for inbound rules,
but AWS also returns this error for duplicate outbound rules.
Very minor changes were needed on existing tests that were adding duplicate
outbound rules (when testing the RulesPerSecurityGroupLimitExceeded error).
* between clause is not case-sensitive anymore
* begins_with will raise an exception unless lower-case is used
Co-authored-by: David Pedrosa <d.pedrosa@indizen.com>
