From Python Safety:
Cryptography 3.3 no longer allows loading of finite field Diffie-Hellman parameters of less than 512 bits in length. This change is to conform with an upcoming OpenSSL release that no longer supports smaller sizes. These keys were already wildly insecure and should not have been used in any application outside of testing.
* Properly coerce `privateDnsEnabled` to boolean value when parsing requests.
* Per AWS spec, default `privateDnsEnabled` request value to `True`.
* Properly serialize `privateDnsEnabled` as boolean value in responses.
* Add test coverage.
Ref: #3540
Applies the user credentials pattern from the ADMIN_NO_SRP_AUTH flow
to the ADMIN_USER_PASSWORD_AUTH auth flow for Cognito admin_initiate_auth
requests.
Co-authored-by: Robin Wilkins <r.wilkins@waracle.com>
* fix https://github.com/localstack/localstack/issues/3339
* fixe lint issues
* Fix review comments
- move deduplication time to constants
- make tests parameterized
- update tests as per review comments
* change variable name expectedCount => expected_count
* fix tests for python 2.7
increase deduplication mock config to account for delays
* ignore time mocking test in server mode
These tests were passing with TZ=UTC, but under a non-UTC timezone
they were failing:
E AssertionError: given
E X = [{'timestamp': datetime.datetime(2020, 1, 1, 0, 0, tzinfo=tzutc()), …}, …]
E and
E Y = [{'timestamp': datetime.datetime(2020, 1, 1, 0, 0, tzinfo=tzlocal()), …}, …]
E X[0]['timestamp'] != Y[0]['timestamp']
With this fix, they pass either way.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
* Pass the "default" cluster
* Mock ECS exceptions more accurately
Moto's mock ECS has drifted fairly far from the actual ECS API in terms
of which exceptions it throws. This change begins to bring mock ECS's
exceptions in line with actual ECS exceptions. Most notably:
- Several custom exceptions have been replaced with their real ECS
exception. For example, "{0} is not a cluster" has been replaced with
ClusterNotFoundException
- Tests have been added to verify (most of) these exceptions work
correctly. The test coverage was a little spotty to begin with.
- The new exceptions plus the change to pass the "default" cluster
exposed a lot of places where mock ECS was behaving incorrectly. For
example, the ListTasks action is always scoped to a single cluster in
ECS but it listed tasks for all clusters in the mock. I've minimally
updated the tests to make them pass, but there's lots of opportunity to
refactor both this method's test and its implementation.
This does not provide full coverage of exceptions. In general, I ran
these operations against actual ECS resources and cross-referenced the
documentation to figure out what actual exceptions should be thrown and
what the messages should be. Consequently, I didn't update any
exceptions that took more than trivial amount of time to reproduce with
real resources.
* Retrieve SAML Attribute by Name instead of relying on order which is too fragile
* Handle case when SAML Attribute SessionDuration is not provided, as it is not a required attribute from SAML response
When session duration not provided, AWS consider by default a duration of one hour as cited in the following documentation:
"If this attribute is not present, then the credential last for one hour (the default value of the DurationSeconds parameter of the AssumeRoleWithSAML API)."
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_assertions.html#saml_role-session-duration
Traceback was:
[...]
File "/Users/benjamin.brabant/Projects/PERSO/moto/moto/sts/responses.py", line 79, in assume_role_with_saml
role = sts_backend.assume_role_with_saml(
File "/Users/benjamin.brabant/Projects/PERSO/moto/moto/sts/models.py", line 99, in assume_role_with_saml
role = AssumedRole(**kwargs)
TypeError: __init__() missing 1 required positional argument: 'duration'
* Process saml xml namespaces properly instead of relying on textual prefix that can vary between identity providers
* Handle when SAML response AttributeValue xml tag contains attributes that force xmltodict to build a dictionary as for complex types instead of directly returning string value
Leverage force_cdata option of xmltodict parser that always return a complex dictionary even if xml tag contains only text and no attributes.
* Improve existing test_assume_role_with_saml to be coherent with other assume_role_with_saml tests and remove dead code at the same time
By definition, `single-node` clusters can only consist of 1 node. Likewise,
`multi-node` clusters must have 2 or more nodes.
* Ensure `ClusterType` parameter is either `multi-node` or `single-node`.
* Ensure proper validation of `NumberOfNodes` parameter based on `ClusterType`
parameter.
* Fix existing test case that incorrectly allowed a `multi-node` cluster to
consist of 1 node.
* Add dedicated test for resizing a cluster from `single-node` to `multi-node`
and back again.
Behavior and error messages have been verified against a real AWS backend.
* Add format command to makefile
* Refactor executions to be a attribute of StateMachine
* Begin to add tests for execution history
* Add tests for failed and successful event histories, with implementations
* Add failure case to environment var check
* Skip test if in server mode and update implementation coverage
* Add conditional import for mock to cover python 2
* Refactor stop execution logic into StateMachine
* Refactor event history environment variable into settings.py
* Remove typing and os import
The `boto` library (long ago superseded by `boto3`) has not had an official
release in over two years or even a commit in the last 18 months. Importing
the package (or indirectly importing it by via `moto`) generates a deprecation
warning. Additionally, an ever-increasing number of `moto` users who have
left `boto` behind for `boto3` are still being forced to install `boto`.
This commit vendors a very small subset of the `boto` library--only the code
required by `moto` to run--into the /packages subdirectory. A README file
is included explaining the origin of the files and a recommendation for how
they can be removed entirely in a future release.
NOTE: Users of `boto` will still be able to use `moto` after this is merged.
closes#2978closes#3013closes#3170closes#3418
relates to #2950
A test added in #2401 copied the name of an existing test, preventing it
from being run. This commit renames the second test, allowing both to
be picked up by the test runner.
Original code was trying to raise a ClientError directly. Change to
appropriate Redshift exception class.
* Fix test assertion for `boto`.
* Add test coverage for `boto3`.