When creating a new IAM policy version with create_policy_version,
we cannot use the length of the versions list to calculate VersionId.
Keep track of the next version id to use as a non-decreasing counter.
Fixes#2157
Given how moto is intended to be used, and how it uses Jinja2, [CVE-2019-10906](https://nvd.nist.gov/vuln/detail/CVE-2019-10906) is unlikely to affect many users, but we should use a secure version anyway just in case moto is being used in unforeseen ways.
AWS always assigns a primary IP address to Network Interfaces.
Using a test account (modified the IP):
>>> import boto
>>> vpc = boto.connect_vpc()
>>> eni = vpc.create_network_interface(subnet_id)
>>> eni.private_ip_addresses
[PrivateIPAddress(10.1.2.3, primary=True)]
This commit modifies the response format of the ec2 calls
`create_volume` and `describe_volumes`. Previously, these calls would
always include a `Tags` key in the response, even when a volume has no tags.
Now, the `Tags` key will not be included in the response if the volume
has no tags.
When an EBS volume has no tags, calls to the aws ec2 endpoints `create_volume`
and `describe_volumes` do not include the `Tags` key in the
`response.Volumes[]` object.
However, moto does include the `Tags` key in this case. This discrepancy
in behaviour can result in code passing a moto test but failing in
production.
Sample snippets that trigger this condition:
```
def create_volume_and_then_get_tags_from_response():
client = boto3.client('ec2', region_name='us-east-1')
volume_response = client.create_volume(
Size=10,
AvailabilityZone='us-east-1a'
)
keys = volume_response['Keys']
```
```
def create_volume_and_then_get_tags_from_describe_volumes():
client = boto3.client('ec2', region_name='us-east-1')
volume_response = client.create_volume(
Size=10,
AvailabilityZone='us-east-1a'
)
volume_describe_response = client.describe_volumes()
keys = volume_describe_response['Volumes'][0]['Keys']
```
Both sample snippets will succeed in a moto test, but fail with a
`KeyError` when using the aws api.
This commit adds a test for a case where an EBS volume has no tags. When
an EBS volume has no tags, calls to the aws ec2 endpoints `create_volume`
and `describe_volumes` do not include the `Tags` key in the
`response.Volumes[]` object.
However, moto does include the `Tags` key in this case. This discrepancy
in behaviour can result in code passing a moto test but failing in
production.
Sample snippets that trigger this condition:
```
def create_volume_and_then_get_tags_from_response():
client = boto3.client('ec2', region_name='us-east-1')
volume_response = client.create_volume(
Size=10,
AvailabilityZone='us-east-1a'
)
keys = volume_response['Keys']
```
```
def create_volume_and_then_get_tags_from_describe_volumes():
client = boto3.client('ec2', region_name='us-east-1')
volume_response = client.create_volume(
Size=10,
AvailabilityZone='us-east-1a'
)
volume_describe_response = client.describe_volumes()
keys = volume_describe_response['Volumes'][0]['Keys']
```
Both sample snippets will succeed in a moto test, but fail with a
`KeyError` when using the aws api.
Previously this was not checked so an existing record (e.g. with type A) would be overwritten on upsert by a record with the same name but different type (e.g. TXT).
This commit also:
* publicizes the type variable appending the underscore affix (required to maintain compatibility with CloudFormation which sets type as the CF type),
* fixes a wrong assumption in tests that UPSERT applies a change to Type (it creates a distinct record instead),
* Updates ACM model to use serial_number instead of deprecated and remove serial causing Travis failures.
