* Properly coerce `Encrypted` attribute to bool on request/response.
* Create and use a default AWS managed CMK for EBS when clients request
an encrypted volume without specifying a KmsKeyId.
NOTE: A client-provided KmsKeyId is simply stored as-is, and is not validated
against the KMS backend. This is in keeping with other moto backends (RDS, Redshift)
that currently also accept unvalidated customer master key (CMK) parameters, but could
be an area for future improvement.
Closes#3248
* Enable more unit tests for ACM
* put a smile on travis-ci face
Co-authored-by: nom3ad <nom3ad@gmail.com>
Co-authored-by: Bert Blommers <bblommers@users.noreply.github.com>
* ACM: support `tags` parameter in import_certificate()
* ACM: support tags parameter in request_certificate()
* ACM: better tag operations with more unit tests
Co-authored-by: nom3ad <nom3ad@gmail.com>
The `tag_filter` method has been re-arranged to mimic the actual AWS behavior:
Return `True` if *any* tag matches a filter and *all* filters are matched.
Python's closures are late-binding, so we have to modify the lambdas accordingly!
Closes#2814
When comparing old and new values when doing a nested item update, the
`!=` implementation fails when the value being compared is `None`. This
results in an exception when trying to insert a new item into a nested
map. So just do a quick check that the original value is exists before
doing the comparison, as the `None` default is what is tripping this.
* SecretsManager - handle missing secrets versions
The get_secret_value method should raise ResourceNotFoundException
if a secret exists but the provided VersionId does not.
* Run black
* 2.x support
* black fix?
* secret is not a dict. Fix error msg output.
* Transcribe first cut: Medical: start, get and delete jobs.
* Added list_medical_transcription_job() support to Transcribe.
* Support for medical vocabularies.
* Added transcribe to list of backends to fix server mode error.
* PR3299 requested changes: don't offer deprecated decorator, regionalize download_uri, create/use service-specific exceptions.
Co-authored-by: Joseph Weitekamp <jweite@amazon.com>
* Start working on flow logs
* Change test
* Constructing tests
* Changing exceptions and adding more tests
* Adding more tests
* Changing model and adding more tests
* Adding support for tags
* Mocking Access error with non-existing Log Group Name
* Adding FlowLogAlreadyExists support
* Changing style
* Reformatted code
* Reformatted tests
* Removing needless test
* Adding support for CloudFormation
* Reformatting slightly
* Removing arnparse and using split
* Rearranging tests
* Fixing FilterNotImplementedError test
* Moving imports to 'if' clauses and adding explicit test for 'cloud-watch-logs' type
* Setting names matching boto3 API and restoring 'not-implementd-filter' test
* Reformatting tests with black
* added organizations detach_policy response, model, and tests, issue #3239
Signed-off-by: Ben <ben.lipscomb@fmr.com>
* Created individual tests for detach_policy exceptions, updated regex statements for Root, OU, and Account Id
* Make ElasticAddress a tagged resource
To be able to filter on tags on ElasticAddresses, I need to have tags.
* remove unneeded commented lines
Was beginning of how to to it before further checking how it is done with other resources.
* do not ignore network-interface-owner-id filter
* add TODO about currently hardcoded region
* remove hardcoding region
* add testing for tags
creating and allocation, adding tags and querying for it
* separate test for tags into own method
* Linting
Co-authored-by: Bert Blommers <info@bertblommers.nl>
Support for cluster_id parameter substitution in autoscaling policy cloudwatch alarm dimensions.
New operations put_autoscaling_policy and remove_autoscaling_policy support
Co-authored-by: Joseph Weitekamp <jweite@amazon.com>
* feature added: support for api PutUserPermissionsBoundary; DeleteRolePermissionsBoundary
* minor test fix
* lint fixed
* refractored test case
* Issue 3224 s3 copy glacier object (#3318)
* 3224 Enhancement - S3 Copy restored glacier objects
- adds setter for expiry date
- copy sets expiry date to none when source is glacier object
- throws error for copying glacier object only if not restored/still restoring
* 3224 Enhancement - S3 Copy restored glacier objects
- throws error for copying deep archive object only if not restored/still restoring
* Fix:s3 List Object response:delimiter (#3254)
* Fix:s3 List Object delimiter in response
* fixed tests
* fixed failed tests
Co-authored-by: usmankb <usman@krazybee.com>
* feature added: support for api PutUserPermissionsBoundary; DeleteRolePermissionsBoundary
* minor test fix
* lint fixed
* refractored test case
* added test case for put role exception
Co-authored-by: ruthbovell <63656505+ruthbovell@users.noreply.github.com>
Co-authored-by: usmangani1 <sgosman_chem@yahoo.com>
Co-authored-by: usmankb <usman@krazybee.com>
* Make IoT certificate id generation deterministic
Fixes#3321
As per https://stackoverflow.com/questions/55847788/how-does-aws-iot-generate-a-certificate-id,
the IoT certificate ID is the SHA256 fingerprint of the
certificate. Since moto doesn't generate full certificates we will
instead use the SHA256 hash of the passed certificate pem.
* Don't allow duplicate IoT certificates to be created
Fixes#3320
When using boto3, trying to register a certificate that already
exists will throw a ResourceAlreadyExistsException. Moto should
follow the same pattern to allow testing error handling code in
this area.
* 3224 Enhancement - S3 Copy restored glacier objects
- adds setter for expiry date
- copy sets expiry date to none when source is glacier object
- throws error for copying glacier object only if not restored/still restoring
* 3224 Enhancement - S3 Copy restored glacier objects
- throws error for copying deep archive object only if not restored/still restoring
* Change to test_s3 method test_presigned_url_restrict_parameters to tolerate change in exception messages, spurred by boto3 1.14.59 release.
* ApplicationAutoscaling: support for all the current various forms of resource_id.
* Factored logic for extracting application autoscaling resource_type from resource_id to separate function, per PR3304 comment.
Co-authored-by: Joseph Weitekamp <jweite@amazon.com>
* kinesisvideo create_stream
* add kinesis video stream description
* add kinesisvideo describe_stream
* add kinesisvideo list_streams
* add kinesisvideo delete_stream
* remove unused comment
* remove duplicated definition
* add kinesis video exceptions
* pass region_name to kinesisvideo client in test
* fix kinesisvideo url path
* resolve conflict of kinesisvideo url and kinesis url
* specify region name to kinesisvideobackend
* Add get-dataendpoint to kinesisvideo
* include stream name in ResourceInUseException of kinesisvideo
* use ACCOUNT_ID from moto.core in kinesisvideo
* add server test for kinesisvideo
* split up kinesisvideo test
* added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge
* fixed for python2
* added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge
* added negative tests
* test
* Fix: Api-Gateway ApiKeyAlreadyExists headers change.
* Added test for non decorator
* Fixed cli errors
* Fix:fixed build errors
* Fix: assert only in case of non server mode
Co-authored-by: usmankb <usman@krazybee.com>
* IAM User Cloudformation Enhancements: update, delete, getatt.
* AWS::IAM::Policy Support
* Added unit tests for AWS:IAM:Policy for roles and groups. Fixed bug related to groups.
* AWS:IAM:AccessKey CloudFormation support.
* Refactor of CloudFormation parsing.py methods to simplify and standardize how they call to the models. Adjusted some models accordingly.
* Further model CloudFormation support changes to align with revised CloudFormation logic. Mostly avoidance of getting resoure name from properties.
* Support for Kinesis Stream RetentionPeriodHours param.
* Kinesis Stream Cloudformation Tag Support.
* Added omitted 'region' param to boto3.client() calls in new tests.
Co-authored-by: Joseph Weitekamp <jweite@amazon.com>
* Add check for existing execution, fix issue with make init
* Remove f-string usage
* Remove fstring usage in test
* Pin black and run formatting on test_stepfunction
* Reverse changes made by black 20.8b1
* Add support for Description in egress rule response
* Update SecurityGroup default egress rule ip range
* Remove extra commas
* Remove extra commas
* Lower docker package in Travis
* Add more lambda vars per PR 3247
* Remove code added in 3247
* Add tests for egress rules with Descriptions
* Reformat based on black
Co-authored-by: spillin <jmbollard@me.com>
* lambda-responses: add method to dispatch concurrency calls
* lambda-resources: add route to handle concurrency requests
* lambda-model: implement put_function_concurrency and concurrency attribute
* put-concurrency-tests: add one simple test
* get_function: add concurrency entry - with test
* lambda-reserved-concurrency: cloudformation support
* lambda-concurrency: implement delete_reserved with tests
* lambda-concurrency: implement get_reserved with tests
* lint
* implementation-cov: mark delete_function_concurrency, put_function_concurrency and get_function_concurrency
* botocore doesn't display concurrency entry for lambdas without it
* lambda(refactor): improvements on response's handler
* Support for CloudFormation stack resource deletion via backend resource method
delete_from_cloudformation_json() via parse_and_delete_resource().
* Correction to the inappropriate inclusion of EndingSequenceNumber in open shards.
This attribute should only appear in closed shards. This regretfully prevents
confirmation of consistent record counts after split/merge in unit tests.
* Added parameters/decorator to CloudFormationModel method declarations to calm-down Pycharm.
Co-authored-by: Joseph Weitekamp <jweite@amazon.com>
* First cut of S3 Cloudformation Update support: encryption property.
* Update type support for S3. Abstract base class for CloudFormation-aware models, as designed by @bblommers, introduced to decentralize CloudFormation resource and name property values to model objects.
* Blackened...
* Un-renamed param in s3.models.update_from_cloudformation_json() and its call to stay compatible with other modules.
Co-authored-by: Bert Blommers <bblommers@users.noreply.github.com>
Co-authored-by: Joseph Weitekamp <jweite@amazon.com>
Co-authored-by: Bert Blommers <info@bertblommers.nl>
* implement register_image
* format code
* add user_ids to snapshot model
* implement register_image
* format code
* add user_ids to snapshot model
* trying to un-deprecate tests
* Write tests and finalize implementation
* Add region parameter to boto3 resource call
* fixed test error
* Feature: Support --filters opton in secretsmanager:ListSecrets
* Implement some of the secret filters
* Check listSecrets filters combine with an implicit AND operator
* Test all filter and multi-value filter and multi-word filter
* Fix matcher behavior, restructure code
* Implement remaining listSecrets filter cases
* Linter fixes
* Use contains-in-any-order assertions for test_list_secrets
* Linter fix again
* Attempt Python 2 fix for assert_items_equal
* Remove docstrings from test_list_secrets tests as they make the test reports weird
* Test and handle listSecrets filter with no values
* Add test for describe_instance_types
It currently fails due to an invalid XML schema
* Add more detail to test
* Fix the XML schema for describe_instance_types
* fix sqs tag list from cloudformation resource creation
the method `create_from_cloudformation_json` of the Sqs resource
does not handle the difference of format of the Tags field in the
resource template and the format expected in Sqs resource class.
In cfn resource template Tags is specified as a list of dicts. But
the Sqs resource expects that the tags field be a single dict.
This behaviour causes a crash when a queue is created with tags
from `create_from_cloudformation_json` and later the list_queue_tags
is called because it tries to call `items` from `queue.tags` but
tags is actually a list of dicts.
* fix comment
* fix linter
* minor
Co-authored-by: Hudo Assenco <hudo.assenco@gmail.com>
* Fixed defect with CloudFormation provisioning of S3 buckets occuring when stack has a long name, resulting in the default S3 bucket name's length exceeding its 63 char limit.
* PR 3169 July 23, 2020 2:57a ET comment: added additional asserts to assure provisioned bucket's name complies. Fixed bug in my earlier change that could produce default bucket names with illegal upper-case characters in it.
Co-authored-by: Joseph Weitekamp <jweite@amazon.com>
* Enforce parameter naming
Parameters are not allowed to start with `ssm` or `aws`. This commit adds error messages which
correspond exactly to the error messages returned by boto3.
* Fix for Python 2 compatibility
f-strings not supported in Python 2.7
* Fix : SQS - Added support for attribute labels for send_message function
* Add integration test on receive message function
* Add send message invalid datetype integration test and fix SQS MessageAttributesInvalid exceptions
* Implement Filter: Contains functionality for describe_params
This commit adds the Contains functionality. Tests were created
to mimic behavior in AWS/boto3, including that filters with values
in the form of `/name` will match parameters named `/name/match` but
not parameters named `match/with/other-name`. In the test example, a
Contains filter with the value `/tan` would match: `/tangent-3` and
`tangram-4` but not `standby-5`.
* Enforce parameter filter restrictions on get_parameters_by_path
According to the boto3 documentation [1], `Name`, `Path`, and `Tier` are not
allowed values for `Key` in a parameter filter for `get_parameters_by_path`.
This commit enforces this by calling `_validate_parameter_filters` from the
`get_parameters_by_path` method, and adding a check to `_validate_parameter_filters`.
I added 3 test cases to `test_get_parameters_by_path` which check for the correct
exception when calling with a parameter filter using any of these keys.
* Code formatted to match style
* Refactored logic
* FIX:IAM-Added support for pathPrefix in list_users_function
* removed changes for roles
* Added test for non decorator
* changed filter function
Co-authored-by: usmankb <usman@krazybee.com>
