* fix OPTIONS requests on non-existing API GW integrations
* add cloudformation models for API Gateway deployments
* bump version
* add backdoor to return CloudWatch metrics
* Updating implementation coverage
* Updating implementation coverage
* add cloudformation models for API Gateway deployments
* Updating implementation coverage
* Updating implementation coverage
* Implemented get-caller-identity returning real data depending on the access key used.
* bump version
* minor fixes
* fix Number data_type for SQS message attribute
* fix handling of encoding errors
* bump version
* make CF stack queryable before starting to initialize its resources
* bump version
* fix integration_method for API GW method integrations
* fix undefined status in CF FakeStack
* Fix apigateway issues with terraform v0.12.21
* resource_methods -> add handle for "DELETE" method
* integrations -> fix issue that "httpMethod" wasn't included in body request (this value was set as the value from refer method resource)
* bump version
* Fix setting http method for API gateway integrations (#6)
* bump version
* remove duplicate methods
* add storage class to S3 Key when completing multipart upload (#7)
* fix SQS performance issues; bump version
* add pagination to SecretsManager list-secrets (#9)
* fix default parameter groups in RDS
* fix adding S3 metadata headers with names containing dots (#13)
* Updating implementation coverage
* Updating implementation coverage
* add cloudformation models for API Gateway deployments
* Updating implementation coverage
* Updating implementation coverage
* Implemented get-caller-identity returning real data depending on the access key used.
* make CF stack queryable before starting to initialize its resources
* bump version
* remove duplicate methods
* fix adding S3 metadata headers with names containing dots (#13)
* Update amis.json to support EKS AMI mocks (#15)
* fix PascalCase for boolean value in ListMultipartUploads response (#17); fix _get_multi_param to parse nested list/dict query params
* determine non-zero container exit code in Batch API
* support filtering by dimensions in CW get_metric_statistics
* fix storing attributes for ELBv2 Route entities; API GW refactorings for TF tests
* add missing fields for API GW resources
* fix error messages for Route53 (TF-compat)
* various fixes for IAM resources (tf-compat)
* minor fixes for API GW models (tf-compat)
* minor fixes for API GW responses (tf-compat)
* add s3 exception for bucket notification filter rule validation
* change the way RESTErrors generate the response body and content-type header
* fix lint errors and disable "black" syntax enforcement
* remove return type hint in RESTError.get_body
* add RESTError XML template for IAM exceptions
* add support for API GW minimumCompressionSize
* fix casing getting PrivateDnsEnabled API GW attribute
* minor fixes for error responses
* fix escaping special chars for IAM role descriptions (tf-compat)
* minor fixes and tagging support for API GW and ELB v2 (tf-compat)
* Merge branch 'master' into localstack
* add "AlarmRule" attribute to enable support for composite CloudWatch metrics
* fix recursive parsing of complex/nested query params
* bump version
* add API to delete S3 website configurations (#18)
* use dict copy to allow parallelism and avoid concurrent modification exceptions in S3
* fix precondition check for etags in S3 (#19)
* minor fix for user filtering in Cognito
* fix API Gateway error response; avoid returning empty response templates (tf-compat)
* support tags and tracingEnabled attribute for API GW stages
* fix boolean value in S3 encryption response (#20)
* fix connection arn structure
* fix api destination arn structure
* black format
* release 2.0.3.37
* fix s3 exception tests
see botocore/parsers.py:1002 where RequestId is removed from parsed
* remove python 2 from build action
* add test failure annotations in build action
* fix events test arn comparisons
* fix s3 encryption response test
* return default value "0" if EC2 availableIpAddressCount is empty
* fix extracting SecurityGroupIds for EC2 VPC endpoints
* support deleting/updating API Gateway DomainNames
* fix(events): Return empty string instead of null when no pattern is specified in EventPattern (tf-compat) (#22)
* fix logic and revert CF changes to get tests running again (#21)
* add support for EC2 customer gateway API (#25)
* add support for EC2 Transit Gateway APIs (#24)
* feat(logs): add `kmsKeyId` into `LogGroup` entity (#23)
* minor change in ELBv2 logic to fix tests
* feat(events): add APIs to describe and delete CloudWatch Events connections (#26)
* add support for EC2 transit gateway route tables (#27)
* pass transit gateway route table ID in Describe API, minor refactoring (#29)
* add support for EC2 Transit Gateway Routes (#28)
* fix region on ACM certificate import (#31)
* add support for EC2 transit gateway attachments (#30)
* add support for EC2 Transit Gateway VPN attachments (#32)
* fix account ID for logs API
* add support for DeleteOrganization API
* feat(events): store raw filter representation for CloudWatch events patterns (tf-compat) (#36)
* feat(events): add support to describe/update/delete CloudWatch API destinations (#35)
* add Cognito UpdateIdentityPool, CW Logs PutResourcePolicy
* feat(events): add support for tags in EventBus API (#38)
* fix parameter validation for Batch compute environments (tf-compat)
* revert merge conflicts in IMPLEMENTATION_COVERAGE.md
* format code using black
* restore original README; re-enable and fix CloudFormation tests
* restore tests and old logic for CF stack parameters from SSM
* parameterize RequestId/RequestID in response messages and revert related test changes
* undo LocalStack-specific adaptations
* minor fix
* Update CodeCov config to reflect removal of Py2
* undo change related to CW metric filtering; add additional test for CW metric statistics with dimensions
* Terraform - Extend whitelist of running tests
Co-authored-by: acsbendi <acsbendi28@gmail.com>
Co-authored-by: Phan Duong <duongpv@outlook.com>
Co-authored-by: Thomas Rausch <thomas@thrau.at>
Co-authored-by: Macwan Nevil <macnev2013@gmail.com>
Co-authored-by: Dominik Schubert <dominik.schubert91@gmail.com>
Co-authored-by: Gonzalo Saad <saad.gonzalo.ale@gmail.com>
Co-authored-by: Mohit Alonja <monty16597@users.noreply.github.com>
Co-authored-by: Miguel Gagliardo <migag9@gmail.com>
Co-authored-by: Bert Blommers <info@bertblommers.nl>
* Support rotating secrets using Lambda
The Secrets manager rotation process uses an AWS Lambda function
to perform the rotation of a secret. [1]
In fact, it's not possible to trigger rotation of a Secret
without specifying a Lambda function at some point in the life
of the secret:
```
$ aws secretsmanager rotate-secret --secret-id /rotationTest
An error occurred (InvalidRequestException) when calling the RotateSecret operation: No Lambda rotation function ARN is associated with this secret.
```
`moto` can be a little more lenient in this regard and allow
`rotate_secret` to be called without a Lambda function being
present, if only to allow simulation of the `AWSCURRENT` and
`AWSPREVIOUS` labels moving across versions.
However, if a lambda function _has_ been specified when calling
`rotate_secret`, it should be invoked therefore providing the
developer with the full multi-stage process [3] which can be
used to test the Lambda function itself and ensuring that full
end-to-end testing is performed. Without this there's no easy
way to configure the Secret in the state needed to provide the
Lambda function with the data in the format it needs to be in
at each step of the invocation process.
[1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-lambda-function-overview.html
[2]: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/secretsmanager.html#SecretsManager.Client.rotate_secret
[3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-lambda-function-overview.html#rotation-explanation-of-steps
* Run `black` over `secretsmanager/models.py`
* Make `lambda_backends` import local to the condition
* Implement `update_secret_version_stage`
Allow a staging label to be moved across versions.
https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/secretsmanager.html#SecretsManager.Client.update_secret_version_stage
* Add an integration test for Secrets Manager & Lambda
* Support passing `ClientRequestToken` to `put_secret_value`
By passing `ClientRequestToken` to `put_secret_value` within
the lambda function invoked by calling `rotate_secret`, one
can update the value associated with the existing (pending)
version, without causing a new secret version to be created.
* Add application logic for `AWSPENDING`
The rotation function must end with the versions of the secret
in one of two states:
- The `AWSPENDING` and `AWSCURRENT` staging labels are
attached to the same version of the secret, or
- The `AWSPENDING` staging label is not attached to any
version of the secret.
If the `AWSPENDING` staging label is present but not attached
to the same version as `AWSCURRENT` then any later invocation
of RotateSecret assumes that a previous rotation request is
still in progress and returns an error.
* Update `default_version_id` after Lambda rotation concludes
Call `set_default_version_id` directly, rather than going
through `reset_default_version` as the Lambda function is
responsible for moving the version labels around, not `rotate_secret`.
* Run `black` over changed files
* Fix Python 2.7 compatibility
* Add additional test coverage for Secrets Manager
* Fix bug found by tests
AWSPENDING + AWSCURRENT check wasn't using `version_stages`.
Also tidy up the AWSCURRENT moving in `update_secret_version_stage`
to remove AWSPREVIOUS it from the new stage.
* Run `black` over changed files
* Add additional `rotate_secret` tests
* Skip `test_rotate_secret_lambda_invocations` in test server mode
* Add test for invalid Lambda ARN
`secretsmanager:DescribeSecret` returns `VersionIdsToStages`
`secretsmanager:ListSecrets` returns the same information in `SecretVersionsToStages`
* Verified fix against real AWS backend.
Fixes#3406
* SecretsManager - handle missing secrets versions
The get_secret_value method should raise ResourceNotFoundException
if a secret exists but the provided VersionId does not.
* Run black
* 2.x support
* black fix?
* secret is not a dict. Fix error msg output.
* Feature: Support --filters opton in secretsmanager:ListSecrets
* Implement some of the secret filters
* Check listSecrets filters combine with an implicit AND operator
* Test all filter and multi-value filter and multi-word filter
* Fix matcher behavior, restructure code
* Implement remaining listSecrets filter cases
* Linter fixes
* Use contains-in-any-order assertions for test_list_secrets
* Linter fix again
* Attempt Python 2 fix for assert_items_equal
* Remove docstrings from test_list_secrets tests as they make the test reports weird
* Test and handle listSecrets filter with no values
* Fix: SecretsManager - Added missing pop() override to get_secret_name_from_arn (#3056)
* Added test case for delete_secret_force_with_arn (#3057)
* Fixed lint for test_delete_secret_force_with_arn (#3057)
The support in this patch is preliminary and may or may not be feature complete.
It provides the basic support for update_secret so that future work can build
on it as needed.
