Commit Graph

3252 Commits

Author SHA1 Message Date
Daniel Samuels
a4b1498665
Support rotating secrets using Lambda [#3905] (#3912)
* Support rotating secrets using Lambda

The Secrets manager rotation process uses an AWS Lambda function
to perform the rotation of a secret. [1]

In fact, it's not possible to trigger rotation of a Secret
without specifying a Lambda function at some point in the life
of the secret:

```
$ aws secretsmanager rotate-secret --secret-id /rotationTest

An error occurred (InvalidRequestException) when calling the RotateSecret operation: No Lambda rotation function ARN is associated with this secret.
```

`moto` can be a little more lenient in this regard and allow
`rotate_secret` to be called without a Lambda function being
present, if only to allow simulation of the `AWSCURRENT` and
`AWSPREVIOUS` labels moving across versions.

However, if a lambda function _has_ been specified when calling
`rotate_secret`, it should be invoked therefore providing the
developer with the full multi-stage process [3] which can be
used to test the Lambda function itself and ensuring that full
end-to-end testing is performed. Without this there's no easy
way to configure the Secret in the state needed to provide the
Lambda function with the data in the format it needs to be in
at each step of the invocation process.

[1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-lambda-function-overview.html
[2]: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/secretsmanager.html#SecretsManager.Client.rotate_secret
[3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-lambda-function-overview.html#rotation-explanation-of-steps

* Run `black` over `secretsmanager/models.py`

* Make `lambda_backends` import local to the condition

* Implement `update_secret_version_stage`

Allow a staging label to be moved across versions.

https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/secretsmanager.html#SecretsManager.Client.update_secret_version_stage

* Add an integration test for Secrets Manager & Lambda

* Support passing `ClientRequestToken` to `put_secret_value`

By passing `ClientRequestToken` to `put_secret_value` within
the lambda function  invoked by calling `rotate_secret`, one
can update the value associated with the existing (pending)
version, without causing a new secret version to be created.

* Add application logic for `AWSPENDING`

The rotation function must end with the versions of the secret
in one of two states:

 - The `AWSPENDING` and `AWSCURRENT` staging labels are
   attached to the same version of the secret, or
 - The `AWSPENDING` staging label is not attached to any
   version of the secret.

If the `AWSPENDING` staging label is present but not attached
to the same version as `AWSCURRENT` then any later invocation
of RotateSecret assumes that a previous rotation request is
still in progress and returns an error.

* Update `default_version_id` after Lambda rotation concludes

Call `set_default_version_id` directly, rather than going 
through `reset_default_version` as the Lambda function is 
responsible for moving the version labels around, not `rotate_secret`.

* Run `black` over changed files

* Fix Python 2.7 compatibility

* Add additional test coverage for Secrets Manager

* Fix bug found by tests

AWSPENDING + AWSCURRENT check wasn't using `version_stages`.
Also tidy up the AWSCURRENT moving in `update_secret_version_stage`
to remove AWSPREVIOUS it from the new stage.

* Run `black` over changed files

* Add additional `rotate_secret` tests

* Skip `test_rotate_secret_lambda_invocations` in test server mode

* Add test for invalid Lambda ARN
2021-05-11 12:08:01 +01:00
Neil Greenwood
45167737e5
Fix separator in filter_log_events nextToken value. (#3914)
The old separator was present in some of the values being concatenated.
2021-05-07 18:49:36 +01:00
Josh McCullen
12b409e0de
Set multiple Security Groups when calling modify_network_interface_attribute (#3911) 2021-05-07 13:50:26 +01:00
Maria
cf3cf8b134
DMS - basic task replication methods implementation (#3900)
* DMS - basic task replication methods implementation

* Add ResourceNotFoundFault tests
2021-05-06 18:33:48 +01:00
George-lewis
f76571199f
Implement User Pool MFA Actions (#3903)
* implement user pool mfa actions

* Add messages to errors

Add messages to errors

Fix error message

* Change exception type

* fix validation & add more tests

Co-authored-by: George Lewis <glewis@evertz.com>
2021-05-06 17:59:04 +01:00
khneal
e5b3f4181d
EC2 describe_network_acls: add support for owner-id filter (#3898)
* add test that fails with FilterNotImplementedError

* describe_network_acls: add support for owner-id filter

Co-authored-by: Kevin Neal <Kevin_Neal@intuit.com>
2021-05-05 13:15:43 +01:00
Neil Greenwood
94a70e9ad1
nextToken value in logs:describeLogStreams response (#3896)
* `nextToken` value in `logs:describeLogStreams` response

Modified the pagination for FilterLogEvents to more closely follow
the real AWS behaviour.

* Make assertions work in py2 and py3.
2021-05-04 17:45:23 +01:00
usmangani1
0cff5458af
Fix : Remove Invalid request error when response-template is not specified (#3885)
* Fix : Remove Invalid request error

* Fix test and review commanets

* Remove duplicate put_integration_template

* API Gateway - Body can be None or empty

Co-authored-by: Bert Blommers <info@bertblommers.nl>
2021-05-01 15:45:06 +01:00
usmangani1
85d94ad6ed
Fix:SQS Added support for system attributes in sqs (#3878)
* Adding SQS system attributes

* Fix Comments

* Change template in response
2021-05-01 07:48:39 +01:00
Matthew Davis
d6384fcb35
Enforce dynamodb key size limit [solves #3866] (#3888)
* add tests for dynamodb max key size

correct too-large error for ddb key

* remove unnecessary requires_boto_gte decorator from ddb tests

* remove literal emoji from ddb test

* implement dynamodb key limits, WIP

* correct direction of dynamodb range key length check

* fix tests for dynamodb max key size check

* catch ddb validation errors and rethrow properly

* finish ddb key size limit fixes

* fix linting

* handle unicode in v2.7 tests

* fix encoding issue in py2.7 for ddb

* linting

* Python2/3 compatability

Co-authored-by: Bert Blommers <info@bertblommers.nl>
2021-04-30 13:47:47 +01:00
amar jandu
58381cce8f
S3 - Fix exception for missing versionID (#3887) 2021-04-30 12:36:08 +01:00
Gianluca Pacchiella
273d632515
Fix/autoscaling elb interaction (#3757)
* Add minimal failing test case.

* Improve ELB instance ids handling.

We need to handle the instances originated by an autoscaling group differently.
2021-04-30 09:29:20 +01:00
Neil Greenwood
bcc7938615
Fix: nextToken value in logs:FilterLogEvents response (#3883)
* Fix: `nextToken` value in `logs:FilterLogEvents` response

Plagiarizing freely from @bpandola and his PR #3398, I have
modified the pagination for FilterLogEvents to more closely follow
the real AWS behaviour.

Fixes #3882

* Black reformatted my code.

* Remove timezone for python2.7 compatibility.

* Hopefully fix python2.7 compatibility for real.

* Additional test for a non-matching log group name in the nextToken.
2021-04-29 12:56:20 +01:00
khneal
8b523c3fe1
EMR and SWF - add arn to response (#3873)
* emr: add ClusterArn to describe_cluster response

* emr: add ClusterArn to list_clusters response

* emr: add ClusterArn to put_auto_scaling_policy response

* emr: add ClusterArn to run_job_flow response

* emr: rename property "cluster_arn" to simply "arn"

* emr: generalize arn for account_id and region

* swf: add arn to list_domains response

* black reformat source code

* fix double import

* swf: require region on Domain object

Co-authored-by: Kevin Neal <Kevin_Neal@intuit.com>
2021-04-23 15:20:36 +01:00
Deepesh J
c31dffcc92
List instances Implementation in EMR (#3871)
* Implemented list instances in EMR

* removed import from tests

* make format

* fix W291 trailing whitespace

* removed to work for py2.7

* Storing only ec2_id and instance group in Fake instance

Co-authored-by: J <jdeepe@147dda1b0833.ant.amazon.com>
2021-04-23 08:03:06 +01:00
William Richard
d8be72e483
Add the abilitiy to set ECS task definition task role and execution role arns (#3869) 2021-04-21 18:56:09 +01:00
Ivan Zubenko
d3f20694a9
sort Route53 resource record sets (#3864)
* sort Route53 resource record sets

* address comments
2021-04-20 12:50:05 +01:00
cm-iwata
df34b7864b
fix #3867 IoT list_principal_things (#3868)
* fix #3867
iot list_principal_things should return list of thingnames.

* lint
2021-04-19 13:35:09 +01:00
Zach Churchill
9b3e932822
Add CloudFormation support for SageMaker Endpoint Configs and Endpoints (#3863)
* Create SageMaker EndpointConfig with CloudFormation

Implement attributes for SM Endpoint Configs with CloudFormation

Delete SM Endpoint Configs with CloudFormation

Update SM Endpoint Configs with CloudFormation

* Fix typos in SM CF Model update test and refactor helper function for CF stack outputs

* Fixup weird commas in SM CF Test Configs from using black

* Create SageMaker Endpoints with CloudFormation

* Fix typos in SM CF update tests
2021-04-17 13:49:46 +01:00
Zach Churchill
f6dda54a6c
Add CloudFormation support for SageMaker Models (#3861)
* Create a formal interface for SM Cloudformation test configurations

* Create SageMaker Models with CloudFormation

* Utilize six for adding metaclass to TestConfig

* Update SM backend to return Model objects instead of response objects
2021-04-16 15:23:05 +01:00
Zach Churchill
0b11b0c716
Add CloudFormation support for SageMaker Notebook Instance Lifecycle Configs (#3855)
* Create SageMaker Notebook Instance Lifecycle Configs with CloudFormation

Implement attributes for SM Notebook Instance Lifecycle Config in CloudFormation

Delete SM Notebook Instance Lifecycle Configs with CloudFormation

Update SM Notebook Instance Lifecycle Configs with CloudFormation

Also fixed error in create_from method where the properties where not
being referenced when setting OnCreate and OnStart.

Factor out template for SM Notebook Lifecycle Config CF tests

* Refactor SM CloudFormation create tests to use pytest.mark.parametrize

* Refactor SM CloudFormation get_attr tests to use pytest.mark.parametrize

Also update the NotebookInstance template function to use Name and Arn
for the output IDs so that the parametrization is easier.

* Refactor SM CloudFormation delete tests to use pytest.mark.parametrize
2021-04-13 12:03:25 +01:00
Tom Noble
3942613bf4
Enhancement/3837 (#3847)
* Move event pattern validation into EventPattern class and apply enhanced pattern logic to all Rules

* Fix exists filtering logic to only match leaf nodes in event

* Apply black formatting

* Replace JSONDecodeError with ValueError for Python2 compatibility

* Update unit test names

* Move event pattern tests into test_event_pattern.py

* Apply black formatting

Co-authored-by: TSNoble <tom.noble@bjss.com>
2021-04-10 14:27:38 +01:00
Kai Xia(夏恺)
5eb99da75a
Make it possible to customize the ACM cert validation wait time. (#3843)
* Make it possible to customize the ACM cert validation wait time.

Signed-off-by: Kai Xia <kaix+github@fastmail.com>

* address PR comments & change requests.

Signed-off-by: Kai Xia <kaix+github@fastmail.com>

* make tests work.

Signed-off-by: Kai Xia <kaix+github@fastmail.com>
2021-04-10 08:13:20 +01:00
Zach Churchill
d45233fa00
Add CloudFormation support for SageMaker Notebook Instances (#3845)
* Create SageMaker Notebook Instances with CloudFormation

* Implement attributes for SageMaker notebook instance in Cloudformation

* Delete SageMaker Notebook Instances with CloudFormation

* Update SageMaker Notebook Instances with CloudFormation

* Factor out template into function for SageMaker notebook instance tests
2021-04-09 18:54:00 +01:00
Franck Ndame
d9177f382e
Implementation of core AWS Mediastore endpoints (#3825)
* write boilerplate code

* generate boilerplate code with scaffold script

* create mediapackage channel

* remove duplicate mediapackage reference

* remove Channel key from mediapackage response

* describe_channel endpoint added

* create_origin_endpoint-added

* keys changed to camel case to fix issue

* minor changes to clean up

* minor clean up again

* implement & test delete_channel

* delete origin endpoint created; WIP-tests failing

* fix delete_origin_endpoint issue

* refactor function call

* delete origin endpoint completed; test_server tests added

* implement and test describe_origin_endpoint

* update origin endpoint added

* remove print statements

* implement test_list_origin_endpoint_succeeds

* create test name changed

* create test name changed

* changes after flake8 and black run

* url assertion added to decribe origin endpoint test

* region dependent url enabled

* initial commit; WIP

* create container added, still WIP

* create_container working

* test_create_channel_succeeds

* test_describe_container_succeeds

* get_lifecycle_policy added; error tests added

* changes to pass linting

* added exception for container but no policy

* linting

* put_container_policy added

* put_metric_policy added

* list_containers added

* resolved linting

* test_describe_container_raises_error_if_container_does_not_exist

* added __init__ file

* __init__ added to mediapackage as well

* Mediastore (#20)

* initial commit; WIP

* create container added, still WIP

* create_container working

* test_create_channel_succeeds

* test_describe_container_succeeds

* get_lifecycle_policy added; error tests added

* changes to pass linting

* added exception for container but no policy

* linting

* put_container_policy added

* put_metric_policy added

* list_containers added

* resolved linting

* test_describe_container_raises_error_if_container_does_not_exist

* added __init__ file

* __init__ added to mediapackage as well

Co-authored-by: FranckNdame <franck.mpouli@yahoo.com>

* test_server fixed; resolved rebasing mix ups on tests

* [FIX] Ensures MediaConnect create_flow sets a valid sourceArn

* code clean up

Co-authored-by: Anya <anya.champaneria@capablue.com>
Co-authored-by: AnyaChamp <71766808+AnyaChamp@users.noreply.github.com>
2021-04-08 16:51:50 +01:00
David Baumgold
3af87963d1
Py3: use unittest.mock instead of mock (#3481)
* Py3: use unittest.mock instead of mock

* noqa

* oops

* just pull in patch()

* ignore RuntimeError when stopping patch

* ignore RuntimeError from default_session_mock.stop()
2021-04-06 10:22:42 +01:00
Tom Noble
b138d9956b
Add prefix and numeric filtering logic for Archive EventPattern (#3835)
* Add prefix and numeric filtering logic for Archive EventPattern

* Pull EventPattern logic out into class and test logic more directly

* Apply black formatting

Co-authored-by: Tom Noble <tom.noble@bjss.com>
2021-04-04 19:27:54 +01:00
Jonx1000
6ea6445f60
IAM - get_user() #3828 (#3829)
* IAM - get_user() #3828
- fixing issue where the get_user method does not return tags

* adding get_user with tags test
2021-04-03 10:38:18 +01:00
Tom Noble
15eda737d6
Add exists filtering functionality to Archive (#3832)
* Add exists filtering functionality to Archive. Add test case and refactor existing Archive EventPattern test cases

* Apply black formatting

* Change NotImplementedError to warning

* Simplify unimplemented warning for filters

* Change str check to six.string_types check for python2.7

Co-authored-by: Tom Noble <tom.noble@bjss.com>
2021-04-02 18:32:01 +01:00
Brian Pandola
ac4a26f289
Add support for EMR-Managed Security Groups (#3824)
* Add support for EMR-Managed Security Groups

This covers the base case for EMR Clusters provisioned in a private subnet.

Ref: https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-man-sec-groups.html

* Address PR comments

* Address PR comments
2021-04-02 15:34:02 +01:00
Anton Grübel
e90858b2e8
Add events target integration for sqs fifo queue (#3830)
* Add events target integration for sqs fifo queue

* Rename test file
2021-04-02 14:29:05 +01:00
Tom Noble
1440709e4c
Enhancement/3821 (#3822)
* Add _does_event_match_pattern() to EventsBackend and use when determining whether to archive an event

* Add comment to _does_event_item_match_pattern_item()

* Expand test case for Archive EventFilter

* Apply black formatting

Co-authored-by: Tom Noble <tom.noble@bjss.com>
2021-04-01 10:31:10 +01:00
Brian Pandola
463472c2b2
Make security rules consistent between direct (backend) and indirect (api) boundaries (#3817)
* Make security rules consistent between direct (backend) and indirect (api) boundaries

Security rules added directly via the backend were unable to be revoked via the API
because the port values were being stored as strings but were always coerced back
to integers by the botocore model.  `"0" != 0`, so the rules would never match,
raising an `InvalidPermissionNotFoundError`.

This change ensures that the port values for a security group rule are always of type
`Union[int, None]`.

No tests needed to be modified as a result of this change.  A new test was added that
explicitly covers the behavior that had been failing.

* Skip test in server mode
2021-03-31 19:33:36 +01:00
Bert Blommers
ed22b24fd5
Support - Allow describe_cases without any params (#3818) 2021-03-31 13:18:46 +01:00
Anton Grübel
9c89c24caf
Add events target integration for sqs queue (#3815) 2021-03-30 14:13:10 +01:00
Anton Grübel
9a020e6120
Fix events rule ARN for custom event bus (#3809)
* Fix events rule ARN for custom event bus

* Fix cloudformation test
2021-03-28 19:41:24 +01:00
Tom Noble
57aa83e6c1
Use MOCK_ACCOUNT_ID when building default Rule ARN (#3808)
Co-authored-by: Tom Noble <tom.noble@bjss.com>
2021-03-28 16:20:21 +01:00
Tom Noble
a001c59f7e
Modify SSM put_parameter() to raise ValidationException if value is empty string (#3806)
* Modify put_parameter() to raise ValidationError when value is empty string

* Simplify empty string check

Co-authored-by: Tom Noble <tom.noble@bjss.com>
2021-03-28 14:45:57 +01:00
Tom Noble
f549f1d087
Modify Rule.send_to_targets() to handle event_bus_name as ARN (#3804)
* Modify Rule.send_to_targets() to handle event_bus_name as ARN

* Apply black formatting

Co-authored-by: Tom Noble <tom.noble@bjss.com>
2021-03-28 11:33:47 +01:00
Codeglitches
9f9716ee01
Check S3_IGNORE_SUBDOMAIN_BUCKETNAME environment variable (#3796)
* Check S3_IGNORE_SUBDOMAIN_BUCKETNAME environment variable

* move S3_IGNORE_SUBDOMAIN_BUCKETNAME environment variable to settings
2021-03-26 16:51:19 +00:00
Brian Pandola
1761be46e3
Return error when trying to add rules to a non-existent security group (#3802)
Behavior and error code/message confirmed against real AWS backend.
2021-03-26 13:00:51 +00:00
Brian Pandola
2bae7e4e0d
Raise error when adding duplicate egress rule to ec2:SecurityGroup (#3801)
The `InvalidPermission.Duplicate` error was already implemented for inbound rules,
but AWS also returns this error for duplicate outbound rules.

Very minor changes were needed on existing tests that were adding duplicate
outbound rules (when testing the RulesPerSecurityGroupLimitExceeded error).
2021-03-26 11:23:07 +00:00
David Pedrosa
ba0f0bd513
Improve dynamodb query case sensitivity (#3799) (#3800)
* between clause is not case-sensitive anymore

* begins_with will raise an exception unless lower-case is used

Co-authored-by: David Pedrosa <d.pedrosa@indizen.com>
2021-03-25 20:22:36 +00:00
Ismael Fernandez Molina
04cbd1fa1a
adding physical_resource_id in SubnetRouteTableAssociation, Route and NatGW classes (#3789)
* adding physical_resource_id in SubnetRouteTableAssociation, Route and NatGW classes

* adding tests

* passing litern at test

* passsing black==19.10b0 as lintern

* passing test to python 2.7
2021-03-20 08:57:53 +00:00
Andrés Álvarez
a5fc99c9af
Raise TemplateDoesNotExist if template does not exist (#3784)
* Raise TemplateDoesNotExist if template does not exist

When sending templated emails

* Remove unnecessary 'when called with' in test
2021-03-19 15:36:53 +00:00
Connor
74272ae51c
feature/support create_case, resolve_case, describe_cases and associated tests (#3776)
* feature/support create_case, resolve_case, describe_cases and associated
tests

* review/support - addressed PR comments
- Have created a SupportCase object to persist case
- Associated testing to address PR comments

* Support - simplify tests

* Support - Simplify tests even more

Co-authored-by: Bert Blommers <info@bertblommers.nl>
2021-03-17 14:01:41 +00:00
Tibor Djurica Potpara
b06e77b604
Make put-object-acl return 404 if the key does not exist (#3777)
Co-authored-by: Tibor Djurica Potpara <tibor.djurica@reddit.com>
2021-03-16 22:24:41 +00:00
Sawyer Hollenshead
b9f83c200f
Cognito IdP: Raise UsernameExistsException from sign_up when user exists (#3765)
* Raise UsernameExistsException from sign_up when user exists

* Run formatter

* Use pytest.raises

* Fix test
2021-03-16 22:22:53 +00:00
tony-dot-sh
5fe3a707ed
fix route table association by internet gateway (#3773)
* fix route table association by internet gateway per https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateRouteTable.html

* Route53

 - Add test for route table association by internet gateway
 - Minor test tweak for Main route table values

TODO: explicitly set the route table main route association

* Route53

 - forgot subnet id association test

Co-authored-by: Tony Greising-Murschel <tony@platform.sh>
2021-03-16 14:15:58 +00:00
tony-dot-sh
1b288b6936
DNSName key retrieval for list-hosted-zones-by-dns-name (#3774)
* DNSName key retrieval for list-hosted-zones-by-dns-name per https://docs.aws.amazon.com/Route53/latest/APIReference/API_ListHostedZonesByName.html#API_ListHostedZonesByName_RequestSyntax

* Route53

 - uncomment return to be shared by zone list response
 - add test to return list hosted zone by dns name without '.' in FQDN

Co-authored-by: Tony Greising-Murschel <tony@platform.sh>
2021-03-16 12:58:16 +00:00