Implement UserIds for Snapshot Attributes (#3192)

* implement register_image * format code * add user_ids to snapshot model * implement register_image * format code * add user_ids to snapshot model * trying to un-deprecate tests * Write tests and finalize implementation * Add region parameter to boto3 resource call * fixed test error
2020-08-01 12:03:54 -04:00 · 2020-08-01 12:03:54 -04:00 · 06ed67a8e5
commit 06ed67a8e5
parent 9a9a1d8413
4 changed files with 220 additions and 47 deletions
--- a/tests/test_ec2/test_elastic_block_store.py
+++ b/tests/test_ec2/test_elastic_block_store.py
@ -562,19 +562,176 @@ def test_snapshot_attribute():
    cm.exception.status.should.equal(400)
    cm.exception.request_id.should_not.be.none

-    # Error: Add or remove with user ID instead of group
-    conn.modify_snapshot_attribute.when.called_with(
-        snapshot.id,
-        attribute="createVolumePermission",
-        operation="add",
-        user_ids=["user"],
-    ).should.throw(NotImplementedError)
-    conn.modify_snapshot_attribute.when.called_with(
-        snapshot.id,
-        attribute="createVolumePermission",
-        operation="remove",
-        user_ids=["user"],
-    ).should.throw(NotImplementedError)
+
+@mock_ec2
+def test_modify_snapshot_attribute():
+    import copy
+
+    ec2_client = boto3.client("ec2", region_name="us-east-1")
+    response = ec2_client.create_volume(Size=80, AvailabilityZone="us-east-1a")
+    volume = boto3.resource("ec2", region_name="us-east-1").Volume(response["VolumeId"])
+    snapshot = volume.create_snapshot()
+
+    # Baseline
+    attributes = ec2_client.describe_snapshot_attribute(
+        SnapshotId=snapshot.id, Attribute="createVolumePermission"
+    )
+    assert not attributes[
+        "CreateVolumePermissions"
+    ], "Snapshot should have no permissions."
+
+    ADD_GROUP_ARGS = {
+        "SnapshotId": snapshot.id,
+        "Attribute": "createVolumePermission",
+        "OperationType": "add",
+        "GroupNames": ["all"],
+    }
+
+    REMOVE_GROUP_ARGS = {
+        "SnapshotId": snapshot.id,
+        "Attribute": "createVolumePermission",
+        "OperationType": "remove",
+        "GroupNames": ["all"],
+    }
+
+    # Add 'all' group and confirm
+    with assert_raises(ClientError) as cm:
+        ec2_client.modify_snapshot_attribute(**dict(ADD_GROUP_ARGS, **{"DryRun": True}))
+
+    cm.exception.response["Error"]["Code"].should.equal("DryRunOperation")
+    cm.exception.response["ResponseMetadata"]["RequestId"].should_not.be.none
+    cm.exception.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400)
+
+    ec2_client.modify_snapshot_attribute(**ADD_GROUP_ARGS)
+
+    attributes = ec2_client.describe_snapshot_attribute(
+        SnapshotId=snapshot.id, Attribute="createVolumePermission"
+    )
+    assert attributes["CreateVolumePermissions"] == [
+        {"Group": "all"}
+    ], "This snapshot should have public group permissions."
+
+    # Add is idempotent
+    ec2_client.modify_snapshot_attribute.when.called_with(
+        **ADD_GROUP_ARGS
+    ).should_not.throw(ClientError)
+    assert attributes["CreateVolumePermissions"] == [
+        {"Group": "all"}
+    ], "This snapshot should have public group permissions."
+
+    # Remove 'all' group and confirm
+    with assert_raises(ClientError) as ex:
+        ec2_client.modify_snapshot_attribute(
+            **dict(REMOVE_GROUP_ARGS, **{"DryRun": True})
+        )
+    cm.exception.response["Error"]["Code"].should.equal("DryRunOperation")
+    cm.exception.response["ResponseMetadata"]["RequestId"].should_not.be.none
+    cm.exception.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400)
+
+    ec2_client.modify_snapshot_attribute(**REMOVE_GROUP_ARGS)
+
+    attributes = ec2_client.describe_snapshot_attribute(
+        SnapshotId=snapshot.id, Attribute="createVolumePermission"
+    )
+    assert not attributes[
+        "CreateVolumePermissions"
+    ], "This snapshot should have no permissions."
+
+    # Remove is idempotent
+    ec2_client.modify_snapshot_attribute.when.called_with(
+        **REMOVE_GROUP_ARGS
+    ).should_not.throw(ClientError)
+    assert not attributes[
+        "CreateVolumePermissions"
+    ], "This snapshot should have no permissions."
+
+    # Error: Add with group != 'all'
+    with assert_raises(ClientError) as cm:
+        ec2_client.modify_snapshot_attribute(
+            SnapshotId=snapshot.id,
+            Attribute="createVolumePermission",
+            OperationType="add",
+            GroupNames=["everyone"],
+        )
+    cm.exception.response["Error"]["Code"].should.equal("InvalidAMIAttributeItemValue")
+    cm.exception.response["ResponseMetadata"]["RequestId"].should_not.be.none
+    cm.exception.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400)
+
+    # Error: Add with invalid snapshot ID
+    with assert_raises(ClientError) as cm:
+        ec2_client.modify_snapshot_attribute(
+            SnapshotId="snapshot-abcd1234",
+            Attribute="createVolumePermission",
+            OperationType="add",
+            GroupNames=["all"],
+        )
+    cm.exception.response["Error"]["Code"].should.equal("InvalidSnapshot.NotFound")
+    cm.exception.response["ResponseMetadata"]["RequestId"].should_not.be.none
+    cm.exception.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400)
+
+    # Error: Remove with invalid snapshot ID
+    with assert_raises(ClientError) as cm:
+        ec2_client.modify_snapshot_attribute(
+            SnapshotId="snapshot-abcd1234",
+            Attribute="createVolumePermission",
+            OperationType="remove",
+            GroupNames=["all"],
+        )
+    cm.exception.response["Error"]["Code"].should.equal("InvalidSnapshot.NotFound")
+    cm.exception.response["ResponseMetadata"]["RequestId"].should_not.be.none
+    cm.exception.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400)
+
+    # Test adding user id
+    ec2_client.modify_snapshot_attribute(
+        SnapshotId=snapshot.id,
+        Attribute="createVolumePermission",
+        OperationType="add",
+        UserIds=["1234567891"],
+    )
+
+    attributes = ec2_client.describe_snapshot_attribute(
+        SnapshotId=snapshot.id, Attribute="createVolumePermission"
+    )
+    assert len(attributes["CreateVolumePermissions"]) == 1
+
+    # Test adding user id again along with additional.
+    ec2_client.modify_snapshot_attribute(
+        SnapshotId=snapshot.id,
+        Attribute="createVolumePermission",
+        OperationType="add",
+        UserIds=["1234567891", "2345678912"],
+    )
+
+    attributes = ec2_client.describe_snapshot_attribute(
+        SnapshotId=snapshot.id, Attribute="createVolumePermission"
+    )
+    assert len(attributes["CreateVolumePermissions"]) == 2
+
+    # Test removing both user IDs.
+    ec2_client.modify_snapshot_attribute(
+        SnapshotId=snapshot.id,
+        Attribute="createVolumePermission",
+        OperationType="remove",
+        UserIds=["1234567891", "2345678912"],
+    )
+
+    attributes = ec2_client.describe_snapshot_attribute(
+        SnapshotId=snapshot.id, Attribute="createVolumePermission"
+    )
+    assert len(attributes["CreateVolumePermissions"]) == 0
+
+    # Idempotency when removing users.
+    ec2_client.modify_snapshot_attribute(
+        SnapshotId=snapshot.id,
+        Attribute="createVolumePermission",
+        OperationType="remove",
+        UserIds=["1234567891"],
+    )
+
+    attributes = ec2_client.describe_snapshot_attribute(
+        SnapshotId=snapshot.id, Attribute="createVolumePermission"
+    )
+    assert len(attributes["CreateVolumePermissions"]) == 0


@mock_ec2_deprecated