Merge branch 'master' into support-iterator-type-at-after-sequence
This commit is contained in:
Daniel Guerrero
commit
a068a56972
60 changed files with 5796 additions and 482 deletions
|
|
@ -105,7 +105,7 @@ class CertBundle(BaseModel):
|
|||
self.arn = arn
|
||||
|
||||
@classmethod
|
||||
def generate_cert(cls, domain_name, sans=None):
|
||||
def generate_cert(cls, domain_name, region, sans=None):
|
||||
if sans is None:
|
||||
sans = set()
|
||||
else:
|
||||
|
|
@ -152,7 +152,7 @@ class CertBundle(BaseModel):
|
|||
encryption_algorithm=serialization.NoEncryption()
|
||||
)
|
||||
|
||||
return cls(cert_armored, private_key, cert_type='AMAZON_ISSUED', cert_status='PENDING_VALIDATION')
|
||||
return cls(cert_armored, private_key, cert_type='AMAZON_ISSUED', cert_status='PENDING_VALIDATION', region=region)
|
||||
|
||||
def validate_pk(self):
|
||||
try:
|
||||
|
|
@ -325,7 +325,7 @@ class AWSCertificateManagerBackend(BaseBackend):
|
|||
|
||||
return bundle.arn
|
||||
|
||||
def get_certificates_list(self):
|
||||
def get_certificates_list(self, statuses):
|
||||
"""
|
||||
Get list of certificates
|
||||
|
||||
|
|
@ -333,7 +333,9 @@ class AWSCertificateManagerBackend(BaseBackend):
|
|||
:rtype: list of CertBundle
|
||||
"""
|
||||
for arn in self._certificates.keys():
|
||||
yield self.get_certificate(arn)
|
||||
cert = self.get_certificate(arn)
|
||||
if not statuses or cert.status in statuses:
|
||||
yield cert
|
||||
|
||||
def get_certificate(self, arn):
|
||||
if arn not in self._certificates:
|
||||
|
|
@ -355,7 +357,7 @@ class AWSCertificateManagerBackend(BaseBackend):
|
|||
if arn is not None:
|
||||
return arn
|
||||
|
||||
cert = CertBundle.generate_cert(domain_name, subject_alt_names)
|
||||
cert = CertBundle.generate_cert(domain_name, region=self.region, sans=subject_alt_names)
|
||||
if idempotency_token is not None:
|
||||
self._set_idempotency_token_arn(idempotency_token, cert.arn)
|
||||
self._certificates[cert.arn] = cert
|
||||
|
|
|
|||
|
|
@ -132,8 +132,8 @@ class AWSCertificateManagerResponse(BaseResponse):
|
|||
|
||||
def list_certificates(self):
|
||||
certs = []
|
||||
|
||||
for cert_bundle in self.acm_backend.get_certificates_list():
|
||||
statuses = self._get_param('CertificateStatuses')
|
||||
for cert_bundle in self.acm_backend.get_certificates_list(statuses):
|
||||
certs.append({
|
||||
'CertificateArn': cert_bundle.arn,
|
||||
'DomainName': cert_bundle.common_name
|
||||
|
|
|
|||
|
|
@ -309,6 +309,25 @@ class ApiKey(BaseModel, dict):
|
|||
self['createdDate'] = self['lastUpdatedDate'] = int(time.time())
|
||||
self['stageKeys'] = stageKeys
|
||||
|
||||
def update_operations(self, patch_operations):
|
||||
for op in patch_operations:
|
||||
if op['op'] == 'replace':
|
||||
if '/name' in op['path']:
|
||||
self['name'] = op['value']
|
||||
elif '/customerId' in op['path']:
|
||||
self['customerId'] = op['value']
|
||||
elif '/description' in op['path']:
|
||||
self['description'] = op['value']
|
||||
elif '/enabled' in op['path']:
|
||||
self['enabled'] = self._str2bool(op['value'])
|
||||
else:
|
||||
raise Exception(
|
||||
'Patch operation "%s" not implemented' % op['op'])
|
||||
return self
|
||||
|
||||
def _str2bool(self, v):
|
||||
return v.lower() == "true"
|
||||
|
||||
|
||||
class UsagePlan(BaseModel, dict):
|
||||
|
||||
|
|
@ -599,6 +618,10 @@ class APIGatewayBackend(BaseBackend):
|
|||
def get_apikey(self, api_key_id):
|
||||
return self.keys[api_key_id]
|
||||
|
||||
def update_apikey(self, api_key_id, patch_operations):
|
||||
key = self.keys[api_key_id]
|
||||
return key.update_operations(patch_operations)
|
||||
|
||||
def delete_apikey(self, api_key_id):
|
||||
self.keys.pop(api_key_id)
|
||||
return {}
|
||||
|
|
|
|||
|
|
@ -245,6 +245,9 @@ class APIGatewayResponse(BaseResponse):
|
|||
|
||||
if self.method == 'GET':
|
||||
apikey_response = self.backend.get_apikey(apikey)
|
||||
elif self.method == 'PATCH':
|
||||
patch_operations = self._get_param('patchOperations')
|
||||
apikey_response = self.backend.update_apikey(apikey, patch_operations)
|
||||
elif self.method == 'DELETE':
|
||||
apikey_response = self.backend.delete_apikey(apikey)
|
||||
return 200, {}, json.dumps(apikey_response)
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
from __future__ import unicode_literals
|
||||
|
||||
import base64
|
||||
import time
|
||||
from collections import defaultdict
|
||||
import copy
|
||||
import datetime
|
||||
|
|
@ -31,6 +32,7 @@ from moto.logs.models import logs_backends
|
|||
from moto.s3.exceptions import MissingBucket, MissingKey
|
||||
from moto import settings
|
||||
from .utils import make_function_arn, make_function_ver_arn
|
||||
from moto.sqs import sqs_backends
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
|
@ -429,24 +431,59 @@ class LambdaFunction(BaseModel):
|
|||
class EventSourceMapping(BaseModel):
|
||||
def __init__(self, spec):
|
||||
# required
|
||||
self.function_name = spec['FunctionName']
|
||||
self.function_arn = spec['FunctionArn']
|
||||
self.event_source_arn = spec['EventSourceArn']
|
||||
self.starting_position = spec['StartingPosition']
|
||||
self.uuid = str(uuid.uuid4())
|
||||
self.last_modified = time.mktime(datetime.datetime.utcnow().timetuple())
|
||||
|
||||
# BatchSize service default/max mapping
|
||||
batch_size_map = {
|
||||
'kinesis': (100, 10000),
|
||||
'dynamodb': (100, 1000),
|
||||
'sqs': (10, 10),
|
||||
}
|
||||
source_type = self.event_source_arn.split(":")[2].lower()
|
||||
batch_size_entry = batch_size_map.get(source_type)
|
||||
if batch_size_entry:
|
||||
# Use service default if not provided
|
||||
batch_size = int(spec.get('BatchSize', batch_size_entry[0]))
|
||||
if batch_size > batch_size_entry[1]:
|
||||
raise ValueError("InvalidParameterValueException",
|
||||
"BatchSize {} exceeds the max of {}".format(batch_size, batch_size_entry[1]))
|
||||
else:
|
||||
self.batch_size = batch_size
|
||||
else:
|
||||
raise ValueError("InvalidParameterValueException",
|
||||
"Unsupported event source type")
|
||||
|
||||
# optional
|
||||
self.batch_size = spec.get('BatchSize', 100)
|
||||
self.starting_position = spec.get('StartingPosition', 'TRIM_HORIZON')
|
||||
self.enabled = spec.get('Enabled', True)
|
||||
self.starting_position_timestamp = spec.get('StartingPositionTimestamp',
|
||||
None)
|
||||
|
||||
def get_configuration(self):
|
||||
return {
|
||||
'UUID': self.uuid,
|
||||
'BatchSize': self.batch_size,
|
||||
'EventSourceArn': self.event_source_arn,
|
||||
'FunctionArn': self.function_arn,
|
||||
'LastModified': self.last_modified,
|
||||
'LastProcessingResult': '',
|
||||
'State': 'Enabled' if self.enabled else 'Disabled',
|
||||
'StateTransitionReason': 'User initiated'
|
||||
}
|
||||
|
||||
@classmethod
|
||||
def create_from_cloudformation_json(cls, resource_name, cloudformation_json,
|
||||
region_name):
|
||||
properties = cloudformation_json['Properties']
|
||||
func = lambda_backends[region_name].get_function(properties['FunctionName'])
|
||||
spec = {
|
||||
'FunctionName': properties['FunctionName'],
|
||||
'FunctionArn': func.function_arn,
|
||||
'EventSourceArn': properties['EventSourceArn'],
|
||||
'StartingPosition': properties['StartingPosition']
|
||||
'StartingPosition': properties['StartingPosition'],
|
||||
'BatchSize': properties.get('BatchSize', 100)
|
||||
}
|
||||
optional_properties = 'BatchSize Enabled StartingPositionTimestamp'.split()
|
||||
for prop in optional_properties:
|
||||
|
|
@ -466,8 +503,10 @@ class LambdaVersion(BaseModel):
|
|||
def create_from_cloudformation_json(cls, resource_name, cloudformation_json,
|
||||
region_name):
|
||||
properties = cloudformation_json['Properties']
|
||||
function_name = properties['FunctionName']
|
||||
func = lambda_backends[region_name].publish_function(function_name)
|
||||
spec = {
|
||||
'Version': properties.get('Version')
|
||||
'Version': func.version
|
||||
}
|
||||
return LambdaVersion(spec)
|
||||
|
||||
|
|
@ -515,6 +554,9 @@ class LambdaStorage(object):
|
|||
def get_arn(self, arn):
|
||||
return self._arns.get(arn, None)
|
||||
|
||||
def get_function_by_name_or_arn(self, input):
|
||||
return self.get_function(input) or self.get_arn(input)
|
||||
|
||||
def put_function(self, fn):
|
||||
"""
|
||||
:param fn: Function
|
||||
|
|
@ -596,6 +638,7 @@ class LambdaStorage(object):
|
|||
class LambdaBackend(BaseBackend):
|
||||
def __init__(self, region_name):
|
||||
self._lambdas = LambdaStorage()
|
||||
self._event_source_mappings = {}
|
||||
self.region_name = region_name
|
||||
|
||||
def reset(self):
|
||||
|
|
@ -617,6 +660,40 @@ class LambdaBackend(BaseBackend):
|
|||
fn.version = ver.version
|
||||
return fn
|
||||
|
||||
def create_event_source_mapping(self, spec):
|
||||
required = [
|
||||
'EventSourceArn',
|
||||
'FunctionName',
|
||||
]
|
||||
for param in required:
|
||||
if not spec.get(param):
|
||||
raise RESTError('InvalidParameterValueException', 'Missing {}'.format(param))
|
||||
|
||||
# Validate function name
|
||||
func = self._lambdas.get_function_by_name_or_arn(spec.pop('FunctionName', ''))
|
||||
if not func:
|
||||
raise RESTError('ResourceNotFoundException', 'Invalid FunctionName')
|
||||
|
||||
# Validate queue
|
||||
for queue in sqs_backends[self.region_name].queues.values():
|
||||
if queue.queue_arn == spec['EventSourceArn']:
|
||||
if queue.lambda_event_source_mappings.get('func.function_arn'):
|
||||
# TODO: Correct exception?
|
||||
raise RESTError('ResourceConflictException', 'The resource already exists.')
|
||||
if queue.fifo_queue:
|
||||
raise RESTError('InvalidParameterValueException',
|
||||
'{} is FIFO'.format(queue.queue_arn))
|
||||
else:
|
||||
spec.update({'FunctionArn': func.function_arn})
|
||||
esm = EventSourceMapping(spec)
|
||||
self._event_source_mappings[esm.uuid] = esm
|
||||
|
||||
# Set backend function on queue
|
||||
queue.lambda_event_source_mappings[esm.function_arn] = esm
|
||||
|
||||
return esm
|
||||
raise RESTError('ResourceNotFoundException', 'Invalid EventSourceArn')
|
||||
|
||||
def publish_function(self, function_name):
|
||||
return self._lambdas.publish_function(function_name)
|
||||
|
||||
|
|
@ -626,6 +703,33 @@ class LambdaBackend(BaseBackend):
|
|||
def list_versions_by_function(self, function_name):
|
||||
return self._lambdas.list_versions_by_function(function_name)
|
||||
|
||||
def get_event_source_mapping(self, uuid):
|
||||
return self._event_source_mappings.get(uuid)
|
||||
|
||||
def delete_event_source_mapping(self, uuid):
|
||||
return self._event_source_mappings.pop(uuid)
|
||||
|
||||
def update_event_source_mapping(self, uuid, spec):
|
||||
esm = self.get_event_source_mapping(uuid)
|
||||
if esm:
|
||||
if spec.get('FunctionName'):
|
||||
func = self._lambdas.get_function_by_name_or_arn(spec.get('FunctionName'))
|
||||
esm.function_arn = func.function_arn
|
||||
if 'BatchSize' in spec:
|
||||
esm.batch_size = spec['BatchSize']
|
||||
if 'Enabled' in spec:
|
||||
esm.enabled = spec['Enabled']
|
||||
return esm
|
||||
return False
|
||||
|
||||
def list_event_source_mappings(self, event_source_arn, function_name):
|
||||
esms = list(self._event_source_mappings.values())
|
||||
if event_source_arn:
|
||||
esms = list(filter(lambda x: x.event_source_arn == event_source_arn, esms))
|
||||
if function_name:
|
||||
esms = list(filter(lambda x: x.function_name == function_name, esms))
|
||||
return esms
|
||||
|
||||
def get_function_by_arn(self, function_arn):
|
||||
return self._lambdas.get_arn(function_arn)
|
||||
|
||||
|
|
@ -635,7 +739,43 @@ class LambdaBackend(BaseBackend):
|
|||
def list_functions(self):
|
||||
return self._lambdas.all()
|
||||
|
||||
def send_message(self, function_name, message, subject=None, qualifier=None):
|
||||
def send_sqs_batch(self, function_arn, messages, queue_arn):
|
||||
success = True
|
||||
for message in messages:
|
||||
func = self.get_function_by_arn(function_arn)
|
||||
result = self._send_sqs_message(func, message, queue_arn)
|
||||
if not result:
|
||||
success = False
|
||||
return success
|
||||
|
||||
def _send_sqs_message(self, func, message, queue_arn):
|
||||
event = {
|
||||
"Records": [
|
||||
{
|
||||
"messageId": message.id,
|
||||
"receiptHandle": message.receipt_handle,
|
||||
"body": message.body,
|
||||
"attributes": {
|
||||
"ApproximateReceiveCount": "1",
|
||||
"SentTimestamp": "1545082649183",
|
||||
"SenderId": "AIDAIENQZJOLO23YVJ4VO",
|
||||
"ApproximateFirstReceiveTimestamp": "1545082649185"
|
||||
},
|
||||
"messageAttributes": {},
|
||||
"md5OfBody": "098f6bcd4621d373cade4e832627b4f6",
|
||||
"eventSource": "aws:sqs",
|
||||
"eventSourceARN": queue_arn,
|
||||
"awsRegion": self.region_name
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
request_headers = {}
|
||||
response_headers = {}
|
||||
func.invoke(json.dumps(event), request_headers, response_headers)
|
||||
return 'x-amz-function-error' not in response_headers
|
||||
|
||||
def send_sns_message(self, function_name, message, subject=None, qualifier=None):
|
||||
event = {
|
||||
"Records": [
|
||||
{
|
||||
|
|
|
|||
|
|
@ -39,6 +39,31 @@ class LambdaResponse(BaseResponse):
|
|||
else:
|
||||
raise ValueError("Cannot handle request")
|
||||
|
||||
def event_source_mappings(self, request, full_url, headers):
|
||||
self.setup_class(request, full_url, headers)
|
||||
if request.method == 'GET':
|
||||
querystring = self.querystring
|
||||
event_source_arn = querystring.get('EventSourceArn', [None])[0]
|
||||
function_name = querystring.get('FunctionName', [None])[0]
|
||||
return self._list_event_source_mappings(event_source_arn, function_name)
|
||||
elif request.method == 'POST':
|
||||
return self._create_event_source_mapping(request, full_url, headers)
|
||||
else:
|
||||
raise ValueError("Cannot handle request")
|
||||
|
||||
def event_source_mapping(self, request, full_url, headers):
|
||||
self.setup_class(request, full_url, headers)
|
||||
path = request.path if hasattr(request, 'path') else path_url(request.url)
|
||||
uuid = path.split('/')[-1]
|
||||
if request.method == 'GET':
|
||||
return self._get_event_source_mapping(uuid)
|
||||
elif request.method == 'PUT':
|
||||
return self._update_event_source_mapping(uuid)
|
||||
elif request.method == 'DELETE':
|
||||
return self._delete_event_source_mapping(uuid)
|
||||
else:
|
||||
raise ValueError("Cannot handle request")
|
||||
|
||||
def function(self, request, full_url, headers):
|
||||
self.setup_class(request, full_url, headers)
|
||||
if request.method == 'GET':
|
||||
|
|
@ -177,6 +202,45 @@ class LambdaResponse(BaseResponse):
|
|||
config = fn.get_configuration()
|
||||
return 201, {}, json.dumps(config)
|
||||
|
||||
def _create_event_source_mapping(self, request, full_url, headers):
|
||||
try:
|
||||
fn = self.lambda_backend.create_event_source_mapping(self.json_body)
|
||||
except ValueError as e:
|
||||
return 400, {}, json.dumps({"Error": {"Code": e.args[0], "Message": e.args[1]}})
|
||||
else:
|
||||
config = fn.get_configuration()
|
||||
return 201, {}, json.dumps(config)
|
||||
|
||||
def _list_event_source_mappings(self, event_source_arn, function_name):
|
||||
esms = self.lambda_backend.list_event_source_mappings(event_source_arn, function_name)
|
||||
result = {
|
||||
'EventSourceMappings': [esm.get_configuration() for esm in esms]
|
||||
}
|
||||
return 200, {}, json.dumps(result)
|
||||
|
||||
def _get_event_source_mapping(self, uuid):
|
||||
result = self.lambda_backend.get_event_source_mapping(uuid)
|
||||
if result:
|
||||
return 200, {}, json.dumps(result.get_configuration())
|
||||
else:
|
||||
return 404, {}, "{}"
|
||||
|
||||
def _update_event_source_mapping(self, uuid):
|
||||
result = self.lambda_backend.update_event_source_mapping(uuid, self.json_body)
|
||||
if result:
|
||||
return 202, {}, json.dumps(result.get_configuration())
|
||||
else:
|
||||
return 404, {}, "{}"
|
||||
|
||||
def _delete_event_source_mapping(self, uuid):
|
||||
esm = self.lambda_backend.delete_event_source_mapping(uuid)
|
||||
if esm:
|
||||
json_result = esm.get_configuration()
|
||||
json_result.update({'State': 'Deleting'})
|
||||
return 202, {}, json.dumps(json_result)
|
||||
else:
|
||||
return 404, {}, "{}"
|
||||
|
||||
def _publish_function(self, request, full_url, headers):
|
||||
function_name = self.path.rsplit('/', 2)[-2]
|
||||
|
||||
|
|
|
|||
|
|
@ -11,6 +11,8 @@ url_paths = {
|
|||
'{0}/(?P<api_version>[^/]+)/functions/?$': response.root,
|
||||
r'{0}/(?P<api_version>[^/]+)/functions/(?P<function_name>[\w_-]+)/?$': response.function,
|
||||
r'{0}/(?P<api_version>[^/]+)/functions/(?P<function_name>[\w_-]+)/versions/?$': response.versions,
|
||||
r'{0}/(?P<api_version>[^/]+)/event-source-mappings/?$': response.event_source_mappings,
|
||||
r'{0}/(?P<api_version>[^/]+)/event-source-mappings/(?P<UUID>[\w_-]+)/?$': response.event_source_mapping,
|
||||
r'{0}/(?P<api_version>[^/]+)/functions/(?P<function_name>[\w_-]+)/invocations/?$': response.invoke,
|
||||
r'{0}/(?P<api_version>[^/]+)/functions/(?P<function_name>[\w_-]+)/invoke-async/?$': response.invoke_async,
|
||||
r'{0}/(?P<api_version>[^/]+)/tags/(?P<resource_arn>.+)': response.tag,
|
||||
|
|
|
|||
|
|
@ -514,10 +514,13 @@ class BatchBackend(BaseBackend):
|
|||
return self._job_definitions.get(arn)
|
||||
|
||||
def get_job_definition_by_name(self, name):
|
||||
for comp_env in self._job_definitions.values():
|
||||
if comp_env.name == name:
|
||||
return comp_env
|
||||
return None
|
||||
latest_revision = -1
|
||||
latest_job = None
|
||||
for job_def in self._job_definitions.values():
|
||||
if job_def.name == name and job_def.revision > latest_revision:
|
||||
latest_job = job_def
|
||||
latest_revision = job_def.revision
|
||||
return latest_job
|
||||
|
||||
def get_job_definition_by_name_revision(self, name, revision):
|
||||
for job_def in self._job_definitions.values():
|
||||
|
|
@ -534,10 +537,13 @@ class BatchBackend(BaseBackend):
|
|||
:return: Job definition or None
|
||||
:rtype: JobDefinition or None
|
||||
"""
|
||||
env = self.get_job_definition_by_arn(identifier)
|
||||
if env is None:
|
||||
env = self.get_job_definition_by_name(identifier)
|
||||
return env
|
||||
job_def = self.get_job_definition_by_arn(identifier)
|
||||
if job_def is None:
|
||||
if ':' in identifier:
|
||||
job_def = self.get_job_definition_by_name_revision(*identifier.split(':', 1))
|
||||
else:
|
||||
job_def = self.get_job_definition_by_name(identifier)
|
||||
return job_def
|
||||
|
||||
def get_job_definitions(self, identifier):
|
||||
"""
|
||||
|
|
@ -984,9 +990,7 @@ class BatchBackend(BaseBackend):
|
|||
# TODO parameters, retries (which is a dict raw from request), job dependancies and container overrides are ignored for now
|
||||
|
||||
# Look for job definition
|
||||
job_def = self.get_job_definition_by_arn(job_def_id)
|
||||
if job_def is None and ':' in job_def_id:
|
||||
job_def = self.get_job_definition_by_name_revision(*job_def_id.split(':', 1))
|
||||
job_def = self.get_job_definition(job_def_id)
|
||||
if job_def is None:
|
||||
raise ClientException('Job definition {0} does not exist'.format(job_def_id))
|
||||
|
||||
|
|
|
|||
|
|
@ -52,6 +52,18 @@ class InvalidResourceTypeException(JsonRESTError):
|
|||
super(InvalidResourceTypeException, self).__init__("ValidationException", message)
|
||||
|
||||
|
||||
class NoSuchConfigurationAggregatorException(JsonRESTError):
|
||||
code = 400
|
||||
|
||||
def __init__(self, number=1):
|
||||
if number == 1:
|
||||
message = 'The configuration aggregator does not exist. Check the configuration aggregator name and try again.'
|
||||
else:
|
||||
message = 'At least one of the configuration aggregators does not exist. Check the configuration aggregator' \
|
||||
' names and try again.'
|
||||
super(NoSuchConfigurationAggregatorException, self).__init__("NoSuchConfigurationAggregatorException", message)
|
||||
|
||||
|
||||
class NoSuchConfigurationRecorderException(JsonRESTError):
|
||||
code = 400
|
||||
|
||||
|
|
@ -78,6 +90,14 @@ class NoSuchBucketException(JsonRESTError):
|
|||
super(NoSuchBucketException, self).__init__("NoSuchBucketException", message)
|
||||
|
||||
|
||||
class InvalidNextTokenException(JsonRESTError):
|
||||
code = 400
|
||||
|
||||
def __init__(self):
|
||||
message = 'The nextToken provided is invalid'
|
||||
super(InvalidNextTokenException, self).__init__("InvalidNextTokenException", message)
|
||||
|
||||
|
||||
class InvalidS3KeyPrefixException(JsonRESTError):
|
||||
code = 400
|
||||
|
||||
|
|
@ -147,3 +167,66 @@ class LastDeliveryChannelDeleteFailedException(JsonRESTError):
|
|||
message = 'Failed to delete last specified delivery channel with name \'{name}\', because there, ' \
|
||||
'because there is a running configuration recorder.'.format(name=name)
|
||||
super(LastDeliveryChannelDeleteFailedException, self).__init__("LastDeliveryChannelDeleteFailedException", message)
|
||||
|
||||
|
||||
class TooManyAccountSources(JsonRESTError):
|
||||
code = 400
|
||||
|
||||
def __init__(self, length):
|
||||
locations = ['com.amazonaws.xyz'] * length
|
||||
|
||||
message = 'Value \'[{locations}]\' at \'accountAggregationSources\' failed to satisfy constraint: ' \
|
||||
'Member must have length less than or equal to 1'.format(locations=', '.join(locations))
|
||||
super(TooManyAccountSources, self).__init__("ValidationException", message)
|
||||
|
||||
|
||||
class DuplicateTags(JsonRESTError):
|
||||
code = 400
|
||||
|
||||
def __init__(self):
|
||||
super(DuplicateTags, self).__init__(
|
||||
'InvalidInput', 'Duplicate tag keys found. Please note that Tag keys are case insensitive.')
|
||||
|
||||
|
||||
class TagKeyTooBig(JsonRESTError):
|
||||
code = 400
|
||||
|
||||
def __init__(self, tag, param='tags.X.member.key'):
|
||||
super(TagKeyTooBig, self).__init__(
|
||||
'ValidationException', "1 validation error detected: Value '{}' at '{}' failed to satisfy "
|
||||
"constraint: Member must have length less than or equal to 128".format(tag, param))
|
||||
|
||||
|
||||
class TagValueTooBig(JsonRESTError):
|
||||
code = 400
|
||||
|
||||
def __init__(self, tag):
|
||||
super(TagValueTooBig, self).__init__(
|
||||
'ValidationException', "1 validation error detected: Value '{}' at 'tags.X.member.value' failed to satisfy "
|
||||
"constraint: Member must have length less than or equal to 256".format(tag))
|
||||
|
||||
|
||||
class InvalidParameterValueException(JsonRESTError):
|
||||
code = 400
|
||||
|
||||
def __init__(self, message):
|
||||
super(InvalidParameterValueException, self).__init__('InvalidParameterValueException', message)
|
||||
|
||||
|
||||
class InvalidTagCharacters(JsonRESTError):
|
||||
code = 400
|
||||
|
||||
def __init__(self, tag, param='tags.X.member.key'):
|
||||
message = "1 validation error detected: Value '{}' at '{}' failed to satisfy ".format(tag, param)
|
||||
message += 'constraint: Member must satisfy regular expression pattern: [\\\\p{L}\\\\p{Z}\\\\p{N}_.:/=+\\\\-@]+'
|
||||
|
||||
super(InvalidTagCharacters, self).__init__('ValidationException', message)
|
||||
|
||||
|
||||
class TooManyTags(JsonRESTError):
|
||||
code = 400
|
||||
|
||||
def __init__(self, tags, param='tags'):
|
||||
super(TooManyTags, self).__init__(
|
||||
'ValidationException', "1 validation error detected: Value '{}' at '{}' failed to satisfy "
|
||||
"constraint: Member must have length less than or equal to 50.".format(tags, param))
|
||||
|
|
|
|||
|
|
@ -1,6 +1,9 @@
|
|||
import json
|
||||
import re
|
||||
import time
|
||||
import pkg_resources
|
||||
import random
|
||||
import string
|
||||
|
||||
from datetime import datetime
|
||||
|
||||
|
|
@ -12,37 +15,125 @@ from moto.config.exceptions import InvalidResourceTypeException, InvalidDelivery
|
|||
NoSuchConfigurationRecorderException, NoAvailableConfigurationRecorderException, \
|
||||
InvalidDeliveryChannelNameException, NoSuchBucketException, InvalidS3KeyPrefixException, \
|
||||
InvalidSNSTopicARNException, MaxNumberOfDeliveryChannelsExceededException, NoAvailableDeliveryChannelException, \
|
||||
NoSuchDeliveryChannelException, LastDeliveryChannelDeleteFailedException
|
||||
NoSuchDeliveryChannelException, LastDeliveryChannelDeleteFailedException, TagKeyTooBig, \
|
||||
TooManyTags, TagValueTooBig, TooManyAccountSources, InvalidParameterValueException, InvalidNextTokenException, \
|
||||
NoSuchConfigurationAggregatorException, InvalidTagCharacters, DuplicateTags
|
||||
|
||||
from moto.core import BaseBackend, BaseModel
|
||||
|
||||
DEFAULT_ACCOUNT_ID = 123456789012
|
||||
POP_STRINGS = [
|
||||
'capitalizeStart',
|
||||
'CapitalizeStart',
|
||||
'capitalizeArn',
|
||||
'CapitalizeArn',
|
||||
'capitalizeARN',
|
||||
'CapitalizeARN'
|
||||
]
|
||||
DEFAULT_PAGE_SIZE = 100
|
||||
|
||||
|
||||
def datetime2int(date):
|
||||
return int(time.mktime(date.timetuple()))
|
||||
|
||||
|
||||
def snake_to_camels(original):
|
||||
def snake_to_camels(original, cap_start, cap_arn):
|
||||
parts = original.split('_')
|
||||
|
||||
camel_cased = parts[0].lower() + ''.join(p.title() for p in parts[1:])
|
||||
camel_cased = camel_cased.replace('Arn', 'ARN') # Config uses 'ARN' instead of 'Arn'
|
||||
|
||||
if cap_arn:
|
||||
camel_cased = camel_cased.replace('Arn', 'ARN') # Some config services use 'ARN' instead of 'Arn'
|
||||
|
||||
if cap_start:
|
||||
camel_cased = camel_cased[0].upper() + camel_cased[1::]
|
||||
|
||||
return camel_cased
|
||||
|
||||
|
||||
def random_string():
|
||||
"""Returns a random set of 8 lowercase letters for the Config Aggregator ARN"""
|
||||
chars = []
|
||||
for x in range(0, 8):
|
||||
chars.append(random.choice(string.ascii_lowercase))
|
||||
|
||||
return "".join(chars)
|
||||
|
||||
|
||||
def validate_tag_key(tag_key, exception_param='tags.X.member.key'):
|
||||
"""Validates the tag key.
|
||||
|
||||
:param tag_key: The tag key to check against.
|
||||
:param exception_param: The exception parameter to send over to help format the message. This is to reflect
|
||||
the difference between the tag and untag APIs.
|
||||
:return:
|
||||
"""
|
||||
# Validate that the key length is correct:
|
||||
if len(tag_key) > 128:
|
||||
raise TagKeyTooBig(tag_key, param=exception_param)
|
||||
|
||||
# Validate that the tag key fits the proper Regex:
|
||||
# [\w\s_.:/=+\-@]+ SHOULD be the same as the Java regex on the AWS documentation: [\p{L}\p{Z}\p{N}_.:/=+\-@]+
|
||||
match = re.findall(r'[\w\s_.:/=+\-@]+', tag_key)
|
||||
# Kudos if you can come up with a better way of doing a global search :)
|
||||
if not len(match) or len(match[0]) < len(tag_key):
|
||||
raise InvalidTagCharacters(tag_key, param=exception_param)
|
||||
|
||||
|
||||
def check_tag_duplicate(all_tags, tag_key):
|
||||
"""Validates that a tag key is not a duplicate
|
||||
|
||||
:param all_tags: Dict to check if there is a duplicate tag.
|
||||
:param tag_key: The tag key to check against.
|
||||
:return:
|
||||
"""
|
||||
if all_tags.get(tag_key):
|
||||
raise DuplicateTags()
|
||||
|
||||
|
||||
def validate_tags(tags):
|
||||
proper_tags = {}
|
||||
|
||||
if len(tags) > 50:
|
||||
raise TooManyTags(tags)
|
||||
|
||||
for tag in tags:
|
||||
# Validate the Key:
|
||||
validate_tag_key(tag['Key'])
|
||||
check_tag_duplicate(proper_tags, tag['Key'])
|
||||
|
||||
# Validate the Value:
|
||||
if len(tag['Value']) > 256:
|
||||
raise TagValueTooBig(tag['Value'])
|
||||
|
||||
proper_tags[tag['Key']] = tag['Value']
|
||||
|
||||
return proper_tags
|
||||
|
||||
|
||||
class ConfigEmptyDictable(BaseModel):
|
||||
"""Base class to make serialization easy. This assumes that the sub-class will NOT return 'None's in the JSON."""
|
||||
|
||||
def __init__(self, capitalize_start=False, capitalize_arn=True):
|
||||
"""Assists with the serialization of the config object
|
||||
:param capitalize_start: For some Config services, the first letter is lowercase -- for others it's capital
|
||||
:param capitalize_arn: For some Config services, the API expects 'ARN' and for others, it expects 'Arn'
|
||||
"""
|
||||
self.capitalize_start = capitalize_start
|
||||
self.capitalize_arn = capitalize_arn
|
||||
|
||||
def to_dict(self):
|
||||
data = {}
|
||||
for item, value in self.__dict__.items():
|
||||
if value is not None:
|
||||
if isinstance(value, ConfigEmptyDictable):
|
||||
data[snake_to_camels(item)] = value.to_dict()
|
||||
data[snake_to_camels(item, self.capitalize_start, self.capitalize_arn)] = value.to_dict()
|
||||
else:
|
||||
data[snake_to_camels(item)] = value
|
||||
data[snake_to_camels(item, self.capitalize_start, self.capitalize_arn)] = value
|
||||
|
||||
# Cleanse the extra properties:
|
||||
for prop in POP_STRINGS:
|
||||
data.pop(prop, None)
|
||||
|
||||
return data
|
||||
|
||||
|
|
@ -50,8 +141,9 @@ class ConfigEmptyDictable(BaseModel):
|
|||
class ConfigRecorderStatus(ConfigEmptyDictable):
|
||||
|
||||
def __init__(self, name):
|
||||
self.name = name
|
||||
super(ConfigRecorderStatus, self).__init__()
|
||||
|
||||
self.name = name
|
||||
self.recording = False
|
||||
self.last_start_time = None
|
||||
self.last_stop_time = None
|
||||
|
|
@ -75,12 +167,16 @@ class ConfigRecorderStatus(ConfigEmptyDictable):
|
|||
class ConfigDeliverySnapshotProperties(ConfigEmptyDictable):
|
||||
|
||||
def __init__(self, delivery_frequency):
|
||||
super(ConfigDeliverySnapshotProperties, self).__init__()
|
||||
|
||||
self.delivery_frequency = delivery_frequency
|
||||
|
||||
|
||||
class ConfigDeliveryChannel(ConfigEmptyDictable):
|
||||
|
||||
def __init__(self, name, s3_bucket_name, prefix=None, sns_arn=None, snapshot_properties=None):
|
||||
super(ConfigDeliveryChannel, self).__init__()
|
||||
|
||||
self.name = name
|
||||
self.s3_bucket_name = s3_bucket_name
|
||||
self.s3_key_prefix = prefix
|
||||
|
|
@ -91,6 +187,8 @@ class ConfigDeliveryChannel(ConfigEmptyDictable):
|
|||
class RecordingGroup(ConfigEmptyDictable):
|
||||
|
||||
def __init__(self, all_supported=True, include_global_resource_types=False, resource_types=None):
|
||||
super(RecordingGroup, self).__init__()
|
||||
|
||||
self.all_supported = all_supported
|
||||
self.include_global_resource_types = include_global_resource_types
|
||||
self.resource_types = resource_types
|
||||
|
|
@ -99,6 +197,8 @@ class RecordingGroup(ConfigEmptyDictable):
|
|||
class ConfigRecorder(ConfigEmptyDictable):
|
||||
|
||||
def __init__(self, role_arn, recording_group, name='default', status=None):
|
||||
super(ConfigRecorder, self).__init__()
|
||||
|
||||
self.name = name
|
||||
self.role_arn = role_arn
|
||||
self.recording_group = recording_group
|
||||
|
|
@ -109,18 +209,118 @@ class ConfigRecorder(ConfigEmptyDictable):
|
|||
self.status = status
|
||||
|
||||
|
||||
class AccountAggregatorSource(ConfigEmptyDictable):
|
||||
|
||||
def __init__(self, account_ids, aws_regions=None, all_aws_regions=None):
|
||||
super(AccountAggregatorSource, self).__init__(capitalize_start=True)
|
||||
|
||||
# Can't have both the regions and all_regions flag present -- also can't have them both missing:
|
||||
if aws_regions and all_aws_regions:
|
||||
raise InvalidParameterValueException('Your configuration aggregator contains a list of regions and also specifies '
|
||||
'the use of all regions. You must choose one of these options.')
|
||||
|
||||
if not (aws_regions or all_aws_regions):
|
||||
raise InvalidParameterValueException('Your request does not specify any regions. Select AWS Config-supported '
|
||||
'regions and try again.')
|
||||
|
||||
self.account_ids = account_ids
|
||||
self.aws_regions = aws_regions
|
||||
|
||||
if not all_aws_regions:
|
||||
all_aws_regions = False
|
||||
|
||||
self.all_aws_regions = all_aws_regions
|
||||
|
||||
|
||||
class OrganizationAggregationSource(ConfigEmptyDictable):
|
||||
|
||||
def __init__(self, role_arn, aws_regions=None, all_aws_regions=None):
|
||||
super(OrganizationAggregationSource, self).__init__(capitalize_start=True, capitalize_arn=False)
|
||||
|
||||
# Can't have both the regions and all_regions flag present -- also can't have them both missing:
|
||||
if aws_regions and all_aws_regions:
|
||||
raise InvalidParameterValueException('Your configuration aggregator contains a list of regions and also specifies '
|
||||
'the use of all regions. You must choose one of these options.')
|
||||
|
||||
if not (aws_regions or all_aws_regions):
|
||||
raise InvalidParameterValueException('Your request does not specify any regions. Select AWS Config-supported '
|
||||
'regions and try again.')
|
||||
|
||||
self.role_arn = role_arn
|
||||
self.aws_regions = aws_regions
|
||||
|
||||
if not all_aws_regions:
|
||||
all_aws_regions = False
|
||||
|
||||
self.all_aws_regions = all_aws_regions
|
||||
|
||||
|
||||
class ConfigAggregator(ConfigEmptyDictable):
|
||||
|
||||
def __init__(self, name, region, account_sources=None, org_source=None, tags=None):
|
||||
super(ConfigAggregator, self).__init__(capitalize_start=True, capitalize_arn=False)
|
||||
|
||||
self.configuration_aggregator_name = name
|
||||
self.configuration_aggregator_arn = 'arn:aws:config:{region}:{id}:config-aggregator/config-aggregator-{random}'.format(
|
||||
region=region,
|
||||
id=DEFAULT_ACCOUNT_ID,
|
||||
random=random_string()
|
||||
)
|
||||
self.account_aggregation_sources = account_sources
|
||||
self.organization_aggregation_source = org_source
|
||||
self.creation_time = datetime2int(datetime.utcnow())
|
||||
self.last_updated_time = datetime2int(datetime.utcnow())
|
||||
|
||||
# Tags are listed in the list_tags_for_resource API call ... not implementing yet -- please feel free to!
|
||||
self.tags = tags or {}
|
||||
|
||||
# Override the to_dict so that we can format the tags properly...
|
||||
def to_dict(self):
|
||||
result = super(ConfigAggregator, self).to_dict()
|
||||
|
||||
# Override the account aggregation sources if present:
|
||||
if self.account_aggregation_sources:
|
||||
result['AccountAggregationSources'] = [a.to_dict() for a in self.account_aggregation_sources]
|
||||
|
||||
# Tags are listed in the list_tags_for_resource API call ... not implementing yet -- please feel free to!
|
||||
# if self.tags:
|
||||
# result['Tags'] = [{'Key': key, 'Value': value} for key, value in self.tags.items()]
|
||||
|
||||
return result
|
||||
|
||||
|
||||
class ConfigAggregationAuthorization(ConfigEmptyDictable):
|
||||
|
||||
def __init__(self, current_region, authorized_account_id, authorized_aws_region, tags=None):
|
||||
super(ConfigAggregationAuthorization, self).__init__(capitalize_start=True, capitalize_arn=False)
|
||||
|
||||
self.aggregation_authorization_arn = 'arn:aws:config:{region}:{id}:aggregation-authorization/' \
|
||||
'{auth_account}/{auth_region}'.format(region=current_region,
|
||||
id=DEFAULT_ACCOUNT_ID,
|
||||
auth_account=authorized_account_id,
|
||||
auth_region=authorized_aws_region)
|
||||
self.authorized_account_id = authorized_account_id
|
||||
self.authorized_aws_region = authorized_aws_region
|
||||
self.creation_time = datetime2int(datetime.utcnow())
|
||||
|
||||
# Tags are listed in the list_tags_for_resource API call ... not implementing yet -- please feel free to!
|
||||
self.tags = tags or {}
|
||||
|
||||
|
||||
class ConfigBackend(BaseBackend):
|
||||
|
||||
def __init__(self):
|
||||
self.recorders = {}
|
||||
self.delivery_channels = {}
|
||||
self.config_aggregators = {}
|
||||
self.aggregation_authorizations = {}
|
||||
|
||||
@staticmethod
|
||||
def _validate_resource_types(resource_list):
|
||||
# Load the service file:
|
||||
resource_package = 'botocore'
|
||||
resource_path = '/'.join(('data', 'config', '2014-11-12', 'service-2.json'))
|
||||
conifg_schema = json.loads(pkg_resources.resource_string(resource_package, resource_path))
|
||||
config_schema = json.loads(pkg_resources.resource_string(resource_package, resource_path))
|
||||
|
||||
# Verify that each entry exists in the supported list:
|
||||
bad_list = []
|
||||
|
|
@ -128,11 +328,11 @@ class ConfigBackend(BaseBackend):
|
|||
# For PY2:
|
||||
r_str = str(resource)
|
||||
|
||||
if r_str not in conifg_schema['shapes']['ResourceType']['enum']:
|
||||
if r_str not in config_schema['shapes']['ResourceType']['enum']:
|
||||
bad_list.append(r_str)
|
||||
|
||||
if bad_list:
|
||||
raise InvalidResourceTypeException(bad_list, conifg_schema['shapes']['ResourceType']['enum'])
|
||||
raise InvalidResourceTypeException(bad_list, config_schema['shapes']['ResourceType']['enum'])
|
||||
|
||||
@staticmethod
|
||||
def _validate_delivery_snapshot_properties(properties):
|
||||
|
|
@ -147,6 +347,158 @@ class ConfigBackend(BaseBackend):
|
|||
raise InvalidDeliveryFrequency(properties.get('deliveryFrequency', None),
|
||||
conifg_schema['shapes']['MaximumExecutionFrequency']['enum'])
|
||||
|
||||
def put_configuration_aggregator(self, config_aggregator, region):
|
||||
# Validate the name:
|
||||
if len(config_aggregator['ConfigurationAggregatorName']) > 256:
|
||||
raise NameTooLongException(config_aggregator['ConfigurationAggregatorName'], 'configurationAggregatorName')
|
||||
|
||||
account_sources = None
|
||||
org_source = None
|
||||
|
||||
# Tag validation:
|
||||
tags = validate_tags(config_aggregator.get('Tags', []))
|
||||
|
||||
# Exception if both AccountAggregationSources and OrganizationAggregationSource are supplied:
|
||||
if config_aggregator.get('AccountAggregationSources') and config_aggregator.get('OrganizationAggregationSource'):
|
||||
raise InvalidParameterValueException('The configuration aggregator cannot be created because your request contains both the'
|
||||
' AccountAggregationSource and the OrganizationAggregationSource. Include only '
|
||||
'one aggregation source and try again.')
|
||||
|
||||
# If neither are supplied:
|
||||
if not config_aggregator.get('AccountAggregationSources') and not config_aggregator.get('OrganizationAggregationSource'):
|
||||
raise InvalidParameterValueException('The configuration aggregator cannot be created because your request is missing either '
|
||||
'the AccountAggregationSource or the OrganizationAggregationSource. Include the '
|
||||
'appropriate aggregation source and try again.')
|
||||
|
||||
if config_aggregator.get('AccountAggregationSources'):
|
||||
# Currently, only 1 account aggregation source can be set:
|
||||
if len(config_aggregator['AccountAggregationSources']) > 1:
|
||||
raise TooManyAccountSources(len(config_aggregator['AccountAggregationSources']))
|
||||
|
||||
account_sources = []
|
||||
for a in config_aggregator['AccountAggregationSources']:
|
||||
account_sources.append(AccountAggregatorSource(a['AccountIds'], aws_regions=a.get('AwsRegions'),
|
||||
all_aws_regions=a.get('AllAwsRegions')))
|
||||
|
||||
else:
|
||||
org_source = OrganizationAggregationSource(config_aggregator['OrganizationAggregationSource']['RoleArn'],
|
||||
aws_regions=config_aggregator['OrganizationAggregationSource'].get('AwsRegions'),
|
||||
all_aws_regions=config_aggregator['OrganizationAggregationSource'].get(
|
||||
'AllAwsRegions'))
|
||||
|
||||
# Grab the existing one if it exists and update it:
|
||||
if not self.config_aggregators.get(config_aggregator['ConfigurationAggregatorName']):
|
||||
aggregator = ConfigAggregator(config_aggregator['ConfigurationAggregatorName'], region, account_sources=account_sources,
|
||||
org_source=org_source, tags=tags)
|
||||
self.config_aggregators[config_aggregator['ConfigurationAggregatorName']] = aggregator
|
||||
|
||||
else:
|
||||
aggregator = self.config_aggregators[config_aggregator['ConfigurationAggregatorName']]
|
||||
aggregator.tags = tags
|
||||
aggregator.account_aggregation_sources = account_sources
|
||||
aggregator.organization_aggregation_source = org_source
|
||||
aggregator.last_updated_time = datetime2int(datetime.utcnow())
|
||||
|
||||
return aggregator.to_dict()
|
||||
|
||||
def describe_configuration_aggregators(self, names, token, limit):
|
||||
limit = DEFAULT_PAGE_SIZE if not limit or limit < 0 else limit
|
||||
agg_list = []
|
||||
result = {'ConfigurationAggregators': []}
|
||||
|
||||
if names:
|
||||
for name in names:
|
||||
if not self.config_aggregators.get(name):
|
||||
raise NoSuchConfigurationAggregatorException(number=len(names))
|
||||
|
||||
agg_list.append(name)
|
||||
|
||||
else:
|
||||
agg_list = list(self.config_aggregators.keys())
|
||||
|
||||
# Empty?
|
||||
if not agg_list:
|
||||
return result
|
||||
|
||||
# Sort by name:
|
||||
sorted_aggregators = sorted(agg_list)
|
||||
|
||||
# Get the start:
|
||||
if not token:
|
||||
start = 0
|
||||
else:
|
||||
# Tokens for this moto feature are just the next names of the items in the list:
|
||||
if not self.config_aggregators.get(token):
|
||||
raise InvalidNextTokenException()
|
||||
|
||||
start = sorted_aggregators.index(token)
|
||||
|
||||
# Get the list of items to collect:
|
||||
agg_list = sorted_aggregators[start:(start + limit)]
|
||||
result['ConfigurationAggregators'] = [self.config_aggregators[agg].to_dict() for agg in agg_list]
|
||||
|
||||
if len(sorted_aggregators) > (start + limit):
|
||||
result['NextToken'] = sorted_aggregators[start + limit]
|
||||
|
||||
return result
|
||||
|
||||
def delete_configuration_aggregator(self, config_aggregator):
|
||||
if not self.config_aggregators.get(config_aggregator):
|
||||
raise NoSuchConfigurationAggregatorException()
|
||||
|
||||
del self.config_aggregators[config_aggregator]
|
||||
|
||||
def put_aggregation_authorization(self, current_region, authorized_account, authorized_region, tags):
|
||||
# Tag validation:
|
||||
tags = validate_tags(tags or [])
|
||||
|
||||
# Does this already exist?
|
||||
key = '{}/{}'.format(authorized_account, authorized_region)
|
||||
agg_auth = self.aggregation_authorizations.get(key)
|
||||
if not agg_auth:
|
||||
agg_auth = ConfigAggregationAuthorization(current_region, authorized_account, authorized_region, tags=tags)
|
||||
self.aggregation_authorizations['{}/{}'.format(authorized_account, authorized_region)] = agg_auth
|
||||
else:
|
||||
# Only update the tags:
|
||||
agg_auth.tags = tags
|
||||
|
||||
return agg_auth.to_dict()
|
||||
|
||||
def describe_aggregation_authorizations(self, token, limit):
|
||||
limit = DEFAULT_PAGE_SIZE if not limit or limit < 0 else limit
|
||||
result = {'AggregationAuthorizations': []}
|
||||
|
||||
if not self.aggregation_authorizations:
|
||||
return result
|
||||
|
||||
# Sort by name:
|
||||
sorted_authorizations = sorted(self.aggregation_authorizations.keys())
|
||||
|
||||
# Get the start:
|
||||
if not token:
|
||||
start = 0
|
||||
else:
|
||||
# Tokens for this moto feature are just the next names of the items in the list:
|
||||
if not self.aggregation_authorizations.get(token):
|
||||
raise InvalidNextTokenException()
|
||||
|
||||
start = sorted_authorizations.index(token)
|
||||
|
||||
# Get the list of items to collect:
|
||||
auth_list = sorted_authorizations[start:(start + limit)]
|
||||
result['AggregationAuthorizations'] = [self.aggregation_authorizations[auth].to_dict() for auth in auth_list]
|
||||
|
||||
if len(sorted_authorizations) > (start + limit):
|
||||
result['NextToken'] = sorted_authorizations[start + limit]
|
||||
|
||||
return result
|
||||
|
||||
def delete_aggregation_authorization(self, authorized_account, authorized_region):
|
||||
# This will always return a 200 -- regardless if there is or isn't an existing
|
||||
# aggregation authorization.
|
||||
key = '{}/{}'.format(authorized_account, authorized_region)
|
||||
self.aggregation_authorizations.pop(key, None)
|
||||
|
||||
def put_configuration_recorder(self, config_recorder):
|
||||
# Validate the name:
|
||||
if not config_recorder.get('name'):
|
||||
|
|
|
|||
|
|
@ -13,6 +13,39 @@ class ConfigResponse(BaseResponse):
|
|||
self.config_backend.put_configuration_recorder(self._get_param('ConfigurationRecorder'))
|
||||
return ""
|
||||
|
||||
def put_configuration_aggregator(self):
|
||||
aggregator = self.config_backend.put_configuration_aggregator(json.loads(self.body), self.region)
|
||||
schema = {'ConfigurationAggregator': aggregator}
|
||||
return json.dumps(schema)
|
||||
|
||||
def describe_configuration_aggregators(self):
|
||||
aggregators = self.config_backend.describe_configuration_aggregators(self._get_param('ConfigurationAggregatorNames'),
|
||||
self._get_param('NextToken'),
|
||||
self._get_param('Limit'))
|
||||
return json.dumps(aggregators)
|
||||
|
||||
def delete_configuration_aggregator(self):
|
||||
self.config_backend.delete_configuration_aggregator(self._get_param('ConfigurationAggregatorName'))
|
||||
return ""
|
||||
|
||||
def put_aggregation_authorization(self):
|
||||
agg_auth = self.config_backend.put_aggregation_authorization(self.region,
|
||||
self._get_param('AuthorizedAccountId'),
|
||||
self._get_param('AuthorizedAwsRegion'),
|
||||
self._get_param('Tags'))
|
||||
schema = {'AggregationAuthorization': agg_auth}
|
||||
return json.dumps(schema)
|
||||
|
||||
def describe_aggregation_authorizations(self):
|
||||
authorizations = self.config_backend.describe_aggregation_authorizations(self._get_param('NextToken'), self._get_param('Limit'))
|
||||
|
||||
return json.dumps(authorizations)
|
||||
|
||||
def delete_aggregation_authorization(self):
|
||||
self.config_backend.delete_aggregation_authorization(self._get_param('AuthorizedAccountId'), self._get_param('AuthorizedAwsRegion'))
|
||||
|
||||
return ""
|
||||
|
||||
def describe_configuration_recorders(self):
|
||||
recorders = self.config_backend.describe_configuration_recorders(self._get_param('ConfigurationRecorderNames'))
|
||||
schema = {'ConfigurationRecorders': recorders}
|
||||
|
|
|
|||
|
|
@ -106,7 +106,7 @@ class AssumedRoleAccessKey(object):
|
|||
self._access_key_id = access_key_id
|
||||
self._secret_access_key = assumed_role.secret_access_key
|
||||
self._session_token = assumed_role.session_token
|
||||
self._owner_role_name = assumed_role.arn.split("/")[-1]
|
||||
self._owner_role_name = assumed_role.role_arn.split("/")[-1]
|
||||
self._session_name = assumed_role.session_name
|
||||
if headers["X-Amz-Security-Token"] != self._session_token:
|
||||
raise CreateAccessKeyFailure(reason="InvalidToken")
|
||||
|
|
@ -172,6 +172,8 @@ class IAMRequestBase(object):
|
|||
self._raise_signature_does_not_match()
|
||||
|
||||
def check_action_permitted(self):
|
||||
if self._action == 'sts:GetCallerIdentity': # always allowed, even if there's an explicit Deny for it
|
||||
return True
|
||||
policies = self._access_key.collect_policies()
|
||||
|
||||
permitted = False
|
||||
|
|
|
|||
|
|
@ -318,6 +318,9 @@ class DynamoHandler(BaseResponse):
|
|||
|
||||
for table_name, table_request in table_batches.items():
|
||||
keys = table_request['Keys']
|
||||
if self._contains_duplicates(keys):
|
||||
er = 'com.amazon.coral.validate#ValidationException'
|
||||
return self.error(er, 'Provided list of item keys contains duplicates')
|
||||
attributes_to_get = table_request.get('AttributesToGet')
|
||||
results["Responses"][table_name] = []
|
||||
for key in keys:
|
||||
|
|
@ -333,6 +336,15 @@ class DynamoHandler(BaseResponse):
|
|||
})
|
||||
return dynamo_json_dump(results)
|
||||
|
||||
def _contains_duplicates(self, keys):
|
||||
unique_keys = []
|
||||
for k in keys:
|
||||
if k in unique_keys:
|
||||
return True
|
||||
else:
|
||||
unique_keys.append(k)
|
||||
return False
|
||||
|
||||
def query(self):
|
||||
name = self.body['TableName']
|
||||
# {u'KeyConditionExpression': u'#n0 = :v0', u'ExpressionAttributeValues': {u':v0': {u'S': u'johndoe'}}, u'ExpressionAttributeNames': {u'#n0': u'username'}}
|
||||
|
|
@ -600,7 +612,7 @@ class DynamoHandler(BaseResponse):
|
|||
# E.g. `a = b + c` -> `a=b+c`
|
||||
if update_expression:
|
||||
update_expression = re.sub(
|
||||
'\s*([=\+-])\s*', '\\1', update_expression)
|
||||
r'\s*([=\+-])\s*', '\\1', update_expression)
|
||||
|
||||
try:
|
||||
item = self.dynamodb_backend.update_item(
|
||||
|
|
|
|||
|
|
@ -523,3 +523,11 @@ class OperationNotPermitted3(EC2ClientError):
|
|||
pcx_id,
|
||||
acceptor_region)
|
||||
)
|
||||
|
||||
|
||||
class InvalidLaunchTemplateNameError(EC2ClientError):
|
||||
def __init__(self):
|
||||
super(InvalidLaunchTemplateNameError, self).__init__(
|
||||
"InvalidLaunchTemplateName.AlreadyExistsException",
|
||||
"Launch template name already in use."
|
||||
)
|
||||
|
|
|
|||
|
|
@ -20,7 +20,6 @@ from boto.ec2.blockdevicemapping import BlockDeviceMapping, BlockDeviceType
|
|||
from boto.ec2.spotinstancerequest import SpotInstanceRequest as BotoSpotRequest
|
||||
from boto.ec2.launchspecification import LaunchSpecification
|
||||
|
||||
|
||||
from moto.compat import OrderedDict
|
||||
from moto.core import BaseBackend
|
||||
from moto.core.models import Model, BaseModel
|
||||
|
|
@ -49,6 +48,7 @@ from .exceptions import (
|
|||
InvalidKeyPairDuplicateError,
|
||||
InvalidKeyPairFormatError,
|
||||
InvalidKeyPairNameError,
|
||||
InvalidLaunchTemplateNameError,
|
||||
InvalidNetworkAclIdError,
|
||||
InvalidNetworkAttachmentIdError,
|
||||
InvalidNetworkInterfaceIdError,
|
||||
|
|
@ -98,6 +98,7 @@ from .utils import (
|
|||
random_internet_gateway_id,
|
||||
random_ip,
|
||||
random_ipv6_cidr,
|
||||
random_launch_template_id,
|
||||
random_nat_gateway_id,
|
||||
random_key_pair,
|
||||
random_private_ip,
|
||||
|
|
@ -4113,6 +4114,92 @@ class NatGatewayBackend(object):
|
|||
return self.nat_gateways.pop(nat_gateway_id)
|
||||
|
||||
|
||||
class LaunchTemplateVersion(object):
|
||||
def __init__(self, template, number, data, description):
|
||||
self.template = template
|
||||
self.number = number
|
||||
self.data = data
|
||||
self.description = description
|
||||
self.create_time = utc_date_and_time()
|
||||
|
||||
|
||||
class LaunchTemplate(TaggedEC2Resource):
|
||||
def __init__(self, backend, name, template_data, version_description):
|
||||
self.ec2_backend = backend
|
||||
self.name = name
|
||||
self.id = random_launch_template_id()
|
||||
self.create_time = utc_date_and_time()
|
||||
|
||||
self.versions = []
|
||||
self.create_version(template_data, version_description)
|
||||
self.default_version_number = 1
|
||||
|
||||
def create_version(self, data, description):
|
||||
num = len(self.versions) + 1
|
||||
version = LaunchTemplateVersion(self, num, data, description)
|
||||
self.versions.append(version)
|
||||
return version
|
||||
|
||||
def is_default(self, version):
|
||||
return self.default_version == version.number
|
||||
|
||||
def get_version(self, num):
|
||||
return self.versions[num - 1]
|
||||
|
||||
def default_version(self):
|
||||
return self.versions[self.default_version_number - 1]
|
||||
|
||||
def latest_version(self):
|
||||
return self.versions[-1]
|
||||
|
||||
@property
|
||||
def latest_version_number(self):
|
||||
return self.latest_version().number
|
||||
|
||||
def get_filter_value(self, filter_name):
|
||||
if filter_name == 'launch-template-name':
|
||||
return self.name
|
||||
else:
|
||||
return super(LaunchTemplate, self).get_filter_value(
|
||||
filter_name, "DescribeLaunchTemplates")
|
||||
|
||||
|
||||
class LaunchTemplateBackend(object):
|
||||
def __init__(self):
|
||||
self.launch_template_name_to_ids = {}
|
||||
self.launch_templates = OrderedDict()
|
||||
self.launch_template_insert_order = []
|
||||
super(LaunchTemplateBackend, self).__init__()
|
||||
|
||||
def create_launch_template(self, name, description, template_data):
|
||||
if name in self.launch_template_name_to_ids:
|
||||
raise InvalidLaunchTemplateNameError()
|
||||
template = LaunchTemplate(self, name, template_data, description)
|
||||
self.launch_templates[template.id] = template
|
||||
self.launch_template_name_to_ids[template.name] = template.id
|
||||
self.launch_template_insert_order.append(template.id)
|
||||
return template
|
||||
|
||||
def get_launch_template(self, template_id):
|
||||
return self.launch_templates[template_id]
|
||||
|
||||
def get_launch_template_by_name(self, name):
|
||||
return self.get_launch_template(self.launch_template_name_to_ids[name])
|
||||
|
||||
def get_launch_templates(self, template_names=None, template_ids=None, filters=None):
|
||||
if template_names and not template_ids:
|
||||
template_ids = []
|
||||
for name in template_names:
|
||||
template_ids.append(self.launch_template_name_to_ids[name])
|
||||
|
||||
if template_ids:
|
||||
templates = [self.launch_templates[tid] for tid in template_ids]
|
||||
else:
|
||||
templates = list(self.launch_templates.values())
|
||||
|
||||
return generic_filter(filters, templates)
|
||||
|
||||
|
||||
class EC2Backend(BaseBackend, InstanceBackend, TagBackend, EBSBackend,
|
||||
RegionsAndZonesBackend, SecurityGroupBackend, AmiBackend,
|
||||
VPCBackend, SubnetBackend, SubnetRouteTableAssociationBackend,
|
||||
|
|
@ -4122,7 +4209,7 @@ class EC2Backend(BaseBackend, InstanceBackend, TagBackend, EBSBackend,
|
|||
VPCGatewayAttachmentBackend, SpotFleetBackend,
|
||||
SpotRequestBackend, ElasticAddressBackend, KeyPairBackend,
|
||||
DHCPOptionsSetBackend, NetworkAclBackend, VpnGatewayBackend,
|
||||
CustomerGatewayBackend, NatGatewayBackend):
|
||||
CustomerGatewayBackend, NatGatewayBackend, LaunchTemplateBackend):
|
||||
def __init__(self, region_name):
|
||||
self.region_name = region_name
|
||||
super(EC2Backend, self).__init__()
|
||||
|
|
@ -4177,6 +4264,8 @@ class EC2Backend(BaseBackend, InstanceBackend, TagBackend, EBSBackend,
|
|||
elif resource_prefix == EC2_RESOURCE_TO_PREFIX['internet-gateway']:
|
||||
self.describe_internet_gateways(
|
||||
internet_gateway_ids=[resource_id])
|
||||
elif resource_prefix == EC2_RESOURCE_TO_PREFIX['launch-template']:
|
||||
self.get_launch_template(resource_id)
|
||||
elif resource_prefix == EC2_RESOURCE_TO_PREFIX['network-acl']:
|
||||
self.get_all_network_acls()
|
||||
elif resource_prefix == EC2_RESOURCE_TO_PREFIX['network-interface']:
|
||||
|
|
|
|||
|
|
@ -14,6 +14,7 @@ from .instances import InstanceResponse
|
|||
from .internet_gateways import InternetGateways
|
||||
from .ip_addresses import IPAddresses
|
||||
from .key_pairs import KeyPairs
|
||||
from .launch_templates import LaunchTemplates
|
||||
from .monitoring import Monitoring
|
||||
from .network_acls import NetworkACLs
|
||||
from .placement_groups import PlacementGroups
|
||||
|
|
@ -49,6 +50,7 @@ class EC2Response(
|
|||
InternetGateways,
|
||||
IPAddresses,
|
||||
KeyPairs,
|
||||
LaunchTemplates,
|
||||
Monitoring,
|
||||
NetworkACLs,
|
||||
PlacementGroups,
|
||||
|
|
|
|||
252
moto/ec2/responses/launch_templates.py
Normal file
252
moto/ec2/responses/launch_templates.py
Normal file
|
|
@ -0,0 +1,252 @@
|
|||
import six
|
||||
import uuid
|
||||
from moto.core.responses import BaseResponse
|
||||
from moto.ec2.models import OWNER_ID
|
||||
from moto.ec2.exceptions import FilterNotImplementedError
|
||||
from moto.ec2.utils import filters_from_querystring
|
||||
|
||||
from xml.etree import ElementTree
|
||||
from xml.dom import minidom
|
||||
|
||||
|
||||
def xml_root(name):
|
||||
root = ElementTree.Element(name, {
|
||||
"xmlns": "http://ec2.amazonaws.com/doc/2016-11-15/"
|
||||
})
|
||||
request_id = str(uuid.uuid4()) + "example"
|
||||
ElementTree.SubElement(root, "requestId").text = request_id
|
||||
|
||||
return root
|
||||
|
||||
|
||||
def xml_serialize(tree, key, value):
|
||||
name = key[0].lower() + key[1:]
|
||||
if isinstance(value, list):
|
||||
if name[-1] == 's':
|
||||
name = name[:-1]
|
||||
|
||||
name = name + 'Set'
|
||||
|
||||
node = ElementTree.SubElement(tree, name)
|
||||
|
||||
if isinstance(value, (str, int, float, six.text_type)):
|
||||
node.text = str(value)
|
||||
elif isinstance(value, dict):
|
||||
for dictkey, dictvalue in six.iteritems(value):
|
||||
xml_serialize(node, dictkey, dictvalue)
|
||||
elif isinstance(value, list):
|
||||
for item in value:
|
||||
xml_serialize(node, 'item', item)
|
||||
elif value is None:
|
||||
pass
|
||||
else:
|
||||
raise NotImplementedError("Don't know how to serialize \"{}\" to xml".format(value.__class__))
|
||||
|
||||
|
||||
def pretty_xml(tree):
|
||||
rough = ElementTree.tostring(tree, 'utf-8')
|
||||
parsed = minidom.parseString(rough)
|
||||
return parsed.toprettyxml(indent=' ')
|
||||
|
||||
|
||||
def parse_object(raw_data):
|
||||
out_data = {}
|
||||
for key, value in six.iteritems(raw_data):
|
||||
key_fix_splits = key.split("_")
|
||||
key_len = len(key_fix_splits)
|
||||
|
||||
new_key = ""
|
||||
for i in range(0, key_len):
|
||||
new_key += key_fix_splits[i][0].upper() + key_fix_splits[i][1:]
|
||||
|
||||
data = out_data
|
||||
splits = new_key.split(".")
|
||||
for split in splits[:-1]:
|
||||
if split not in data:
|
||||
data[split] = {}
|
||||
data = data[split]
|
||||
|
||||
data[splits[-1]] = value
|
||||
|
||||
out_data = parse_lists(out_data)
|
||||
return out_data
|
||||
|
||||
|
||||
def parse_lists(data):
|
||||
for key, value in six.iteritems(data):
|
||||
if isinstance(value, dict):
|
||||
keys = data[key].keys()
|
||||
is_list = all(map(lambda k: k.isnumeric(), keys))
|
||||
|
||||
if is_list:
|
||||
new_value = []
|
||||
keys = sorted(list(keys))
|
||||
for k in keys:
|
||||
lvalue = value[k]
|
||||
if isinstance(lvalue, dict):
|
||||
lvalue = parse_lists(lvalue)
|
||||
new_value.append(lvalue)
|
||||
data[key] = new_value
|
||||
return data
|
||||
|
||||
|
||||
class LaunchTemplates(BaseResponse):
|
||||
def create_launch_template(self):
|
||||
name = self._get_param('LaunchTemplateName')
|
||||
version_description = self._get_param('VersionDescription')
|
||||
tag_spec = self._parse_tag_specification("TagSpecification")
|
||||
|
||||
raw_template_data = self._get_dict_param('LaunchTemplateData.')
|
||||
parsed_template_data = parse_object(raw_template_data)
|
||||
|
||||
if self.is_not_dryrun('CreateLaunchTemplate'):
|
||||
if tag_spec:
|
||||
if 'TagSpecifications' not in parsed_template_data:
|
||||
parsed_template_data['TagSpecifications'] = []
|
||||
converted_tag_spec = []
|
||||
for resource_type, tags in six.iteritems(tag_spec):
|
||||
converted_tag_spec.append({
|
||||
"ResourceType": resource_type,
|
||||
"Tags": [{"Key": key, "Value": value} for key, value in six.iteritems(tags)],
|
||||
})
|
||||
|
||||
parsed_template_data['TagSpecifications'].extend(converted_tag_spec)
|
||||
|
||||
template = self.ec2_backend.create_launch_template(name, version_description, parsed_template_data)
|
||||
version = template.default_version()
|
||||
|
||||
tree = xml_root("CreateLaunchTemplateResponse")
|
||||
xml_serialize(tree, "launchTemplate", {
|
||||
"createTime": version.create_time,
|
||||
"createdBy": "arn:aws:iam::{OWNER_ID}:root".format(OWNER_ID=OWNER_ID),
|
||||
"defaultVersionNumber": template.default_version_number,
|
||||
"latestVersionNumber": version.number,
|
||||
"launchTemplateId": template.id,
|
||||
"launchTemplateName": template.name
|
||||
})
|
||||
|
||||
return pretty_xml(tree)
|
||||
|
||||
def create_launch_template_version(self):
|
||||
name = self._get_param('LaunchTemplateName')
|
||||
tmpl_id = self._get_param('LaunchTemplateId')
|
||||
if name:
|
||||
template = self.ec2_backend.get_launch_template_by_name(name)
|
||||
if tmpl_id:
|
||||
template = self.ec2_backend.get_launch_template(tmpl_id)
|
||||
|
||||
version_description = self._get_param('VersionDescription')
|
||||
|
||||
raw_template_data = self._get_dict_param('LaunchTemplateData.')
|
||||
template_data = parse_object(raw_template_data)
|
||||
|
||||
if self.is_not_dryrun('CreateLaunchTemplate'):
|
||||
version = template.create_version(template_data, version_description)
|
||||
|
||||
tree = xml_root("CreateLaunchTemplateVersionResponse")
|
||||
xml_serialize(tree, "launchTemplateVersion", {
|
||||
"createTime": version.create_time,
|
||||
"createdBy": "arn:aws:iam::{OWNER_ID}:root".format(OWNER_ID=OWNER_ID),
|
||||
"defaultVersion": template.is_default(version),
|
||||
"launchTemplateData": version.data,
|
||||
"launchTemplateId": template.id,
|
||||
"launchTemplateName": template.name,
|
||||
"versionDescription": version.description,
|
||||
"versionNumber": version.number,
|
||||
})
|
||||
return pretty_xml(tree)
|
||||
|
||||
# def delete_launch_template(self):
|
||||
# pass
|
||||
|
||||
# def delete_launch_template_versions(self):
|
||||
# pass
|
||||
|
||||
def describe_launch_template_versions(self):
|
||||
name = self._get_param('LaunchTemplateName')
|
||||
template_id = self._get_param('LaunchTemplateId')
|
||||
if name:
|
||||
template = self.ec2_backend.get_launch_template_by_name(name)
|
||||
if template_id:
|
||||
template = self.ec2_backend.get_launch_template(template_id)
|
||||
|
||||
max_results = self._get_int_param("MaxResults", 15)
|
||||
versions = self._get_multi_param("LaunchTemplateVersion")
|
||||
min_version = self._get_int_param("MinVersion")
|
||||
max_version = self._get_int_param("MaxVersion")
|
||||
|
||||
filters = filters_from_querystring(self.querystring)
|
||||
if filters:
|
||||
raise FilterNotImplementedError("all filters", "DescribeLaunchTemplateVersions")
|
||||
|
||||
if self.is_not_dryrun('DescribeLaunchTemplateVersions'):
|
||||
tree = ElementTree.Element("DescribeLaunchTemplateVersionsResponse", {
|
||||
"xmlns": "http://ec2.amazonaws.com/doc/2016-11-15/",
|
||||
})
|
||||
request_id = ElementTree.SubElement(tree, "requestId")
|
||||
request_id.text = "65cadec1-b364-4354-8ca8-4176dexample"
|
||||
|
||||
versions_node = ElementTree.SubElement(tree, "launchTemplateVersionSet")
|
||||
|
||||
ret_versions = []
|
||||
if versions:
|
||||
for v in versions:
|
||||
ret_versions.append(template.get_version(int(v)))
|
||||
elif min_version:
|
||||
if max_version:
|
||||
vMax = max_version
|
||||
else:
|
||||
vMax = min_version + max_results
|
||||
|
||||
vMin = min_version - 1
|
||||
ret_versions = template.versions[vMin:vMax]
|
||||
elif max_version:
|
||||
vMax = max_version
|
||||
ret_versions = template.versions[:vMax]
|
||||
else:
|
||||
ret_versions = template.versions
|
||||
|
||||
ret_versions = ret_versions[:max_results]
|
||||
|
||||
for version in ret_versions:
|
||||
xml_serialize(versions_node, "item", {
|
||||
"createTime": version.create_time,
|
||||
"createdBy": "arn:aws:iam::{OWNER_ID}:root".format(OWNER_ID=OWNER_ID),
|
||||
"defaultVersion": True,
|
||||
"launchTemplateData": version.data,
|
||||
"launchTemplateId": template.id,
|
||||
"launchTemplateName": template.name,
|
||||
"versionDescription": version.description,
|
||||
"versionNumber": version.number,
|
||||
})
|
||||
|
||||
return pretty_xml(tree)
|
||||
|
||||
def describe_launch_templates(self):
|
||||
max_results = self._get_int_param("MaxResults", 15)
|
||||
template_names = self._get_multi_param("LaunchTemplateName")
|
||||
template_ids = self._get_multi_param("LaunchTemplateId")
|
||||
filters = filters_from_querystring(self.querystring)
|
||||
|
||||
if self.is_not_dryrun("DescribeLaunchTemplates"):
|
||||
tree = ElementTree.Element("DescribeLaunchTemplatesResponse")
|
||||
templates_node = ElementTree.SubElement(tree, "launchTemplates")
|
||||
|
||||
templates = self.ec2_backend.get_launch_templates(template_names=template_names, template_ids=template_ids, filters=filters)
|
||||
|
||||
templates = templates[:max_results]
|
||||
|
||||
for template in templates:
|
||||
xml_serialize(templates_node, "item", {
|
||||
"createTime": template.create_time,
|
||||
"createdBy": "arn:aws:iam::{OWNER_ID}:root".format(OWNER_ID=OWNER_ID),
|
||||
"defaultVersionNumber": template.default_version_number,
|
||||
"latestVersionNumber": template.latest_version_number,
|
||||
"launchTemplateId": template.id,
|
||||
"launchTemplateName": template.name,
|
||||
})
|
||||
|
||||
return pretty_xml(tree)
|
||||
|
||||
# def modify_launch_template(self):
|
||||
# pass
|
||||
|
|
@ -20,6 +20,7 @@ EC2_RESOURCE_TO_PREFIX = {
|
|||
'image': 'ami',
|
||||
'instance': 'i',
|
||||
'internet-gateway': 'igw',
|
||||
'launch-template': 'lt',
|
||||
'nat-gateway': 'nat',
|
||||
'network-acl': 'acl',
|
||||
'network-acl-subnet-assoc': 'aclassoc',
|
||||
|
|
@ -161,6 +162,10 @@ def random_nat_gateway_id():
|
|||
return random_id(prefix=EC2_RESOURCE_TO_PREFIX['nat-gateway'], size=17)
|
||||
|
||||
|
||||
def random_launch_template_id():
|
||||
return random_id(prefix=EC2_RESOURCE_TO_PREFIX['launch-template'], size=17)
|
||||
|
||||
|
||||
def random_public_ip():
|
||||
return '54.214.{0}.{1}'.format(random.choice(range(255)),
|
||||
random.choice(range(255)))
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ import boto3
|
|||
import pytz
|
||||
from moto.core.exceptions import JsonRESTError
|
||||
from moto.core import BaseBackend, BaseModel
|
||||
from moto.core.utils import unix_time
|
||||
from moto.ec2 import ec2_backends
|
||||
from copy import copy
|
||||
|
||||
|
|
@ -231,9 +232,9 @@ class Service(BaseObject):
|
|||
|
||||
for deployment in response_object['deployments']:
|
||||
if isinstance(deployment['createdAt'], datetime):
|
||||
deployment['createdAt'] = deployment['createdAt'].isoformat()
|
||||
deployment['createdAt'] = unix_time(deployment['createdAt'].replace(tzinfo=None))
|
||||
if isinstance(deployment['updatedAt'], datetime):
|
||||
deployment['updatedAt'] = deployment['updatedAt'].isoformat()
|
||||
deployment['updatedAt'] = unix_time(deployment['updatedAt'].replace(tzinfo=None))
|
||||
|
||||
return response_object
|
||||
|
||||
|
|
|
|||
|
|
@ -2,9 +2,11 @@ from __future__ import unicode_literals
|
|||
|
||||
import datetime
|
||||
import re
|
||||
from jinja2 import Template
|
||||
from moto.compat import OrderedDict
|
||||
from moto.core.exceptions import RESTError
|
||||
from moto.core import BaseBackend, BaseModel
|
||||
from moto.core.utils import camelcase_to_underscores
|
||||
from moto.ec2.models import ec2_backends
|
||||
from moto.acm.models import acm_backends
|
||||
from .utils import make_arn_for_target_group
|
||||
|
|
@ -213,13 +215,12 @@ class FakeListener(BaseModel):
|
|||
action_type = action['Type']
|
||||
if action_type == 'forward':
|
||||
default_actions.append({'type': action_type, 'target_group_arn': action['TargetGroupArn']})
|
||||
elif action_type == 'redirect':
|
||||
redirect_action = {'type': action_type, }
|
||||
for redirect_config_key, redirect_config_value in action['RedirectConfig'].items():
|
||||
elif action_type in ['redirect', 'authenticate-cognito']:
|
||||
redirect_action = {'type': action_type}
|
||||
key = 'RedirectConfig' if action_type == 'redirect' else 'AuthenticateCognitoConfig'
|
||||
for redirect_config_key, redirect_config_value in action[key].items():
|
||||
# need to match the output of _get_list_prefix
|
||||
if redirect_config_key == 'StatusCode':
|
||||
redirect_config_key = 'status_code'
|
||||
redirect_action['redirect_config._' + redirect_config_key.lower()] = redirect_config_value
|
||||
redirect_action[camelcase_to_underscores(key) + '._' + camelcase_to_underscores(redirect_config_key)] = redirect_config_value
|
||||
default_actions.append(redirect_action)
|
||||
else:
|
||||
raise InvalidActionTypeError(action_type, i + 1)
|
||||
|
|
@ -231,6 +232,32 @@ class FakeListener(BaseModel):
|
|||
return listener
|
||||
|
||||
|
||||
class FakeAction(BaseModel):
|
||||
def __init__(self, data):
|
||||
self.data = data
|
||||
self.type = data.get("type")
|
||||
|
||||
def to_xml(self):
|
||||
template = Template("""<Type>{{ action.type }}</Type>
|
||||
{% if action.type == "forward" %}
|
||||
<TargetGroupArn>{{ action.data["target_group_arn"] }}</TargetGroupArn>
|
||||
{% elif action.type == "redirect" %}
|
||||
<RedirectConfig>
|
||||
<Protocol>{{ action.data["redirect_config._protocol"] }}</Protocol>
|
||||
<Port>{{ action.data["redirect_config._port"] }}</Port>
|
||||
<StatusCode>{{ action.data["redirect_config._status_code"] }}</StatusCode>
|
||||
</RedirectConfig>
|
||||
{% elif action.type == "authenticate-cognito" %}
|
||||
<AuthenticateCognitoConfig>
|
||||
<UserPoolArn>{{ action.data["authenticate_cognito_config._user_pool_arn"] }}</UserPoolArn>
|
||||
<UserPoolClientId>{{ action.data["authenticate_cognito_config._user_pool_client_id"] }}</UserPoolClientId>
|
||||
<UserPoolDomain>{{ action.data["authenticate_cognito_config._user_pool_domain"] }}</UserPoolDomain>
|
||||
</AuthenticateCognitoConfig>
|
||||
{% endif %}
|
||||
""")
|
||||
return template.render(action=self)
|
||||
|
||||
|
||||
class FakeRule(BaseModel):
|
||||
|
||||
def __init__(self, listener_arn, conditions, priority, actions, is_default):
|
||||
|
|
@ -402,6 +429,7 @@ class ELBv2Backend(BaseBackend):
|
|||
return new_load_balancer
|
||||
|
||||
def create_rule(self, listener_arn, conditions, priority, actions):
|
||||
actions = [FakeAction(action) for action in actions]
|
||||
listeners = self.describe_listeners(None, [listener_arn])
|
||||
if not listeners:
|
||||
raise ListenerNotFoundError()
|
||||
|
|
@ -429,20 +457,7 @@ class ELBv2Backend(BaseBackend):
|
|||
if rule.priority == priority:
|
||||
raise PriorityInUseError()
|
||||
|
||||
# validate Actions
|
||||
target_group_arns = [target_group.arn for target_group in self.target_groups.values()]
|
||||
for i, action in enumerate(actions):
|
||||
index = i + 1
|
||||
action_type = action['type']
|
||||
if action_type == 'forward':
|
||||
action_target_group_arn = action['target_group_arn']
|
||||
if action_target_group_arn not in target_group_arns:
|
||||
raise ActionTargetGroupNotFoundError(action_target_group_arn)
|
||||
elif action_type == 'redirect':
|
||||
# nothing to do
|
||||
pass
|
||||
else:
|
||||
raise InvalidActionTypeError(action_type, index)
|
||||
self._validate_actions(actions)
|
||||
|
||||
# TODO: check for error 'TooManyRegistrationsForTargetId'
|
||||
# TODO: check for error 'TooManyRules'
|
||||
|
|
@ -452,6 +467,21 @@ class ELBv2Backend(BaseBackend):
|
|||
listener.register(rule)
|
||||
return [rule]
|
||||
|
||||
def _validate_actions(self, actions):
|
||||
# validate Actions
|
||||
target_group_arns = [target_group.arn for target_group in self.target_groups.values()]
|
||||
for i, action in enumerate(actions):
|
||||
index = i + 1
|
||||
action_type = action.type
|
||||
if action_type == 'forward':
|
||||
action_target_group_arn = action.data['target_group_arn']
|
||||
if action_target_group_arn not in target_group_arns:
|
||||
raise ActionTargetGroupNotFoundError(action_target_group_arn)
|
||||
elif action_type in ['redirect', 'authenticate-cognito']:
|
||||
pass
|
||||
else:
|
||||
raise InvalidActionTypeError(action_type, index)
|
||||
|
||||
def create_target_group(self, name, **kwargs):
|
||||
if len(name) > 32:
|
||||
raise InvalidTargetGroupNameError(
|
||||
|
|
@ -495,26 +525,22 @@ class ELBv2Backend(BaseBackend):
|
|||
return target_group
|
||||
|
||||
def create_listener(self, load_balancer_arn, protocol, port, ssl_policy, certificate, default_actions):
|
||||
default_actions = [FakeAction(action) for action in default_actions]
|
||||
balancer = self.load_balancers.get(load_balancer_arn)
|
||||
if balancer is None:
|
||||
raise LoadBalancerNotFoundError()
|
||||
if port in balancer.listeners:
|
||||
raise DuplicateListenerError()
|
||||
|
||||
self._validate_actions(default_actions)
|
||||
|
||||
arn = load_balancer_arn.replace(':loadbalancer/', ':listener/') + "/%s%s" % (port, id(self))
|
||||
listener = FakeListener(load_balancer_arn, arn, protocol, port, ssl_policy, certificate, default_actions)
|
||||
balancer.listeners[listener.arn] = listener
|
||||
for i, action in enumerate(default_actions):
|
||||
action_type = action['type']
|
||||
if action_type == 'forward':
|
||||
if action['target_group_arn'] in self.target_groups.keys():
|
||||
target_group = self.target_groups[action['target_group_arn']]
|
||||
target_group.load_balancer_arns.append(load_balancer_arn)
|
||||
elif action_type == 'redirect':
|
||||
# nothing to do
|
||||
pass
|
||||
else:
|
||||
raise InvalidActionTypeError(action_type, i + 1)
|
||||
for action in default_actions:
|
||||
if action.type == 'forward':
|
||||
target_group = self.target_groups[action.data['target_group_arn']]
|
||||
target_group.load_balancer_arns.append(load_balancer_arn)
|
||||
|
||||
return listener
|
||||
|
||||
|
|
@ -648,6 +674,7 @@ class ELBv2Backend(BaseBackend):
|
|||
raise ListenerNotFoundError()
|
||||
|
||||
def modify_rule(self, rule_arn, conditions, actions):
|
||||
actions = [FakeAction(action) for action in actions]
|
||||
# if conditions or actions is empty list, do not update the attributes
|
||||
if not conditions and not actions:
|
||||
raise InvalidModifyRuleArgumentsError()
|
||||
|
|
@ -673,20 +700,7 @@ class ELBv2Backend(BaseBackend):
|
|||
# TODO: check pattern of value for 'path-pattern'
|
||||
|
||||
# validate Actions
|
||||
target_group_arns = [target_group.arn for target_group in self.target_groups.values()]
|
||||
if actions:
|
||||
for i, action in enumerate(actions):
|
||||
index = i + 1
|
||||
action_type = action['type']
|
||||
if action_type == 'forward':
|
||||
action_target_group_arn = action['target_group_arn']
|
||||
if action_target_group_arn not in target_group_arns:
|
||||
raise ActionTargetGroupNotFoundError(action_target_group_arn)
|
||||
elif action_type == 'redirect':
|
||||
# nothing to do
|
||||
pass
|
||||
else:
|
||||
raise InvalidActionTypeError(action_type, index)
|
||||
self._validate_actions(actions)
|
||||
|
||||
# TODO: check for error 'TooManyRegistrationsForTargetId'
|
||||
# TODO: check for error 'TooManyRules'
|
||||
|
|
@ -851,6 +865,7 @@ class ELBv2Backend(BaseBackend):
|
|||
return target_group
|
||||
|
||||
def modify_listener(self, arn, port=None, protocol=None, ssl_policy=None, certificates=None, default_actions=None):
|
||||
default_actions = [FakeAction(action) for action in default_actions]
|
||||
for load_balancer in self.load_balancers.values():
|
||||
if arn in load_balancer.listeners:
|
||||
break
|
||||
|
|
@ -917,7 +932,7 @@ class ELBv2Backend(BaseBackend):
|
|||
for listener in load_balancer.listeners.values():
|
||||
for rule in listener.rules:
|
||||
for action in rule.actions:
|
||||
if action.get('target_group_arn') == target_group_arn:
|
||||
if action.data.get('target_group_arn') == target_group_arn:
|
||||
return True
|
||||
return False
|
||||
|
||||
|
|
|
|||
|
|
@ -775,16 +775,7 @@ CREATE_LISTENER_TEMPLATE = """<CreateListenerResponse xmlns="http://elasticloadb
|
|||
<DefaultActions>
|
||||
{% for action in listener.default_actions %}
|
||||
<member>
|
||||
<Type>{{ action.type }}</Type>
|
||||
{% if action["type"] == "forward" %}
|
||||
<TargetGroupArn>{{ action["target_group_arn"] }}</TargetGroupArn>
|
||||
{% elif action["type"] == "redirect" %}
|
||||
<RedirectConfig>
|
||||
<Protocol>{{ action["redirect_config._protocol"] }}</Protocol>
|
||||
<Port>{{ action["redirect_config._port"] }}</Port>
|
||||
<StatusCode>{{ action["redirect_config._status_code"] }}</StatusCode>
|
||||
</RedirectConfig>
|
||||
{% endif %}
|
||||
{{ action.to_xml() }}
|
||||
</member>
|
||||
{% endfor %}
|
||||
</DefaultActions>
|
||||
|
|
@ -888,16 +879,7 @@ DESCRIBE_RULES_TEMPLATE = """<DescribeRulesResponse xmlns="http://elasticloadbal
|
|||
<Actions>
|
||||
{% for action in rule.actions %}
|
||||
<member>
|
||||
<Type>{{ action["type"] }}</Type>
|
||||
{% if action["type"] == "forward" %}
|
||||
<TargetGroupArn>{{ action["target_group_arn"] }}</TargetGroupArn>
|
||||
{% elif action["type"] == "redirect" %}
|
||||
<RedirectConfig>
|
||||
<Protocol>{{ action["redirect_config._protocol"] }}</Protocol>
|
||||
<Port>{{ action["redirect_config._port"] }}</Port>
|
||||
<StatusCode>{{ action["redirect_config._status_code"] }}</StatusCode>
|
||||
</RedirectConfig>
|
||||
{% endif %}
|
||||
{{ action.to_xml() }}
|
||||
</member>
|
||||
{% endfor %}
|
||||
</Actions>
|
||||
|
|
@ -989,16 +971,7 @@ DESCRIBE_LISTENERS_TEMPLATE = """<DescribeLoadBalancersResponse xmlns="http://el
|
|||
<DefaultActions>
|
||||
{% for action in listener.default_actions %}
|
||||
<member>
|
||||
<Type>{{ action.type }}</Type>
|
||||
{% if action["type"] == "forward" %}
|
||||
<TargetGroupArn>{{ action["target_group_arn"] }}</TargetGroupArn>m
|
||||
{% elif action["type"] == "redirect" %}
|
||||
<RedirectConfig>
|
||||
<Protocol>{{ action["redirect_config._protocol"] }}</Protocol>
|
||||
<Port>{{ action["redirect_config._port"] }}</Port>
|
||||
<StatusCode>{{ action["redirect_config._status_code"] }}</StatusCode>
|
||||
</RedirectConfig>
|
||||
{% endif %}
|
||||
{{ action.to_xml() }}
|
||||
</member>
|
||||
{% endfor %}
|
||||
</DefaultActions>
|
||||
|
|
@ -1048,8 +1021,7 @@ MODIFY_RULE_TEMPLATE = """<ModifyRuleResponse xmlns="http://elasticloadbalancing
|
|||
<Actions>
|
||||
{% for action in rule.actions %}
|
||||
<member>
|
||||
<Type>{{ action["type"] }}</Type>
|
||||
<TargetGroupArn>{{ action["target_group_arn"] }}</TargetGroupArn>
|
||||
{{ action.to_xml() }}
|
||||
</member>
|
||||
{% endfor %}
|
||||
</Actions>
|
||||
|
|
@ -1432,16 +1404,7 @@ MODIFY_LISTENER_TEMPLATE = """<ModifyListenerResponse xmlns="http://elasticloadb
|
|||
<DefaultActions>
|
||||
{% for action in listener.default_actions %}
|
||||
<member>
|
||||
<Type>{{ action.type }}</Type>
|
||||
{% if action["type"] == "forward" %}
|
||||
<TargetGroupArn>{{ action["target_group_arn"] }}</TargetGroupArn>
|
||||
{% elif action["type"] == "redirect" %}
|
||||
<RedirectConfig>
|
||||
<Protocol>{{ action["redirect_config._protocol"] }}</Protocol>
|
||||
<Port>{{ action["redirect_config._port"] }}</Port>
|
||||
<StatusCode>{{ action["redirect_config._status_code"] }}</StatusCode>
|
||||
</RedirectConfig>
|
||||
{% endif %}
|
||||
{{ action.to_xml() }}
|
||||
</member>
|
||||
{% endfor %}
|
||||
</DefaultActions>
|
||||
|
|
|
|||
|
|
@ -161,7 +161,7 @@ class InlinePolicy(Policy):
|
|||
|
||||
class Role(BaseModel):
|
||||
|
||||
def __init__(self, role_id, name, assume_role_policy_document, path, permissions_boundary):
|
||||
def __init__(self, role_id, name, assume_role_policy_document, path, permissions_boundary, description, tags):
|
||||
self.id = role_id
|
||||
self.name = name
|
||||
self.assume_role_policy_document = assume_role_policy_document
|
||||
|
|
@ -169,8 +169,8 @@ class Role(BaseModel):
|
|||
self.policies = {}
|
||||
self.managed_policies = {}
|
||||
self.create_date = datetime.utcnow()
|
||||
self.tags = {}
|
||||
self.description = ""
|
||||
self.tags = tags
|
||||
self.description = description
|
||||
self.permissions_boundary = permissions_boundary
|
||||
|
||||
@property
|
||||
|
|
@ -185,7 +185,9 @@ class Role(BaseModel):
|
|||
role_name=resource_name,
|
||||
assume_role_policy_document=properties['AssumeRolePolicyDocument'],
|
||||
path=properties.get('Path', '/'),
|
||||
permissions_boundary=properties.get('PermissionsBoundary', '')
|
||||
permissions_boundary=properties.get('PermissionsBoundary', ''),
|
||||
description=properties.get('Description', ''),
|
||||
tags=properties.get('Tags', {})
|
||||
)
|
||||
|
||||
policies = properties.get('Policies', [])
|
||||
|
|
@ -635,12 +637,13 @@ class IAMBackend(BaseBackend):
|
|||
|
||||
return policies, marker
|
||||
|
||||
def create_role(self, role_name, assume_role_policy_document, path, permissions_boundary):
|
||||
def create_role(self, role_name, assume_role_policy_document, path, permissions_boundary, description, tags):
|
||||
role_id = random_resource_id()
|
||||
if permissions_boundary and not self.policy_arn_regex.match(permissions_boundary):
|
||||
raise RESTError('InvalidParameterValue', 'Value ({}) for parameter PermissionsBoundary is invalid.'.format(permissions_boundary))
|
||||
|
||||
role = Role(role_id, role_name, assume_role_policy_document, path, permissions_boundary)
|
||||
clean_tags = self._tag_verification(tags)
|
||||
role = Role(role_id, role_name, assume_role_policy_document, path, permissions_boundary, description, clean_tags)
|
||||
self.roles[role_id] = role
|
||||
return role
|
||||
|
||||
|
|
@ -691,10 +694,26 @@ class IAMBackend(BaseBackend):
|
|||
role = self.get_role(role_name)
|
||||
return role.policies.keys()
|
||||
|
||||
def _tag_verification(self, tags):
|
||||
if len(tags) > 50:
|
||||
raise TooManyTags(tags)
|
||||
|
||||
tag_keys = {}
|
||||
for tag in tags:
|
||||
# Need to index by the lowercase tag key since the keys are case insensitive, but their case is retained.
|
||||
ref_key = tag['Key'].lower()
|
||||
self._check_tag_duplicate(tag_keys, ref_key)
|
||||
self._validate_tag_key(tag['Key'])
|
||||
if len(tag['Value']) > 256:
|
||||
raise TagValueTooBig(tag['Value'])
|
||||
|
||||
tag_keys[ref_key] = tag
|
||||
|
||||
return tag_keys
|
||||
|
||||
def _validate_tag_key(self, tag_key, exception_param='tags.X.member.key'):
|
||||
"""Validates the tag key.
|
||||
|
||||
:param all_tags: Dict to check if there is a duplicate tag.
|
||||
:param tag_key: The tag key to check against.
|
||||
:param exception_param: The exception parameter to send over to help format the message. This is to reflect
|
||||
the difference between the tag and untag APIs.
|
||||
|
|
@ -741,23 +760,9 @@ class IAMBackend(BaseBackend):
|
|||
return tags, marker
|
||||
|
||||
def tag_role(self, role_name, tags):
|
||||
if len(tags) > 50:
|
||||
raise TooManyTags(tags)
|
||||
|
||||
clean_tags = self._tag_verification(tags)
|
||||
role = self.get_role(role_name)
|
||||
|
||||
tag_keys = {}
|
||||
for tag in tags:
|
||||
# Need to index by the lowercase tag key since the keys are case insensitive, but their case is retained.
|
||||
ref_key = tag['Key'].lower()
|
||||
self._check_tag_duplicate(tag_keys, ref_key)
|
||||
self._validate_tag_key(tag['Key'])
|
||||
if len(tag['Value']) > 256:
|
||||
raise TagValueTooBig(tag['Value'])
|
||||
|
||||
tag_keys[ref_key] = tag
|
||||
|
||||
role.tags.update(tag_keys)
|
||||
role.tags.update(clean_tags)
|
||||
|
||||
def untag_role(self, role_name, tag_keys):
|
||||
if len(tag_keys) > 50:
|
||||
|
|
|
|||
|
|
@ -178,9 +178,11 @@ class IamResponse(BaseResponse):
|
|||
'AssumeRolePolicyDocument')
|
||||
permissions_boundary = self._get_param(
|
||||
'PermissionsBoundary')
|
||||
description = self._get_param('Description')
|
||||
tags = self._get_multi_param('Tags.member')
|
||||
|
||||
role = iam_backend.create_role(
|
||||
role_name, assume_role_policy_document, path, permissions_boundary)
|
||||
role_name, assume_role_policy_document, path, permissions_boundary, description, tags)
|
||||
template = self.response_template(CREATE_ROLE_TEMPLATE)
|
||||
return template.render(role=role)
|
||||
|
||||
|
|
@ -1002,6 +1004,7 @@ CREATE_ROLE_TEMPLATE = """<CreateRoleResponse xmlns="https://iam.amazonaws.com/d
|
|||
<Arn>{{ role.arn }}</Arn>
|
||||
<RoleName>{{ role.name }}</RoleName>
|
||||
<AssumeRolePolicyDocument>{{ role.assume_role_policy_document }}</AssumeRolePolicyDocument>
|
||||
<Description>{{role.description}}</Description>
|
||||
<CreateDate>{{ role.created_iso_8601 }}</CreateDate>
|
||||
<RoleId>{{ role.id }}</RoleId>
|
||||
{% if role.permissions_boundary %}
|
||||
|
|
@ -1010,6 +1013,16 @@ CREATE_ROLE_TEMPLATE = """<CreateRoleResponse xmlns="https://iam.amazonaws.com/d
|
|||
<PermissionsBoundaryArn>{{ role.permissions_boundary }}</PermissionsBoundaryArn>
|
||||
</PermissionsBoundary>
|
||||
{% endif %}
|
||||
{% if role.tags %}
|
||||
<Tags>
|
||||
{% for tag in role.get_tags() %}
|
||||
<member>
|
||||
<Key>{{ tag['Key'] }}</Key>
|
||||
<Value>{{ tag['Value'] }}</Value>
|
||||
</member>
|
||||
{% endfor %}
|
||||
</Tags>
|
||||
{% endif %}
|
||||
</Role>
|
||||
</CreateRoleResult>
|
||||
<ResponseMetadata>
|
||||
|
|
@ -1043,6 +1056,7 @@ UPDATE_ROLE_DESCRIPTION_TEMPLATE = """<UpdateRoleDescriptionResponse xmlns="http
|
|||
<Arn>{{ role.arn }}</Arn>
|
||||
<RoleName>{{ role.name }}</RoleName>
|
||||
<AssumeRolePolicyDocument>{{ role.assume_role_policy_document }}</AssumeRolePolicyDocument>
|
||||
<Description>{{role.description}}</Description>
|
||||
<CreateDate>{{ role.created_iso_8601 }}</CreateDate>
|
||||
<RoleId>{{ role.id }}</RoleId>
|
||||
{% if role.tags %}
|
||||
|
|
@ -1069,6 +1083,7 @@ GET_ROLE_TEMPLATE = """<GetRoleResponse xmlns="https://iam.amazonaws.com/doc/201
|
|||
<Arn>{{ role.arn }}</Arn>
|
||||
<RoleName>{{ role.name }}</RoleName>
|
||||
<AssumeRolePolicyDocument>{{ role.assume_role_policy_document }}</AssumeRolePolicyDocument>
|
||||
<Description>{{role.description}}</Description>
|
||||
<CreateDate>{{ role.created_iso_8601 }}</CreateDate>
|
||||
<RoleId>{{ role.id }}</RoleId>
|
||||
{% if role.tags %}
|
||||
|
|
@ -1759,8 +1774,15 @@ GET_ACCOUNT_AUTHORIZATION_DETAILS_TEMPLATE = """<GetAccountAuthorizationDetailsR
|
|||
<Arn>{{ role.arn }}</Arn>
|
||||
<RoleName>{{ role.name }}</RoleName>
|
||||
<AssumeRolePolicyDocument>{{ role.assume_role_policy_document }}</AssumeRolePolicyDocument>
|
||||
<Description>{{role.description}}</Description>
|
||||
<CreateDate>{{ role.created_iso_8601 }}</CreateDate>
|
||||
<RoleId>{{ role.id }}</RoleId>
|
||||
{% if role.permissions_boundary %}
|
||||
<PermissionsBoundary>
|
||||
<PermissionsBoundaryType>PermissionsBoundaryPolicy</PermissionsBoundaryType>
|
||||
<PermissionsBoundaryArn>{{ role.permissions_boundary }}</PermissionsBoundaryArn>
|
||||
</PermissionsBoundary>
|
||||
{% endif %}
|
||||
</member>
|
||||
{% endfor %}
|
||||
</Roles>
|
||||
|
|
|
|||
|
|
@ -238,7 +238,7 @@ class KmsResponse(BaseResponse):
|
|||
|
||||
value = self.parameters.get("CiphertextBlob")
|
||||
try:
|
||||
return json.dumps({"Plaintext": base64.b64decode(value).decode("utf-8")})
|
||||
return json.dumps({"Plaintext": base64.b64decode(value).decode("utf-8"), 'KeyId': 'key_id'})
|
||||
except UnicodeDecodeError:
|
||||
# Generate data key will produce random bytes which when decrypted is still returned as base64
|
||||
return json.dumps({"Plaintext": value})
|
||||
|
|
|
|||
|
|
@ -98,17 +98,29 @@ class LogStream:
|
|||
|
||||
return True
|
||||
|
||||
def get_paging_token_from_index(index, back=False):
|
||||
if index is not None:
|
||||
return "b/{:056d}".format(index) if back else "f/{:056d}".format(index)
|
||||
return 0
|
||||
|
||||
def get_index_from_paging_token(token):
|
||||
if token is not None:
|
||||
return int(token[2:])
|
||||
return 0
|
||||
|
||||
events = sorted(filter(filter_func, self.events), key=lambda event: event.timestamp, reverse=start_from_head)
|
||||
back_token = next_token
|
||||
if next_token is None:
|
||||
next_token = 0
|
||||
next_index = get_index_from_paging_token(next_token)
|
||||
back_index = next_index
|
||||
|
||||
events_page = [event.to_response_dict() for event in events[next_token: next_token + limit]]
|
||||
next_token += limit
|
||||
if next_token >= len(self.events):
|
||||
next_token = None
|
||||
events_page = [event.to_response_dict() for event in events[next_index: next_index + limit]]
|
||||
if next_index + limit < len(self.events):
|
||||
next_index += limit
|
||||
|
||||
return events_page, back_token, next_token
|
||||
back_index -= limit
|
||||
if back_index <= 0:
|
||||
back_index = 0
|
||||
|
||||
return events_page, get_paging_token_from_index(back_index, True), get_paging_token_from_index(next_index)
|
||||
|
||||
def filter_log_events(self, log_group_name, log_stream_names, start_time, end_time, limit, next_token, filter_pattern, interleaved):
|
||||
def filter_func(event):
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ from __future__ import unicode_literals
|
|||
|
||||
import datetime
|
||||
import re
|
||||
import json
|
||||
|
||||
from moto.core import BaseBackend, BaseModel
|
||||
from moto.core.exceptions import RESTError
|
||||
|
|
@ -151,7 +152,6 @@ class FakeRoot(FakeOrganizationalUnit):
|
|||
class FakeServiceControlPolicy(BaseModel):
|
||||
|
||||
def __init__(self, organization, **kwargs):
|
||||
self.type = 'POLICY'
|
||||
self.content = kwargs.get('Content')
|
||||
self.description = kwargs.get('Description')
|
||||
self.name = kwargs.get('Name')
|
||||
|
|
@ -197,7 +197,38 @@ class OrganizationsBackend(BaseBackend):
|
|||
|
||||
def create_organization(self, **kwargs):
|
||||
self.org = FakeOrganization(kwargs['FeatureSet'])
|
||||
self.ou.append(FakeRoot(self.org))
|
||||
root_ou = FakeRoot(self.org)
|
||||
self.ou.append(root_ou)
|
||||
master_account = FakeAccount(
|
||||
self.org,
|
||||
AccountName='master',
|
||||
Email=self.org.master_account_email,
|
||||
)
|
||||
master_account.id = self.org.master_account_id
|
||||
self.accounts.append(master_account)
|
||||
default_policy = FakeServiceControlPolicy(
|
||||
self.org,
|
||||
Name='FullAWSAccess',
|
||||
Description='Allows access to every operation',
|
||||
Type='SERVICE_CONTROL_POLICY',
|
||||
Content=json.dumps(
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": "*",
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
)
|
||||
)
|
||||
default_policy.id = utils.DEFAULT_POLICY_ID
|
||||
default_policy.aws_managed = True
|
||||
self.policies.append(default_policy)
|
||||
self.attach_policy(PolicyId=default_policy.id, TargetId=root_ou.id)
|
||||
self.attach_policy(PolicyId=default_policy.id, TargetId=master_account.id)
|
||||
return self.org.describe()
|
||||
|
||||
def describe_organization(self):
|
||||
|
|
@ -216,6 +247,7 @@ class OrganizationsBackend(BaseBackend):
|
|||
def create_organizational_unit(self, **kwargs):
|
||||
new_ou = FakeOrganizationalUnit(self.org, **kwargs)
|
||||
self.ou.append(new_ou)
|
||||
self.attach_policy(PolicyId=utils.DEFAULT_POLICY_ID, TargetId=new_ou.id)
|
||||
return new_ou.describe()
|
||||
|
||||
def get_organizational_unit_by_id(self, ou_id):
|
||||
|
|
@ -258,6 +290,7 @@ class OrganizationsBackend(BaseBackend):
|
|||
def create_account(self, **kwargs):
|
||||
new_account = FakeAccount(self.org, **kwargs)
|
||||
self.accounts.append(new_account)
|
||||
self.attach_policy(PolicyId=utils.DEFAULT_POLICY_ID, TargetId=new_account.id)
|
||||
return new_account.create_account_status
|
||||
|
||||
def get_account_by_id(self, account_id):
|
||||
|
|
@ -358,8 +391,7 @@ class OrganizationsBackend(BaseBackend):
|
|||
|
||||
def attach_policy(self, **kwargs):
|
||||
policy = next((p for p in self.policies if p.id == kwargs['PolicyId']), None)
|
||||
if (re.compile(utils.ROOT_ID_REGEX).match(kwargs['TargetId']) or
|
||||
re.compile(utils.OU_ID_REGEX).match(kwargs['TargetId'])):
|
||||
if (re.compile(utils.ROOT_ID_REGEX).match(kwargs['TargetId']) or re.compile(utils.OU_ID_REGEX).match(kwargs['TargetId'])):
|
||||
ou = next((ou for ou in self.ou if ou.id == kwargs['TargetId']), None)
|
||||
if ou is not None:
|
||||
if ou not in ou.attached_policies:
|
||||
|
|
|
|||
|
|
@ -4,7 +4,8 @@ import random
|
|||
import string
|
||||
|
||||
MASTER_ACCOUNT_ID = '123456789012'
|
||||
MASTER_ACCOUNT_EMAIL = 'fakeorg@moto-example.com'
|
||||
MASTER_ACCOUNT_EMAIL = 'master@example.com'
|
||||
DEFAULT_POLICY_ID = 'p-FullAWSAccess'
|
||||
ORGANIZATION_ARN_FORMAT = 'arn:aws:organizations::{0}:organization/{1}'
|
||||
MASTER_ACCOUNT_ARN_FORMAT = 'arn:aws:organizations::{0}:account/{1}/{0}'
|
||||
ACCOUNT_ARN_FORMAT = 'arn:aws:organizations::{0}:account/{1}/{2}'
|
||||
|
|
@ -26,7 +27,7 @@ ROOT_ID_REGEX = r'r-[a-z0-9]{%s}' % ROOT_ID_SIZE
|
|||
OU_ID_REGEX = r'ou-[a-z0-9]{%s}-[a-z0-9]{%s}' % (ROOT_ID_SIZE, OU_ID_SUFFIX_SIZE)
|
||||
ACCOUNT_ID_REGEX = r'[0-9]{%s}' % ACCOUNT_ID_SIZE
|
||||
CREATE_ACCOUNT_STATUS_ID_REGEX = r'car-[a-z0-9]{%s}' % CREATE_ACCOUNT_STATUS_ID_SIZE
|
||||
SCP_ID_REGEX = r'p-[a-z0-9]{%s}' % SCP_ID_SIZE
|
||||
SCP_ID_REGEX = r'%s|p-[a-z0-9]{%s}' % (DEFAULT_POLICY_ID, SCP_ID_SIZE)
|
||||
|
||||
|
||||
def make_random_org_id():
|
||||
|
|
|
|||
|
|
@ -78,7 +78,7 @@ class Cluster(TaggableResourceMixin, BaseModel):
|
|||
super(Cluster, self).__init__(region_name, tags)
|
||||
self.redshift_backend = redshift_backend
|
||||
self.cluster_identifier = cluster_identifier
|
||||
self.create_time = iso_8601_datetime_with_milliseconds(datetime.datetime.now())
|
||||
self.create_time = iso_8601_datetime_with_milliseconds(datetime.datetime.utcnow())
|
||||
self.status = 'available'
|
||||
self.node_type = node_type
|
||||
self.master_username = master_username
|
||||
|
|
|
|||
|
|
@ -60,6 +60,17 @@ class MissingKey(S3ClientError):
|
|||
)
|
||||
|
||||
|
||||
class ObjectNotInActiveTierError(S3ClientError):
|
||||
code = 403
|
||||
|
||||
def __init__(self, key_name):
|
||||
super(ObjectNotInActiveTierError, self).__init__(
|
||||
"ObjectNotInActiveTierError",
|
||||
"The source object of the COPY operation is not in the active tier and is only stored in Amazon Glacier.",
|
||||
Key=key_name,
|
||||
)
|
||||
|
||||
|
||||
class InvalidPartOrder(S3ClientError):
|
||||
code = 400
|
||||
|
||||
|
|
|
|||
|
|
@ -28,7 +28,8 @@ MAX_BUCKET_NAME_LENGTH = 63
|
|||
MIN_BUCKET_NAME_LENGTH = 3
|
||||
UPLOAD_ID_BYTES = 43
|
||||
UPLOAD_PART_MIN_SIZE = 5242880
|
||||
STORAGE_CLASS = ["STANDARD", "REDUCED_REDUNDANCY", "STANDARD_IA", "ONEZONE_IA"]
|
||||
STORAGE_CLASS = ["STANDARD", "REDUCED_REDUNDANCY", "STANDARD_IA", "ONEZONE_IA",
|
||||
"INTELLIGENT_TIERING", "GLACIER", "DEEP_ARCHIVE"]
|
||||
DEFAULT_KEY_BUFFER_SIZE = 16 * 1024 * 1024
|
||||
DEFAULT_TEXT_ENCODING = sys.getdefaultencoding()
|
||||
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ from moto.s3bucket_path.utils import bucket_name_from_url as bucketpath_bucket_n
|
|||
parse_key_name as bucketpath_parse_key_name, is_delete_keys as bucketpath_is_delete_keys
|
||||
|
||||
from .exceptions import BucketAlreadyExists, S3ClientError, MissingBucket, MissingKey, InvalidPartOrder, MalformedXML, \
|
||||
MalformedACLError, InvalidNotificationARN, InvalidNotificationEvent
|
||||
MalformedACLError, InvalidNotificationARN, InvalidNotificationEvent, ObjectNotInActiveTierError
|
||||
from .models import s3_backend, get_canned_acl, FakeGrantee, FakeGrant, FakeAcl, FakeKey, FakeTagging, FakeTagSet, \
|
||||
FakeTag
|
||||
from .utils import bucket_name_from_url, clean_key_name, metadata_from_headers, parse_region_from_url
|
||||
|
|
@ -463,10 +463,13 @@ class ResponseObject(_TemplateEnvironmentMixin, ActionAuthenticatorMixin):
|
|||
else:
|
||||
result_folders, is_truncated, next_continuation_token = self._truncate_result(result_folders, max_keys)
|
||||
|
||||
key_count = len(result_keys) + len(result_folders)
|
||||
|
||||
return template.render(
|
||||
bucket=bucket,
|
||||
prefix=prefix or '',
|
||||
delimiter=delimiter,
|
||||
key_count=key_count,
|
||||
result_keys=result_keys,
|
||||
result_folders=result_folders,
|
||||
fetch_owner=fetch_owner,
|
||||
|
|
@ -902,7 +905,11 @@ class ResponseObject(_TemplateEnvironmentMixin, ActionAuthenticatorMixin):
|
|||
src_version_id = parse_qs(src_key_parsed.query).get(
|
||||
'versionId', [None])[0]
|
||||
|
||||
if self.backend.get_key(src_bucket, src_key, version_id=src_version_id):
|
||||
key = self.backend.get_key(src_bucket, src_key, version_id=src_version_id)
|
||||
|
||||
if key is not None:
|
||||
if key.storage_class in ["GLACIER", "DEEP_ARCHIVE"]:
|
||||
raise ObjectNotInActiveTierError(key)
|
||||
self.backend.copy_key(src_bucket, src_key, bucket_name, key_name,
|
||||
storage=storage_class, acl=acl, src_version_id=src_version_id)
|
||||
else:
|
||||
|
|
@ -1326,7 +1333,7 @@ S3_BUCKET_GET_RESPONSE_V2 = """<?xml version="1.0" encoding="UTF-8"?>
|
|||
<Name>{{ bucket.name }}</Name>
|
||||
<Prefix>{{ prefix }}</Prefix>
|
||||
<MaxKeys>{{ max_keys }}</MaxKeys>
|
||||
<KeyCount>{{ result_keys | length }}</KeyCount>
|
||||
<KeyCount>{{ key_count }}</KeyCount>
|
||||
{% if delimiter %}
|
||||
<Delimiter>{{ delimiter }}</Delimiter>
|
||||
{% endif %}
|
||||
|
|
|
|||
|
|
@ -119,7 +119,7 @@ class Subscription(BaseModel):
|
|||
else:
|
||||
assert False
|
||||
|
||||
lambda_backends[region].send_message(function_name, message, subject=subject, qualifier=qualifier)
|
||||
lambda_backends[region].send_sns_message(function_name, message, subject=subject, qualifier=qualifier)
|
||||
|
||||
def _matches_filter_policy(self, message_attributes):
|
||||
# TODO: support Anything-but matching, prefix matching and
|
||||
|
|
|
|||
|
|
@ -189,6 +189,8 @@ class Queue(BaseModel):
|
|||
self.name)
|
||||
self.dead_letter_queue = None
|
||||
|
||||
self.lambda_event_source_mappings = {}
|
||||
|
||||
# default settings for a non fifo queue
|
||||
defaults = {
|
||||
'ContentBasedDeduplication': 'false',
|
||||
|
|
@ -360,6 +362,33 @@ class Queue(BaseModel):
|
|||
|
||||
def add_message(self, message):
|
||||
self._messages.append(message)
|
||||
from moto.awslambda import lambda_backends
|
||||
for arn, esm in self.lambda_event_source_mappings.items():
|
||||
backend = sqs_backends[self.region]
|
||||
|
||||
"""
|
||||
Lambda polls the queue and invokes your function synchronously with an event
|
||||
that contains queue messages. Lambda reads messages in batches and invokes
|
||||
your function once for each batch. When your function successfully processes
|
||||
a batch, Lambda deletes its messages from the queue.
|
||||
"""
|
||||
messages = backend.receive_messages(
|
||||
self.name,
|
||||
esm.batch_size,
|
||||
self.receive_message_wait_time_seconds,
|
||||
self.visibility_timeout,
|
||||
)
|
||||
|
||||
result = lambda_backends[self.region].send_sqs_batch(
|
||||
arn,
|
||||
messages,
|
||||
self.queue_arn,
|
||||
)
|
||||
|
||||
if result:
|
||||
[backend.delete_message(self.name, m.receipt_handle) for m in messages]
|
||||
else:
|
||||
[backend.change_message_visibility(self.name, m.receipt_handle, 0) for m in messages]
|
||||
|
||||
def get_cfn_attribute(self, attribute_name):
|
||||
from moto.cloudformation.exceptions import UnformattedGetAttTemplateException
|
||||
|
|
|
|||
|
|
@ -2,7 +2,8 @@ from __future__ import unicode_literals
|
|||
import datetime
|
||||
from moto.core import BaseBackend, BaseModel
|
||||
from moto.core.utils import iso_8601_datetime_with_milliseconds
|
||||
from moto.sts.utils import random_access_key_id, random_secret_access_key, random_session_token
|
||||
from moto.iam.models import ACCOUNT_ID
|
||||
from moto.sts.utils import random_access_key_id, random_secret_access_key, random_session_token, random_assumed_role_id
|
||||
|
||||
|
||||
class Token(BaseModel):
|
||||
|
|
@ -22,7 +23,7 @@ class AssumedRole(BaseModel):
|
|||
|
||||
def __init__(self, role_session_name, role_arn, policy, duration, external_id):
|
||||
self.session_name = role_session_name
|
||||
self.arn = role_arn
|
||||
self.role_arn = role_arn
|
||||
self.policy = policy
|
||||
now = datetime.datetime.utcnow()
|
||||
self.expiration = now + datetime.timedelta(seconds=duration)
|
||||
|
|
@ -30,11 +31,24 @@ class AssumedRole(BaseModel):
|
|||
self.access_key_id = "ASIA" + random_access_key_id()
|
||||
self.secret_access_key = random_secret_access_key()
|
||||
self.session_token = random_session_token()
|
||||
self.assumed_role_id = "AROA" + random_assumed_role_id()
|
||||
|
||||
@property
|
||||
def expiration_ISO8601(self):
|
||||
return iso_8601_datetime_with_milliseconds(self.expiration)
|
||||
|
||||
@property
|
||||
def user_id(self):
|
||||
return self.assumed_role_id + ":" + self.session_name
|
||||
|
||||
@property
|
||||
def arn(self):
|
||||
return "arn:aws:sts::{account_id}:assumed-role/{role_name}/{session_name}".format(
|
||||
account_id=ACCOUNT_ID,
|
||||
role_name=self.role_arn.split("/")[-1],
|
||||
session_name=self.session_name
|
||||
)
|
||||
|
||||
|
||||
class STSBackend(BaseBackend):
|
||||
|
||||
|
|
@ -54,6 +68,12 @@ class STSBackend(BaseBackend):
|
|||
self.assumed_roles.append(role)
|
||||
return role
|
||||
|
||||
def get_assumed_role_from_access_key(self, access_key_id):
|
||||
for assumed_role in self.assumed_roles:
|
||||
if assumed_role.access_key_id == access_key_id:
|
||||
return assumed_role
|
||||
return None
|
||||
|
||||
def assume_role_with_web_identity(self, **kwargs):
|
||||
return self.assume_role(**kwargs)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,8 @@
|
|||
from __future__ import unicode_literals
|
||||
|
||||
from moto.core.responses import BaseResponse
|
||||
from moto.iam.models import ACCOUNT_ID
|
||||
from moto.iam import iam_backend
|
||||
from .exceptions import STSValidationError
|
||||
from .models import sts_backend
|
||||
|
||||
|
|
@ -31,7 +33,7 @@ class TokenResponse(BaseResponse):
|
|||
token = sts_backend.get_federation_token(
|
||||
duration=duration, name=name, policy=policy)
|
||||
template = self.response_template(GET_FEDERATION_TOKEN_RESPONSE)
|
||||
return template.render(token=token)
|
||||
return template.render(token=token, account_id=ACCOUNT_ID)
|
||||
|
||||
def assume_role(self):
|
||||
role_session_name = self.querystring.get('RoleSessionName')[0]
|
||||
|
|
@ -71,7 +73,23 @@ class TokenResponse(BaseResponse):
|
|||
|
||||
def get_caller_identity(self):
|
||||
template = self.response_template(GET_CALLER_IDENTITY_RESPONSE)
|
||||
return template.render()
|
||||
|
||||
# Default values in case the request does not use valid credentials generated by moto
|
||||
user_id = "AKIAIOSFODNN7EXAMPLE"
|
||||
arn = "arn:aws:sts::{account_id}:user/moto".format(account_id=ACCOUNT_ID)
|
||||
|
||||
access_key_id = self.get_current_user()
|
||||
assumed_role = sts_backend.get_assumed_role_from_access_key(access_key_id)
|
||||
if assumed_role:
|
||||
user_id = assumed_role.user_id
|
||||
arn = assumed_role.arn
|
||||
|
||||
user = iam_backend.get_user_from_access_key_id(access_key_id)
|
||||
if user:
|
||||
user_id = user.id
|
||||
arn = user.arn
|
||||
|
||||
return template.render(account_id=ACCOUNT_ID, user_id=user_id, arn=arn)
|
||||
|
||||
|
||||
GET_SESSION_TOKEN_RESPONSE = """<GetSessionTokenResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
|
||||
|
|
@ -99,8 +117,8 @@ GET_FEDERATION_TOKEN_RESPONSE = """<GetFederationTokenResponse xmlns="https://st
|
|||
<AccessKeyId>AKIAIOSFODNN7EXAMPLE</AccessKeyId>
|
||||
</Credentials>
|
||||
<FederatedUser>
|
||||
<Arn>arn:aws:sts::123456789012:federated-user/{{ token.name }}</Arn>
|
||||
<FederatedUserId>123456789012:{{ token.name }}</FederatedUserId>
|
||||
<Arn>arn:aws:sts::{{ account_id }}:federated-user/{{ token.name }}</Arn>
|
||||
<FederatedUserId>{{ account_id }}:{{ token.name }}</FederatedUserId>
|
||||
</FederatedUser>
|
||||
<PackedPolicySize>6</PackedPolicySize>
|
||||
</GetFederationTokenResult>
|
||||
|
|
@ -121,7 +139,7 @@ ASSUME_ROLE_RESPONSE = """<AssumeRoleResponse xmlns="https://sts.amazonaws.com/d
|
|||
</Credentials>
|
||||
<AssumedRoleUser>
|
||||
<Arn>{{ role.arn }}</Arn>
|
||||
<AssumedRoleId>ARO123EXAMPLE123:{{ role.session_name }}</AssumedRoleId>
|
||||
<AssumedRoleId>{{ role.user_id }}</AssumedRoleId>
|
||||
</AssumedRoleUser>
|
||||
<PackedPolicySize>6</PackedPolicySize>
|
||||
</AssumeRoleResult>
|
||||
|
|
@ -153,9 +171,9 @@ ASSUME_ROLE_WITH_WEB_IDENTITY_RESPONSE = """<AssumeRoleWithWebIdentityResponse x
|
|||
|
||||
GET_CALLER_IDENTITY_RESPONSE = """<GetCallerIdentityResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
|
||||
<GetCallerIdentityResult>
|
||||
<Arn>arn:aws:sts::123456789012:user/moto</Arn>
|
||||
<UserId>AKIAIOSFODNN7EXAMPLE</UserId>
|
||||
<Account>123456789012</Account>
|
||||
<Arn>{{ arn }}</Arn>
|
||||
<UserId>{{ user_id }}</UserId>
|
||||
<Account>{{ account_id }}</Account>
|
||||
</GetCallerIdentityResult>
|
||||
<ResponseMetadata>
|
||||
<RequestId>c6104cbe-af31-11e0-8154-cbc7ccf896c7</RequestId>
|
||||
|
|
|
|||
|
|
@ -6,15 +6,12 @@ import string
|
|||
import six
|
||||
|
||||
ACCOUNT_SPECIFIC_ACCESS_KEY_PREFIX = "8NWMTLYQ"
|
||||
ACCOUNT_SPECIFIC_ASSUMED_ROLE_ID_PREFIX = "3X42LBCD"
|
||||
SESSION_TOKEN_PREFIX = "FQoGZXIvYXdzEBYaD"
|
||||
|
||||
|
||||
def random_access_key_id():
|
||||
return ACCOUNT_SPECIFIC_ACCESS_KEY_PREFIX + ''.join(six.text_type(
|
||||
random.choice(
|
||||
string.ascii_uppercase + string.digits
|
||||
)) for _ in range(8)
|
||||
)
|
||||
return ACCOUNT_SPECIFIC_ACCESS_KEY_PREFIX + _random_uppercase_or_digit_sequence(8)
|
||||
|
||||
|
||||
def random_secret_access_key():
|
||||
|
|
@ -23,3 +20,16 @@ def random_secret_access_key():
|
|||
|
||||
def random_session_token():
|
||||
return SESSION_TOKEN_PREFIX + base64.b64encode(os.urandom(266))[len(SESSION_TOKEN_PREFIX):].decode()
|
||||
|
||||
|
||||
def random_assumed_role_id():
|
||||
return ACCOUNT_SPECIFIC_ASSUMED_ROLE_ID_PREFIX + _random_uppercase_or_digit_sequence(9)
|
||||
|
||||
|
||||
def _random_uppercase_or_digit_sequence(length):
|
||||
return ''.join(
|
||||
six.text_type(
|
||||
random.choice(
|
||||
string.ascii_uppercase + string.digits
|
||||
)) for _ in range(length)
|
||||
)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue