Fixed bugs in AWS Config Querying

- Fixed some log bugs in the Config querying APIs - Fixed an issue with S3 ACLs when described from Config (it's actually a double-wrapped JSON)
2019-10-23 18:37:35 -07:00 · 2019-10-23 18:37:35 -07:00 · e9dc0c9a3a
commit e9dc0c9a3a
parent 577f81a18b
5 changed files with 50 additions and 18 deletions
--- a/tests/test_config/test_config.py
+++ b/tests/test_config/test_config.py
@ -1028,6 +1028,10 @@ def test_list_discovered_resource():
    for x in range(0, 10):
        s3_client.create_bucket(Bucket='bucket{}'.format(x), CreateBucketConfiguration={'LocationConstraint': 'us-west-2'})

+    # And with an EU bucket -- this should not show up for the us-west-2 config backend:
+    eu_client = boto3.client('s3', region_name='eu-west-1')
+    eu_client.create_bucket(Bucket='eu-bucket', CreateBucketConfiguration={'LocationConstraint': 'eu-west-1'})
+
    # Now try:
    result = client.list_discovered_resources(resourceType='AWS::S3::Bucket')
    assert len(result['resourceIdentifiers']) == 10
@ -1039,6 +1043,9 @@ def test_list_discovered_resource():
        }
    assert not result.get('nextToken')

+    result = client.list_discovered_resources(resourceType='AWS::S3::Bucket', resourceName='eu-bucket')
+    assert not result['resourceIdentifiers']
+
    # Test that pagination places a proper nextToken in the response and also that the limit works:
    result = client.list_discovered_resources(resourceType='AWS::S3::Bucket', limit=1, nextToken='bucket1')
    assert len(result['resourceIdentifiers']) == 1
@ -1217,6 +1224,13 @@ def test_get_resource_config_history():
    assert result[0]['resourceName'] == result[0]['resourceId'] == 'bucket1'
    assert result[0]['arn'] == 'arn:aws:s3:::bucket1'

+    # Make a bucket in a different region and verify that it does not show up in the config backend:
+    s3_client = boto3.client('s3', region_name='eu-west-1')
+    s3_client.create_bucket(Bucket='eu-bucket', CreateBucketConfiguration={'LocationConstraint': 'eu-west-1'})
+    with assert_raises(ClientError) as ce:
+        client.get_resource_config_history(resourceType='AWS::S3::Bucket', resourceId='eu-bucket')
+    assert ce.exception.response['Error']['Code'] == 'ResourceNotDiscoveredException'
+

@mock_config
@mock_s3
@ -1254,6 +1268,13 @@ def test_batch_get_resource_config():

    assert not buckets_missing

+    # Make a bucket in a different region and verify that it does not show up in the config backend:
+    s3_client = boto3.client('s3', region_name='eu-west-1')
+    s3_client.create_bucket(Bucket='eu-bucket', CreateBucketConfiguration={'LocationConstraint': 'eu-west-1'})
+    keys = [{'resourceType': 'AWS::S3::Bucket', 'resourceId': 'eu-bucket'}]
+    result = client.batch_get_resource_config(resourceKeys=keys)
+    assert not result['baseConfigurationItems']
+

@mock_config
@mock_s3
--- a/tests/test_s3/test_s3.py
+++ b/tests/test_s3/test_s3.py
@ -3728,6 +3728,10 @@ def test_s3_config_dict():
    assert json.loads(bucket1_result['supplementaryConfiguration']['BucketLoggingConfiguration']) == \
        {'destinationBucketName': 'logbucket', 'logFilePrefix': ''}

+    # Verify that the AccessControlList is a double-wrapped JSON string:
+    assert json.loads(json.loads(bucket1_result['supplementaryConfiguration']['AccessControlList'])) == \
+        {'grantSet': None, 'owner': {'displayName': None, 'id': '75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a'}}
+
    # Verify the policy:
    assert json.loads(bucket1_result['supplementaryConfiguration']['BucketPolicy']) == {'policyText': policy}