-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
34 changed files
with
1,085 additions
and
38 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
name: Unit tests in Proxy Mode | ||
on: [workflow_call] | ||
|
||
jobs: | ||
test: | ||
runs-on: ubuntu-latest | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
python-version: ["3.10", "3.11"] | ||
|
||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
fetch-depth: 0 | ||
- name: Set up Python ${{ matrix.python-version }} | ||
uses: actions/setup-python@v4 | ||
with: | ||
python-version: ${{ matrix.python-version }} | ||
- name: Get pip cache dir | ||
id: pip-cache | ||
run: | | ||
echo "dir=$(pip cache dir)" >> $GITHUB_OUTPUT | ||
- name: pip cache | ||
uses: actions/cache@v3 | ||
with: | ||
path: ${{ steps.pip-cache.outputs.dir }} | ||
key: pip-${{ matrix.python-version }}-${{ hashFiles('**/setup.cfg') }} | ||
- name: Update pip | ||
run: | | ||
python -m pip install --upgrade pip | ||
- name: Install project dependencies | ||
run: | | ||
pip install -r requirements-tests.txt | ||
pip install .[all] | ||
- name: Start MotoProxy | ||
run: | | ||
moto_proxy -h > moto_proxy.log | ||
moto_proxy -H 0.0.0.0 -v > moto_proxy.log & | ||
- name: Test ProxyMode | ||
env: | ||
TEST_PROXY_MODE: ${{ true }} | ||
run: | | ||
pytest -sv tests/test_acmpca tests/test_awslambda tests/test_apigateway tests/test_s3 | ||
- name: "Stop MotoProxy" | ||
if: always() | ||
run: | | ||
mkdir proxylogs | ||
pwd | ||
ls -la | ||
cp proxy_output.log proxylogs/proxy_output.log | ||
kill $(lsof -t -i:5005) | ||
- name: Archive Proxy logs | ||
if: always() | ||
uses: actions/upload-artifact@v3 | ||
with: | ||
name: motoproxy-${{ matrix.python-version }} | ||
path: | | ||
proxylogs/* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,126 @@ | ||
.. _proxy_mode: | ||
|
||
.. role:: bash(code) | ||
:language: bash | ||
|
||
.. role:: raw-html(raw) | ||
:format: html | ||
|
||
================================ | ||
Proxy Mode | ||
================================ | ||
|
||
Moto can be run as a proxy, intercepting all requests to AWS and mocking them instead. :raw-html:`<br />` | ||
Some of the benefits: | ||
- Easy to configure for all SDK's | ||
- Can be reached by Lambda containers, allowing you to mock service-calls inside a Lambda-function | ||
|
||
|
||
Installation | ||
------------- | ||
|
||
Install the required dependencies using: | ||
|
||
.. code:: bash | ||
pip install moto[proxy] | ||
You can then start the proxy like this: | ||
|
||
.. code:: bash | ||
$ pip install moto[proxy] | ||
$ moto_proxy | ||
Note that, if you want your Lambda functions to reach this proxy, you need to open up the moto_proxy: | ||
|
||
.. code:: bash | ||
$ moto_proxy -H 0.0.0.0 | ||
.. warning:: Be careful not to use this on a public network - this allows all network users access to your server. | ||
|
||
|
||
Quick usage | ||
-------------- | ||
The help command shows a quick-guide on how to configure SDK's to use the proxy. | ||
.. code-block:: bash | ||
$ moto_proxy --help | ||
Extended Configuration | ||
------------------------ | ||
|
||
To use the MotoProxy while running your tests, the AWS SDK needs to know two things: | ||
|
||
- The proxy endpoint | ||
- How to deal with SSL | ||
|
||
To set the proxy endpoint, use the `HTTPS_PROXY`-environment variable. | ||
|
||
Because the proxy does not have an approved SSL certificate, the SDK will not trust the proxy by default. This means that the SDK has to be configured to either | ||
|
||
1. Accept the proxy's custom certificate, by setting the `AWS_CA_BUNDLE`-environment variable | ||
2. Allow unverified SSL certificates | ||
|
||
The `AWS_CA_BUNDLE` needs to point to the location of the CA certificate that comes with Moto. :raw-html:`<br />` | ||
You can run `moto_proxy --help` to get the exact location of this certificate, depending on where Moto is installed. | ||
|
||
Environment Variables Configuration: | ||
------------------------------ | ||
|
||
.. code-block:: bash | ||
export HTTPS_PROXY=http://localhost:5005 | ||
aws cloudformation list-stacks --no-verify-ssl | ||
Or by configuring the AWS_CA_BUNDLE: | ||
|
||
.. code-block:: bash | ||
export HTTPS_PROXY=http://localhost:5005 | ||
export AWS_CA_BUNDLE=/location/of/moto/ca/cert.crt | ||
aws cloudformation list-stacks | ||
Python Configuration | ||
-------------------------- | ||
|
||
If you're already using Moto's `mock_service`-decorators, you can use a custom environment variable that configures everything automatically: | ||
|
||
.. code-block:: bash | ||
TEST_PROXY_MODE=true pytest | ||
To configure this manually: | ||
|
||
.. code-block:: python | ||
from botocore.config import Config | ||
config = Config(proxies={"https": "http://localhost:5005"}) | ||
client = boto3.client("s3", config=config, verify=False) | ||
Terraform Configuration | ||
------------------------------ | ||
|
||
.. code-block:: | ||
provider "aws" { | ||
region = "us-east-1" | ||
http_proxy = "http://localhost:5005" | ||
custom_ca_bundle = "/location/of/moto/ca/cert.crt" | ||
# OR | ||
insecure = true | ||
} | ||
Drawbacks | ||
------------ | ||
|
||
Configuring a proxy means that all requests are intercepted, but the MotoProxy can only handle requests to AWS. | ||
|
||
If your test includes a call to `https://www.thirdpartyservice.com`, that will also be intercepted by `MotoProxy` - and subsequently throw an error because it doesn't know how to handle non-AWS requests. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.