Skip to content

Commit

Permalink
Prep release 4.2.3 (#6814)
Browse files Browse the repository at this point in the history
  • Loading branch information
bblommers authored Sep 15, 2023
1 parent 2bae13b commit b7cedf6
Show file tree
Hide file tree
Showing 7 changed files with 85 additions and 49 deletions.
43 changes: 43 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,49 @@
Moto Changelog
==============

4.2.3
-----
Docker Digest for 4.2.3: <autopopulateddigest>

New Services:
* RoboMaker:
* create_robot_application()
* delete_robot_application()
* describe_robot_application()
* list_robot_applications()

New Methods:
* ElasticBeanstalk:
* delete_application()

* Events:
* create_partner_event_source()
* delete_partner_event_source()
* describe_event_source()
* describe_partner_event_source()
* put_partner_events()

Miscellaneous:
* Core: The mocked ACCESS_KEY has been changed from `foobar_key` to `FOOBARKEY`, to align with AWS guidelines
* Core: set_initial_no_auth_action_count() now supports SSM actions
* Core: Fixed a memory leak when comparing requests (introduced in 4.1.13)
* Athena: get_query_execution() now returns a StatementType dependent on the provided query
* DynamoDB: query() now throws an exception when the KeyConditionExpression contains a literal value
* EBS: put_snapshot_block() now supports random bytes
* EC2: describe_transit_gateways() now supports filtering by tags
* ELBv2: describe_target_groups() now throws an exception for invalid input parameters
* ELBv2: describe_target_groups() now sorts the result before returning it
* ELBv2: create_target_group() now has improved validation and default values
* ELBv2: create_rule() now creates links between the TargetGroups and LoadBalancers
* Events: put_events() now support HTTP targets
* IAM policy validation now takes the provided Resource-argument into account when validating access to STS-resources
* IAM: get_role() now returns the LastUsed-parameter, provided the role was assumed and used
* KMS: sign/verify now uses the original message when signing, not the base64-version
* Lambda: invoke() now loads any Layers provided in the create_function()
* S3: put_bucket_logging() now supports bucket policies (as well as ACP's)
* S3: Range requests are now more permissive (following AWS' behaviour)
* SFN: list_executions() now returns the StopDate-attribute

4.2.2
------
Docker Digest for 4.2.2: <autopopulateddigest>
Expand Down
4 changes: 2 additions & 2 deletions IMPLEMENTATION_COVERAGE.md
Original file line number Diff line number Diff line change
Expand Up @@ -2763,7 +2763,7 @@

## elasticbeanstalk
<details>
<summary>12% implemented</summary>
<summary>14% implemented</summary>

- [ ] abort_environment_update
- [ ] apply_environment_managed_action
Expand All @@ -2776,7 +2776,7 @@
- [X] create_environment
- [ ] create_platform_version
- [ ] create_storage_location
- [ ] delete_application
- [X] delete_application
- [ ] delete_application_version
- [ ] delete_configuration_template
- [ ] delete_environment_configuration
Expand Down
2 changes: 1 addition & 1 deletion docs/docs/services/elasticbeanstalk.rst
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ elasticbeanstalk
- [X] create_environment
- [ ] create_platform_version
- [ ] create_storage_location
- [x] delete_application
- [X] delete_application
- [ ] delete_application_version
- [ ] delete_configuration_template
- [ ] delete_environment_configuration
Expand Down
10 changes: 4 additions & 6 deletions docs/docs/services/kms.rst
Original file line number Diff line number Diff line change
Expand Up @@ -78,9 +78,8 @@ kms
- [X] revoke_grant
- [X] schedule_key_deletion
- [X] sign
Sign message using generated private key.

- signing_algorithm is ignored and hardcoded to RSASSA_PSS_SHA_256

Sign message using generated private key.

- grant_tokens are not implemented

Expand All @@ -92,9 +91,8 @@ kms
- [X] update_key_description
- [ ] update_primary_region
- [X] verify
Verify message using public key from generated private key.

- signing_algorithm is ignored and hardcoded to RSASSA_PSS_SHA_256

Verify message using public key from generated private key.

- grant_tokens are not implemented

Expand Down
2 changes: 0 additions & 2 deletions docs/docs/services/robomaker.rst
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,6 @@
robomaker
=========

.. autoclass:: moto.robomaker.models.RoboMakerBackend

|start-h3| Example usage |end-h3|

.. sourcecode:: python
Expand Down
16 changes: 15 additions & 1 deletion tests/test_elbv2/test_elbv2_target_groups.py
Original file line number Diff line number Diff line change
Expand Up @@ -375,6 +375,7 @@ def test_target_group_attributes():

# check if Names filter works
response = conn.describe_target_groups(Names=[])
assert len(response["TargetGroups"]) == 1
response = conn.describe_target_groups(Names=["a-target"])
assert len(response["TargetGroups"]) == 1
target_group_arn = target_group["TargetGroupArn"]
Expand Down Expand Up @@ -466,7 +467,6 @@ def test_describe_target_groups():
response, vpc, _, _, _, conn = create_load_balancer()

lb_arn = response["LoadBalancers"][0]["LoadBalancerArn"]
assert "LoadBalancerArn" in response["LoadBalancers"][0]

groups = conn.describe_target_groups()["TargetGroups"]
assert len(groups) == 0
Expand Down Expand Up @@ -564,6 +564,20 @@ def test_describe_target_groups():
assert groups[1]["TargetGroupName"] == "d-target"


@mock_elbv2
@mock_ec2
def test_describe_target_groups_with_empty_load_balancer():
response, _, _, _, _, conn = create_load_balancer()

lb_arn = response["LoadBalancers"][0]["LoadBalancerArn"]

with pytest.raises(ClientError) as exc:
conn.describe_target_groups(LoadBalancerArn=lb_arn)
err = exc.value.response["Error"]
assert err["Code"] == "TargetGroupNotFound"
assert err["Message"] == "One or more target groups not found"


@mock_elbv2
@mock_ec2
def test_modify_target_group():
Expand Down
57 changes: 20 additions & 37 deletions tests/test_s3/test_s3_bucket_policy.py
Original file line number Diff line number Diff line change
Expand Up @@ -34,54 +34,37 @@ def teardown_method(self) -> None:
def teardown_class(cls):
cls.server.stop()

xfail_reason = "S3 logic for resource-based policy is not yet correctly implemented, see https://github.com/getmoto/moto/pull/6799#issuecomment-1712799688"

@pytest.mark.parametrize(
"kwargs,status",
"kwargs,boto3_status,unauthorized_status",
[
({}, 200),
({"resource": "arn:aws:s3:::mybucket/test_txt"}, 200),
pytest.param(
{"resource": "arn:aws:s3:::notmybucket/*"},
403,
marks=pytest.mark.xfail(reason=xfail_reason),
),
pytest.param(
{"resource": "arn:aws:s3:::mybucket/other*"},
403,
marks=pytest.mark.xfail(reason=xfail_reason),
),
({"resource": ["arn:aws:s3:::mybucket", "arn:aws:s3:::mybucket/*"]}, 200),
pytest.param(
{
"resource": [
"arn:aws:s3:::notmybucket",
"arn:aws:s3:::notmybucket/*",
]
},
403,
marks=pytest.mark.xfail(reason=xfail_reason),
),
pytest.param(
{"resource": ["arn:aws:s3:::mybucket", "arn:aws:s3:::notmybucket/*"]},
403,
marks=pytest.mark.xfail(reason=xfail_reason),
),
pytest.param(
{"effect": "Deny"}, 403, marks=pytest.mark.xfail(reason=xfail_reason)
),
# The default policy is to allow access to 'mybucket/*'
({}, 200, 200),
# We'll also allow access to the specific key
({"resource": "arn:aws:s3:::mybucket/test_txt"}, 200, 200),
# We're allowing authorized access to an unrelated bucket
# Accessing our key is allowed for authenticated users, as there is no explicit deny
# It should block unauthenticated (public) users, as there is no explicit allow
({"resource": "arn:aws:s3:::notmybucket/*"}, 200, 403),
# Verify public access when the policy contains multiple resources
({"resource": ["arn:aws:s3:::other", "arn:aws:s3:::mybucket/*"]}, 200, 200),
# Deny all access, for any resource
({"effect": "Deny"}, 403, 403),
# We don't explicitly deny authenticated access
# We'll deny an unrelated resource, but that should not affect anyone
# It should block unauthorized users, as there is no explicit allow
({"resource": "arn:aws:s3:::notmybucket/*", "effect": "Deny"}, 200, 403),
],
)
def test_block_or_allow_get_object(self, kwargs, status):
def test_block_or_allow_get_object(self, kwargs, boto3_status, unauthorized_status):
self._put_policy(**kwargs)

if status == 200:
if boto3_status == 200:
self.client.get_object(Bucket="mybucket", Key="test_txt")
else:
with pytest.raises(ClientError):
self.client.get_object(Bucket="mybucket", Key="test_txt")

assert requests.get(self.key_name).status_code == status
assert requests.get(self.key_name).status_code == unauthorized_status

def test_block_put_object(self):
# Block Put-access
Expand Down

0 comments on commit b7cedf6

Please sign in to comment.