From 74b4452c8ba3b5f885ecea5f8a87e4fe9917ccba Mon Sep 17 00:00:00 2001 From: Bert Blommers Date: Fri, 15 Sep 2023 17:56:03 +0000 Subject: [PATCH] Prep release 4.2.3 (#6814) --- CHANGELOG.md | 43 +++++++++++++++ IMPLEMENTATION_COVERAGE.md | 4 +- docs/docs/services/elasticbeanstalk.rst | 2 +- docs/docs/services/kms.rst | 10 ++-- docs/docs/services/robomaker.rst | 2 - tests/test_elbv2/test_elbv2_target_groups.py | 16 +++++- tests/test_s3/test_s3_bucket_policy.py | 57 +++++++------------- 7 files changed, 85 insertions(+), 49 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7510c4272135..27d821f5dcd0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,49 @@ Moto Changelog ============== +4.2.3 +----- +Docker Digest for 4.2.3: + + New Services: + * RoboMaker: + * create_robot_application() + * delete_robot_application() + * describe_robot_application() + * list_robot_applications() + + New Methods: + * ElasticBeanstalk: + * delete_application() + + * Events: + * create_partner_event_source() + * delete_partner_event_source() + * describe_event_source() + * describe_partner_event_source() + * put_partner_events() + + Miscellaneous: + * Core: The mocked ACCESS_KEY has been changed from `foobar_key` to `FOOBARKEY`, to align with AWS guidelines + * Core: set_initial_no_auth_action_count() now supports SSM actions + * Core: Fixed a memory leak when comparing requests (introduced in 4.1.13) + * Athena: get_query_execution() now returns a StatementType dependent on the provided query + * DynamoDB: query() now throws an exception when the KeyConditionExpression contains a literal value + * EBS: put_snapshot_block() now supports random bytes + * EC2: describe_transit_gateways() now supports filtering by tags + * ELBv2: describe_target_groups() now throws an exception for invalid input parameters + * ELBv2: describe_target_groups() now sorts the result before returning it + * ELBv2: create_target_group() now has improved validation and default values + * ELBv2: create_rule() now creates links between the TargetGroups and LoadBalancers + * Events: put_events() now support HTTP targets + * IAM policy validation now takes the provided Resource-argument into account when validating access to STS-resources + * IAM: get_role() now returns the LastUsed-parameter, provided the role was assumed and used + * KMS: sign/verify now uses the original message when signing, not the base64-version + * Lambda: invoke() now loads any Layers provided in the create_function() + * S3: put_bucket_logging() now supports bucket policies (as well as ACP's) + * S3: Range requests are now more permissive (following AWS' behaviour) + * SFN: list_executions() now returns the StopDate-attribute + 4.2.2 ------ Docker Digest for 4.2.2: diff --git a/IMPLEMENTATION_COVERAGE.md b/IMPLEMENTATION_COVERAGE.md index c53bfa33e8e4..3fbb8996692c 100644 --- a/IMPLEMENTATION_COVERAGE.md +++ b/IMPLEMENTATION_COVERAGE.md @@ -2763,7 +2763,7 @@ ## elasticbeanstalk
-12% implemented +14% implemented - [ ] abort_environment_update - [ ] apply_environment_managed_action @@ -2776,7 +2776,7 @@ - [X] create_environment - [ ] create_platform_version - [ ] create_storage_location -- [ ] delete_application +- [X] delete_application - [ ] delete_application_version - [ ] delete_configuration_template - [ ] delete_environment_configuration diff --git a/docs/docs/services/elasticbeanstalk.rst b/docs/docs/services/elasticbeanstalk.rst index 45efbb3136c8..93e54cdafa17 100644 --- a/docs/docs/services/elasticbeanstalk.rst +++ b/docs/docs/services/elasticbeanstalk.rst @@ -36,7 +36,7 @@ elasticbeanstalk - [X] create_environment - [ ] create_platform_version - [ ] create_storage_location -- [x] delete_application +- [X] delete_application - [ ] delete_application_version - [ ] delete_configuration_template - [ ] delete_environment_configuration diff --git a/docs/docs/services/kms.rst b/docs/docs/services/kms.rst index 6017b6003fc9..b6ce534a5d96 100644 --- a/docs/docs/services/kms.rst +++ b/docs/docs/services/kms.rst @@ -78,9 +78,8 @@ kms - [X] revoke_grant - [X] schedule_key_deletion - [X] sign - Sign message using generated private key. - - - signing_algorithm is ignored and hardcoded to RSASSA_PSS_SHA_256 + + Sign message using generated private key. - grant_tokens are not implemented @@ -92,9 +91,8 @@ kms - [X] update_key_description - [ ] update_primary_region - [X] verify - Verify message using public key from generated private key. - - - signing_algorithm is ignored and hardcoded to RSASSA_PSS_SHA_256 + + Verify message using public key from generated private key. - grant_tokens are not implemented diff --git a/docs/docs/services/robomaker.rst b/docs/docs/services/robomaker.rst index 70df308995b2..33c099ab396a 100644 --- a/docs/docs/services/robomaker.rst +++ b/docs/docs/services/robomaker.rst @@ -12,8 +12,6 @@ robomaker ========= -.. autoclass:: moto.robomaker.models.RoboMakerBackend - |start-h3| Example usage |end-h3| .. sourcecode:: python diff --git a/tests/test_elbv2/test_elbv2_target_groups.py b/tests/test_elbv2/test_elbv2_target_groups.py index 1370cb8fe5fc..315a3f57a40d 100644 --- a/tests/test_elbv2/test_elbv2_target_groups.py +++ b/tests/test_elbv2/test_elbv2_target_groups.py @@ -375,6 +375,7 @@ def test_target_group_attributes(): # check if Names filter works response = conn.describe_target_groups(Names=[]) + assert len(response["TargetGroups"]) == 1 response = conn.describe_target_groups(Names=["a-target"]) assert len(response["TargetGroups"]) == 1 target_group_arn = target_group["TargetGroupArn"] @@ -466,7 +467,6 @@ def test_describe_target_groups(): response, vpc, _, _, _, conn = create_load_balancer() lb_arn = response["LoadBalancers"][0]["LoadBalancerArn"] - assert "LoadBalancerArn" in response["LoadBalancers"][0] groups = conn.describe_target_groups()["TargetGroups"] assert len(groups) == 0 @@ -564,6 +564,20 @@ def test_describe_target_groups(): assert groups[1]["TargetGroupName"] == "d-target" +@mock_elbv2 +@mock_ec2 +def test_describe_target_groups_with_empty_load_balancer(): + response, _, _, _, _, conn = create_load_balancer() + + lb_arn = response["LoadBalancers"][0]["LoadBalancerArn"] + + with pytest.raises(ClientError) as exc: + conn.describe_target_groups(LoadBalancerArn=lb_arn) + err = exc.value.response["Error"] + assert err["Code"] == "TargetGroupNotFound" + assert err["Message"] == "One or more target groups not found" + + @mock_elbv2 @mock_ec2 def test_modify_target_group(): diff --git a/tests/test_s3/test_s3_bucket_policy.py b/tests/test_s3/test_s3_bucket_policy.py index 8a910c61c1d1..7a100fcf40e2 100644 --- a/tests/test_s3/test_s3_bucket_policy.py +++ b/tests/test_s3/test_s3_bucket_policy.py @@ -34,54 +34,37 @@ def teardown_method(self) -> None: def teardown_class(cls): cls.server.stop() - xfail_reason = "S3 logic for resource-based policy is not yet correctly implemented, see https://github.com/getmoto/moto/pull/6799#issuecomment-1712799688" - @pytest.mark.parametrize( - "kwargs,status", + "kwargs,boto3_status,unauthorized_status", [ - ({}, 200), - ({"resource": "arn:aws:s3:::mybucket/test_txt"}, 200), - pytest.param( - {"resource": "arn:aws:s3:::notmybucket/*"}, - 403, - marks=pytest.mark.xfail(reason=xfail_reason), - ), - pytest.param( - {"resource": "arn:aws:s3:::mybucket/other*"}, - 403, - marks=pytest.mark.xfail(reason=xfail_reason), - ), - ({"resource": ["arn:aws:s3:::mybucket", "arn:aws:s3:::mybucket/*"]}, 200), - pytest.param( - { - "resource": [ - "arn:aws:s3:::notmybucket", - "arn:aws:s3:::notmybucket/*", - ] - }, - 403, - marks=pytest.mark.xfail(reason=xfail_reason), - ), - pytest.param( - {"resource": ["arn:aws:s3:::mybucket", "arn:aws:s3:::notmybucket/*"]}, - 403, - marks=pytest.mark.xfail(reason=xfail_reason), - ), - pytest.param( - {"effect": "Deny"}, 403, marks=pytest.mark.xfail(reason=xfail_reason) - ), + # The default policy is to allow access to 'mybucket/*' + ({}, 200, 200), + # We'll also allow access to the specific key + ({"resource": "arn:aws:s3:::mybucket/test_txt"}, 200, 200), + # We're allowing authorized access to an unrelated bucket + # Accessing our key is allowed for authenticated users, as there is no explicit deny + # It should block unauthenticated (public) users, as there is no explicit allow + ({"resource": "arn:aws:s3:::notmybucket/*"}, 200, 403), + # Verify public access when the policy contains multiple resources + ({"resource": ["arn:aws:s3:::other", "arn:aws:s3:::mybucket/*"]}, 200, 200), + # Deny all access, for any resource + ({"effect": "Deny"}, 403, 403), + # We don't explicitly deny authenticated access + # We'll deny an unrelated resource, but that should not affect anyone + # It should block unauthorized users, as there is no explicit allow + ({"resource": "arn:aws:s3:::notmybucket/*", "effect": "Deny"}, 200, 403), ], ) - def test_block_or_allow_get_object(self, kwargs, status): + def test_block_or_allow_get_object(self, kwargs, boto3_status, unauthorized_status): self._put_policy(**kwargs) - if status == 200: + if boto3_status == 200: self.client.get_object(Bucket="mybucket", Key="test_txt") else: with pytest.raises(ClientError): self.client.get_object(Bucket="mybucket", Key="test_txt") - assert requests.get(self.key_name).status_code == status + assert requests.get(self.key_name).status_code == unauthorized_status def test_block_put_object(self): # Block Put-access