def test_route53resolver_bad_update_resolver_endpoint(): """Test update_resolver_endpoint API calls with a bad ID.""" client = boto3.client("route53resolver", region_name=TEST_REGION) random_num = get_random_hex(10) random_name = "Z" + get_random_hex(10) # Use a resolver endpoint id that is too long. long_id = "0123456789" * 6 + "xxxxx" with pytest.raises(ClientError) as exc: client.update_resolver_endpoint(ResolverEndpointId=long_id, Name=random_name) err = exc.value.response["Error"] assert err["Code"] == "ValidationException" assert "1 validation error detected" in err["Message"] assert (f"Value '{long_id}' at 'resolverEndpointId' failed to satisfy " f"constraint: Member must have length less than or equal to 64" ) in err["Message"] # Delete a non-existent resolver endpoint. with pytest.raises(ClientError) as exc: client.update_resolver_endpoint(ResolverEndpointId=random_num, Name=random_name) err = exc.value.response["Error"] assert err["Code"] == "ResourceNotFoundException" assert f"Resolver endpoint with ID '{random_num}' does not exist" in err[ "Message"]
def test_route53resolver_bad_list_resolver_endpoint_ip_addresses(): """Test bad list_resolver_endpoint_ip_addresses API calls.""" client = boto3.client("route53resolver", region_name=TEST_REGION) ec2_client = boto3.client("ec2", region_name=TEST_REGION) # Bad endpoint id. with pytest.raises(ClientError) as exc: client.list_resolver_endpoint_ip_addresses(ResolverEndpointId="foo") err = exc.value.response["Error"] assert err["Code"] == "ResourceNotFoundException" assert "Resolver endpoint with ID 'foo' does not exist" in err["Message"] # Good endpoint id, but bad max_results. random_num = get_random_hex(10) response = create_test_endpoint(client, ec2_client, name=f"A-{random_num}") with pytest.raises(ClientError) as exc: client.list_resolver_endpoint_ip_addresses( ResolverEndpointId=response["Id"], MaxResults=250 ) err = exc.value.response["Error"] assert err["Code"] == "ValidationException" assert "1 validation error detected" in err["Message"] assert ( "Value '250' at 'maxResults' failed to satisfy constraint: Member " "must have length less than or equal to 100" ) in err["Message"]
def create_test_rule(client, name=None, tags=None): """Create an rule that can be used for testing purposes. Can't be used for unit tests that need to know/test the arguments. """ if not tags: tags = [] random_num = get_random_hex(10) resolver_rule = client.create_resolver_rule( CreatorRequestId=random_num, Name=name if name else "X" + random_num, RuleType="FORWARD", DomainName=f"X{random_num}.com", TargetIps=[ { "Ip": "10.0.1.200", "Port": 123 }, { "Ip": "10.0.0.20", "Port": 456 }, ], # ResolverEndpointId=random_num -- will test this separately Tags=tags, ) return resolver_rule["ResolverRule"]
def create_from_cloudformation_json( cls, resource_name, cloudformation_json, region_name ): properties = cloudformation_json["Properties"] group_name = resource_name.lower() + get_random_hex(12) description = properties["GroupDescription"] security_group_ingress_rules = properties.get("DBSecurityGroupIngress", []) tags = properties.get("Tags") ec2_backend = ec2_backends[region_name] rds_backend = rds_backends[region_name] security_group = rds_backend.create_security_group( group_name, description, tags ) for security_group_ingress in security_group_ingress_rules: for ingress_type, ingress_value in security_group_ingress.items(): if ingress_type == "CIDRIP": security_group.authorize_cidr(ingress_value) elif ingress_type == "EC2SecurityGroupName": subnet = ec2_backend.get_security_group_from_name(ingress_value) security_group.authorize_security_group(subnet) elif ingress_type == "EC2SecurityGroupId": subnet = ec2_backend.get_security_group_from_id(ingress_value) security_group.authorize_security_group(subnet) return security_group
def test_route53resolver_bad_get_resolver_rule_association(): """Test get_resolver_rule_association API calls with a bad ID.""" client = boto3.client("route53resolver", region_name=TEST_REGION) random_num = get_random_hex(10) # Use a resolver rule association id that is too long. long_id = "0123456789" * 6 + "xxxxx" with pytest.raises(ClientError) as exc: client.get_resolver_rule_association(ResolverRuleAssociationId=long_id) err = exc.value.response["Error"] assert err["Code"] == "ValidationException" assert "1 validation error detected" in err["Message"] assert ( f"Value '{long_id}' at 'resolverRuleAssociationId' failed to satisfy " f"constraint: Member must have length less than or equal to 64" ) in err["Message"] # Get a non-existent resolver rule association. with pytest.raises(ClientError) as exc: client.get_resolver_rule_association( ResolverRuleAssociationId=random_num) err = exc.value.response["Error"] assert err["Code"] == "ResourceNotFoundException" assert f"ResolverRuleAssociation '{random_num}' does not Exist" in err[ "Message"]
def create_from_cloudformation_json(cls, resource_name, cloudformation_json, region_name): properties = cloudformation_json['Properties'] group_name = resource_name.lower() + get_random_hex(12) description = properties['GroupDescription'] security_group_ingress_rules = properties.get('DBSecurityGroupIngress', []) tags = properties.get('Tags') ec2_backend = ec2_backends[region_name] rds_backend = rds_backends[region_name] security_group = rds_backend.create_security_group( group_name, description, tags, ) for security_group_ingress in security_group_ingress_rules: for ingress_type, ingress_value in security_group_ingress.items(): if ingress_type == "CIDRIP": security_group.authorize_cidr(ingress_value) elif ingress_type == "EC2SecurityGroupName": subnet = ec2_backend.get_security_group_from_name(ingress_value) security_group.authorize_security_group(subnet) elif ingress_type == "EC2SecurityGroupId": subnet = ec2_backend.get_security_group_from_id(ingress_value) security_group.authorize_security_group(subnet) return security_group
def __init__( self, region_name, client_token, file_system_id, name, posix_user, root_directory, context, ): self.access_point_id = get_random_hex(8) self.access_point_arn = "arn:aws:elasticfilesystem:{region}:{user_id}:access-point/fsap-{file_system_id}".format( region=region_name, user_id=get_account_id(), file_system_id=self.access_point_id, ) self.client_token = client_token self.file_system_id = file_system_id self.name = name self.posix_user = posix_user if not root_directory: root_directory = {"Path": "/"} self.root_directory = root_directory self.context = context
def test_associate_resolver_endpoint_ip_address(): client = boto3.client("route53resolver", region_name=TEST_REGION) ec2_client = boto3.client("ec2", region_name=TEST_REGION) # create subnet vpc_id = create_vpc(ec2_client) subnet = ec2_client.create_subnet( VpcId=vpc_id, CidrBlock="10.0.2.0/24", AvailabilityZone=f"{TEST_REGION}a" )["Subnet"] # create resolver random_num = get_random_hex(10) resolver = create_test_endpoint(client, ec2_client, name=f"A-{random_num}") resolver.should.have.key("IpAddressCount").equals(2) # associate resp = client.associate_resolver_endpoint_ip_address( IpAddress={"Ip": "10.0.2.126", "SubnetId": subnet["SubnetId"]}, ResolverEndpointId=resolver["Id"], )["ResolverEndpoint"] resp.should.have.key("Id").equals(resolver["Id"]) resp.should.have.key("IpAddressCount").equals(3) resp.should.have.key("SecurityGroupIds").should.have.length_of(1) # verify ENI was created enis = ec2_client.describe_network_interfaces()["NetworkInterfaces"] ip_addresses = [eni["PrivateIpAddress"] for eni in enis] ip_addresses.should.contain("10.0.2.126")
def __init__( self, region, name, description, node_type, replication_factor, iam_role_arn, sse_specification, ): # Configure ManagedState super().__init__( model_name="dax::cluster", transitions=[("creating", "available"), ("deleting", "deleted")], ) # Set internal properties self.name = name self.description = description self.arn = f"arn:aws:dax:{region}:{get_account_id()}:cache/{self.name}" self.node_type = node_type self.replication_factor = replication_factor self.cluster_hex = get_random_hex(6) self.endpoint = DaxEndpoint( name=name, cluster_hex=self.cluster_hex, region=region ) self.nodes = [self._create_new_node(i) for i in range(0, replication_factor)] self.preferred_maintenance_window = "thu:23:30-fri:00:30" self.subnet_group = "default" self.iam_role_arn = iam_role_arn self.parameter_group = DaxParameterGroup() self.security_groups = [ {"SecurityGroupIdentifier": f"sg-{get_random_hex(10)}", "Status": "active"} ] self.sse_specification = sse_specification
def test_disassociate_resolver_endpoint_ip_address__using_ip(): client = boto3.client("route53resolver", region_name=TEST_REGION) ec2_client = boto3.client("ec2", region_name=TEST_REGION) # create subnet vpc_id = create_vpc(ec2_client) subnet_id = ec2_client.create_subnet( VpcId=vpc_id, CidrBlock="10.0.2.0/24", AvailabilityZone=f"{TEST_REGION}a" )["Subnet"]["SubnetId"] # create resolver random_num = get_random_hex(10) resolver = create_test_endpoint(client, ec2_client, name=f"A-{random_num}") # associate client.associate_resolver_endpoint_ip_address( IpAddress={"Ip": "10.0.2.126", "SubnetId": subnet_id}, ResolverEndpointId=resolver["Id"], ) enis_before = ec2_client.describe_network_interfaces()["NetworkInterfaces"] # disassociate client.disassociate_resolver_endpoint_ip_address( ResolverEndpointId=resolver["Id"], IpAddress={"SubnetId": subnet_id, "Ip": "10.0.2.126"}, ) # One ENI was deleted enis_after = ec2_client.describe_network_interfaces()["NetworkInterfaces"] (len(enis_after) + 1).should.equal(len(enis_before))
def test_route53resolver_invalid_associate_resolver_rule_args(): """Test invalid arguments to the associate_resolver_rule API.""" client = boto3.client("route53resolver", region_name=TEST_REGION) random_num = get_random_hex(10) # Verify ValidationException error messages are accumulated properly: # - resolver rule ID that exceeds the allowed length of 64. # - name that exceeds the allowed length of 64. # - vpc_id that exceeds the allowed length of 64. long_id = random_num * 7 long_name = random_num * 6 + "abcde" long_vpc_id = random_num * 6 + "fghij" with pytest.raises(ClientError) as exc: client.associate_resolver_rule( ResolverRuleId=long_id, Name=long_name, VPCId=long_vpc_id ) err = exc.value.response["Error"] assert err["Code"] == "ValidationException" assert "3 validation errors detected" in err["Message"] assert ( f"Value '{long_id}' at 'resolverRuleId' failed to satisfy " f"constraint: Member must have length less than or equal to 64" ) in err["Message"] assert ( f"Value '{long_name}' at 'name' failed to satisfy constraint: " f"Member must have length less than or equal to 64" ) in err["Message"] assert ( f"Value '{long_vpc_id}' at 'vPCId' failed to satisfy " f"constraint: Member must have length less than or equal to 64" ) in err["Message"]
def test_disassociate_resolver_endpoint_ip_address__using_subnet_alone(): client = boto3.client("route53resolver", region_name=TEST_REGION) ec2_client = boto3.client("ec2", region_name=TEST_REGION) # create subnet vpc_id = create_vpc(ec2_client) subnet_id = ec2_client.create_subnet( VpcId=vpc_id, CidrBlock="10.0.2.0/24", AvailabilityZone=f"{TEST_REGION}a" )["Subnet"]["SubnetId"] # create resolver random_num = get_random_hex(10) resolver = create_test_endpoint(client, ec2_client, name=f"A-{random_num}") # associate client.associate_resolver_endpoint_ip_address( IpAddress={"Ip": "10.0.2.126", "SubnetId": subnet_id}, ResolverEndpointId=resolver["Id"], ) # disassociate without specifying IP with pytest.raises(ClientError) as exc: client.disassociate_resolver_endpoint_ip_address( ResolverEndpointId=resolver["Id"], IpAddress={"SubnetId": subnet_id} ) err = exc.value.response["Error"] err["Code"].should.equal("InvalidRequestException") err["Message"].should.equal( "[RSLVR-00503] Need to specify either the IP ID or both subnet and IP address in order to remove IP address." )
def test_disassociate_resolver_endpoint_ip_address__using_ipid_and_subnet(): client = boto3.client("route53resolver", region_name=TEST_REGION) ec2_client = boto3.client("ec2", region_name=TEST_REGION) # create subnet vpc_id = create_vpc(ec2_client) subnet_id = ec2_client.create_subnet( VpcId=vpc_id, CidrBlock="10.0.2.0/24", AvailabilityZone=f"{TEST_REGION}a" )["Subnet"]["SubnetId"] # create resolver random_num = get_random_hex(10) resolver = create_test_endpoint(client, ec2_client, name=f"A-{random_num}") # associate client.associate_resolver_endpoint_ip_address( IpAddress={"Ip": "10.0.2.126", "SubnetId": subnet_id}, ResolverEndpointId=resolver["Id"], ) ip_addresses = client.list_resolver_endpoint_ip_addresses( ResolverEndpointId=resolver["Id"] )["IpAddresses"] ip_id = [ip["IpId"] for ip in ip_addresses if ip["Ip"] == "10.0.2.126"][0] # disassociate resp = client.disassociate_resolver_endpoint_ip_address( ResolverEndpointId=resolver["Id"], IpAddress={"SubnetId": subnet_id, "IpId": ip_id}, )["ResolverEndpoint"] resp.should.have.key("IpAddressCount").equals(2)
def __init__( self, region, name, description, node_type, replication_factor, iam_role_arn, sse_specification, ): self.name = name self.description = description self.arn = f"arn:aws:dax:{region}:{ACCOUNT_ID}:cache/{self.name}" self.node_type = node_type self.replication_factor = replication_factor self.status = "creating" self.cluster_hex = get_random_hex(6) self.endpoint = DaxEndpoint( name=name, cluster_hex=self.cluster_hex, region=region ) self.nodes = [self._create_new_node(i) for i in range(0, replication_factor)] self.preferred_maintenance_window = "thu:23:30-fri:00:30" self.subnet_group = "default" self.iam_role_arn = iam_role_arn self.parameter_group = DaxParameterGroup() self.security_groups = [ {"SecurityGroupIdentifier": f"sg-{get_random_hex(10)}", "Status": "active"} ] self.sse_specification = sse_specification # Internal counter to keep track of when this cluster is available/deleted # Used in conjunction with `advance()` self._tick = 0
def create_test_endpoint(client, ec2_client, name=None, tags=None): """Create an endpoint that can be used for testing purposes. Can't be used for unit tests that need to know/test the arguments. """ if not tags: tags = [] random_num = get_random_hex(10) subnet_ids = create_subnets(ec2_client, create_vpc(ec2_client)) resolver_endpoint = client.create_resolver_endpoint( CreatorRequestId=random_num, Name=name if name else "X" + random_num, SecurityGroupIds=[create_security_group(ec2_client)], Direction="INBOUND", IpAddresses=[ { "SubnetId": subnet_ids[0], "Ip": "10.0.1.200" }, { "SubnetId": subnet_ids[1], "Ip": "10.0.0.20" }, ], Tags=tags, ) return resolver_endpoint["ResolverEndpoint"]
def test_route53resolver_update_resolver_endpoint(): """Test good update_resolver_endpoint API calls.""" client = boto3.client("route53resolver", region_name=TEST_REGION) ec2_client = boto3.client("ec2", region_name=TEST_REGION) created_endpoint = create_test_endpoint(client, ec2_client) # Now update the resolver endpoint name and verify the response. new_name = "NewName" + get_random_hex(6) response = client.update_resolver_endpoint( ResolverEndpointId=created_endpoint["Id"], Name=new_name, ) endpoint = response["ResolverEndpoint"] assert endpoint["CreatorRequestId"] == created_endpoint["CreatorRequestId"] assert endpoint["Id"] == created_endpoint["Id"] assert endpoint["Arn"] == created_endpoint["Arn"] assert endpoint["Name"] == new_name assert endpoint["SecurityGroupIds"] == created_endpoint["SecurityGroupIds"] assert endpoint["Direction"] == created_endpoint["Direction"] assert endpoint["IpAddressCount"] == created_endpoint["IpAddressCount"] assert endpoint["HostVPCId"] == created_endpoint["HostVPCId"] assert endpoint["Status"] == created_endpoint["Status"] assert endpoint["StatusMessage"] == created_endpoint["StatusMessage"] assert endpoint["CreationTime"] == created_endpoint["CreationTime"] assert endpoint["ModificationTime"] != created_endpoint["ModificationTime"]
def __init__( self, region_name, device_name, stream_name, media_type, kms_key_id, data_retention_in_hours, tags, ): self.region_name = region_name self.stream_name = stream_name self.device_name = device_name self.media_type = media_type self.kms_key_id = kms_key_id self.data_retention_in_hours = data_retention_in_hours self.tags = tags self.status = "ACTIVE" self.version = self._get_random_string() self.creation_time = datetime.utcnow() stream_arn = "arn:aws:kinesisvideo:{}:{}:stream/{}/1598784211076".format( self.region_name, get_account_id(), self.stream_name ) self.data_endpoint_number = get_random_hex() self.arn = stream_arn
def create_hosted_zone(self, name, private_zone, comment=None): new_id = get_random_hex() new_zone = FakeZone(name, new_id, private_zone=private_zone, comment=comment) self.zones[new_id] = new_zone return new_zone
def __init__( self, key_id, name, grantee_principal, operations, constraints, retiring_principal, ): self.key_id = key_id self.name = name self.grantee_principal = grantee_principal self.retiring_principal = retiring_principal self.operations = operations self.constraints = constraints self.id = get_random_hex() self.token = get_random_hex()
def test_route53resolver_bad_disassociate_resolver_rule(): """Test disassociate_resolver_rule API calls with a bad ID.""" client = boto3.client("route53resolver", region_name=TEST_REGION) ec2_client = boto3.client("ec2", region_name=TEST_REGION) random_num = get_random_hex(10) # Use a resolver rule id and vpc id that is too long. long_id = "0123456789" * 6 + "xxxxx" long_vpc_id = random_num * 6 + "12345" with pytest.raises(ClientError) as exc: client.disassociate_resolver_rule(ResolverRuleId=long_id, VPCId=long_vpc_id) err = exc.value.response["Error"] assert err["Code"] == "ValidationException" assert "2 validation errors detected" in err["Message"] assert ( f"Value '{long_id}' at 'resolverRuleId' failed to satisfy " f"constraint: Member must have length less than or equal to 64" ) in err["Message"] assert ( f"Value '{long_vpc_id}' at 'vPCId' failed to satisfy " f"constraint: Member must have length less than or equal to 64" ) in err["Message"] # Create a test association. test_association = create_test_rule_association(client, ec2_client) test_rule_id = test_association["ResolverRuleId"] test_vpc_id = test_association["VPCId"] # Disassociate from a non-existent resolver rule id. with pytest.raises(ClientError) as exc: client.disassociate_resolver_rule(ResolverRuleId=random_num, VPCId=test_vpc_id) err = exc.value.response["Error"] assert err["Code"] == "ResourceNotFoundException" assert f"Resolver rule with ID '{random_num}' does not exist" in err["Message"] # Disassociate using a non-existent vpc id. with pytest.raises(ClientError) as exc: client.disassociate_resolver_rule(ResolverRuleId=test_rule_id, VPCId=random_num) err = exc.value.response["Error"] assert err["Code"] == "ResourceNotFoundException" assert ( f"Resolver Rule Association between Resolver Rule " f"'{test_rule_id}' and VPC '{random_num}' does not exist" ) in err["Message"] # Disassociate successfully, then test that it's not possible to # disassociate again. client.disassociate_resolver_rule(ResolverRuleId=test_rule_id, VPCId=test_vpc_id) with pytest.raises(ClientError) as exc: client.disassociate_resolver_rule( ResolverRuleId=test_rule_id, VPCId=test_vpc_id ) err = exc.value.response["Error"] assert err["Code"] == "ResourceNotFoundException" assert ( f"Resolver Rule Association between Resolver Rule " f"'{test_rule_id}' and VPC '{test_vpc_id}' does not exist" ) in err["Message"]
def test_route53resolver_bad_create_endpoint_security_groups(): """Test bad security group scenarios for create_resolver_endpoint API.""" client = boto3.client("route53resolver", region_name=TEST_REGION) ec2_client = boto3.client("ec2", region_name=TEST_REGION) random_num = get_random_hex(10) subnet_ids = create_subnets(ec2_client, create_vpc(ec2_client)) ip_addrs = [ { "SubnetId": subnet_ids[0], "Ip": "10.0.1.200" }, { "SubnetId": subnet_ids[1], "Ip": "10.0.0.20" }, ] # Subnet must begin with "sg-". with pytest.raises(ClientError) as exc: client.create_resolver_endpoint( CreatorRequestId=random_num, Name="X" + random_num, SecurityGroupIds=["foo"], Direction="INBOUND", IpAddresses=ip_addrs, ) err = exc.value.response["Error"] assert err["Code"] == "InvalidParameterException" assert ( "Malformed security group ID: Invalid id: 'foo' (expecting 'sg-...')" ) in err["Message"] # Non-existent security group id. with pytest.raises(ClientError) as exc: client.create_resolver_endpoint( CreatorRequestId=random_num, Name="X" + random_num, SecurityGroupIds=["sg-abc"], Direction="INBOUND", IpAddresses=ip_addrs, ) err = exc.value.response["Error"] assert err["Code"] == "ResourceNotFoundException" assert "The security group 'sg-abc' does not exist" in err["Message"] # Too many security group ids. with pytest.raises(ClientError) as exc: client.create_resolver_endpoint( CreatorRequestId=random_num, Name="X" + random_num, SecurityGroupIds=["sg-abc"] * 11, Direction="INBOUND", IpAddresses=ip_addrs, ) err = exc.value.response["Error"] assert err["Code"] == "InvalidParameterException" assert "Maximum of 10 security groups are allowed" in err["Message"]
def test_route53resolver_other_create_resolver_endpoint_errors(): """Test other error scenarios for create_resolver_endpoint API calls.""" client = boto3.client("route53resolver", region_name=TEST_REGION) ec2_client = boto3.client("ec2", region_name=TEST_REGION) # Create a good endpoint that we can use to test. created_endpoint = create_test_endpoint(client, ec2_client) request_id = created_endpoint["CreatorRequestId"] # Attempt to create another endpoint with the same creator request id. vpc_id = create_vpc(ec2_client) subnet_ids = create_subnets(ec2_client, vpc_id) with pytest.raises(ClientError) as exc: client.create_resolver_endpoint( CreatorRequestId=created_endpoint["CreatorRequestId"], Name="X" + get_random_hex(10), SecurityGroupIds=created_endpoint["SecurityGroupIds"], Direction="INBOUND", IpAddresses=[ { "SubnetId": subnet_ids[0], "Ip": "10.0.1.200" }, { "SubnetId": subnet_ids[1], "Ip": "10.0.0.20" }, ], ) err = exc.value.response["Error"] assert err["Code"] == "ResourceExistsException" assert ( f"Resolver endpoint with creator request ID '{request_id}' already exists" ) in err["Message"] # Too many endpoints. random_num = get_random_hex(10) for idx in range(4): create_test_endpoint(client, ec2_client, name=f"A{idx}-{random_num}") with pytest.raises(ClientError) as exc: create_test_endpoint(client, ec2_client, name=f"A5-{random_num}") err = exc.value.response["Error"] assert err["Code"] == "LimitExceededException" assert f"Account '{ACCOUNT_ID}' has exceeded 'max-endpoints" in err[ "Message"]
def test_route53resolver_create_resolver_endpoint(): # pylint: disable=too-many-locals """Test good create_resolver_endpoint API calls.""" client = boto3.client("route53resolver", region_name=TEST_REGION) ec2_client = boto3.client("ec2", region_name=TEST_REGION) random_num = get_random_hex(10) vpc_id = create_vpc(ec2_client) subnet_ids = create_subnets(ec2_client, vpc_id) ip_addrs = [ { "SubnetId": subnet_ids[0], "Ip": "10.0.1.200" }, { "SubnetId": subnet_ids[1], "Ip": "10.0.0.20" }, ] security_group_id = create_security_group(ec2_client) creator_request_id = random_num name = "X" + random_num response = client.create_resolver_endpoint( CreatorRequestId=creator_request_id, Name=name, SecurityGroupIds=[security_group_id], Direction="INBOUND", IpAddresses=ip_addrs, ) endpoint = response["ResolverEndpoint"] id_value = endpoint["Id"] assert id_value.startswith("rslvr-in-") assert endpoint["CreatorRequestId"] == creator_request_id assert ( endpoint["Arn"] == f"arn:aws:route53resolver:{TEST_REGION}:{ACCOUNT_ID}:resolver-endpoint/{id_value}" ) assert endpoint["Name"] == name assert endpoint["SecurityGroupIds"] == [security_group_id] assert endpoint["Direction"] == "INBOUND" assert endpoint["IpAddressCount"] == 2 assert endpoint["HostVPCId"] == vpc_id assert endpoint["Status"] == "OPERATIONAL" assert "Successfully created Resolver Endpoint" in endpoint[ "StatusMessage"] time_format = "%Y-%m-%dT%H:%M:%S.%f+00:00" now = datetime.now(timezone.utc).replace(tzinfo=None) creation_time = datetime.strptime(endpoint["CreationTime"], time_format) creation_time = creation_time.replace(tzinfo=None) assert creation_time <= now modification_time = datetime.strptime(endpoint["ModificationTime"], time_format) modification_time = modification_time.replace(tzinfo=None) assert modification_time <= now
def test_route53resolver_list_resolver_endpoint_ip_addresses(): """Test good list_resolver_endpoint_ip_addresses API calls.""" client = boto3.client("route53resolver", region_name=TEST_REGION) ec2_client = boto3.client("ec2", region_name=TEST_REGION) random_num = get_random_hex(10) subnet_ids = create_subnets(ec2_client, create_vpc(ec2_client)) response = client.create_resolver_endpoint( CreatorRequestId="B" + random_num, Name="B" + random_num, SecurityGroupIds=[create_security_group(ec2_client)], Direction="INBOUND", IpAddresses=[ { "SubnetId": subnet_ids[0], "Ip": "10.0.1.200" }, { "SubnetId": subnet_ids[1], "Ip": "10.0.0.20" }, { "SubnetId": subnet_ids[0], "Ip": "10.0.1.201" }, ], ) endpoint_id = response["ResolverEndpoint"]["Id"] response = client.list_resolver_endpoint_ip_addresses( ResolverEndpointId=endpoint_id) assert len(response["IpAddresses"]) == 3 assert response["MaxResults"] == 10 # Set max_results to return 1 address, use next_token to get remaining. response = client.list_resolver_endpoint_ip_addresses( ResolverEndpointId=endpoint_id, MaxResults=1) ip_addresses = response["IpAddresses"] assert len(ip_addresses) == 1 assert response["MaxResults"] == 1 assert "NextToken" in response assert ip_addresses[0]["IpId"].startswith("rni-") assert ip_addresses[0]["SubnetId"] == subnet_ids[0] assert ip_addresses[0]["Ip"] == "10.0.1.200" assert ip_addresses[0]["Status"] == "ATTACHED" assert ip_addresses[0][ "StatusMessage"] == "This IP address is operational." assert "CreationTime" in ip_addresses[0] assert "ModificationTime" in ip_addresses[0] response = client.list_resolver_endpoint_ip_addresses( ResolverEndpointId=endpoint_id, NextToken=response["NextToken"]) assert len(response["IpAddresses"]) == 2 assert response["MaxResults"] == 10 assert "NextToken" not in response
def create_test_rule_association( client, ec2_client, resolver_rule_id=None, name=None, vpc_id=None ): """Create a Resolver Rule Association for testing purposes.""" if not resolver_rule_id: resolver_rule_id = create_test_rule(client)["Id"] name = name if name else "R" + get_random_hex(10) if not vpc_id: vpc_id = create_vpc(ec2_client) return client.associate_resolver_rule( ResolverRuleId=resolver_rule_id, Name=name, VPCId=vpc_id )["ResolverRuleAssociation"]
def test_route53resolver_create_resolver_rule(): # pylint: disable=too-many-locals """Test good create_resolver_rule API calls.""" client = boto3.client("route53resolver", region_name=TEST_REGION) ec2_client = boto3.client("ec2", region_name=TEST_REGION) random_num = get_random_hex(10) # Create a good endpoint that we can use to test. created_endpoint = create_test_endpoint(client, ec2_client) endpoint_id = created_endpoint["Id"] creator_request_id = random_num name = "X" + random_num domain_name = f"{random_num}.test" target_ips = [{"Ip": "1.2.3.4", "Port": 5}] response = client.create_resolver_rule( CreatorRequestId=creator_request_id, Name=name, RuleType="FORWARD", DomainName=domain_name, TargetIps=target_ips, ResolverEndpointId=endpoint_id, ) rule = response["ResolverRule"] id_value = rule["Id"] assert id_value.startswith("rslvr-rr-") assert rule["CreatorRequestId"] == creator_request_id assert ( rule["Arn"] == f"arn:aws:route53resolver:{TEST_REGION}:{ACCOUNT_ID}:resolver-rule/{id_value}" ) assert rule["DomainName"] == domain_name + "." assert rule["Status"] == "COMPLETE" assert "Successfully created Resolver Rule" in rule["StatusMessage"] assert rule["RuleType"] == "FORWARD" assert rule["Name"] == name assert len(rule["TargetIps"]) == 1 assert rule["TargetIps"][0]["Ip"] == target_ips[0]["Ip"] assert rule["TargetIps"][0]["Port"] == target_ips[0]["Port"] assert rule["ResolverEndpointId"] == endpoint_id assert rule["OwnerId"] == ACCOUNT_ID assert rule["ShareStatus"] == "SHARED_WITH_ME" time_format = "%Y-%m-%dT%H:%M:%S.%f+00:00" now = datetime.now(timezone.utc).replace(tzinfo=None) creation_time = datetime.strptime(rule["CreationTime"], time_format) creation_time = creation_time.replace(tzinfo=None) assert creation_time <= now modification_time = datetime.strptime(rule["ModificationTime"], time_format) modification_time = modification_time.replace(tzinfo=None) assert modification_time <= now
def test_route53resolver_bad_list_resolver_rules(): """Test bad list_resolver_rules API calls.""" client = boto3.client("route53resolver", region_name=TEST_REGION) # Bad max_results. random_num = get_random_hex(10) create_test_rule(client, name=f"A-{random_num}") with pytest.raises(ClientError) as exc: client.list_resolver_rules(MaxResults=250) err = exc.value.response["Error"] assert err["Code"] == "ValidationException" assert "1 validation error detected" in err["Message"] assert ("Value '250' at 'maxResults' failed to satisfy constraint: Member " "must have length less than or equal to 100") in err["Message"]
def create_from_cloudformation_json( cls, resource_name, cloudformation_json, region_name ): properties = cloudformation_json["Properties"] db_instance_identifier = properties.get("DBInstanceIdentifier") if not db_instance_identifier: db_instance_identifier = resource_name.lower() + get_random_hex(12) db_security_groups = properties.get("DBSecurityGroups") if not db_security_groups: db_security_groups = [] security_groups = [group.group_name for group in db_security_groups] db_subnet_group = properties.get("DBSubnetGroupName") db_subnet_group_name = db_subnet_group.subnet_name if db_subnet_group else None db_kwargs = { "auto_minor_version_upgrade": properties.get("AutoMinorVersionUpgrade"), "allocated_storage": properties.get("AllocatedStorage"), "availability_zone": properties.get("AvailabilityZone"), "backup_retention_period": properties.get("BackupRetentionPeriod"), "db_instance_class": properties.get("DBInstanceClass"), "db_instance_identifier": db_instance_identifier, "db_name": properties.get("DBName"), "db_subnet_group_name": db_subnet_group_name, "engine": properties.get("Engine"), "engine_version": properties.get("EngineVersion"), "iops": properties.get("Iops"), "kms_key_id": properties.get("KmsKeyId"), "master_password": properties.get("MasterUserPassword"), "master_username": properties.get("MasterUsername"), "multi_az": properties.get("MultiAZ"), "port": properties.get("Port", 3306), "publicly_accessible": properties.get("PubliclyAccessible"), "copy_tags_to_snapshot": properties.get("CopyTagsToSnapshot"), "region": region_name, "security_groups": security_groups, "storage_encrypted": properties.get("StorageEncrypted"), "storage_type": properties.get("StorageType"), "tags": properties.get("Tags"), } rds_backend = rds_backends[region_name] source_db_identifier = properties.get("SourceDBInstanceIdentifier") if source_db_identifier: # Replica db_kwargs["source_db_identifier"] = source_db_identifier database = rds_backend.create_database_replica(db_kwargs) else: database = rds_backend.create_database(db_kwargs) return database
def create_from_cloudformation_json(cls, resource_name, cloudformation_json, region_name): properties = cloudformation_json['Properties'] subnet_name = resource_name.lower() + get_random_hex(12) description = properties['DBSubnetGroupDescription'] subnet_ids = properties['SubnetIds'] ec2_backend = ec2_backends[region_name] subnets = [ec2_backend.get_subnet(subnet_id) for subnet_id in subnet_ids] rds_backend = rds_backends[region_name] subnet_group = rds_backend.create_subnet_group( subnet_name, description, subnets, ) return subnet_group
def test_ds_delete_directory(): """Test good and bad invocations of delete_directory().""" client = boto3.client("ds", region_name=TEST_REGION) # Delete a directory when there are none. random_directory_id = f"d-{get_random_hex(10)}" with pytest.raises(ClientError) as exc: client.delete_directory(DirectoryId=random_directory_id) err = exc.value.response["Error"] assert err["Code"] == "EntityDoesNotExistException" assert f"Directory {random_directory_id} does not exist" in err["Message"] # Delete an existing directory. ec2_client = boto3.client("ec2", region_name=TEST_REGION) directory_id = create_test_directory(client, ec2_client) result = client.delete_directory(DirectoryId=directory_id) assert result["DirectoryId"] == directory_id # Verify there are no dictionaries, network interfaces or associated # security groups. result = client.describe_directories() assert len(result["DirectoryDescriptions"]) == 0 result = ec2_client.describe_network_interfaces() assert len(result["NetworkInterfaces"]) == 0 result = ec2_client.describe_security_groups() for group in result["SecurityGroups"]: assert "directory controllers" not in group["Description"] # Attempt to delete a non-existent directory. nonexistent_id = f"d-{get_random_hex(10)}" with pytest.raises(ClientError) as exc: client.delete_directory(DirectoryId=nonexistent_id) err = exc.value.response["Error"] assert err["Code"] == "EntityDoesNotExistException" assert f"Directory {nonexistent_id} does not exist" in err["Message"] # Attempt to use an invalid directory ID. bad_id = get_random_hex(3) with pytest.raises(ClientError) as exc: client.delete_directory(DirectoryId=bad_id) err = exc.value.response["Error"] assert err["Code"] == "ValidationException" assert "1 validation error detected" in err["Message"] assert ( f"Value '{bad_id}' at 'directoryId' failed to satisfy constraint: " f"Member must satisfy regular expression pattern: ^d-[0-9a-f]{{10}}$" ) in err["Message"]
def create_from_cloudformation_json(cls, resource_name, cloudformation_json, region_name): properties = cloudformation_json['Properties'] db_instance_identifier = properties.get('DBInstanceIdentifier') if not db_instance_identifier: db_instance_identifier = resource_name.lower() + get_random_hex(12) db_security_groups = properties.get('DBSecurityGroups') if not db_security_groups: db_security_groups = [] security_groups = [group.group_name for group in db_security_groups] db_subnet_group = properties.get("DBSubnetGroupName") db_subnet_group_name = db_subnet_group.subnet_name if db_subnet_group else None db_kwargs = { "auto_minor_version_upgrade": properties.get('AutoMinorVersionUpgrade'), "allocated_storage": properties.get('AllocatedStorage'), "availability_zone": properties.get("AvailabilityZone"), "backup_retention_period": properties.get("BackupRetentionPeriod"), "db_instance_class": properties.get('DBInstanceClass'), "db_instance_identifier": db_instance_identifier, "db_name": properties.get("DBName"), "db_subnet_group_name": db_subnet_group_name, "engine": properties.get("Engine"), "engine_version": properties.get("EngineVersion"), "iops": properties.get("Iops"), "kms_key_id": properties.get("KmsKeyId"), "master_password": properties.get('MasterUserPassword'), "master_username": properties.get('MasterUsername'), "multi_az": properties.get("MultiAZ"), "port": properties.get('Port', 3306), "publicly_accessible": properties.get("PubliclyAccessible"), "copy_tags_to_snapshot": properties.get("CopyTagsToSnapshot"), "region": region_name, "security_groups": security_groups, "storage_encrypted": properties.get("StorageEncrypted"), "storage_type": properties.get("StorageType"), "tags": properties.get("Tags"), } rds_backend = rds_backends[region_name] source_db_identifier = properties.get("SourceDBInstanceIdentifier") if source_db_identifier: # Replica db_kwargs["source_db_identifier"] = source_db_identifier database = rds_backend.create_database_replica(db_kwargs) else: database = rds_backend.create_database(db_kwargs) return database
def create_from_cloudformation_json( cls, resource_name, cloudformation_json, region_name ): properties = cloudformation_json["Properties"] subnet_name = resource_name.lower() + get_random_hex(12) description = properties["DBSubnetGroupDescription"] subnet_ids = properties["SubnetIds"] tags = properties.get("Tags") ec2_backend = ec2_backends[region_name] subnets = [ec2_backend.get_subnet(subnet_id) for subnet_id in subnet_ids] rds_backend = rds_backends[region_name] subnet_group = rds_backend.create_subnet_group( subnet_name, description, subnets, tags ) return subnet_group
def test_route53resolver_associate_resolver_rule(): """Test good associate_resolver_rule API calls.""" client = boto3.client("route53resolver", region_name=TEST_REGION) ec2_client = boto3.client("ec2", region_name=TEST_REGION) resolver_rule_id = create_test_rule(client)["Id"] name = "X" + get_random_hex(10) vpc_id = create_vpc(ec2_client) rule_association = client.associate_resolver_rule( ResolverRuleId=resolver_rule_id, Name=name, VPCId=vpc_id )["ResolverRuleAssociation"] assert rule_association["Id"].startswith("rslvr-rrassoc-") assert rule_association["ResolverRuleId"] == resolver_rule_id assert rule_association["Name"] == name assert rule_association["VPCId"] == vpc_id assert rule_association["Status"] == "COMPLETE" assert "StatusMessage" in rule_association
def get_random_identity_id(region): return "{0}:{0}".format(region, get_random_hex(length=19))
def get_random_pipeline_id(): return "df-{0}".format(get_random_hex(length=19))
def create_hosted_zone(self, name): new_id = get_random_hex() new_zone = FakeZone(name, new_id) self.zones[new_id] = new_zone return new_zone