def test_route53resolver_bad_update_resolver_endpoint():
"""Test update_resolver_endpoint API calls with a bad ID."""
client = boto3.client("route53resolver", region_name=TEST_REGION)
random_num = get_random_hex(10)
random_name = "Z" + get_random_hex(10)
# Use a resolver endpoint id that is too long.
long_id = "0123456789" * 6 + "xxxxx"
with pytest.raises(ClientError) as exc:
client.update_resolver_endpoint(ResolverEndpointId=long_id,
Name=random_name)
err = exc.value.response["Error"]
assert err["Code"] == "ValidationException"
assert "1 validation error detected" in err["Message"]
assert (f"Value '{long_id}' at 'resolverEndpointId' failed to satisfy "
f"constraint: Member must have length less than or equal to 64"
) in err["Message"]
# Delete a non-existent resolver endpoint.
with pytest.raises(ClientError) as exc:
client.update_resolver_endpoint(ResolverEndpointId=random_num,
Name=random_name)
err = exc.value.response["Error"]
assert err["Code"] == "ResourceNotFoundException"
assert f"Resolver endpoint with ID '{random_num}' does not exist" in err[
"Message"]
def test_route53resolver_bad_list_resolver_endpoint_ip_addresses():
"""Test bad list_resolver_endpoint_ip_addresses API calls."""
client = boto3.client("route53resolver", region_name=TEST_REGION)
ec2_client = boto3.client("ec2", region_name=TEST_REGION)
# Bad endpoint id.
with pytest.raises(ClientError) as exc:
client.list_resolver_endpoint_ip_addresses(ResolverEndpointId="foo")
err = exc.value.response["Error"]
assert err["Code"] == "ResourceNotFoundException"
assert "Resolver endpoint with ID 'foo' does not exist" in err["Message"]
# Good endpoint id, but bad max_results.
random_num = get_random_hex(10)
response = create_test_endpoint(client, ec2_client, name=f"A-{random_num}")
with pytest.raises(ClientError) as exc:
client.list_resolver_endpoint_ip_addresses(
ResolverEndpointId=response["Id"], MaxResults=250
)
err = exc.value.response["Error"]
assert err["Code"] == "ValidationException"
assert "1 validation error detected" in err["Message"]
assert (
"Value '250' at 'maxResults' failed to satisfy constraint: Member "
"must have length less than or equal to 100"
) in err["Message"]
def create_test_rule(client, name=None, tags=None):
"""Create an rule that can be used for testing purposes.
Can't be used for unit tests that need to know/test the arguments.
"""
if not tags:
tags = []
random_num = get_random_hex(10)
resolver_rule = client.create_resolver_rule(
CreatorRequestId=random_num,
Name=name if name else "X" + random_num,
RuleType="FORWARD",
DomainName=f"X{random_num}.com",
TargetIps=[
{
"Ip": "10.0.1.200",
"Port": 123
},
{
"Ip": "10.0.0.20",
"Port": 456
},
],
# ResolverEndpointId=random_num -- will test this separately
Tags=tags,
)
return resolver_rule["ResolverRule"]
def create_from_cloudformation_json(
cls, resource_name, cloudformation_json, region_name
):
properties = cloudformation_json["Properties"]
group_name = resource_name.lower() + get_random_hex(12)
description = properties["GroupDescription"]
security_group_ingress_rules = properties.get("DBSecurityGroupIngress", [])
tags = properties.get("Tags")
ec2_backend = ec2_backends[region_name]
rds_backend = rds_backends[region_name]
security_group = rds_backend.create_security_group(
group_name, description, tags
)
for security_group_ingress in security_group_ingress_rules:
for ingress_type, ingress_value in security_group_ingress.items():
if ingress_type == "CIDRIP":
security_group.authorize_cidr(ingress_value)
elif ingress_type == "EC2SecurityGroupName":
subnet = ec2_backend.get_security_group_from_name(ingress_value)
security_group.authorize_security_group(subnet)
elif ingress_type == "EC2SecurityGroupId":
subnet = ec2_backend.get_security_group_from_id(ingress_value)
security_group.authorize_security_group(subnet)
return security_group
def test_route53resolver_bad_get_resolver_rule_association():
"""Test get_resolver_rule_association API calls with a bad ID."""
client = boto3.client("route53resolver", region_name=TEST_REGION)
random_num = get_random_hex(10)
# Use a resolver rule association id that is too long.
long_id = "0123456789" * 6 + "xxxxx"
with pytest.raises(ClientError) as exc:
client.get_resolver_rule_association(ResolverRuleAssociationId=long_id)
err = exc.value.response["Error"]
assert err["Code"] == "ValidationException"
assert "1 validation error detected" in err["Message"]
assert (
f"Value '{long_id}' at 'resolverRuleAssociationId' failed to satisfy "
f"constraint: Member must have length less than or equal to 64"
) in err["Message"]
# Get a non-existent resolver rule association.
with pytest.raises(ClientError) as exc:
client.get_resolver_rule_association(
ResolverRuleAssociationId=random_num)
err = exc.value.response["Error"]
assert err["Code"] == "ResourceNotFoundException"
assert f"ResolverRuleAssociation '{random_num}' does not Exist" in err[
"Message"]
def create_from_cloudformation_json(cls, resource_name, cloudformation_json, region_name):
properties = cloudformation_json['Properties']
group_name = resource_name.lower() + get_random_hex(12)
description = properties['GroupDescription']
security_group_ingress_rules = properties.get('DBSecurityGroupIngress', [])
tags = properties.get('Tags')
ec2_backend = ec2_backends[region_name]
rds_backend = rds_backends[region_name]
security_group = rds_backend.create_security_group(
group_name,
description,
tags,
)
for security_group_ingress in security_group_ingress_rules:
for ingress_type, ingress_value in security_group_ingress.items():
if ingress_type == "CIDRIP":
security_group.authorize_cidr(ingress_value)
elif ingress_type == "EC2SecurityGroupName":
subnet = ec2_backend.get_security_group_from_name(ingress_value)
security_group.authorize_security_group(subnet)
elif ingress_type == "EC2SecurityGroupId":
subnet = ec2_backend.get_security_group_from_id(ingress_value)
security_group.authorize_security_group(subnet)
return security_group
def __init__(
self,
region_name,
client_token,
file_system_id,
name,
posix_user,
root_directory,
context,
):
self.access_point_id = get_random_hex(8)
self.access_point_arn = "arn:aws:elasticfilesystem:{region}:{user_id}:access-point/fsap-{file_system_id}".format(
region=region_name,
user_id=get_account_id(),
file_system_id=self.access_point_id,
)
self.client_token = client_token
self.file_system_id = file_system_id
self.name = name
self.posix_user = posix_user
if not root_directory:
root_directory = {"Path": "/"}
self.root_directory = root_directory
self.context = context
def test_associate_resolver_endpoint_ip_address():
client = boto3.client("route53resolver", region_name=TEST_REGION)
ec2_client = boto3.client("ec2", region_name=TEST_REGION)
# create subnet
vpc_id = create_vpc(ec2_client)
subnet = ec2_client.create_subnet(
VpcId=vpc_id, CidrBlock="10.0.2.0/24", AvailabilityZone=f"{TEST_REGION}a"
)["Subnet"]
# create resolver
random_num = get_random_hex(10)
resolver = create_test_endpoint(client, ec2_client, name=f"A-{random_num}")
resolver.should.have.key("IpAddressCount").equals(2)
# associate
resp = client.associate_resolver_endpoint_ip_address(
IpAddress={"Ip": "10.0.2.126", "SubnetId": subnet["SubnetId"]},
ResolverEndpointId=resolver["Id"],
)["ResolverEndpoint"]
resp.should.have.key("Id").equals(resolver["Id"])
resp.should.have.key("IpAddressCount").equals(3)
resp.should.have.key("SecurityGroupIds").should.have.length_of(1)
# verify ENI was created
enis = ec2_client.describe_network_interfaces()["NetworkInterfaces"]
ip_addresses = [eni["PrivateIpAddress"] for eni in enis]
ip_addresses.should.contain("10.0.2.126")
def __init__(
self,
region,
name,
description,
node_type,
replication_factor,
iam_role_arn,
sse_specification,
):
# Configure ManagedState
super().__init__(
model_name="dax::cluster",
transitions=[("creating", "available"), ("deleting", "deleted")],
)
# Set internal properties
self.name = name
self.description = description
self.arn = f"arn:aws:dax:{region}:{get_account_id()}:cache/{self.name}"
self.node_type = node_type
self.replication_factor = replication_factor
self.cluster_hex = get_random_hex(6)
self.endpoint = DaxEndpoint(
name=name, cluster_hex=self.cluster_hex, region=region
)
self.nodes = [self._create_new_node(i) for i in range(0, replication_factor)]
self.preferred_maintenance_window = "thu:23:30-fri:00:30"
self.subnet_group = "default"
self.iam_role_arn = iam_role_arn
self.parameter_group = DaxParameterGroup()
self.security_groups = [
{"SecurityGroupIdentifier": f"sg-{get_random_hex(10)}", "Status": "active"}
]
self.sse_specification = sse_specification
def test_disassociate_resolver_endpoint_ip_address__using_ip():
client = boto3.client("route53resolver", region_name=TEST_REGION)
ec2_client = boto3.client("ec2", region_name=TEST_REGION)
# create subnet
vpc_id = create_vpc(ec2_client)
subnet_id = ec2_client.create_subnet(
VpcId=vpc_id, CidrBlock="10.0.2.0/24", AvailabilityZone=f"{TEST_REGION}a"
)["Subnet"]["SubnetId"]
# create resolver
random_num = get_random_hex(10)
resolver = create_test_endpoint(client, ec2_client, name=f"A-{random_num}")
# associate
client.associate_resolver_endpoint_ip_address(
IpAddress={"Ip": "10.0.2.126", "SubnetId": subnet_id},
ResolverEndpointId=resolver["Id"],
)
enis_before = ec2_client.describe_network_interfaces()["NetworkInterfaces"]
# disassociate
client.disassociate_resolver_endpoint_ip_address(
ResolverEndpointId=resolver["Id"],
IpAddress={"SubnetId": subnet_id, "Ip": "10.0.2.126"},
)
# One ENI was deleted
enis_after = ec2_client.describe_network_interfaces()["NetworkInterfaces"]
(len(enis_after) + 1).should.equal(len(enis_before))
def test_route53resolver_invalid_associate_resolver_rule_args():
"""Test invalid arguments to the associate_resolver_rule API."""
client = boto3.client("route53resolver", region_name=TEST_REGION)
random_num = get_random_hex(10)
# Verify ValidationException error messages are accumulated properly:
# - resolver rule ID that exceeds the allowed length of 64.
# - name that exceeds the allowed length of 64.
# - vpc_id that exceeds the allowed length of 64.
long_id = random_num * 7
long_name = random_num * 6 + "abcde"
long_vpc_id = random_num * 6 + "fghij"
with pytest.raises(ClientError) as exc:
client.associate_resolver_rule(
ResolverRuleId=long_id, Name=long_name, VPCId=long_vpc_id
)
err = exc.value.response["Error"]
assert err["Code"] == "ValidationException"
assert "3 validation errors detected" in err["Message"]
assert (
f"Value '{long_id}' at 'resolverRuleId' failed to satisfy "
f"constraint: Member must have length less than or equal to 64"
) in err["Message"]
assert (
f"Value '{long_name}' at 'name' failed to satisfy constraint: "
f"Member must have length less than or equal to 64"
) in err["Message"]
assert (
f"Value '{long_vpc_id}' at 'vPCId' failed to satisfy "
f"constraint: Member must have length less than or equal to 64"
) in err["Message"]
def test_disassociate_resolver_endpoint_ip_address__using_subnet_alone():
client = boto3.client("route53resolver", region_name=TEST_REGION)
ec2_client = boto3.client("ec2", region_name=TEST_REGION)
# create subnet
vpc_id = create_vpc(ec2_client)
subnet_id = ec2_client.create_subnet(
VpcId=vpc_id, CidrBlock="10.0.2.0/24", AvailabilityZone=f"{TEST_REGION}a"
)["Subnet"]["SubnetId"]
# create resolver
random_num = get_random_hex(10)
resolver = create_test_endpoint(client, ec2_client, name=f"A-{random_num}")
# associate
client.associate_resolver_endpoint_ip_address(
IpAddress={"Ip": "10.0.2.126", "SubnetId": subnet_id},
ResolverEndpointId=resolver["Id"],
)
# disassociate without specifying IP
with pytest.raises(ClientError) as exc:
client.disassociate_resolver_endpoint_ip_address(
ResolverEndpointId=resolver["Id"], IpAddress={"SubnetId": subnet_id}
)
err = exc.value.response["Error"]
err["Code"].should.equal("InvalidRequestException")
err["Message"].should.equal(
"[RSLVR-00503] Need to specify either the IP ID or both subnet and IP address in order to remove IP address."
)
def test_disassociate_resolver_endpoint_ip_address__using_ipid_and_subnet():
client = boto3.client("route53resolver", region_name=TEST_REGION)
ec2_client = boto3.client("ec2", region_name=TEST_REGION)
# create subnet
vpc_id = create_vpc(ec2_client)
subnet_id = ec2_client.create_subnet(
VpcId=vpc_id, CidrBlock="10.0.2.0/24", AvailabilityZone=f"{TEST_REGION}a"
)["Subnet"]["SubnetId"]
# create resolver
random_num = get_random_hex(10)
resolver = create_test_endpoint(client, ec2_client, name=f"A-{random_num}")
# associate
client.associate_resolver_endpoint_ip_address(
IpAddress={"Ip": "10.0.2.126", "SubnetId": subnet_id},
ResolverEndpointId=resolver["Id"],
)
ip_addresses = client.list_resolver_endpoint_ip_addresses(
ResolverEndpointId=resolver["Id"]
)["IpAddresses"]
ip_id = [ip["IpId"] for ip in ip_addresses if ip["Ip"] == "10.0.2.126"][0]
# disassociate
resp = client.disassociate_resolver_endpoint_ip_address(
ResolverEndpointId=resolver["Id"],
IpAddress={"SubnetId": subnet_id, "IpId": ip_id},
)["ResolverEndpoint"]
resp.should.have.key("IpAddressCount").equals(2)
def __init__(
self,
region,
name,
description,
node_type,
replication_factor,
iam_role_arn,
sse_specification,
):
self.name = name
self.description = description
self.arn = f"arn:aws:dax:{region}:{ACCOUNT_ID}:cache/{self.name}"
self.node_type = node_type
self.replication_factor = replication_factor
self.status = "creating"
self.cluster_hex = get_random_hex(6)
self.endpoint = DaxEndpoint(
name=name, cluster_hex=self.cluster_hex, region=region
)
self.nodes = [self._create_new_node(i) for i in range(0, replication_factor)]
self.preferred_maintenance_window = "thu:23:30-fri:00:30"
self.subnet_group = "default"
self.iam_role_arn = iam_role_arn
self.parameter_group = DaxParameterGroup()
self.security_groups = [
{"SecurityGroupIdentifier": f"sg-{get_random_hex(10)}", "Status": "active"}
]
self.sse_specification = sse_specification
# Internal counter to keep track of when this cluster is available/deleted
# Used in conjunction with `advance()`
self._tick = 0
def create_test_endpoint(client, ec2_client, name=None, tags=None):
"""Create an endpoint that can be used for testing purposes.
Can't be used for unit tests that need to know/test the arguments.
"""
if not tags:
tags = []
random_num = get_random_hex(10)
subnet_ids = create_subnets(ec2_client, create_vpc(ec2_client))
resolver_endpoint = client.create_resolver_endpoint(
CreatorRequestId=random_num,
Name=name if name else "X" + random_num,
SecurityGroupIds=[create_security_group(ec2_client)],
Direction="INBOUND",
IpAddresses=[
{
"SubnetId": subnet_ids[0],
"Ip": "10.0.1.200"
},
{
"SubnetId": subnet_ids[1],
"Ip": "10.0.0.20"
},
],
Tags=tags,
)
return resolver_endpoint["ResolverEndpoint"]
def test_route53resolver_update_resolver_endpoint():
"""Test good update_resolver_endpoint API calls."""
client = boto3.client("route53resolver", region_name=TEST_REGION)
ec2_client = boto3.client("ec2", region_name=TEST_REGION)
created_endpoint = create_test_endpoint(client, ec2_client)
# Now update the resolver endpoint name and verify the response.
new_name = "NewName" + get_random_hex(6)
response = client.update_resolver_endpoint(
ResolverEndpointId=created_endpoint["Id"],
Name=new_name,
)
endpoint = response["ResolverEndpoint"]
assert endpoint["CreatorRequestId"] == created_endpoint["CreatorRequestId"]
assert endpoint["Id"] == created_endpoint["Id"]
assert endpoint["Arn"] == created_endpoint["Arn"]
assert endpoint["Name"] == new_name
assert endpoint["SecurityGroupIds"] == created_endpoint["SecurityGroupIds"]
assert endpoint["Direction"] == created_endpoint["Direction"]
assert endpoint["IpAddressCount"] == created_endpoint["IpAddressCount"]
assert endpoint["HostVPCId"] == created_endpoint["HostVPCId"]
assert endpoint["Status"] == created_endpoint["Status"]
assert endpoint["StatusMessage"] == created_endpoint["StatusMessage"]
assert endpoint["CreationTime"] == created_endpoint["CreationTime"]
assert endpoint["ModificationTime"] != created_endpoint["ModificationTime"]
def __init__(
self,
region_name,
device_name,
stream_name,
media_type,
kms_key_id,
data_retention_in_hours,
tags,
):
self.region_name = region_name
self.stream_name = stream_name
self.device_name = device_name
self.media_type = media_type
self.kms_key_id = kms_key_id
self.data_retention_in_hours = data_retention_in_hours
self.tags = tags
self.status = "ACTIVE"
self.version = self._get_random_string()
self.creation_time = datetime.utcnow()
stream_arn = "arn:aws:kinesisvideo:{}:{}:stream/{}/1598784211076".format(
self.region_name, get_account_id(), self.stream_name
)
self.data_endpoint_number = get_random_hex()
self.arn = stream_arn
def create_hosted_zone(self, name, private_zone, comment=None):
new_id = get_random_hex()
new_zone = FakeZone(name,
new_id,
private_zone=private_zone,
comment=comment)
self.zones[new_id] = new_zone
return new_zone
def __init__(
self,
key_id,
name,
grantee_principal,
operations,
constraints,
retiring_principal,
):
self.key_id = key_id
self.name = name
self.grantee_principal = grantee_principal
self.retiring_principal = retiring_principal
self.operations = operations
self.constraints = constraints
self.id = get_random_hex()
self.token = get_random_hex()
def test_route53resolver_bad_disassociate_resolver_rule():
"""Test disassociate_resolver_rule API calls with a bad ID."""
client = boto3.client("route53resolver", region_name=TEST_REGION)
ec2_client = boto3.client("ec2", region_name=TEST_REGION)
random_num = get_random_hex(10)
# Use a resolver rule id and vpc id that is too long.
long_id = "0123456789" * 6 + "xxxxx"
long_vpc_id = random_num * 6 + "12345"
with pytest.raises(ClientError) as exc:
client.disassociate_resolver_rule(ResolverRuleId=long_id, VPCId=long_vpc_id)
err = exc.value.response["Error"]
assert err["Code"] == "ValidationException"
assert "2 validation errors detected" in err["Message"]
assert (
f"Value '{long_id}' at 'resolverRuleId' failed to satisfy "
f"constraint: Member must have length less than or equal to 64"
) in err["Message"]
assert (
f"Value '{long_vpc_id}' at 'vPCId' failed to satisfy "
f"constraint: Member must have length less than or equal to 64"
) in err["Message"]
# Create a test association.
test_association = create_test_rule_association(client, ec2_client)
test_rule_id = test_association["ResolverRuleId"]
test_vpc_id = test_association["VPCId"]
# Disassociate from a non-existent resolver rule id.
with pytest.raises(ClientError) as exc:
client.disassociate_resolver_rule(ResolverRuleId=random_num, VPCId=test_vpc_id)
err = exc.value.response["Error"]
assert err["Code"] == "ResourceNotFoundException"
assert f"Resolver rule with ID '{random_num}' does not exist" in err["Message"]
# Disassociate using a non-existent vpc id.
with pytest.raises(ClientError) as exc:
client.disassociate_resolver_rule(ResolverRuleId=test_rule_id, VPCId=random_num)
err = exc.value.response["Error"]
assert err["Code"] == "ResourceNotFoundException"
assert (
f"Resolver Rule Association between Resolver Rule "
f"'{test_rule_id}' and VPC '{random_num}' does not exist"
) in err["Message"]
# Disassociate successfully, then test that it's not possible to
# disassociate again.
client.disassociate_resolver_rule(ResolverRuleId=test_rule_id, VPCId=test_vpc_id)
with pytest.raises(ClientError) as exc:
client.disassociate_resolver_rule(
ResolverRuleId=test_rule_id, VPCId=test_vpc_id
)
err = exc.value.response["Error"]
assert err["Code"] == "ResourceNotFoundException"
assert (
f"Resolver Rule Association between Resolver Rule "
f"'{test_rule_id}' and VPC '{test_vpc_id}' does not exist"
) in err["Message"]
def test_route53resolver_bad_create_endpoint_security_groups():
"""Test bad security group scenarios for create_resolver_endpoint API."""
client = boto3.client("route53resolver", region_name=TEST_REGION)
ec2_client = boto3.client("ec2", region_name=TEST_REGION)
random_num = get_random_hex(10)
subnet_ids = create_subnets(ec2_client, create_vpc(ec2_client))
ip_addrs = [
{
"SubnetId": subnet_ids[0],
"Ip": "10.0.1.200"
},
{
"SubnetId": subnet_ids[1],
"Ip": "10.0.0.20"
},
]
# Subnet must begin with "sg-".
with pytest.raises(ClientError) as exc:
client.create_resolver_endpoint(
CreatorRequestId=random_num,
Name="X" + random_num,
SecurityGroupIds=["foo"],
Direction="INBOUND",
IpAddresses=ip_addrs,
)
err = exc.value.response["Error"]
assert err["Code"] == "InvalidParameterException"
assert (
"Malformed security group ID: Invalid id: 'foo' (expecting 'sg-...')"
) in err["Message"]
# Non-existent security group id.
with pytest.raises(ClientError) as exc:
client.create_resolver_endpoint(
CreatorRequestId=random_num,
Name="X" + random_num,
SecurityGroupIds=["sg-abc"],
Direction="INBOUND",
IpAddresses=ip_addrs,
)
err = exc.value.response["Error"]
assert err["Code"] == "ResourceNotFoundException"
assert "The security group 'sg-abc' does not exist" in err["Message"]
# Too many security group ids.
with pytest.raises(ClientError) as exc:
client.create_resolver_endpoint(
CreatorRequestId=random_num,
Name="X" + random_num,
SecurityGroupIds=["sg-abc"] * 11,
Direction="INBOUND",
IpAddresses=ip_addrs,
)
err = exc.value.response["Error"]
assert err["Code"] == "InvalidParameterException"
assert "Maximum of 10 security groups are allowed" in err["Message"]
def test_route53resolver_other_create_resolver_endpoint_errors():
"""Test other error scenarios for create_resolver_endpoint API calls."""
client = boto3.client("route53resolver", region_name=TEST_REGION)
ec2_client = boto3.client("ec2", region_name=TEST_REGION)
# Create a good endpoint that we can use to test.
created_endpoint = create_test_endpoint(client, ec2_client)
request_id = created_endpoint["CreatorRequestId"]
# Attempt to create another endpoint with the same creator request id.
vpc_id = create_vpc(ec2_client)
subnet_ids = create_subnets(ec2_client, vpc_id)
with pytest.raises(ClientError) as exc:
client.create_resolver_endpoint(
CreatorRequestId=created_endpoint["CreatorRequestId"],
Name="X" + get_random_hex(10),
SecurityGroupIds=created_endpoint["SecurityGroupIds"],
Direction="INBOUND",
IpAddresses=[
{
"SubnetId": subnet_ids[0],
"Ip": "10.0.1.200"
},
{
"SubnetId": subnet_ids[1],
"Ip": "10.0.0.20"
},
],
)
err = exc.value.response["Error"]
assert err["Code"] == "ResourceExistsException"
assert (
f"Resolver endpoint with creator request ID '{request_id}' already exists"
) in err["Message"]
# Too many endpoints.
random_num = get_random_hex(10)
for idx in range(4):
create_test_endpoint(client, ec2_client, name=f"A{idx}-{random_num}")
with pytest.raises(ClientError) as exc:
create_test_endpoint(client, ec2_client, name=f"A5-{random_num}")
err = exc.value.response["Error"]
assert err["Code"] == "LimitExceededException"
assert f"Account '{ACCOUNT_ID}' has exceeded 'max-endpoints" in err[
"Message"]
def test_route53resolver_create_resolver_endpoint(): # pylint: disable=too-many-locals
"""Test good create_resolver_endpoint API calls."""
client = boto3.client("route53resolver", region_name=TEST_REGION)
ec2_client = boto3.client("ec2", region_name=TEST_REGION)
random_num = get_random_hex(10)
vpc_id = create_vpc(ec2_client)
subnet_ids = create_subnets(ec2_client, vpc_id)
ip_addrs = [
{
"SubnetId": subnet_ids[0],
"Ip": "10.0.1.200"
},
{
"SubnetId": subnet_ids[1],
"Ip": "10.0.0.20"
},
]
security_group_id = create_security_group(ec2_client)
creator_request_id = random_num
name = "X" + random_num
response = client.create_resolver_endpoint(
CreatorRequestId=creator_request_id,
Name=name,
SecurityGroupIds=[security_group_id],
Direction="INBOUND",
IpAddresses=ip_addrs,
)
endpoint = response["ResolverEndpoint"]
id_value = endpoint["Id"]
assert id_value.startswith("rslvr-in-")
assert endpoint["CreatorRequestId"] == creator_request_id
assert (
endpoint["Arn"] ==
f"arn:aws:route53resolver:{TEST_REGION}:{ACCOUNT_ID}:resolver-endpoint/{id_value}"
)
assert endpoint["Name"] == name
assert endpoint["SecurityGroupIds"] == [security_group_id]
assert endpoint["Direction"] == "INBOUND"
assert endpoint["IpAddressCount"] == 2
assert endpoint["HostVPCId"] == vpc_id
assert endpoint["Status"] == "OPERATIONAL"
assert "Successfully created Resolver Endpoint" in endpoint[
"StatusMessage"]
time_format = "%Y-%m-%dT%H:%M:%S.%f+00:00"
now = datetime.now(timezone.utc).replace(tzinfo=None)
creation_time = datetime.strptime(endpoint["CreationTime"], time_format)
creation_time = creation_time.replace(tzinfo=None)
assert creation_time <= now
modification_time = datetime.strptime(endpoint["ModificationTime"],
time_format)
modification_time = modification_time.replace(tzinfo=None)
assert modification_time <= now
def test_route53resolver_list_resolver_endpoint_ip_addresses():
"""Test good list_resolver_endpoint_ip_addresses API calls."""
client = boto3.client("route53resolver", region_name=TEST_REGION)
ec2_client = boto3.client("ec2", region_name=TEST_REGION)
random_num = get_random_hex(10)
subnet_ids = create_subnets(ec2_client, create_vpc(ec2_client))
response = client.create_resolver_endpoint(
CreatorRequestId="B" + random_num,
Name="B" + random_num,
SecurityGroupIds=[create_security_group(ec2_client)],
Direction="INBOUND",
IpAddresses=[
{
"SubnetId": subnet_ids[0],
"Ip": "10.0.1.200"
},
{
"SubnetId": subnet_ids[1],
"Ip": "10.0.0.20"
},
{
"SubnetId": subnet_ids[0],
"Ip": "10.0.1.201"
},
],
)
endpoint_id = response["ResolverEndpoint"]["Id"]
response = client.list_resolver_endpoint_ip_addresses(
ResolverEndpointId=endpoint_id)
assert len(response["IpAddresses"]) == 3
assert response["MaxResults"] == 10
# Set max_results to return 1 address, use next_token to get remaining.
response = client.list_resolver_endpoint_ip_addresses(
ResolverEndpointId=endpoint_id, MaxResults=1)
ip_addresses = response["IpAddresses"]
assert len(ip_addresses) == 1
assert response["MaxResults"] == 1
assert "NextToken" in response
assert ip_addresses[0]["IpId"].startswith("rni-")
assert ip_addresses[0]["SubnetId"] == subnet_ids[0]
assert ip_addresses[0]["Ip"] == "10.0.1.200"
assert ip_addresses[0]["Status"] == "ATTACHED"
assert ip_addresses[0][
"StatusMessage"] == "This IP address is operational."
assert "CreationTime" in ip_addresses[0]
assert "ModificationTime" in ip_addresses[0]
response = client.list_resolver_endpoint_ip_addresses(
ResolverEndpointId=endpoint_id, NextToken=response["NextToken"])
assert len(response["IpAddresses"]) == 2
assert response["MaxResults"] == 10
assert "NextToken" not in response
def create_test_rule_association(
client, ec2_client, resolver_rule_id=None, name=None, vpc_id=None
):
"""Create a Resolver Rule Association for testing purposes."""
if not resolver_rule_id:
resolver_rule_id = create_test_rule(client)["Id"]
name = name if name else "R" + get_random_hex(10)
if not vpc_id:
vpc_id = create_vpc(ec2_client)
return client.associate_resolver_rule(
ResolverRuleId=resolver_rule_id, Name=name, VPCId=vpc_id
)["ResolverRuleAssociation"]
def test_route53resolver_create_resolver_rule(): # pylint: disable=too-many-locals
"""Test good create_resolver_rule API calls."""
client = boto3.client("route53resolver", region_name=TEST_REGION)
ec2_client = boto3.client("ec2", region_name=TEST_REGION)
random_num = get_random_hex(10)
# Create a good endpoint that we can use to test.
created_endpoint = create_test_endpoint(client, ec2_client)
endpoint_id = created_endpoint["Id"]
creator_request_id = random_num
name = "X" + random_num
domain_name = f"{random_num}.test"
target_ips = [{"Ip": "1.2.3.4", "Port": 5}]
response = client.create_resolver_rule(
CreatorRequestId=creator_request_id,
Name=name,
RuleType="FORWARD",
DomainName=domain_name,
TargetIps=target_ips,
ResolverEndpointId=endpoint_id,
)
rule = response["ResolverRule"]
id_value = rule["Id"]
assert id_value.startswith("rslvr-rr-")
assert rule["CreatorRequestId"] == creator_request_id
assert (
rule["Arn"] ==
f"arn:aws:route53resolver:{TEST_REGION}:{ACCOUNT_ID}:resolver-rule/{id_value}"
)
assert rule["DomainName"] == domain_name + "."
assert rule["Status"] == "COMPLETE"
assert "Successfully created Resolver Rule" in rule["StatusMessage"]
assert rule["RuleType"] == "FORWARD"
assert rule["Name"] == name
assert len(rule["TargetIps"]) == 1
assert rule["TargetIps"][0]["Ip"] == target_ips[0]["Ip"]
assert rule["TargetIps"][0]["Port"] == target_ips[0]["Port"]
assert rule["ResolverEndpointId"] == endpoint_id
assert rule["OwnerId"] == ACCOUNT_ID
assert rule["ShareStatus"] == "SHARED_WITH_ME"
time_format = "%Y-%m-%dT%H:%M:%S.%f+00:00"
now = datetime.now(timezone.utc).replace(tzinfo=None)
creation_time = datetime.strptime(rule["CreationTime"], time_format)
creation_time = creation_time.replace(tzinfo=None)
assert creation_time <= now
modification_time = datetime.strptime(rule["ModificationTime"],
time_format)
modification_time = modification_time.replace(tzinfo=None)
assert modification_time <= now
def test_route53resolver_bad_list_resolver_rules():
"""Test bad list_resolver_rules API calls."""
client = boto3.client("route53resolver", region_name=TEST_REGION)
# Bad max_results.
random_num = get_random_hex(10)
create_test_rule(client, name=f"A-{random_num}")
with pytest.raises(ClientError) as exc:
client.list_resolver_rules(MaxResults=250)
err = exc.value.response["Error"]
assert err["Code"] == "ValidationException"
assert "1 validation error detected" in err["Message"]
assert ("Value '250' at 'maxResults' failed to satisfy constraint: Member "
"must have length less than or equal to 100") in err["Message"]
def create_from_cloudformation_json(
cls, resource_name, cloudformation_json, region_name
):
properties = cloudformation_json["Properties"]
db_instance_identifier = properties.get("DBInstanceIdentifier")
if not db_instance_identifier:
db_instance_identifier = resource_name.lower() + get_random_hex(12)
db_security_groups = properties.get("DBSecurityGroups")
if not db_security_groups:
db_security_groups = []
security_groups = [group.group_name for group in db_security_groups]
db_subnet_group = properties.get("DBSubnetGroupName")
db_subnet_group_name = db_subnet_group.subnet_name if db_subnet_group else None
db_kwargs = {
"auto_minor_version_upgrade": properties.get("AutoMinorVersionUpgrade"),
"allocated_storage": properties.get("AllocatedStorage"),
"availability_zone": properties.get("AvailabilityZone"),
"backup_retention_period": properties.get("BackupRetentionPeriod"),
"db_instance_class": properties.get("DBInstanceClass"),
"db_instance_identifier": db_instance_identifier,
"db_name": properties.get("DBName"),
"db_subnet_group_name": db_subnet_group_name,
"engine": properties.get("Engine"),
"engine_version": properties.get("EngineVersion"),
"iops": properties.get("Iops"),
"kms_key_id": properties.get("KmsKeyId"),
"master_password": properties.get("MasterUserPassword"),
"master_username": properties.get("MasterUsername"),
"multi_az": properties.get("MultiAZ"),
"port": properties.get("Port", 3306),
"publicly_accessible": properties.get("PubliclyAccessible"),
"copy_tags_to_snapshot": properties.get("CopyTagsToSnapshot"),
"region": region_name,
"security_groups": security_groups,
"storage_encrypted": properties.get("StorageEncrypted"),
"storage_type": properties.get("StorageType"),
"tags": properties.get("Tags"),
}
rds_backend = rds_backends[region_name]
source_db_identifier = properties.get("SourceDBInstanceIdentifier")
if source_db_identifier:
# Replica
db_kwargs["source_db_identifier"] = source_db_identifier
database = rds_backend.create_database_replica(db_kwargs)
else:
database = rds_backend.create_database(db_kwargs)
return database
def create_from_cloudformation_json(cls, resource_name, cloudformation_json, region_name):
properties = cloudformation_json['Properties']
subnet_name = resource_name.lower() + get_random_hex(12)
description = properties['DBSubnetGroupDescription']
subnet_ids = properties['SubnetIds']
ec2_backend = ec2_backends[region_name]
subnets = [ec2_backend.get_subnet(subnet_id) for subnet_id in subnet_ids]
rds_backend = rds_backends[region_name]
subnet_group = rds_backend.create_subnet_group(
subnet_name,
description,
subnets,
)
return subnet_group
def test_ds_delete_directory():
"""Test good and bad invocations of delete_directory()."""
client = boto3.client("ds", region_name=TEST_REGION)
# Delete a directory when there are none.
random_directory_id = f"d-{get_random_hex(10)}"
with pytest.raises(ClientError) as exc:
client.delete_directory(DirectoryId=random_directory_id)
err = exc.value.response["Error"]
assert err["Code"] == "EntityDoesNotExistException"
assert f"Directory {random_directory_id} does not exist" in err["Message"]
# Delete an existing directory.
ec2_client = boto3.client("ec2", region_name=TEST_REGION)
directory_id = create_test_directory(client, ec2_client)
result = client.delete_directory(DirectoryId=directory_id)
assert result["DirectoryId"] == directory_id
# Verify there are no dictionaries, network interfaces or associated
# security groups.
result = client.describe_directories()
assert len(result["DirectoryDescriptions"]) == 0
result = ec2_client.describe_network_interfaces()
assert len(result["NetworkInterfaces"]) == 0
result = ec2_client.describe_security_groups()
for group in result["SecurityGroups"]:
assert "directory controllers" not in group["Description"]
# Attempt to delete a non-existent directory.
nonexistent_id = f"d-{get_random_hex(10)}"
with pytest.raises(ClientError) as exc:
client.delete_directory(DirectoryId=nonexistent_id)
err = exc.value.response["Error"]
assert err["Code"] == "EntityDoesNotExistException"
assert f"Directory {nonexistent_id} does not exist" in err["Message"]
# Attempt to use an invalid directory ID.
bad_id = get_random_hex(3)
with pytest.raises(ClientError) as exc:
client.delete_directory(DirectoryId=bad_id)
err = exc.value.response["Error"]
assert err["Code"] == "ValidationException"
assert "1 validation error detected" in err["Message"]
assert (
f"Value '{bad_id}' at 'directoryId' failed to satisfy constraint: "
f"Member must satisfy regular expression pattern: ^d-[0-9a-f]{{10}}$"
) in err["Message"]
def create_from_cloudformation_json(cls, resource_name, cloudformation_json, region_name):
properties = cloudformation_json['Properties']
db_instance_identifier = properties.get('DBInstanceIdentifier')
if not db_instance_identifier:
db_instance_identifier = resource_name.lower() + get_random_hex(12)
db_security_groups = properties.get('DBSecurityGroups')
if not db_security_groups:
db_security_groups = []
security_groups = [group.group_name for group in db_security_groups]
db_subnet_group = properties.get("DBSubnetGroupName")
db_subnet_group_name = db_subnet_group.subnet_name if db_subnet_group else None
db_kwargs = {
"auto_minor_version_upgrade": properties.get('AutoMinorVersionUpgrade'),
"allocated_storage": properties.get('AllocatedStorage'),
"availability_zone": properties.get("AvailabilityZone"),
"backup_retention_period": properties.get("BackupRetentionPeriod"),
"db_instance_class": properties.get('DBInstanceClass'),
"db_instance_identifier": db_instance_identifier,
"db_name": properties.get("DBName"),
"db_subnet_group_name": db_subnet_group_name,
"engine": properties.get("Engine"),
"engine_version": properties.get("EngineVersion"),
"iops": properties.get("Iops"),
"kms_key_id": properties.get("KmsKeyId"),
"master_password": properties.get('MasterUserPassword'),
"master_username": properties.get('MasterUsername'),
"multi_az": properties.get("MultiAZ"),
"port": properties.get('Port', 3306),
"publicly_accessible": properties.get("PubliclyAccessible"),
"copy_tags_to_snapshot": properties.get("CopyTagsToSnapshot"),
"region": region_name,
"security_groups": security_groups,
"storage_encrypted": properties.get("StorageEncrypted"),
"storage_type": properties.get("StorageType"),
"tags": properties.get("Tags"),
}
rds_backend = rds_backends[region_name]
source_db_identifier = properties.get("SourceDBInstanceIdentifier")
if source_db_identifier:
# Replica
db_kwargs["source_db_identifier"] = source_db_identifier
database = rds_backend.create_database_replica(db_kwargs)
else:
database = rds_backend.create_database(db_kwargs)
return database
def create_from_cloudformation_json(
cls, resource_name, cloudformation_json, region_name
):
properties = cloudformation_json["Properties"]
subnet_name = resource_name.lower() + get_random_hex(12)
description = properties["DBSubnetGroupDescription"]
subnet_ids = properties["SubnetIds"]
tags = properties.get("Tags")
ec2_backend = ec2_backends[region_name]
subnets = [ec2_backend.get_subnet(subnet_id) for subnet_id in subnet_ids]
rds_backend = rds_backends[region_name]
subnet_group = rds_backend.create_subnet_group(
subnet_name, description, subnets, tags
)
return subnet_group
def test_route53resolver_associate_resolver_rule():
"""Test good associate_resolver_rule API calls."""
client = boto3.client("route53resolver", region_name=TEST_REGION)
ec2_client = boto3.client("ec2", region_name=TEST_REGION)
resolver_rule_id = create_test_rule(client)["Id"]
name = "X" + get_random_hex(10)
vpc_id = create_vpc(ec2_client)
rule_association = client.associate_resolver_rule(
ResolverRuleId=resolver_rule_id, Name=name, VPCId=vpc_id
)["ResolverRuleAssociation"]
assert rule_association["Id"].startswith("rslvr-rrassoc-")
assert rule_association["ResolverRuleId"] == resolver_rule_id
assert rule_association["Name"] == name
assert rule_association["VPCId"] == vpc_id
assert rule_association["Status"] == "COMPLETE"
assert "StatusMessage" in rule_association
def get_random_identity_id(region):
return "{0}:{0}".format(region, get_random_hex(length=19))
def create_hosted_zone(self, name, private_zone, comment=None):
new_id = get_random_hex()
new_zone = FakeZone(name, new_id, private_zone=private_zone, comment=comment)
self.zones[new_id] = new_zone
return new_zone
def get_random_pipeline_id():
return "df-{0}".format(get_random_hex(length=19))
def create_hosted_zone(self, name):
new_id = get_random_hex()
new_zone = FakeZone(name, new_id)
self.zones[new_id] = new_zone
return new_zone
