Prep release 4.2.3 (#6814)

getmoto · Sep 15, 2023 · b7cedf6 · b7cedf6
1 parent 2bae13b
commit b7cedf6
Show file tree

Hide file tree

Showing 7 changed files with 85 additions and 49 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,49 @@
 Moto Changelog
 ==============
 
+4.2.3
+-----
+Docker Digest for 4.2.3: <autopopulateddigest>
+
+    New Services:
+        * RoboMaker:
+            * create_robot_application()
+            * delete_robot_application()
+            * describe_robot_application()
+            * list_robot_applications()
+
+    New Methods:
+        * ElasticBeanstalk:
+            * delete_application()
+
+        * Events:
+            * create_partner_event_source()
+            * delete_partner_event_source()
+            * describe_event_source()
+            * describe_partner_event_source()
+            * put_partner_events()
+
+    Miscellaneous:
+        * Core: The mocked ACCESS_KEY has been changed from `foobar_key` to `FOOBARKEY`, to align with AWS guidelines
+        * Core: set_initial_no_auth_action_count() now supports SSM actions
+        * Core: Fixed a memory leak when comparing requests (introduced in 4.1.13)
+        * Athena: get_query_execution() now returns a StatementType dependent on the provided query
+        * DynamoDB: query() now throws an exception when the KeyConditionExpression contains a literal value
+        * EBS: put_snapshot_block() now supports random bytes
+        * EC2: describe_transit_gateways() now supports filtering by tags
+        * ELBv2: describe_target_groups() now throws an exception for invalid input parameters
+        * ELBv2: describe_target_groups() now sorts the result before returning it
+        * ELBv2: create_target_group() now has improved validation and default values
+        * ELBv2: create_rule() now creates links between the TargetGroups and LoadBalancers
+        * Events: put_events() now support HTTP targets
+        * IAM policy validation now takes the provided Resource-argument into account when validating access to STS-resources
+        * IAM: get_role() now returns the LastUsed-parameter, provided the role was assumed and used
+        * KMS: sign/verify now uses the original message when signing, not the base64-version
+        * Lambda: invoke() now loads any Layers provided in the create_function()
+        * S3: put_bucket_logging() now supports bucket policies (as well as ACP's)
+        * S3: Range requests are now more permissive (following AWS' behaviour)
+        * SFN: list_executions() now returns the StopDate-attribute
+
 4.2.2
 ------
 Docker Digest for 4.2.2: <autopopulateddigest>

diff --git a/IMPLEMENTATION_COVERAGE.md b/IMPLEMENTATION_COVERAGE.md
@@ -2763,7 +2763,7 @@
 
 ## elasticbeanstalk
 <details>
-<summary>12% implemented</summary>
+<summary>14% implemented</summary>
 
 - [ ] abort_environment_update
 - [ ] apply_environment_managed_action
@@ -2776,7 +2776,7 @@
 - [X] create_environment
 - [ ] create_platform_version
 - [ ] create_storage_location
-- [ ] delete_application
+- [X] delete_application
 - [ ] delete_application_version
 - [ ] delete_configuration_template
 - [ ] delete_environment_configuration

diff --git a/docs/docs/services/elasticbeanstalk.rst b/docs/docs/services/elasticbeanstalk.rst
@@ -36,7 +36,7 @@ elasticbeanstalk
 - [X] create_environment
 - [ ] create_platform_version
 - [ ] create_storage_location
-- [x] delete_application
+- [X] delete_application
 - [ ] delete_application_version
 - [ ] delete_configuration_template
 - [ ] delete_environment_configuration

diff --git a/docs/docs/services/kms.rst b/docs/docs/services/kms.rst
@@ -78,9 +78,8 @@ kms
 - [X] revoke_grant
 - [X] schedule_key_deletion
 - [X] sign
-  Sign message using generated private key.
-
-        - signing_algorithm is ignored and hardcoded to RSASSA_PSS_SHA_256
+
+        Sign message using generated private key.
 
         - grant_tokens are not implemented
 
@@ -92,9 +91,8 @@ kms
 - [X] update_key_description
 - [ ] update_primary_region
 - [X] verify
-  Verify message using public key from generated private key.
-
-        - signing_algorithm is ignored and hardcoded to RSASSA_PSS_SHA_256
+
+        Verify message using public key from generated private key.
 
         - grant_tokens are not implemented
 

diff --git a/docs/docs/services/robomaker.rst b/docs/docs/services/robomaker.rst
@@ -12,8 +12,6 @@
 robomaker
 =========
 
-.. autoclass:: moto.robomaker.models.RoboMakerBackend
-
 |start-h3| Example usage |end-h3|
 
 .. sourcecode:: python

diff --git a/tests/test_elbv2/test_elbv2_target_groups.py b/tests/test_elbv2/test_elbv2_target_groups.py
@@ -375,6 +375,7 @@ def test_target_group_attributes():
 
     # check if Names filter works
     response = conn.describe_target_groups(Names=[])
+    assert len(response["TargetGroups"]) == 1
     response = conn.describe_target_groups(Names=["a-target"])
     assert len(response["TargetGroups"]) == 1
     target_group_arn = target_group["TargetGroupArn"]
@@ -466,7 +467,6 @@ def test_describe_target_groups():
     response, vpc, _, _, _, conn = create_load_balancer()
 
     lb_arn = response["LoadBalancers"][0]["LoadBalancerArn"]
-    assert "LoadBalancerArn" in response["LoadBalancers"][0]
 
     groups = conn.describe_target_groups()["TargetGroups"]
     assert len(groups) == 0
@@ -564,6 +564,20 @@ def test_describe_target_groups():
     assert groups[1]["TargetGroupName"] == "d-target"
 
 
+@mock_elbv2
+@mock_ec2
+def test_describe_target_groups_with_empty_load_balancer():
+    response, _, _, _, _, conn = create_load_balancer()
+
+    lb_arn = response["LoadBalancers"][0]["LoadBalancerArn"]
+
+    with pytest.raises(ClientError) as exc:
+        conn.describe_target_groups(LoadBalancerArn=lb_arn)
+    err = exc.value.response["Error"]
+    assert err["Code"] == "TargetGroupNotFound"
+    assert err["Message"] == "One or more target groups not found"
+
+
 @mock_elbv2
 @mock_ec2
 def test_modify_target_group():

diff --git a/tests/test_s3/test_s3_bucket_policy.py b/tests/test_s3/test_s3_bucket_policy.py
@@ -34,54 +34,37 @@ def teardown_method(self) -> None:
     def teardown_class(cls):
         cls.server.stop()
 
-    xfail_reason = "S3 logic for resource-based policy is not yet correctly implemented, see https://github.com/getmoto/moto/pull/6799#issuecomment-1712799688"
-
     @pytest.mark.parametrize(
-        "kwargs,status",
+        "kwargs,boto3_status,unauthorized_status",
         [
-            ({}, 200),
-            ({"resource": "arn:aws:s3:::mybucket/test_txt"}, 200),
-            pytest.param(
-                {"resource": "arn:aws:s3:::notmybucket/*"},
-                403,
-                marks=pytest.mark.xfail(reason=xfail_reason),
-            ),
-            pytest.param(
-                {"resource": "arn:aws:s3:::mybucket/other*"},
-                403,
-                marks=pytest.mark.xfail(reason=xfail_reason),
-            ),
-            ({"resource": ["arn:aws:s3:::mybucket", "arn:aws:s3:::mybucket/*"]}, 200),
-            pytest.param(
-                {
-                    "resource": [
-                        "arn:aws:s3:::notmybucket",
-                        "arn:aws:s3:::notmybucket/*",
-                    ]
-                },
-                403,
-                marks=pytest.mark.xfail(reason=xfail_reason),
-            ),
-            pytest.param(
-                {"resource": ["arn:aws:s3:::mybucket", "arn:aws:s3:::notmybucket/*"]},
-                403,
-                marks=pytest.mark.xfail(reason=xfail_reason),
-            ),
-            pytest.param(
-                {"effect": "Deny"}, 403, marks=pytest.mark.xfail(reason=xfail_reason)
-            ),
+            # The default policy is to allow access to 'mybucket/*'
+            ({}, 200, 200),
+            # We'll also allow access to the specific key
+            ({"resource": "arn:aws:s3:::mybucket/test_txt"}, 200, 200),
+            # We're allowing authorized access to an unrelated bucket
+            # Accessing our key is allowed for authenticated users, as there is no explicit deny
+            # It should block unauthenticated (public) users, as there is no explicit allow
+            ({"resource": "arn:aws:s3:::notmybucket/*"}, 200, 403),
+            # Verify public access when the policy contains multiple resources
+            ({"resource": ["arn:aws:s3:::other", "arn:aws:s3:::mybucket/*"]}, 200, 200),
+            # Deny all access, for any resource
+            ({"effect": "Deny"}, 403, 403),
+            # We don't explicitly deny authenticated access
+            # We'll deny an unrelated resource, but that should not affect anyone
+            # It should block unauthorized users, as there is no explicit allow
+            ({"resource": "arn:aws:s3:::notmybucket/*", "effect": "Deny"}, 200, 403),
         ],
     )
-    def test_block_or_allow_get_object(self, kwargs, status):
+    def test_block_or_allow_get_object(self, kwargs, boto3_status, unauthorized_status):
         self._put_policy(**kwargs)
 
-        if status == 200:
+        if boto3_status == 200:
             self.client.get_object(Bucket="mybucket", Key="test_txt")
         else:
             with pytest.raises(ClientError):
                 self.client.get_object(Bucket="mybucket", Key="test_txt")
 
-        assert requests.get(self.key_name).status_code == status
+        assert requests.get(self.key_name).status_code == unauthorized_status
 
     def test_block_put_object(self):
         # Block Put-access