New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add fixture for AWS client configured with secondary test credentials #8520
Conversation
981841a
to
2bc484b
Compare
4d02d38
to
7083c45
Compare
7083c45
to
ac0ddee
Compare
return self._get_client( | ||
service_name=service_name, | ||
region_name=region_name or config.region_name or self._get_region(), | ||
use_ssl=self._use_ssl, | ||
verify=self._verify, | ||
endpoint_url=endpoint_url, | ||
aws_access_key_id=aws_access_key_id or TEST_AWS_ACCESS_KEY_ID, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We don't want to use the test credentials in non-test scenarios. This is part of the effort to make accounts explicit and avoid silent fallbacks, making cross-account bugs tiresome to debug.
@pytest.fixture(scope="class") | ||
def user_arn(self, aws_client): | ||
return aws_client.sts.get_caller_identity()["Arn"] | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixture is moved out of class scope to global scope so that it can be used in all test classes.
bdbc30d
to
1c582e5
Compare
d2c4edb
to
1219349
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! Thanks for tackling this. In a second iteration, we could introduce separate client factories and separate sessions as well.
localstack/testing/aws/util.py
Outdated
@@ -192,10 +211,19 @@ def base_aws_client_factory(session: boto3.Session) -> ClientFactory: | |||
if not config: | |||
config = botocore.config.Config() | |||
|
|||
# Prevent this fixture from using the region configured in system config | |||
# Prevent this fixture from using the credentials configured in system config |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure about this change, nothing changed in the logic here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reverted ✔️
""" | ||
Returns an AWS client configured with secondary test credentials. | ||
""" | ||
return secondary_testing_aws_client(aws_client_factory) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should at some point separate the client factories as well, and set the credentials differently in different sessions. Can wait for a second iteration, though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Noted in my techdebt backlog 👍
This PR introduces
secondary_aws_client
fixture which works exactly like theaws_client
fixture except it is configured with secondary test credentials.It is meant to be used in cross-accounts test scenarios.
This PR also migrates existing cross-accounts tests to use this new fixture.