Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add fixture for AWS client configured with secondary test credentials #8520

Merged
merged 15 commits into from Jul 14, 2023
Merged

Add fixture for AWS client configured with secondary test credentials #8520

merged 15 commits into from Jul 14, 2023

Conversation

viren-nadkarni
Copy link
Member

@viren-nadkarni viren-nadkarni commented Jun 16, 2023
edited

This PR introduces secondary_aws_client fixture which works exactly like the aws_client fixture except it is configured with secondary test credentials.

It is meant to be used in cross-accounts test scenarios.

This PR also migrates existing cross-accounts tests to use this new fixture.

@viren-nadkarni viren-nadkarni self-assigned this Jun 16, 2023
@viren-nadkarni viren-nadkarni added the semver: patch Non-breaking changes which can be included in patch releases label Jun 16, 2023
@github-actions
Copy link

github-actions bot commented Jun 16, 2023
edited

LocalStack Community integration with Pro

       2 files         2 suites   1h 21m 36s ⏱️
2 176 tests 1 845 ✔️ 331 💤 0
2 177 runs  1 845 ✔️ 332 💤 0

Results for commit 9b53732.

♻️ This comment has been updated with latest results.

@viren-nadkarni viren-nadkarni force-pushed the secondary-client-fixture branch 2 times, most recently from 4d02d38 to 7083c45 Compare June 20, 2023 09:22
viren-nadkarni
viren-nadkarni commented Jun 20, 2023
View reviewed changes
localstack/aws/connect.py
return self._get_client(
service_name=service_name,
region_name=region_name or config.region_name or self._get_region(),
use_ssl=self._use_ssl,
verify=self._verify,
endpoint_url=endpoint_url,
aws_access_key_id=aws_access_key_id or TEST_AWS_ACCESS_KEY_ID,
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't want to use the test credentials in non-test scenarios. This is part of the effort to make accounts explicit and avoid silent fallbacks, making cross-account bugs tiresome to debug.

viren-nadkarni
viren-nadkarni commented Jun 20, 2023
View reviewed changes
tests/integration/test_kms.py
@pytest.fixture(scope="class")
def user_arn(self, aws_client):
return aws_client.sts.get_caller_identity()["Arn"]

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixture is moved out of class scope to global scope so that it can be used in all test classes.

@viren-nadkarni viren-nadkarni marked this pull request as ready for review June 21, 2023 05:40
@coveralls
Copy link

coveralls commented Jul 4, 2023
edited

Coverage Status

coverage: 82.708% (-0.01%) from 82.718% when pulling 9b53732 on secondary-client-fixture into 2408239 on master.

@viren-nadkarni viren-nadkarni added this to the 2.2 milestone Jul 12, 2023
dfangl
dfangl approved these changes Jul 13, 2023
View reviewed changes
Copy link
Member

@dfangl dfangl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks for tackling this. In a second iteration, we could introduce separate client factories and separate sessions as well.

localstack/testing/aws/util.py Outdated
@@ -192,10 +211,19 @@ def base_aws_client_factory(session: boto3.Session) -> ClientFactory:
if not config:
config = botocore.config.Config()

# Prevent this fixture from using the region configured in system config
# Prevent this fixture from using the credentials configured in system config
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure about this change, nothing changed in the logic here?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reverted ✔️

tests/integration/conftest.py
"""
Returns an AWS client configured with secondary test credentials.
"""
return secondary_testing_aws_client(aws_client_factory)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should at some point separate the client factories as well, and set the credentials differently in different sessions. Can wait for a second iteration, though.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Noted in my techdebt backlog 👍

@viren-nadkarni viren-nadkarni merged commit 4f1ff7d into master Jul 14, 2023
10 of 11 checks passed
@viren-nadkarni viren-nadkarni deleted the secondary-client-fixture branch July 14, 2023 05:47
@sannya-singal sannya-singal mentioned this pull request Jul 24, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dfangl dfangl dfangl approved these changes

Assignees

@viren-nadkarni viren-nadkarni

Labels
semver: patch Non-breaking changes which can be included in patch releases
Projects
None yet
Milestone
2.2
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@viren-nadkarni @coveralls @dfangl