From 4c8ead85cff4091b051c89a6021c5827a100830b Mon Sep 17 00:00:00 2001 From: Viren Nadkarni Date: Wed, 1 Nov 2023 18:10:18 +0530 Subject: [PATCH 1/3] Update tests to use account ID and region constants --- tests/aws/services/lambda_/test_lambda_legacy.py | 4 ++-- tests/aws/services/s3/test_s3.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/aws/services/lambda_/test_lambda_legacy.py b/tests/aws/services/lambda_/test_lambda_legacy.py index 292830fabd838..5181c778f8fa5 100644 --- a/tests/aws/services/lambda_/test_lambda_legacy.py +++ b/tests/aws/services/lambda_/test_lambda_legacy.py @@ -17,7 +17,7 @@ from localstack.testing.pytest import markers from localstack.utils import testutil from localstack.utils.archives import download_and_extract -from localstack.utils.aws import arns, aws_stack +from localstack.utils.aws import arns from localstack.utils.files import load_file from localstack.utils.platform import get_arch, get_os from localstack.utils.strings import short_uid, to_bytes, to_str @@ -205,7 +205,7 @@ def test_add_lambda_permission(self, create_lambda_function, aws_client): def test_create_lambda_function(self, aws_client): """Basic test that creates and deletes a Lambda function""" func_name = f"lambda_func-{short_uid()}" - kms_key_arn = f"arn:{aws_stack.get_partition()}:kms:{TEST_AWS_REGION_NAME}:{TEST_AWS_ACCOUNT_ID}:key11" + kms_key_arn = arns.kms_key_arn("key11", TEST_AWS_ACCOUNT_ID, TEST_AWS_REGION_NAME) vpc_config = { "SubnetIds": ["subnet-123456789"], "SecurityGroupIds": ["sg-123456789"], diff --git a/tests/aws/services/s3/test_s3.py b/tests/aws/services/s3/test_s3.py index 76fe0b80071d8..baeb93c6ab667 100644 --- a/tests/aws/services/s3/test_s3.py +++ b/tests/aws/services/s3/test_s3.py @@ -10328,7 +10328,7 @@ def test_s3_presigned_post_success_action_status_201_response(self, s3_bucket, a location = "http://localhost/key-my-file" etag = "d41d8cd98f00b204e9800998ecf8427f" else: - location = f"{_bucket_url_vhost(s3_bucket, aws_stack.get_region())}/key-my-file" + location = f"{_bucket_url_vhost(s3_bucket, TEST_AWS_REGION_NAME)}/key-my-file" etag = '"43281e21fce675ac3bcb3524b38ca4ed"' assert response.headers["ETag"] == etag assert response.headers["Location"] == location From 499a6dac233397519724df1f9d91c44d42fadcdd Mon Sep 17 00:00:00 2001 From: Viren Nadkarni Date: Wed, 1 Nov 2023 18:10:51 +0530 Subject: [PATCH 2/3] Remove fallback for account ID and region for core ARN builder --- localstack/utils/aws/arns.py | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/localstack/utils/aws/arns.py b/localstack/utils/aws/arns.py index 7f03193285c53..6ba01e91aee07 100644 --- a/localstack/utils/aws/arns.py +++ b/localstack/utils/aws/arns.py @@ -5,9 +5,8 @@ from botocore.utils import ArnParser, InvalidArnException -from localstack.aws.accounts import DEFAULT_AWS_ACCOUNT_ID, get_aws_account_id +from localstack.aws.accounts import DEFAULT_AWS_ACCOUNT_ID from localstack.aws.connect import connect_to -from localstack.utils.aws.aws_stack import get_region LOG = logging.getLogger(__name__) @@ -72,12 +71,9 @@ def extract_resource_from_arn(arn: str) -> Optional[str]: # -# TODO make account_id and region required -def _resource_arn(name: str, pattern: str, account_id: str = None, region_name: str = None) -> str: +def _resource_arn(name: str, pattern: str, account_id: str, region_name: str) -> str: if ":" in name: return name - account_id = account_id or get_aws_account_id() - region_name = region_name or get_region() if len(pattern.split("%s")) == 3: return pattern % (account_id, name) return pattern % (region_name, account_id, name) @@ -280,8 +276,6 @@ def sqs_queue_arn(queue_name: str, account_id: str, region_name: str) -> str: def apigateway_restapi_arn(api_id: str, account_id: str, region_name: str) -> str: - account_id = account_id or get_aws_account_id() - region_name = region_name or get_region() return "arn:aws:apigateway:%s:%s:/restapis/%s" % (region_name, account_id, api_id) @@ -299,7 +293,7 @@ def opensearch_domain_name(domain_arn: str) -> str: def apigateway_invocations_arn(lambda_uri: str, region_name: str) -> str: return "arn:aws:apigateway:%s:lambda:path/2015-03-31/functions/%s/invocations" % ( - region_name or get_region(), + region_name, lambda_uri, ) From f8f7b0154033f066d9001a93663894ed48ef197e Mon Sep 17 00:00:00 2001 From: Viren Nadkarni Date: Tue, 7 Nov 2023 12:36:10 +0530 Subject: [PATCH 3/3] Ensure bucket region is not None in KMS Key ARN --- localstack/services/s3/utils.py | 2 +- localstack/services/s3/v3/provider.py | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/localstack/services/s3/utils.py b/localstack/services/s3/utils.py index 1ab73db2e8419..34f3b7df6833f 100644 --- a/localstack/services/s3/utils.py +++ b/localstack/services/s3/utils.py @@ -594,7 +594,7 @@ def capitalize_header_name_from_snake_case(header_name: str) -> str: return "-".join([part.capitalize() for part in header_name.split("-")]) -def get_kms_key_arn(kms_key: str, account_id: str, bucket_region: str = None) -> Optional[str]: +def get_kms_key_arn(kms_key: str, account_id: str, bucket_region: str) -> Optional[str]: """ In S3, the KMS key can be passed as a KeyId or a KeyArn. This method allows to always get the KeyArn from either. It can also validate if the key is in the same region, and raise an exception. diff --git a/localstack/services/s3/v3/provider.py b/localstack/services/s3/v3/provider.py index 12597439fb015..8219bd6b2de22 100644 --- a/localstack/services/s3/v3/provider.py +++ b/localstack/services/s3/v3/provider.py @@ -3601,7 +3601,9 @@ def get_encryption_parameters_from_request_and_bucket( key_id = kms_key_id or s3_bucket.encryption_rule[ "ApplyServerSideEncryptionByDefault" ].get("KMSMasterKeyID") - kms_key_id = get_kms_key_arn(key_id, s3_bucket.bucket_account_id) + kms_key_id = get_kms_key_arn( + key_id, s3_bucket.bucket_account_id, s3_bucket.bucket_region + ) if not kms_key_id: # if not key is provided, AWS will use an AWS managed KMS key # create it if it doesn't already exist, and save it in the store per region