localstack-core 4.10.1.dev7__py3-none-any.whl → 4.10.1.dev42__py3-none-any.whl

localstack/aws/handlers/service.py

@@ -7,6 +7,7 @@ from collections import defaultdict
 from typing import Any
 
 from botocore.model import OperationModel, ServiceModel
+from plux.core.plugin import PluginDisabled
 
 from localstack import config
 from localstack.http import Response
@@ -222,7 +223,16 @@ class ServiceExceptionSerializer(ExceptionHandler):
                 operation = context.service.operation_model(context.service.operation_names[0])
                 msg = f"exception while calling {service_name} with unknown operation: {message}"
 
-            status_code = 501 if config.FAIL_FAST else 500
+            # Check for license restricted plugin message and set status code to 501
+            if (
+                isinstance(exception, PluginDisabled)
+                and "not part of the active license agreement"
+                in str(getattr(exception, "reason", "")).lower()
+            ):
+                status_code = 501
+                msg = f"exception while calling {service_name}.{operation.name}: {str(getattr(exception, 'reason', ''))}"
+            else:
+                status_code = 501 if config.FAIL_FAST else 500
 
             error = CommonServiceException(
                 "InternalError", msg, status_code=status_code

localstack/aws/protocol/parser.py

@@ -1032,7 +1032,7 @@ class BaseCBORRequestParser(RequestParser, ABC):
             return method(stream, additional_info)
         else:
             raise ProtocolParserError(
-                f"Unsupported inital byte found for data item- "
+                f"Unsupported initial byte found for data item- "
                 f"Major type:{major_type}, Additional info: "
                 f"{additional_info}"
             )

localstack/aws/scaffold.py

@@ -188,9 +188,7 @@ class ShapeNode:
             if member in self.shape.required_members:
                 output.write(f"    {member}: IO[{q}{to_valid_python_name(shape.name)}{q}]\n")
             else:
-                output.write(
-                    f"    {member}: Optional[IO[{q}{to_valid_python_name(shape.name)}{q}]]\n"
-                )
+                output.write(f"    {member}: {q}IO[{to_valid_python_name(shape.name)}] | None{q}\n")
             del remaining_members[member]
         # render the streaming payload first
         if self.is_response and self.response_operation.has_streaming_output:
@@ -199,25 +197,26 @@ class ShapeNode:
             shape_name = to_valid_python_name(shape.name)
             if member in self.shape.required_members:
                 output.write(
-                    f"    {member}: Union[{q}{shape_name}{q}, IO[{q}{shape_name}{q}], Iterable[{q}{shape_name}{q}]]\n"
+                    f"    {member}: {q}{shape_name} | IO[{shape_name}] | Iterable[{shape_name}]{q}\n"
                 )
             else:
                 output.write(
-                    f"    {member}: Optional[Union[{q}{shape_name}{q}, IO[{q}{shape_name}{q}], Iterable[{q}{shape_name}{q}]]]\n"
+                    f"    {member}: {q}{shape_name} | IO[{shape_name}] | Iterable[{shape_name}] | None{q}\n"
                 )
             del remaining_members[member]
 
         for k, v in remaining_members.items():
+            shape_name = to_valid_python_name(v.name)
             if k in self.shape.required_members:
                 if v.serialization.get("eventstream"):
-                    output.write(f"    {k}: Iterator[{q}{to_valid_python_name(v.name)}{q}]\n")
+                    output.write(f"    {k}: Iterator[{q}{shape_name}{q}]\n")
                 else:
-                    output.write(f"    {k}: {q}{to_valid_python_name(v.name)}{q}\n")
+                    output.write(f"    {k}: {q}{shape_name}{q}\n")
             else:
                 if v.serialization.get("eventstream"):
-                    output.write(f"    {k}: Iterator[{q}{to_valid_python_name(v.name)}{q}]\n")
+                    output.write(f"    {k}: Iterator[{q}{shape_name}{q}]\n")
                 else:
-                    output.write(f"    {k}: Optional[{q}{to_valid_python_name(v.name)}{q}]\n")
+                    output.write(f"    {k}: {q}{shape_name} | None{q}\n")
 
     def _print_as_typed_dict(self, output, doc=True, quote_types=False):
         name = to_valid_python_name(self.shape.name)
@@ -236,7 +235,7 @@ class ShapeNode:
                 if v.serialization.get("eventstream"):
                     output.write(f'    "{k}": Iterator[{q}{member_name}{q}],\n')
                 else:
-                    output.write(f'    "{k}": Optional[{q}{member_name}{q}],\n')
+                    output.write(f'    "{k}": {q}{member_name} | None{q},\n')
         output.write("}, total=False)")
 
     def print_shape_doc(self, output, shape):
@@ -256,11 +255,11 @@ class ShapeNode:
             self._print_structure_declaration(output, doc, quote_types)
         elif isinstance(shape, ListShape):
             output.write(
-                f"{to_valid_python_name(shape.name)} = List[{q}{to_valid_python_name(shape.member.name)}{q}]"
+                f"{to_valid_python_name(shape.name)} = list[{q}{to_valid_python_name(shape.member.name)}{q}]"
             )
         elif isinstance(shape, MapShape):
             output.write(
-                f"{to_valid_python_name(shape.name)} = Dict[{q}{to_valid_python_name(shape.key.name)}{q}, {q}{to_valid_python_name(shape.value.name)}{q}]"
+                f"{to_valid_python_name(shape.name)} = dict[{q}{to_valid_python_name(shape.key.name)}{q}, {q}{to_valid_python_name(shape.value.name)}{q}]"
             )
         elif isinstance(shape, StringShape):
             if shape.enum:
@@ -316,9 +315,8 @@ class ShapeNode:
 def generate_service_types(output, service: ServiceModel, doc=True):
     output.write("from datetime import datetime\n")
     output.write("from enum import StrEnum\n")
-    output.write(
-        "from typing import Dict, List, Optional, Iterator, Iterable, IO, Union, TypedDict\n"
-    )
+    output.write("from typing import IO, TypedDict\n")
+    output.write("from collections.abc import Iterable, Iterator\n")
     output.write("\n")
     output.write(
         "from localstack.aws.api import handler, RequestContext, ServiceException, ServiceRequest"
@@ -372,8 +370,8 @@ def generate_service_api(output, service: ServiceModel, doc=True):
 
     output.write(f"class {class_name}:\n")
     output.write("\n")
-    output.write(f'    service = "{service.service_name}"\n')
-    output.write(f'    version = "{service.api_version}"\n')
+    output.write(f'    service: str = "{service.service_name}"\n')
+    output.write(f'    version: str = "{service.api_version}"\n')
     for op_name in service.operation_names:
         operation: OperationModel = service.operation_model(op_name)
 

localstack/cli/localstack.py

@@ -433,7 +433,7 @@ def _print_service_table(services: dict[str, str]) -> None:
 
 @localstack.command(name="start", short_help="Start LocalStack")
 @click.option("--docker", is_flag=True, help="Start LocalStack in a docker container [default]")
-@click.option("--host", is_flag=True, help="Start LocalStack directly on the host")
+@click.option("--host", is_flag=True, help="Start LocalStack directly on the host", deprecated=True)
 @click.option("--no-banner", is_flag=True, help="Disable LocalStack banner", default=False)
 @click.option(
     "-d", "--detached", is_flag=True, help="Start LocalStack in the background", default=False
@@ -532,6 +532,11 @@ def cmd_start(
             console.log("starting LocalStack in Docker mode :whale:")
 
     if host:
+        console.log(
+            "Warning: Starting LocalStack in host mode from the CLI is deprecated and will be removed soon. Please use the default Docker mode instead.",
+            style="bold red",
+        )
+
         # call hooks to prepare host
         bootstrap.prepare_host(console)
 

localstack/dev/kubernetes/__main__.py

@@ -9,6 +9,7 @@ EDGE_SERVICE_NODE_PORT = 30066
 NODE_PORT_START = 30010
 SERVICE_PORT_START = 4510
 NUMBER_OF_SERVICE_PORTS = 50
+EDGE_SERVICE_DNS_PORT = 31053
 
 
 @dataclasses.dataclass
@@ -144,7 +145,12 @@ def generate_mount_points(
     return mount_points
 
 
-def generate_k8s_cluster_config(mount_points: list[MountPoint], port: int = 4566):
+def generate_k8s_cluster_config(
+    mount_points: list[MountPoint],
+    port: int = 4566,
+    expose_dns: bool = False,
+    dns_port: int = 53,
+):
     volumes = [
         {
             "volume": f"{mount_point.host_path}:{mount_point.node_path}",
@@ -177,6 +183,16 @@ def generate_k8s_cluster_config(mount_points: list[MountPoint], port: int = 4566
         },
     ]
 
+    if expose_dns:
+        ports.append(
+            {
+                "nodeFilters": [
+                    "server:0",
+                ],
+                "port": f"{dns_port}:{EDGE_SERVICE_DNS_PORT}",
+            }
+        )
+
     config = {
         "apiVersion": "k3d.io/v1alpha5",
         "kind": "Simple",
@@ -279,7 +295,10 @@ def generate_k8s_helm_overrides(
             "end": SERVICE_PORT_START + NUMBER_OF_SERVICE_PORTS,
             "nodePortStart": NODE_PORT_START,
         },
-        "dnsService": True,
+        "dnsService": {
+            "enabled": True,
+            "nodePort": EDGE_SERVICE_DNS_PORT,
+        },
     }
     overrides = {
         "debug": True,
@@ -355,6 +374,18 @@ def print_file(content: dict, file_name: str):
     help="Port to expose from the kubernetes node",
     type=click.IntRange(0, 65535),
 )
+@click.option(
+    "--expose-dns",
+    is_flag=True,
+    default=False,
+    help="Expose DNS port from the kubernetes node.",
+)
+@click.option(
+    "--dns-port",
+    default=53,
+    help="DNS port to expose from the kubernetes node. It is applied only if --expose-dns is set.",
+    type=click.IntRange(0, 65535),
+)
 @click.argument("command", nargs=-1, required=False)
 def run(
     pro: bool = None,
@@ -367,13 +398,17 @@ def run(
     command: str = None,
     env: list[str] = None,
     port: int = None,
+    expose_dns: bool = False,
+    dns_port: int = 53,
 ):
     """
     A tool for localstack developers to generate the kubernetes cluster configuration file and the overrides to mount the localstack code into the cluster.
     """
     mount_points = generate_mount_points(pro, mount_moto, mount_entrypoints)
 
-    config = generate_k8s_cluster_config(mount_points, port=port)
+    config = generate_k8s_cluster_config(
+        mount_points, port=port, expose_dns=expose_dns, dns_port=dns_port
+    )
 
     overrides = generate_k8s_helm_overrides(mount_points, pro=pro, env=env)
 

localstack/services/apigateway/helpers.py

@@ -23,7 +23,7 @@ from localstack.aws.api.apigateway import (
     IntegrationType,
     Model,
     NotFoundException,
-    PutRestApiRequest,
+    PutMode,
     RequestValidator,
 )
 from localstack.constants import (
@@ -39,8 +39,7 @@ from localstack.services.apigateway.models import (
     apigateway_stores,
 )
 from localstack.utils import common
-from localstack.utils.json import parse_json_or_yaml
-from localstack.utils.strings import short_uid, to_bytes, to_str
+from localstack.utils.strings import short_uid, to_bytes
 from localstack.utils.urls import localstack_host
 
 LOG = logging.getLogger(__name__)
@@ -472,11 +471,9 @@ def add_documentation_parts(rest_api_container, documentation):
 
 
 def import_api_from_openapi_spec(
-    rest_api: MotoRestAPI, context: RequestContext, request: PutRestApiRequest
+    rest_api: MotoRestAPI, context: RequestContext, open_api_spec: dict, mode: PutMode
 ) -> tuple[MotoRestAPI, list[str]]:
     """Import an API from an OpenAPI spec document"""
-    body = parse_json_or_yaml(to_str(request["body"].read()))
-
     warnings = []
 
     # TODO There is an issue with the botocore specs so the parameters doesn't get populated as it should
@@ -484,15 +481,14 @@ def import_api_from_openapi_spec(
     # query_params = request.get("parameters") or {}
     query_params: dict = context.request.values.to_dict()
 
-    resolved_schema = resolve_references(copy.deepcopy(body), rest_api_id=rest_api.id)
+    resolved_schema = resolve_references(copy.deepcopy(open_api_spec), rest_api_id=rest_api.id)
     account_id = context.account_id
     region_name = context.region
 
     # TODO:
-    # 1. validate the "mode" property of the spec document, "merge" or "overwrite", and properly apply it
+    # 1. properly apply the mode (overwrite or merge)
     #    for now, it only considers it for the binaryMediaTypes
     # 2. validate the document type, "swagger" or "openapi"
-    mode = request.get("mode", "merge")
 
     rest_api.version = (
         str(version) if (version := resolved_schema.get("info", {}).get("version")) else None

localstack/services/apigateway/legacy/provider.py

@@ -476,11 +476,19 @@ class ApigatewayProvider(ApigatewayApi, ServiceLifecycleHook):
 
     @handler("PutRestApi", expand=False)
     def put_rest_api(self, context: RequestContext, request: PutRestApiRequest) -> RestApi:
+        body_data = request["body"].read()
+        try:
+            openapi_spec = parse_json_or_yaml(to_str(body_data))
+        except Exception:
+            raise BadRequestException("Invalid OpenAPI input.")
         # TODO: take into account the mode: overwrite or merge
         # the default is now `merge`, but we are removing everything
         rest_api = get_moto_rest_api(context, request["restApiId"])
         rest_api, warnings = import_api_from_openapi_spec(
-            rest_api, context=context, request=request
+            rest_api,
+            context=context,
+            open_api_spec=openapi_spec,
+            mode=request.get("mode") or PutMode.merge,
         )
 
         rest_api.root_resource_id = get_moto_rest_api_root_resource(rest_api)
@@ -1512,7 +1520,10 @@ class ApigatewayProvider(ApigatewayApi, ServiceLifecycleHook):
         **kwargs,
     ) -> DocumentationPartIds:
         body_data = body.read()
-        openapi_spec = parse_json_or_yaml(to_str(body_data))
+        try:
+            openapi_spec = parse_json_or_yaml(to_str(body_data))
+        except Exception:
+            raise BadRequestException("Unable to build importer with provided input.")
 
         rest_api_container = get_rest_api_container(context, rest_api_id=rest_api_id)
 
@@ -2012,7 +2023,11 @@ class ApigatewayProvider(ApigatewayApi, ServiceLifecycleHook):
         body_data = body.read()
 
         # create rest api
-        openapi_spec = parse_json_or_yaml(to_str(body_data))
+        try:
+            openapi_spec = parse_json_or_yaml(to_str(body_data))
+        except Exception:
+            raise BadRequestException("Invalid OpenAPI input.")
+
         create_api_request = CreateRestApiRequest(name=openapi_spec.get("info").get("title"))
         create_api_context = create_custom_context(
             context,
@@ -2053,12 +2068,20 @@ class ApigatewayProvider(ApigatewayApi, ServiceLifecycleHook):
         **kwargs,
     ) -> Integration:
         try:
-            response: Integration = call_moto(context)
-        except CommonServiceException as e:
-            # the Exception raised by moto does not have the right message not status code
-            if e.code == "NotFoundException":
-                raise NotFoundException("Invalid Integration identifier specified")
-            raise
+            moto_rest_api = get_moto_rest_api(context, rest_api_id)
+        except NotFoundException:
+            raise NotFoundException("Invalid Resource identifier specified")
+
+        if not (moto_resource := moto_rest_api.resources.get(resource_id)):
+            raise NotFoundException("Invalid Resource identifier specified")
+
+        if not (moto_method := moto_resource.resource_methods.get(http_method)):
+            raise NotFoundException("Invalid Method identifier specified")
+
+        if not moto_method.method_integration:
+            raise NotFoundException("Invalid Integration identifier specified")
+
+        response: Integration = call_moto(context)
 
         if integration_responses := response.get("integrationResponses"):
             for integration_response in integration_responses.values():

localstack/services/apigateway/patches.py

@@ -5,7 +5,6 @@ import logging
 from moto.apigateway import models as apigateway_models
 from moto.apigateway.exceptions import (
     DeploymentNotFoundException,
-    NoIntegrationDefined,
     RestAPINotFound,
     StageStillActive,
 )
@@ -113,14 +112,6 @@ def apply_patches():
         )
         return result
 
-    # patch integration error responses
-    @patch(apigateway_models.Resource.get_integration)
-    def apigateway_models_resource_get_integration(fn, self, method_type):
-        resource_method = self.resource_methods.get(method_type, {})
-        if not resource_method.method_integration:
-            raise NoIntegrationDefined()
-        return resource_method.method_integration
-
     @patch(apigateway_models.RestAPI.to_dict)
     def apigateway_models_rest_api_to_dict(fn, self):
         resp = fn(self)

localstack/services/cloudformation/provider.py

@@ -952,8 +952,8 @@ class CloudformationProvider(CloudformationApi):
     def describe_stack_events(
         self,
         context: RequestContext,
-        stack_name: StackName = None,
-        next_token: NextToken = None,
+        stack_name: StackName,
+        next_token: NextToken | None = None,
         **kwargs,
     ) -> DescribeStackEventsOutput:
         if stack_name is None:

localstack/services/cloudformation/v2/provider.py

@@ -135,15 +135,15 @@ SSM_PARAMETER_TYPE_RE = re.compile(
 
 
 def is_stack_arn(stack_name_or_id: str) -> bool:
-    return ARN_STACK_REGEX.match(stack_name_or_id) is not None
+    return stack_name_or_id and ARN_STACK_REGEX.match(stack_name_or_id) is not None
 
 
 def is_changeset_arn(change_set_name_or_id: str) -> bool:
-    return ARN_CHANGESET_REGEX.match(change_set_name_or_id) is not None
+    return change_set_name_or_id and ARN_CHANGESET_REGEX.match(change_set_name_or_id) is not None
 
 
 def is_stack_set_arn(stack_set_name_or_id: str) -> bool:
-    return ARN_STACK_SET_REGEX.match(stack_set_name_or_id) is not None
+    return stack_set_name_or_id and ARN_STACK_SET_REGEX.match(stack_set_name_or_id) is not None
 
 
 class StackNotFoundError(ValidationError):
@@ -1349,8 +1349,8 @@ class CloudformationProviderV2(CloudformationProvider, ServiceLifecycleHook):
     def describe_stack_events(
         self,
         context: RequestContext,
-        stack_name: StackName = None,
-        next_token: NextToken = None,
+        stack_name: StackName,
+        next_token: NextToken | None = None,
         **kwargs,
     ) -> DescribeStackEventsOutput:
         if not stack_name:
@@ -1388,7 +1388,7 @@ class CloudformationProviderV2(CloudformationProvider, ServiceLifecycleHook):
                     stack_name, message_override=f"Stack with id {stack_name} does not exist"
                 )
         else:
-            raise StackNotFoundError(stack_name)
+            raise ValidationError("StackName is required if ChangeSetName is not specified.")
 
         if template_stage == TemplateStage.Processed and "Transform" in stack.template_body:
             template_body = json.dumps(stack.processed_template)

localstack/services/kinesis/packages.py

@@ -7,7 +7,7 @@ from localstack.packages import InstallTarget, Package
 from localstack.packages.core import GitHubReleaseInstaller, NodePackageInstaller
 from localstack.packages.java import JavaInstallerMixin, java_package
 
-_KINESIS_MOCK_VERSION = os.environ.get("KINESIS_MOCK_VERSION") or "0.4.13"
+_KINESIS_MOCK_VERSION = os.environ.get("KINESIS_MOCK_VERSION") or "0.5.1"
 
 
 class KinesisMockEngine(StrEnum):

localstack/services/kms/models.py

@@ -173,6 +173,7 @@ class KmsCryptoKey:
     public_key: bytes | None
     private_key: bytes | None
     key_material: bytes
+    pending_key_material: bytes | None
     key_spec: str
 
     @staticmethod
@@ -217,6 +218,7 @@ class KmsCryptoKey:
     def __init__(self, key_spec: str, key_material: bytes | None = None):
         self.private_key = None
         self.public_key = None
+        self.pending_key_material = None
         # Technically, key_material, being a symmetric encryption key, is only relevant for
         #   key_spec == SYMMETRIC_DEFAULT.
         # But LocalStack uses symmetric encryption with this key_material even for other specs. Asymmetric keys are
@@ -248,8 +250,9 @@ class KmsCryptoKey:
         self._serialize_key(key)
 
     def load_key_material(self, material: bytes):
-        if self.key_spec in [
-            KeySpec.SYMMETRIC_DEFAULT,
+        if self.key_spec == KeySpec.SYMMETRIC_DEFAULT:
+            self.pending_key_material = material
+        elif self.key_spec in [
             KeySpec.HMAC_224,
             KeySpec.HMAC_256,
             KeySpec.HMAC_384,
@@ -323,9 +326,28 @@ class KmsKey:
             # remove the _custom_key_material_ tag from the tags to not readily expose the custom key material
             del self.tags[TAG_KEY_CUSTOM_KEY_MATERIAL]
         self.crypto_key = KmsCryptoKey(self.metadata.get("KeySpec"), custom_key_material)
+        self._internal_key_id = uuid.uuid4()
+
+        # The KMS implementation always provides a crypto key with key material which doesn't suit scenarios where a
+        # KMS Key may have no key material e.g. for external keys. Don't expose the CurrentKeyMaterialId in those cases.
+        if custom_key_material or (
+            self.metadata["Origin"] == "AWS_KMS"
+            and self.metadata["KeySpec"] == KeySpec.SYMMETRIC_DEFAULT
+        ):
+            self.metadata["CurrentKeyMaterialId"] = self.generate_key_material_id(
+                self.crypto_key.key_material
+            )
+
         self.rotation_period_in_days = 365
         self.next_rotation_date = None
 
+    def generate_key_material_id(self, key_material: bytes) -> str:
+        # The KeyMaterialId depends on the key material and the KeyId. Use an internal ID to prevent brute forcing
+        # the value of the key material from the public KeyId and KeyMaterialId.
+        # https://docs.aws.amazon.com/kms/latest/APIReference/API_ImportKeyMaterial.html
+        key_material_id_hex = uuid.uuid5(self._internal_key_id, key_material).hex
+        return str(key_material_id_hex) * 2
+
     def calculate_and_set_arn(self, account_id, region):
         self.metadata["Arn"] = kms_key_arn(self.metadata.get("KeyId"), account_id, region)
 
@@ -746,8 +768,16 @@ class KmsKey:
                 f"The on-demand rotations limit has been reached for the given keyId. "
                 f"No more on-demand rotations can be performed for this key: {self.metadata['Arn']}"
             )
-        self.previous_keys.append(self.crypto_key.key_material)
-        self.crypto_key = KmsCryptoKey(KeySpec.SYMMETRIC_DEFAULT)
+        current_key_material = self.crypto_key.key_material
+        pending_key_material = self.crypto_key.pending_key_material
+
+        self.previous_keys.append(current_key_material)
+
+        # If there is no pending material stored on the key, then key material will be generated.
+        self.crypto_key = KmsCryptoKey(KeySpec.SYMMETRIC_DEFAULT, pending_key_material)
+        self.metadata["CurrentKeyMaterialId"] = self.generate_key_material_id(
+            self.crypto_key.key_material
+        )
 
 
 class KmsGrant: