localstack-core 4.11.2.dev14__py3-none-any.whl → 4.12.1.dev18__py3-none-any.whl

localstack/services/s3/provider.py

@@ -33,6 +33,7 @@ from localstack.aws.api.s3 import (
     BucketAlreadyOwnedByYou,
     BucketCannedACL,
     BucketLifecycleConfiguration,
+    BucketLocationConstraint,
     BucketLoggingStatus,
     BucketName,
     BucketNotEmpty,
@@ -117,7 +118,6 @@ from localstack.aws.api.s3 import (
     InvalidArgument,
     InvalidBucketName,
     InvalidDigest,
-    InvalidLocationConstraint,
     InvalidObjectState,
     InvalidPartNumber,
     InvalidPartOrder,
@@ -229,7 +229,7 @@ from localstack.aws.handlers import (
     preprocess_request,
     serve_custom_service_request_handlers,
 )
-from localstack.constants import AWS_REGION_US_EAST_1
+from localstack.constants import AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1
 from localstack.services.edge import ROUTER
 from localstack.services.plugins import ServiceLifecycleHook
 from localstack.services.s3.codec import AwsChunkedDecoder
@@ -278,6 +278,7 @@ from localstack.services.s3.utils import (
     etag_to_base_64_content_md5,
     extract_bucket_key_version_id_from_copy_source,
     generate_safe_version_id,
+    get_bucket_location_xml,
     get_canned_acl,
     get_class_attrs_from_spec_class,
     get_failed_precondition_copy_source,
@@ -304,6 +305,7 @@ from localstack.services.s3.utils import (
     validate_dict_fields,
     validate_failed_precondition,
     validate_kms_key_id,
+    validate_location_constraint,
     validate_tag_set,
 )
 from localstack.services.s3.validation import (
@@ -493,29 +495,19 @@ class S3Provider(S3Api, ServiceLifecycleHook):
             raise InvalidBucketName("The specified bucket is not valid.", BucketName=bucket_name)
 
         create_bucket_configuration = request.get("CreateBucketConfiguration") or {}
-        bucket_region = create_bucket_configuration.get("LocationConstraint")
+
         bucket_tags = create_bucket_configuration.get("Tags")
         if bucket_tags:
             validate_tag_set(bucket_tags, type_set="create-bucket")
-        if bucket_region:
-            if context.region == AWS_REGION_US_EAST_1:
-                if bucket_region in ("us-east-1", "aws-global"):
-                    raise InvalidLocationConstraint(
-                        "The specified location-constraint is not valid",
-                        LocationConstraint=bucket_region,
-                    )
-            elif context.region != bucket_region:
-                raise CommonServiceException(
-                    code="IllegalLocationConstraintException",
-                    message=f"The {bucket_region} location constraint is incompatible for the region specific endpoint this request was sent to.",
-                )
-        else:
+
+        location_constraint = create_bucket_configuration.get("LocationConstraint", "")
+        validate_location_constraint(context.region, location_constraint)
+
+        bucket_region = location_constraint
+        if not location_constraint:
             bucket_region = AWS_REGION_US_EAST_1
-            if context.region != bucket_region:
-                raise CommonServiceException(
-                    code="IllegalLocationConstraintException",
-                    message="The unspecified location constraint is incompatible for the region specific endpoint this request was sent to.",
-                )
+        if location_constraint == BucketLocationConstraint.EU:
+            bucket_region = AWS_REGION_EU_WEST_1
 
         store = self.get_store(context.account_id, bucket_region)
 
@@ -554,6 +546,7 @@ class S3Provider(S3Api, ServiceLifecycleHook):
             acl=acl,
             object_ownership=request.get("ObjectOwnership"),
             object_lock_enabled_for_bucket=request.get("ObjectLockEnabledForBucket"),
+            location_constraint=location_constraint,
         )
 
         store.buckets[bucket_name] = s3_bucket
@@ -709,16 +702,18 @@ class S3Provider(S3Api, ServiceLifecycleHook):
         """
         store, s3_bucket = self._get_cross_account_bucket(context, bucket)
 
-        location_constraint = (
-            '<?xml version="1.0" encoding="UTF-8"?>\n'
-            '<LocationConstraint xmlns="http://s3.amazonaws.com/doc/2006-03-01/">{{location}}</LocationConstraint>'
-        )
-
-        location = s3_bucket.bucket_region if s3_bucket.bucket_region != "us-east-1" else ""
-        location_constraint = location_constraint.replace("{{location}}", location)
+        # TODO: Remove usage of getattr once persistence mechanism is updated.
+        # If the stored constraint is None the bucket was made before the storage of location_constraint.
+        # The EU location constraint wasn't supported before this point so we can safely default to the region.
+        location_constraint = getattr(s3_bucket, "location_constraint", None)
+        if location_constraint is None:
+            location_constraint = (
+                s3_bucket.bucket_region if s3_bucket.bucket_region != "us-east-1" else ""
+            )
 
-        response = GetBucketLocationOutput(LocationConstraint=location_constraint)
-        return response
+        return GetBucketLocationOutput(
+            LocationConstraint=get_bucket_location_xml(location_constraint)
+        )
 
     @handler("PutObject", expand=False)
     def put_object(

localstack/services/s3/utils.py

@@ -34,6 +34,7 @@ from localstack.aws.api.s3 import (
     Grantee,
     HeadObjectRequest,
     InvalidArgument,
+    InvalidLocationConstraint,
     InvalidRange,
     InvalidTag,
     LifecycleExpiration,
@@ -57,18 +58,25 @@ from localstack.aws.api.s3 import (
 from localstack.aws.api.s3 import Type as GranteeType
 from localstack.aws.chain import HandlerChain
 from localstack.aws.connect import connect_to
+from localstack.constants import AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1
 from localstack.http import Response
 from localstack.services.s3 import checksums
 from localstack.services.s3.constants import (
     ALL_USERS_ACL_GRANTEE,
     AUTHENTICATED_USERS_ACL_GRANTEE,
+    BUCKET_LOCATION_CONSTRAINTS,
     CHECKSUM_ALGORITHMS,
+    EU_WEST_1_LOCATION_CONSTRAINTS,
     LOG_DELIVERY_ACL_GRANTEE,
     SIGNATURE_V2_PARAMS,
     SIGNATURE_V4_PARAMS,
     SYSTEM_METADATA_SETTABLE_HEADERS,
 )
-from localstack.services.s3.exceptions import InvalidRequest, MalformedXML
+from localstack.services.s3.exceptions import (
+    IllegalLocationConstraintException,
+    InvalidRequest,
+    MalformedXML,
+)
 from localstack.utils.aws import arns
 from localstack.utils.aws.arns import parse_arn
 from localstack.utils.objects import singleton_factory
@@ -888,6 +896,27 @@ def validate_tag_set(
         keys.add(key)
 
 
+def validate_location_constraint(context_region: str, location_constraint: str) -> None:
+    if location_constraint:
+        if context_region == AWS_REGION_US_EAST_1:
+            if (
+                not config.ALLOW_NONSTANDARD_REGIONS
+                and location_constraint not in BUCKET_LOCATION_CONSTRAINTS
+            ):
+                raise InvalidLocationConstraint(
+                    "The specified location-constraint is not valid",
+                    LocationConstraint=location_constraint,
+                )
+        elif context_region == AWS_REGION_EU_WEST_1:
+            if location_constraint not in EU_WEST_1_LOCATION_CONSTRAINTS:
+                raise IllegalLocationConstraintException(location_constraint)
+        elif context_region != location_constraint:
+            raise IllegalLocationConstraintException(location_constraint)
+    else:
+        if context_region != AWS_REGION_US_EAST_1:
+            raise IllegalLocationConstraintException("unspecified")
+
+
 def get_unique_key_id(
     bucket: BucketName, object_key: ObjectKey, version_id: ObjectVersionId
 ) -> str:
@@ -1105,3 +1134,19 @@ def is_version_older_than_other(version_id: str, other: str):
     See `generate_safe_version_id`
     """
     return base64.b64decode(version_id, altchars=b"._") < base64.b64decode(other, altchars=b"._")
+
+
+def get_bucket_location_xml(location_constraint: str) -> str:
+    """
+    Returns the formatted XML for the GetBucketLocation operation.
+
+    :param location_constraint: The location constraint to return in the XML. It can be an empty string when
+    it's not specified in the bucket configuration.
+    :return: The XML response.
+    """
+
+    return (
+        '<?xml version="1.0" encoding="UTF-8"?>\n'
+        '<LocationConstraint xmlns="http://s3.amazonaws.com/doc/2006-03-01/"'
+        + ("/>" if not location_constraint else f">{location_constraint}</LocationConstraint>")
+    )

localstack/services/s3control/provider.py

@@ -12,6 +12,7 @@ from localstack.aws.api.s3control import (
 from localstack.aws.forwarder import NotImplementedAvoidFallbackError
 from localstack.services.s3.models import s3_stores
 from localstack.services.s3control.validation import validate_tags
+from localstack.state import StateVisitor
 from localstack.utils.tagging import TaggingService
 
 
@@ -21,6 +22,11 @@ class NoSuchResource(CommonServiceException):
 
 
 class S3ControlProvider(S3ControlApi):
+    def accept_state_visitor(self, visitor: StateVisitor):
+        from moto.s3control.models import s3control_backends
+
+        visitor.visit(s3control_backends)
+
     """
     S3Control is a management interface for S3, and can access some of its internals with no public API
     This requires us to access the s3 stores directly

localstack/services/scheduler/provider.py

@@ -1,11 +1,12 @@
 import logging
 import re
 
-from moto.scheduler.models import EventBridgeSchedulerBackend
+from moto.scheduler.models import EventBridgeSchedulerBackend, scheduler_backends
 
 from localstack.aws.api.scheduler import SchedulerApi, ValidationException
 from localstack.services.events.rule import RULE_SCHEDULE_CRON_REGEX, RULE_SCHEDULE_RATE_REGEX
 from localstack.services.plugins import ServiceLifecycleHook
+from localstack.state import StateVisitor
 from localstack.utils.patch import patch
 
 LOG = logging.getLogger(__name__)
@@ -17,7 +18,8 @@ RULE_SCHEDULE_AT_REGEX = re.compile(AT_REGEX)
 
 
 class SchedulerProvider(SchedulerApi, ServiceLifecycleHook):
-    pass
+    def accept_state_visitor(self, visitor: StateVisitor):
+        visitor.visit(scheduler_backends)
 
 
 def _validate_schedule_expression(schedule_expression: str) -> None:

localstack/services/secretsmanager/provider.py

@@ -65,6 +65,7 @@ from localstack.aws.api.secretsmanager import (
 )
 from localstack.aws.connect import connect_to
 from localstack.services.moto import call_moto
+from localstack.state import StateVisitor
 from localstack.utils.aws import arns
 from localstack.utils.patch import patch
 from localstack.utils.time import today_no_time
@@ -105,6 +106,9 @@ class SecretsmanagerProvider(SecretsmanagerApi):
         super().__init__()
         apply_patches()
 
+    def accept_state_visitor(self, visitor: StateVisitor):
+        visitor.visit(secretsmanager_backends)
+
     @staticmethod
     def get_moto_backend_for_resource(
         name_or_arn: str, context: RequestContext

localstack/services/ses/provider.py

@@ -62,6 +62,7 @@ from localstack.http import Resource, Response
 from localstack.services.moto import call_moto
 from localstack.services.plugins import ServiceLifecycleHook
 from localstack.services.ses.models import EmailType, SentEmail, SentEmailBody
+from localstack.state import StateVisitor
 from localstack.utils.aws import arns
 from localstack.utils.files import mkdir
 from localstack.utils.strings import long_uid, to_str
@@ -177,6 +178,9 @@ def register_ses_api_resource():
 
 
 class SesProvider(SesApi, ServiceLifecycleHook):
+    def accept_state_visitor(self, visitor: StateVisitor):
+        visitor.visit(ses_backends)
+
     #
     # Lifecycle Hooks
     #

localstack/services/sns/constants.py

@@ -25,6 +25,19 @@ VALID_SUBSCRIPTION_ATTR_NAME: list[str] = [
     "SubscriptionRoleArn",
 ]
 
+
+VALID_POLICY_ACTIONS = [
+    "GetTopicAttributes",
+    "SetTopicAttributes",
+    "AddPermission",
+    "RemovePermission",
+    "DeleteTopic",
+    "Subscribe",
+    "ListSubscriptionsByTopic",
+    "Publish",
+    "Receive",
+]
+
 MSG_ATTR_NAME_REGEX = re.compile(r"^(?!\.)(?!.*\.$)(?!.*\.\.)[a-zA-Z0-9_\-.]+$")
 ATTR_TYPE_REGEX = re.compile(r"^(String|Number|Binary)\..+$")
 VALID_MSG_ATTR_NAME_CHARS = set(ascii_letters + digits + "." + "-" + "_")

localstack/services/sns/provider.py

@@ -86,6 +86,7 @@ from localstack.utils.aws.arns import (
 from localstack.utils.collections import PaginatedList, select_from_typed_dict
 from localstack.utils.strings import short_uid, to_bytes, to_str
 
+from ...state import StateVisitor
 from .analytics import internal_api_calls
 
 # set up logger
@@ -118,6 +119,10 @@ class SnsProvider(SnsApi, ServiceLifecycleHook):
         self._publisher = PublishDispatcher()
         self._signature_cert_pem: str = SNS_SERVER_CERT
 
+    def accept_state_visitor(self, visitor: StateVisitor):
+        visitor.visit(sns_backends)
+        visitor.visit(sns_stores)
+
     def on_before_stop(self):
         self._publisher.shutdown()
 

localstack/services/sns/v2/models.py

@@ -7,6 +7,7 @@ from typing import Literal, TypedDict
 from localstack.aws.api.sns import (
     Endpoint,
     MessageAttributeMap,
+    PhoneNumber,
     PlatformApplication,
     PublishBatchRequestEntry,
     TopicAttributesMap,
@@ -192,5 +193,7 @@ class SnsStore(BaseStore):
 
     TAGS: TaggingService = CrossRegionAttribute(default=TaggingService)
 
+    PHONE_NUMBERS_OPTED_OUT: list[PhoneNumber] = CrossRegionAttribute(default=list)
+
 
 sns_stores = AccountRegionBundle("sns", SnsStore)

localstack/services/sns/v2/provider.py

@@ -10,12 +10,15 @@ from rolo import Request, Router, route
 
 from localstack.aws.api import CommonServiceException, RequestContext
 from localstack.aws.api.sns import (
+    ActionsList,
     AmazonResourceName,
     BatchEntryIdsNotDistinctException,
+    CheckIfPhoneNumberIsOptedOutResponse,
     ConfirmSubscriptionResponse,
     CreateEndpointResponse,
     CreatePlatformApplicationResponse,
     CreateTopicResponse,
+    DelegatesList,
     Endpoint,
     EndpointDisabledException,
     GetEndpointAttributesResponse,
@@ -26,6 +29,7 @@ from localstack.aws.api.sns import (
     InvalidParameterException,
     InvalidParameterValueException,
     ListEndpointsByPlatformApplicationResponse,
+    ListPhoneNumbersOptedOutResponse,
     ListPlatformApplicationsResponse,
     ListString,
     ListSubscriptionsByTopicResponse,
@@ -35,6 +39,7 @@ from localstack.aws.api.sns import (
     MapStringToString,
     MessageAttributeMap,
     NotFoundException,
+    OptInPhoneNumberResponse,
     PhoneNumber,
     PlatformApplication,
     PublishBatchRequestEntryList,
@@ -57,10 +62,12 @@ from localstack.aws.api.sns import (
     attributeValue,
     authenticateOnUnsubscribe,
     endpoint,
+    label,
     message,
     messageStructure,
     nextToken,
     protocol,
+    string,
     subject,
     subscriptionARN,
     topicARN,
@@ -84,6 +91,7 @@ from localstack.services.sns.constants import (
     SUBSCRIPTION_TOKENS_ENDPOINT,
     VALID_APPLICATION_PLATFORMS,
     VALID_MSG_ATTR_NAME_CHARS,
+    VALID_POLICY_ACTIONS,
     VALID_SUBSCRIPTION_ATTR_NAME,
 )
 from localstack.services.sns.filter import FilterPolicyValidator
@@ -118,6 +126,7 @@ from localstack.services.sns.v2.utils import (
     parse_and_validate_topic_arn,
     validate_subscription_attribute,
 )
+from localstack.state import StateVisitor
 from localstack.utils.aws.arns import (
     extract_account_id_from_arn,
     extract_region_from_arn,
@@ -142,6 +151,9 @@ class SnsProvider(SnsApi, ServiceLifecycleHook):
         self._publisher = PublishDispatcher()
         self._signature_cert_pem: str = SNS_SERVER_CERT
 
+    def accept_state_visitor(self, visitor: StateVisitor):
+        visitor.visit(sns_stores)
+
     def on_before_stop(self):
         self._publisher.shutdown()
 
@@ -1073,6 +1085,94 @@ class SnsProvider(SnsApi, ServiceLifecycleHook):
 
         return GetSMSAttributesResponse(attributes=return_attributes)
 
+    #
+    # Phone number operations
+    #
+
+    def check_if_phone_number_is_opted_out(
+        self, context: RequestContext, phone_number: PhoneNumber, **kwargs
+    ) -> CheckIfPhoneNumberIsOptedOutResponse:
+        store = sns_stores[context.account_id][context.region]
+        return CheckIfPhoneNumberIsOptedOutResponse(
+            isOptedOut=phone_number in store.PHONE_NUMBERS_OPTED_OUT
+        )
+
+    def list_phone_numbers_opted_out(
+        self, context: RequestContext, next_token: string | None = None, **kwargs
+    ) -> ListPhoneNumbersOptedOutResponse:
+        store = self.get_store(context.account_id, context.region)
+        numbers_opted_out = PaginatedList(store.PHONE_NUMBERS_OPTED_OUT)
+        page, nxt = numbers_opted_out.get_page(
+            token_generator=lambda x: x,
+            next_token=next_token,
+            page_size=100,
+        )
+        phone_numbers = {"phoneNumbers": page, "nextToken": nxt}
+        return ListPhoneNumbersOptedOutResponse(**phone_numbers)
+
+    def opt_in_phone_number(
+        self, context: RequestContext, phone_number: PhoneNumber, **kwargs
+    ) -> OptInPhoneNumberResponse:
+        store = self.get_store(context.account_id, context.region)
+        if phone_number in store.PHONE_NUMBERS_OPTED_OUT:
+            store.PHONE_NUMBERS_OPTED_OUT.remove(phone_number)
+        return OptInPhoneNumberResponse()
+
+    #
+    # Permission operations
+    #
+
+    def add_permission(
+        self,
+        context: RequestContext,
+        topic_arn: topicARN,
+        label: label,
+        aws_account_id: DelegatesList,
+        action_name: ActionsList,
+        **kwargs,
+    ) -> None:
+        topic: Topic = self._get_topic(topic_arn, context)
+        policy = json.loads(topic["attributes"]["Policy"])
+        statement = next(
+            (statement for statement in policy["Statement"] if statement["Sid"] == label),
+            None,
+        )
+
+        if statement:
+            raise InvalidParameterException("Invalid parameter: Statement already exists")
+
+        if any(action not in VALID_POLICY_ACTIONS for action in action_name):
+            raise InvalidParameterException(
+                "Invalid parameter: Policy statement action out of service scope!"
+            )
+
+        principals = [
+            f"arn:{get_partition(context.region)}:iam::{account_id}:root"
+            for account_id in aws_account_id
+        ]
+        actions = [f"SNS:{action}" for action in action_name]
+
+        statement = {
+            "Sid": label,
+            "Effect": "Allow",
+            "Principal": {"AWS": principals[0] if len(principals) == 1 else principals},
+            "Action": actions[0] if len(actions) == 1 else actions,
+            "Resource": topic_arn,
+        }
+
+        policy["Statement"].append(statement)
+        topic["attributes"]["Policy"] = json.dumps(policy)
+
+    def remove_permission(
+        self, context: RequestContext, topic_arn: topicARN, label: label, **kwargs
+    ) -> None:
+        topic = self._get_topic(topic_arn, context)
+        policy = json.loads(topic["attributes"]["Policy"])
+        statements = policy["Statement"]
+        statements = [statement for statement in statements if statement["Sid"] != label]
+        policy["Statement"] = statements
+        topic["attributes"]["Policy"] = json.dumps(policy)
+
     def list_tags_for_resource(
         self, context: RequestContext, resource_arn: AmazonResourceName, **kwargs
     ) -> ListTagsForResourceResponse:

localstack/services/sqs/constants.py

@@ -31,6 +31,12 @@ INTERNAL_QUEUE_ATTRIBUTES = [
     QueueAttributeName.QueueArn,
 ]
 
+#
+# If these attributes are set to their default values, they are effectively
+# deleted from the queue attributes and not returned in future calls to get_queue_attributes()
+#
+DELETE_IF_DEFAULT = {"KmsMasterKeyId": "", "KmsDataKeyReusePeriodSeconds": "300"}
+
 INVALID_STANDARD_QUEUE_ATTRIBUTES = [
     QueueAttributeName.FifoQueue,
     QueueAttributeName.ContentBasedDeduplication,

localstack/services/sqs/provider.py

@@ -101,6 +101,7 @@ from localstack.services.sqs.utils import (
     parse_queue_url,
 )
 from localstack.services.stores import AccountRegionBundle
+from localstack.state import StateVisitor
 from localstack.utils.aws.arns import parse_arn
 from localstack.utils.bootstrap import is_api_enabled
 from localstack.utils.cloudwatch.cloudwatch_util import (
@@ -659,6 +660,9 @@ class SqsProvider(SqsApi, ServiceLifecycleHook):
         self._router_rules = []
         self._init_cloudwatch_metrics_reporting()
 
+    def accept_state_visitor(self, visitor: StateVisitor):
+        visitor.visit(sqs_stores)
+
     @staticmethod
     def get_store(account_id: str, region: str) -> SqsStore:
         return sqs_stores[account_id][region]
@@ -1269,7 +1273,11 @@ class SqsProvider(SqsApi, ServiceLifecycleHook):
         for k, v in attributes.items():
             if k in sqs_constants.INTERNAL_QUEUE_ATTRIBUTES:
                 raise InvalidAttributeName(f"Unknown Attribute {k}.")
-            queue.attributes[k] = v
+            if k in sqs_constants.DELETE_IF_DEFAULT and v == sqs_constants.DELETE_IF_DEFAULT[k]:
+                if k in queue.attributes:
+                    del queue.attributes[k]
+            else:
+                queue.attributes[k] = v
 
         # Special cases
         if queue.attributes.get(QueueAttributeName.Policy) == "":