localstack-core 4.11.2.dev14__py3-none-any.whl → 4.12.1.dev18__py3-none-any.whl

localstack/services/sqs/resource_providers/aws_sqs_queue.py

@@ -64,6 +64,35 @@ class SQSQueueProvider(ResourceProvider[SQSQueueProperties]):
     TYPE = "AWS::SQS::Queue"  # Autogenerated. Don't change
     SCHEMA = util.get_schema_path(Path(__file__))  # Autogenerated. Don't change
 
+    # Values used when a property is removed from a template and needs to be set to its default.
+    # If AWS changes their defaults in the future, our parity tests should break.
+    DEFAULT_ATTRIBUTE_VALUES = {
+        "ReceiveMessageWaitTimeSeconds": "0",
+        "DelaySeconds": "0",
+        "KmsMasterKeyId": "",
+        "RedrivePolicy": "",
+        "MessageRetentionPeriod": "345600",
+        "MaximumMessageSize": "262144",  # Note: CloudFormation sets this to 256KB on update, but 1MB on create
+        "VisibilityTimeout": "30",
+        "KmsDataKeyReusePeriodSeconds": "300",
+    }
+
+    # Private method for creating a unique queue name, if none is specified.
+    def _autogenerated_queue_name(self, request: ResourceRequest[SQSQueueProperties]) -> str:
+        queue_name = util.generate_default_name(request.stack_name, request.logical_resource_id)
+        isFifoQueue = request.desired_state.get("FifoQueue")
+
+        # Note that it's an SQS FIFO queue only if the FifoQueue property is set to boolean True, or the string "true"
+        # (case insensitive). If it's None (property was omitted) or False, or any type of string (e.g. a typo
+        # such as "Fasle"), then it's not a FIFO queue. This extra check is needed because the CloudFormation engine
+        # doesn't fully validate the FifoQueue property before passing it to the resource provider.
+        if (
+            isFifoQueue == True  # noqa: E712
+            or (isinstance(isFifoQueue, str) and isFifoQueue.lower() == "true")
+        ):
+            queue_name = f"{queue_name[:-5]}.fifo"
+        return queue_name
+
     def create(
         self,
         request: ResourceRequest[SQSQueueProperties],
@@ -74,8 +103,6 @@ class SQSQueueProvider(ResourceProvider[SQSQueueProperties]):
         Primary identifier fields:
           - /properties/QueueUrl
 
-
-
         Create-only properties:
           - /properties/FifoQueue
           - /properties/QueueName
@@ -92,26 +119,13 @@ class SQSQueueProvider(ResourceProvider[SQSQueueProperties]):
           - sqs:TagQueue
 
         """
-        # TODO: validations
+        # TODO: validations - what validations are needed?
         model = request.desired_state
         sqs = request.aws_client_factory.sqs
 
-        if model.get("FifoQueue", False):
-            model["FifoQueue"] = model["FifoQueue"]
-
-        queue_name = model.get("QueueName")
-        if not queue_name:
-            # TODO: verify patterns here
-            if model.get("FifoQueue"):
-                queue_name = util.generate_default_name(
-                    request.stack_name, request.logical_resource_id
-                )[:-5]
-                queue_name = f"{queue_name}.fifo"
-            else:
-                queue_name = util.generate_default_name(
-                    request.stack_name, request.logical_resource_id
-                )
-            model["QueueName"] = queue_name
+        # if no QueueName is specified, automatically generate one
+        if not model.get("QueueName"):
+            model["QueueName"] = self._autogenerated_queue_name(request)
 
         attributes = self._compile_sqs_queue_attributes(model)
         result = request.aws_client_factory.sqs.create_queue(
@@ -184,38 +198,30 @@ class SQSQueueProvider(ResourceProvider[SQSQueueProperties]):
         """
         sqs = request.aws_client_factory.sqs
         model = request.desired_state
+        prev_model = request.previous_state
 
         assert request.previous_state is not None
 
-        should_replace = (
-            request.desired_state.get("QueueName", request.previous_state["QueueName"])
-            != request.previous_state["QueueName"]
-        ) or (
-            request.desired_state.get("FifoQueue", request.previous_state.get("FifoQueue"))
-            != request.previous_state.get("FifoQueue")
+        queue_url = prev_model["QueueUrl"]
+        self._populate_missing_attributes_with_defaults(model)
+        sqs.set_queue_attributes(
+            QueueUrl=queue_url, Attributes=self._compile_sqs_queue_attributes(model)
         )
 
-        if not should_replace:
-            return ProgressEvent(OperationStatus.SUCCESS, resource_model=request.previous_state)
-
-        # TODO: copied from the create handler, extract?
-        if model.get("FifoQueue"):
-            queue_name = util.generate_default_name(
-                request.stack_name, request.logical_resource_id
-            )[:-5]
-            queue_name = f"{queue_name}.fifo"
-        else:
-            queue_name = util.generate_default_name(request.stack_name, request.logical_resource_id)
-
-        # replacement (TODO: find out if we should handle this in the provider or outside of it)
-        # delete old queue
-        sqs.delete_queue(QueueUrl=request.previous_state["QueueUrl"])
-        # create new queue (TODO: re-use create logic to make this more robust, e.g. for
-        #  auto-generated queue names)
-        model["QueueUrl"] = sqs.create_queue(QueueName=queue_name)["QueueUrl"]
-        model["Arn"] = sqs.get_queue_attributes(
-            QueueUrl=model["QueueUrl"], AttributeNames=["QueueArn"]
-        )["Attributes"]["QueueArn"]
+        (tags_to_remove, tags_to_add_or_update) = util.resource_tags_to_remove_or_update(
+            prev_model.get("Tags", []), model.get("Tags", [])
+        )
+        sqs.untag_queue(QueueUrl=queue_url, TagKeys=tags_to_remove)
+        sqs.tag_queue(QueueUrl=queue_url, Tags=tags_to_add_or_update)
+
+        model["QueueUrl"] = queue_url
+        model["Arn"] = request.previous_state["Arn"]
+
+        # For QueueName and FifoQueue, always use the value from the previous model. These fields
+        # are create-only, so they cannot be changed via an update (even though they might be omitted)
+        model["QueueName"] = prev_model.get("QueueName")
+        model["FifoQueue"] = prev_model.get("FifoQueue", False)
+
         return ProgressEvent(OperationStatus.SUCCESS, resource_model=model)
 
     def _compile_sqs_queue_attributes(self, properties: SQSQueueProperties) -> dict[str, str]:
@@ -250,6 +256,15 @@ class SQSQueueProvider(ResourceProvider[SQSQueueProperties]):
 
         return result
 
+    def _populate_missing_attributes_with_defaults(self, properties: SQSQueueProperties) -> None:
+        """
+        For any attribute that is missing from the desired state, populate it with the default value.
+        This is the only way to remove an attribute from an existing SQS queue's configuration.
+        :param properties: the properties passed from cloudformation
+        """
+        for k, v in self.DEFAULT_ATTRIBUTE_VALUES.items():
+            properties.setdefault(k, v)
+
     def list(
         self,
         request: ResourceRequest[SQSQueueProperties],

localstack/services/ssm/provider.py

@@ -78,6 +78,7 @@ from localstack.aws.api.ssm import (
 )
 from localstack.aws.connect import connect_to
 from localstack.services.moto import call_moto, call_moto_with_request
+from localstack.state import StateVisitor
 from localstack.utils.aws.arns import extract_resource_from_arn, is_arn
 from localstack.utils.bootstrap import is_api_enabled
 from localstack.utils.collections import remove_attributes
@@ -105,6 +106,11 @@ class InvalidParameterNameException(ValidationException):
 
 # TODO: check if _normalize_name(..) calls are still required here
 class SsmProvider(SsmApi, ABC):
+    def accept_state_visitor(self, visitor: StateVisitor):
+        from moto.ssm.models import ssm_backends
+
+        visitor.visit(ssm_backends)
+
     def get_parameters(
         self,
         context: RequestContext,

localstack/services/stepfunctions/asl/static_analyser/test_state/test_state_analyser.py

@@ -12,18 +12,35 @@ from botocore.model import (
 
 from localstack.aws.api.stepfunctions import (
     Definition,
+    InvalidDefinition,
     MockInput,
     MockResponseValidationMode,
     StateName,
+    TestStateInput,
     ValidationException,
 )
 from localstack.services.stepfunctions.asl.antlr.runtime.ASLParser import ASLParser
+from localstack.services.stepfunctions.asl.component.state.state import CommonStateField
+from localstack.services.stepfunctions.asl.component.state.state_execution.state_map.state_map import (
+    StateMap,
+)
+from localstack.services.stepfunctions.asl.component.state.state_execution.state_parallel.state_parallel import (
+    StateParallel,
+)
 from localstack.services.stepfunctions.asl.component.state.state_execution.state_task.service.state_task_service import (
     StateTaskService,
 )
 from localstack.services.stepfunctions.asl.component.state.state_execution.state_task.service.state_task_service_api_gateway import (
     StateTaskServiceApiGateway,
 )
+from localstack.services.stepfunctions.asl.component.state.state_execution.state_task.state_task import (
+    StateTask,
+)
+from localstack.services.stepfunctions.asl.component.state.state_fail.state_fail import StateFail
+from localstack.services.stepfunctions.asl.component.state.state_pass.state_pass import StatePass
+from localstack.services.stepfunctions.asl.component.state.state_succeed.state_succeed import (
+    StateSucceed,
+)
 from localstack.services.stepfunctions.asl.component.state.state_type import StateType
 from localstack.services.stepfunctions.asl.component.test_state.program.test_state_program import (
     TestStateProgram,
@@ -59,10 +76,92 @@ class TestStateStaticAnalyser(StaticAnalyser):
         return test_program.test_state is not None
 
     @staticmethod
-    def validate_mock(mock_input: MockInput, definition: Definition, state_name: StateName) -> None:
+    def validate_role_arn_required(
+        mock_input: MockInput, definition: Definition, state_name: StateName
+    ) -> None:
         test_program, _ = TestStateAmazonStateLanguageParser.parse(definition, state_name)
         test_state = test_program.test_state
+        if isinstance(test_state, StateTask) and mock_input is None:
+            raise ValidationException("RoleArn must be specified when testing a Task state")
+
+    @staticmethod
+    def validate_mock(test_state_input: TestStateInput) -> None:
+        test_program, _ = TestStateAmazonStateLanguageParser.parse(
+            test_state_input.get("definition"), test_state_input.get("stateName")
+        )
+        test_state = test_program.test_state
+        mock_input = test_state_input.get("mock")
+
+        TestStateStaticAnalyser.validate_test_state_allows_mocking(
+            mock_input=mock_input, test_state=test_state
+        )
+
+        if mock_input is None:
+            return
+
+        if test_state_input.get("revealSecrets"):
+            raise ValidationException(
+                "TestState does not support RevealSecrets when a mock is specified."
+            )
+
+        if {"result", "errorOutput"} <= mock_input.keys():
+            raise ValidationException(
+                "A test mock should have only one of the following fields: [result, errorOutput]."
+            )
+
+        mock_result_raw = mock_input.get("result")
+        if mock_result_raw is None:
+            return
+        try:
+            mock_result = json.loads(mock_result_raw)
+        except json.JSONDecodeError:
+            raise ValidationException("Mocked result must be valid JSON")
+
+        if isinstance(test_state, StateMap):
+            TestStateStaticAnalyser.validate_mock_result_matches_map_definition(
+                mock_result=mock_result, test_state=test_state
+            )
+
+        if isinstance(test_state, StateTaskService):
+            field_validation_mode = mock_input.get(
+                "fieldValidationMode", MockResponseValidationMode.STRICT
+            )
+            TestStateStaticAnalyser.validate_mock_result_matches_api_shape(
+                mock_result=mock_result,
+                field_validation_mode=field_validation_mode,
+                test_state=test_state,
+            )
 
+    @staticmethod
+    def validate_test_state_allows_mocking(
+        mock_input: MockInput, test_state: CommonStateField
+    ) -> None:
+        if mock_input is None and isinstance(test_state, (StateMap, StateParallel)):
+            # This is a literal message when a Map or Parallel state is not accompanied by a mock in a test state request.
+            # The message is the same for both cases and is not parametrised anyhow.
+            raise InvalidDefinition(
+                "TestState API does not support Map or Parallel states. Supported state types include: [Task, Wait, Pass, Succeed, Fail, Choice]"
+            )
+
+        if mock_input is not None and isinstance(test_state, (StatePass, StateFail, StateSucceed)):
+            raise ValidationException(
+                f"State type '{test_state.state_type.name}' is not supported when a mock is specified"
+            )
+
+    @staticmethod
+    def validate_mock_result_matches_map_definition(mock_result: Any, test_state: StateMap):
+        if test_state.result_writer is not None and not isinstance(mock_result, dict):
+            raise ValidationException("Mocked result must be a JSON object.")
+
+        if test_state.result_writer is None and not isinstance(mock_result, list):
+            raise ValidationException("Mocked result must be an array.")
+
+    @staticmethod
+    def validate_mock_result_matches_api_shape(
+        mock_result: Any,
+        field_validation_mode: MockResponseValidationMode,
+        test_state: StateTaskService,
+    ):
         # apigateway:invoke: has no equivalent in the AWS SDK service integration.
         # Hence, the validation against botocore doesn't apply.
         # See the note in https://docs.aws.amazon.com/step-functions/latest/dg/connect-api-gateway.html
@@ -70,119 +169,106 @@ class TestStateStaticAnalyser(StaticAnalyser):
         if isinstance(test_state, StateTaskServiceApiGateway):
             return
 
-        if isinstance(test_state, StateTaskService):
-            field_validation_mode = mock_input.get(
-                "fieldValidationMode", MockResponseValidationMode.STRICT
+        if field_validation_mode == MockResponseValidationMode.NONE:
+            return
+
+        boto_service_name = test_state._get_boto_service_name()
+        service_action_name = test_state._get_boto_service_action()
+        output_shape = test_state._get_boto_operation_model(
+            boto_service_name=boto_service_name, service_action_name=service_action_name
+        ).output_shape
+
+        # If the operation has no output, there's nothing to validate
+        if output_shape is None:
+            return
+
+        def _raise_type_error(expected_type: str, field_name: str) -> None:
+            raise ValidationException(
+                f"Mock result schema validation error: Field '{field_name}' must be {expected_type}"
             )
-            mock_result_raw = mock_input.get("result")
-            if mock_result_raw is None:
+
+        def _validate_value(value: Any, shape: Shape, field_name: str | None = None) -> None:
+            # Document type accepts any JSON value
+            if shape.type_name == "document":
                 return
-            try:
-                mock_result = json.loads(mock_result_raw)
-            except json.JSONDecodeError:
-                raise ValidationException("Mocked result must be valid JSON")
-            if mock_result is None or field_validation_mode == MockResponseValidationMode.NONE:
+
+            if isinstance(shape, StructureShape):
+                if not isinstance(value, dict):
+                    # this is a defensive check, the mock result is loaded from JSON before, so should always be a dict
+                    raise ValidationException(
+                        f"Mock result must be a valid JSON object, but got '{type(value)}' instead"
+                    )
+                # Build a mapping from SFN-normalised member keys -> botocore member shapes
+                members = shape.members
+                sfn_key_to_member_shape: dict[str, Shape] = {
+                    StateTaskService._to_sfn_cased(member_key): member_shape
+                    for member_key, member_shape in members.items()
+                }
+                if field_validation_mode == MockResponseValidationMode.STRICT:
+                    # Ensure required members are present, using SFN-normalised keys
+                    for required_key in shape.required_members:
+                        sfn_required_key = StateTaskService._to_sfn_cased(required_key)
+                        if sfn_required_key not in value:
+                            raise ValidationException(
+                                f"Mock result schema validation error: Required field '{sfn_required_key}' is missing"
+                            )
+                # Validate present fields (match SFN-normalised keys to member shapes)
+                for mock_field_name, mock_field_value in value.items():
+                    member_shape = sfn_key_to_member_shape.get(mock_field_name)
+                    if member_shape is None:
+                        # Fields that are present in mock but are not in the API spec should not raise validation errors - forward compatibility
+                        continue
+                    _validate_value(mock_field_value, member_shape, mock_field_name)
                 return
 
-            boto_service_name = test_state._get_boto_service_name()
-            service_action_name = test_state._get_boto_service_action()
-            output_shape = test_state._get_boto_operation_model(
-                boto_service_name=boto_service_name, service_action_name=service_action_name
-            ).output_shape
+            if isinstance(shape, ListShape):
+                if not isinstance(value, list):
+                    _raise_type_error("an array", field_name)
+                member_shape = shape.member
+                for list_item in value:
+                    _validate_value(list_item, member_shape, field_name)
+                return
 
-            # If the operation has no output, there's nothing to validate
-            if output_shape is None:
+            if isinstance(shape, MapShape):
+                if not isinstance(value, dict):
+                    _raise_type_error("an object", field_name)
+                value_shape = shape.value
+                for _, map_item_value in value.items():
+                    _validate_value(map_item_value, value_shape, field_name)
                 return
 
-            def _raise_type_error(expected_type: str, field_name: str) -> None:
-                raise ValidationException(
-                    f"Mock result schema validation error: Field '{field_name}' must be {expected_type}"
-                )
-
-            def _validate_value(value: Any, shape: Shape, field_name: str | None = None) -> None:
-                # Document type accepts any JSON value
-                if shape.type_name == "document":
-                    return
-
-                if isinstance(shape, StructureShape):
-                    if not isinstance(value, dict):
-                        # this is a defensive check, the mock result is loaded from JSON before, so should always be a dict
-                        raise ValidationException(
-                            f"Mock result must be a valid JSON object, but got '{type(value)}' instead"
-                        )
-                    # Build a mapping from SFN-normalised member keys -> botocore member shapes
-                    members = shape.members
-                    sfn_key_to_member_shape: dict[str, Shape] = {
-                        StateTaskService._to_sfn_cased(member_key): member_shape
-                        for member_key, member_shape in members.items()
-                    }
-                    if field_validation_mode == MockResponseValidationMode.STRICT:
-                        # Ensure required members are present, using SFN-normalised keys
-                        for required_key in shape.required_members:
-                            sfn_required_key = StateTaskService._to_sfn_cased(required_key)
-                            if sfn_required_key not in value:
-                                raise ValidationException(
-                                    f"Mock result schema validation error: Required field '{sfn_required_key}' is missing"
-                                )
-                    # Validate present fields (match SFN-normalised keys to member shapes)
-                    for mock_field_name, mock_field_value in value.items():
-                        member_shape = sfn_key_to_member_shape.get(mock_field_name)
-                        if member_shape is None:
-                            # Fields that are present in mock but are not in the API spec should not raise validation errors - forward compatibility
-                            continue
-                        _validate_value(mock_field_value, member_shape, mock_field_name)
-                    return
-
-                if isinstance(shape, ListShape):
-                    if not isinstance(value, list):
-                        _raise_type_error("an array", field_name)
-                    member_shape = shape.member
-                    for list_item in value:
-                        _validate_value(list_item, member_shape, field_name)
-                    return
-
-                if isinstance(shape, MapShape):
-                    if not isinstance(value, dict):
-                        _raise_type_error("an object", field_name)
-                    value_shape = shape.value
-                    for _, map_item_value in value.items():
-                        _validate_value(map_item_value, value_shape, field_name)
-                    return
-
-                # Primitive shapes and others
-                type_name = shape.type_name
-                match type_name:
-                    case "string" | "timestamp":
-                        if not isinstance(value, str):
-                            _raise_type_error("a string", field_name)
-                        # Validate enum if present
-                        if isinstance(shape, StringShape):
-                            enum = getattr(shape, "enum", None)
-                            if enum and value not in enum:
-                                raise ValidationException(
-                                    f"Mock result schema validation error: Field '{field_name}' is not an expected value"
-                                )
-
-                    case "integer" | "long":
-                        if not isinstance(value, int) or isinstance(value, bool):
-                            _raise_type_error("a number", field_name)
-
-                    case "float" | "double":
-                        if not (isinstance(value, (int, float)) or isinstance(value, bool)):
-                            _raise_type_error("a number", field_name)
-
-                    case "boolean":
-                        if not isinstance(value, bool):
-                            _raise_type_error("a boolean", field_name)
-
-                    case "blob":
-                        if not (isinstance(value, (str, bytes))):
-                            _raise_type_error("a string", field_name)
-
-            # Perform validation against the output shape
-            _validate_value(mock_result, output_shape)
-        # Non-service tasks or other cases: nothing to validate
-        return
+            # Primitive shapes and others
+            type_name = shape.type_name
+            match type_name:
+                case "string" | "timestamp":
+                    if not isinstance(value, str):
+                        _raise_type_error("a string", field_name)
+                    # Validate enum if present
+                    if isinstance(shape, StringShape):
+                        enum = getattr(shape, "enum", None)
+                        if enum and value not in enum:
+                            raise ValidationException(
+                                f"Mock result schema validation error: Field '{field_name}' is not an expected value"
+                            )
+
+                case "integer" | "long":
+                    if not isinstance(value, int) or isinstance(value, bool):
+                        _raise_type_error("a number", field_name)
+
+                case "float" | "double":
+                    if not (isinstance(value, (int, float)) or isinstance(value, bool)):
+                        _raise_type_error("a number", field_name)
+
+                case "boolean":
+                    if not isinstance(value, bool):
+                        _raise_type_error("a boolean", field_name)
+
+                case "blob":
+                    if not (isinstance(value, (str, bytes))):
+                        _raise_type_error("a string", field_name)
+
+        # Perform validation against the output shape
+        _validate_value(mock_result, output_shape)
 
     def analyse(self, definition: str) -> None:
         _, parser_rule_context = TestStateAmazonStateLanguageParser.parse(

localstack/services/stepfunctions/backend/execution.py

@@ -1,9 +1,8 @@
 from __future__ import annotations
 
 import datetime
-import json
 import logging
-from typing import Final
+from typing import Any, Final
 
 from localstack.aws.api.events import PutEventsRequestEntry
 from localstack.aws.api.stepfunctions import (
@@ -111,7 +110,7 @@ class Execution:
     local_mock_test_case: Final[LocalMockTestCase | None]
 
     start_date: Final[Timestamp]
-    input_data: Final[json | None]
+    input_data: Final[dict[str, Any] | None]
     input_details: Final[CloudWatchEventsExecutionDataDetails | None]
     trace_header: Final[TraceHeader | None]
     _cloud_watch_logging_session: Final[CloudWatchLoggingSession | None]
@@ -119,7 +118,7 @@ class Execution:
     exec_status: ExecutionStatus | None
     stop_date: Timestamp | None
 
-    output: json | None
+    output: dict[str, Any] | None
     output_details: CloudWatchEventsExecutionDataDetails | None
 
     error: SensitiveError | None
@@ -141,7 +140,7 @@ class Execution:
         start_date: Timestamp,
         cloud_watch_logging_session: CloudWatchLoggingSession | None,
         activity_store: dict[Arn, Activity],
-        input_data: json | None = None,
+        input_data: dict[str, Any] | None = None,
         trace_header: TraceHeader | None = None,
         state_machine_alias_arn: Arn | None = None,
         local_mock_test_case: LocalMockTestCase | None = None,

localstack/services/stepfunctions/provider.py

@@ -57,7 +57,6 @@ from localstack.aws.api.stepfunctions import (
     LongArn,
     MaxConcurrency,
     MissingRequiredParameter,
-    MockInput,
     Name,
     PageSize,
     PageToken,
@@ -162,6 +161,7 @@ from localstack.services.stepfunctions.stepfunctions_utils import (
     normalise_max_results,
 )
 from localstack.state import StateVisitor
+from localstack.utils.aws import arns
 from localstack.utils.aws.arns import (
     ARN_PARTITION_REGEX,
     stepfunctions_activity_arn,
@@ -242,12 +242,6 @@ class StepFunctionsProvider(StepfunctionsApi, ServiceLifecycleHook):
             f"Invalid Arn: 'Resource type not valid in this context: {lower_resource_type}'"
         )
 
-    @staticmethod
-    def _validate_test_state_mock_input(mock_input: MockInput) -> None:
-        if {"result", "errorOutput"} <= mock_input.keys():
-            # FIXME create proper error
-            raise ValidationException("Cannot define both 'result' and 'errorOutput'")
-
     @staticmethod
     def _validate_activity_name(name: str) -> None:
         # The activity name is validated according to the AWS StepFunctions documentation, the name should not contain:
@@ -1514,11 +1508,7 @@ class StepFunctionsProvider(StepfunctionsApi, ServiceLifecycleHook):
             raise ValidationException("State not found in definition")
 
         mock_input = request.get("mock")
-        if mock_input is not None:
-            self._validate_test_state_mock_input(mock_input)
-            TestStateStaticAnalyser.validate_mock(
-                mock_input=mock_input, definition=definition, state_name=state_name
-            )
+        TestStateStaticAnalyser.validate_mock(test_state_input=request)
 
         if state_configuration := request.get("stateConfiguration"):
             # TODO: Add validations for this i.e assert len(input) <= failureCount
@@ -1543,10 +1533,27 @@ class StepFunctionsProvider(StepfunctionsApi, ServiceLifecycleHook):
         arn = stepfunctions_state_machine_arn(
             name=name, account_id=context.account_id, region_name=context.region
         )
+        role_arn = request.get("roleArn")
+        if role_arn is None:
+            TestStateStaticAnalyser.validate_role_arn_required(
+                mock_input=mock_input, definition=definition, state_name=state_name
+            )
+            # HACK: Added dummy role ARN because it is a required field in Execution.
+            # To allow optional roleArn for the test state but preserve the mandatory one for regular executions
+            # we likely need to remove inheritance TestStateExecution(Execution) in favor of composition.
+            # TestState execution starts to have too many simplifications compared to a regular execution
+            # which renders the inheritance mechanism harmful.
+            # TODO make role_arn optional in TestStateExecution
+            role_arn = arns.iam_role_arn(
+                role_name=f"RoleFor-{name}",
+                account_id=context.account_id,
+                region_name=context.region,
+            )
+
         state_machine = TestStateMachine(
             name=name,
             arn=arn,
-            role_arn=request["roleArn"],
+            role_arn=role_arn,
             definition=request["definition"],
         )
 
@@ -1561,7 +1568,7 @@ class StepFunctionsProvider(StepfunctionsApi, ServiceLifecycleHook):
 
         execution = TestStateExecution(
             name=exec_name,
-            role_arn=request["roleArn"],
+            role_arn=role_arn,
             exec_arn=exec_arn,
             account_id=context.account_id,
             region_name=context.region,

localstack/services/sts/provider.py

@@ -23,6 +23,7 @@ from localstack.services.iam.iam_patches import apply_iam_patches
 from localstack.services.moto import call_moto
 from localstack.services.plugins import ServiceLifecycleHook
 from localstack.services.sts.models import SessionConfig, sts_stores
+from localstack.state import StateVisitor
 from localstack.utils.aws.arns import extract_account_id_from_arn
 from localstack.utils.aws.request_context import extract_access_key_id_from_auth_header
 
@@ -50,6 +51,12 @@ class StsProvider(StsApi, ServiceLifecycleHook):
     def __init__(self):
         apply_iam_patches()
 
+    def accept_state_visitor(self, visitor: StateVisitor):
+        from moto.sts.models import sts_backends
+
+        visitor.visit(sts_backends)
+        visitor.visit(sts_stores)
+
     def get_caller_identity(self, context: RequestContext, **kwargs) -> GetCallerIdentityResponse:
         response = call_moto(context)
         if "user/moto" in response["Arn"] and "sts" in response["Arn"]: