localstack-core 4.11.2.dev14__py3-none-any.whl → 4.12.1.dev25__py3-none-any.whl

localstack/aws/spec-patches.json

@@ -1372,43 +1372,5 @@
       "path": "/operations/CreateApiMapping/http/responseCode",
       "value": 200
     }
-  ],
-  "cloudwatch/2010-08-01/service-2": [
-    {
-      "op": "add",
-      "path": "/metadata/awsQueryCompatible",
-      "value": {}
-    },
-    {
-      "op": "add",
-      "path": "/metadata/jsonVersion",
-      "value": "1.0"
-    },
-    {
-      "op": "add",
-      "path": "/metadata/targetPrefix",
-      "value": "GraniteServiceVersion20100801"
-    },
-    {
-      "op": "replace",
-      "path": "/metadata/protocol",
-      "value": "smithy-rpc-v2-cbor"
-    },
-    {
-      "op": "replace",
-      "path": "/metadata/protocols",
-      "value": [
-        "smithy-rpc-v2-cbor",
-        "json",
-        "query"
-      ]
-    },
-    {
-      "op": "add",
-      "path": "/shapes/ConflictException/error",
-      "value": {
-        "httpStatusCode": 409
-      }
-    }
   ]
 }

localstack/config.py

@@ -225,6 +225,11 @@ def parse_boolean_env(env_var_name: str) -> bool | None:
     return None
 
 
+def parse_comma_separated_list(env_var_name: str) -> list[str]:
+    """Parse a comma separated list from the given environment variable."""
+    return os.environ.get(env_var_name, "").strip().split(",")
+
+
 def is_env_true(env_var_name: str) -> bool:
     """Whether the given environment variable has a truthy value."""
     return os.environ.get(env_var_name, "").lower().strip() in TRUE_STRINGS
@@ -1211,6 +1216,9 @@ CFN_PER_RESOURCE_TIMEOUT = int(os.environ.get("CFN_PER_RESOURCE_TIMEOUT") or 300
 # EXPERIMENTAL
 CFN_IGNORE_UNSUPPORTED_RESOURCE_TYPES = is_env_not_false("CFN_IGNORE_UNSUPPORTED_RESOURCE_TYPES")
 
+# Decrease the waiting time for resource deployment
+CFN_NO_WAIT_ITERATIONS: str | int | None = os.environ.get("CFN_NO_WAIT_ITERATIONS")
+
 # bind address of local DNS server
 DNS_ADDRESS = os.environ.get("DNS_ADDRESS") or "0.0.0.0"
 # port of the local DNS server

localstack/constants.py

@@ -117,6 +117,9 @@ LOCALSTACK_INFRA_PROCESS = "LOCALSTACK_INFRA_PROCESS"
 # AWS region us-east-1
 AWS_REGION_US_EAST_1 = "us-east-1"
 
+# AWS region eu-west-1
+AWS_REGION_EU_WEST_1 = "eu-west-1"
+
 # environment variable to override max pool connections
 try:
     MAX_POOL_CONNECTIONS = int(os.environ["MAX_POOL_CONNECTIONS"])

localstack/dev/kubernetes/__main__.py

@@ -1,5 +1,7 @@
 import dataclasses
 import os
+import shlex
+import subprocess as sp
 from typing import Literal
 
 import click
@@ -315,12 +317,11 @@ def generate_k8s_helm_overrides(
     return overrides
 
 
-def write_file(content: dict, output_path: str, file_name: str):
-    path = os.path.join(output_path, file_name)
-    with open(path, "w") as f:
+def write_file(content: dict, output_path: str):
+    with open(output_path, "w") as f:
         f.write(yaml.dump(content))
         f.close()
-        print(f"Generated file at {path}")
+        print(f"Generated file at {output_path}")
 
 
 def print_file(content: dict, file_name: str):
@@ -330,6 +331,22 @@ def print_file(content: dict, file_name: str):
     print("=====================================")
 
 
+def generate_k3d_command(config_file_path: str) -> str:
+    return f"k3d cluster create --config {config_file_path}"
+
+
+def generate_helm_command(overrides_file_path: str) -> str:
+    return f"helm upgrade --install localstack localstack/localstack -f {overrides_file_path}"
+
+
+def execute_deployment(config_file_path: str, overrides_file_path: str):
+    """
+    Use the k3d and helm commands to create a cluster and deploy LocalStack in one command
+    """
+    sp.check_call(shlex.split(generate_k3d_command(config_file_path)))
+    sp.check_call(shlex.split(generate_helm_command(overrides_file_path)))
+
+
 @click.command("run")
 @click.option(
     "--pro", is_flag=True, default=None, help="Mount the localstack-pro code into the cluster."
@@ -386,6 +403,13 @@ def print_file(content: dict, file_name: str):
     help="DNS port to expose from the kubernetes node. It is applied only if --expose-dns is set.",
     type=click.IntRange(0, 65535),
 )
+@click.option(
+    "--execute",
+    "-x",
+    is_flag=True,
+    default=False,
+    help="Execute deployment from generated config files. Implies -w/--write.",
+)
 @click.argument("command", nargs=-1, required=False)
 def run(
     pro: bool = None,
@@ -400,6 +424,7 @@ def run(
     port: int = None,
     expose_dns: bool = False,
     dns_port: int = 53,
+    execute: bool = False,
 ):
     """
     A tool for localstack developers to generate the kubernetes cluster configuration file and the overrides to mount the localstack code into the cluster.
@@ -416,25 +441,25 @@ def run(
     overrides_file = overrides_file or "overrides.yml"
     config_file = config_file or "configuration.yml"
 
-    if write:
-        write_file(config, output_dir, config_file)
-        write_file(overrides, output_dir, overrides_file)
+    overrides_file_path = os.path.join(output_dir, overrides_file)
+    config_file_path = os.path.join(output_dir, config_file)
+
+    if write or execute:
+        write_file(config, config_file_path)
+        write_file(overrides, overrides_file_path)
+        if execute:
+            execute_deployment(config_file, overrides_file)
     else:
         print_file(config, config_file)
         print_file(overrides, overrides_file)
 
-    overrides_file_path = os.path.join(output_dir, overrides_file)
-    config_file_path = os.path.join(output_dir, config_file)
-
     print("\nTo create a k3d cluster with the generated configuration, follow these steps:")
     print("1. Run the following command to create the cluster:")
-    print(f"\n    k3d cluster create --config {config_file_path}\n")
+    print(f"\n    {generate_k3d_command(config_file_path)}\n")
 
     print("2. Once the cluster is created, start LocalStack with the generated overrides:")
     print("\n    helm repo add localstack https://localstack.github.io/helm-charts # (if required)")
-    print(
-        f"\n    helm upgrade --install localstack localstack/localstack -f {overrides_file_path}\n"
-    )
+    print(f"\n    {generate_helm_command(overrides_file_path)}\n")
 
 
 def main():

localstack/runtime/analytics.py

@@ -7,10 +7,14 @@ from localstack.utils.analytics import log
 
 LOG = logging.getLogger(__name__)
 
+# Config options for which both usage and values are reported in analytics.
+# Important: This list must only contain options whose values do not contain PII or sensitive data.
 TRACKED_ENV_VAR = [
     "ACTIVATE_PRO",
     "ALLOW_NONSTANDARD_REGIONS",
     "BEDROCK_PREWARM",
+    "CFN_IGNORE_UNSUPPORTED_TYPE_CREATE",
+    "CFN_IGNORE_UNSUPPORTED_TYPE_UPDATE",
     "CFN_IGNORE_UNSUPPORTED_RESOURCE_TYPES",
     "CLOUDFRONT_LAMBDA_EDGE",
     "CONTAINER_RUNTIME",
@@ -26,6 +30,7 @@ TRACKED_ENV_VAR = [
     "DYNAMODB_IN_MEMORY",
     "DYNAMODB_REMOVE_EXPIRED_ITEMS",
     "EAGER_SERVICE_LOADING",
+    "EC2_DOCKER_INIT",
     "EC2_VM_MANAGER",
     "ECS_TASK_EXECUTOR",
     "EDGE_PORT",
@@ -71,9 +76,15 @@ TRACKED_ENV_VAR = [
     "USE_SSL",
 ]
 
+# Config options for which only the usage is reported in analytics.
+# Use this for options which may hold sensitive data or PII.
 PRESENCE_ENV_VAR = [
     "DATA_DIR",
     "EDGE_FORWARD_URL",  # Not functional; deprecated in 1.4.0, removed in 3.0.0
+    "EC2_HYPERVISOR_URI",
+    "EC2_REFERENCE_DOMAIN",
+    "EC2_LIBVIRT_NETWORK",
+    "EC2_LIBVIRT_POOL",
     "GATEWAY_LISTEN",
     "HOSTNAME",
     "HOSTNAME_EXTERNAL",

localstack/services/acm/provider.py

@@ -17,6 +17,16 @@ from localstack.utils.patch import patch
 moto_settings.ACM_VALIDATION_WAIT = min(10, moto_settings.ACM_VALIDATION_WAIT)
 
 
+@patch(acm_models.AWSCertificateManagerBackend.list_certificates)
+def list_certificates(list_certificates_orig, self, statuses, includes):
+    # Normalize keyTypes filter to match our describe() output format (hyphens)
+    if includes and "keyTypes" in includes:
+        includes["keyTypes"] = [
+            kt.replace("RSA_", "RSA-").replace("EC_", "EC-") for kt in includes["keyTypes"]
+        ]
+    return list_certificates_orig(self, statuses, includes)
+
+
 @patch(acm_models.CertBundle.describe)
 def describe(describe_orig, self):
     # TODO fix! Terrible hack (for parity). Moto adds certain required fields only if status is PENDING_VALIDATION.
@@ -71,8 +81,10 @@ def describe(describe_orig, self):
             cert[key] = value
     cert["Serial"] = str(cert.get("Serial") or "")
 
-    if cert.get("KeyAlgorithm") in ["RSA_1024", "RSA_2048"]:
+    if cert.get("KeyAlgorithm") in ["RSA_1024", "RSA_2048", "RSA_3072", "RSA_4096"]:
         cert["KeyAlgorithm"] = cert["KeyAlgorithm"].replace("RSA_", "RSA-")
+    if cert.get("KeyAlgorithm") in ["EC_prime256v1", "EC_secp384r1", "EC_secp521r1"]:
+        cert["KeyAlgorithm"] = cert["KeyAlgorithm"].replace("EC_", "EC-")
 
     # add subject alternative names
     if cert["DomainName"] not in sans:

localstack/services/apigateway/legacy/provider.py

@@ -94,6 +94,7 @@ from localstack.aws.api.apigateway import (
     UsagePlans,
     VpcLink,
     VpcLinks,
+    VpcLinkStatus,
 )
 from localstack.aws.connect import connect_to
 from localstack.aws.forwarder import create_aws_request_context
@@ -1821,11 +1822,31 @@ class ApigatewayProvider(ApigatewayApi, ServiceLifecycleHook):
         tags: MapOfStringToString = None,
         **kwargs,
     ) -> VpcLink:
+        # TODO add tag support
+        if not name:
+            raise BadRequestException("Name cannot be empty")
+        for arn in target_arns:
+            try:
+                parse_arn(arn)
+            except InvalidArnException:
+                raise BadRequestException(f"Invalid ARN. ARN is not well formed {arn}")
+
         region_details = get_apigateway_store(context=context)
         link_id = short_uid()
-        entry = {"id": link_id, "status": "AVAILABLE"}
+        entry = {
+            "id": link_id,
+            "status": VpcLinkStatus.PENDING,
+            "name": name,
+            "description": description,
+            "targetArns": target_arns,
+        }
         region_details.vpc_links[link_id] = entry
         result = to_vpc_link_response_json(entry)
+
+        # update the status and status message of the store object
+        entry["status"] = VpcLinkStatus.AVAILABLE
+        entry["statusMessage"] = "Your vpc link is ready for use"
+
         return VpcLink(**result)
 
     def get_vpc_links(
@@ -1845,7 +1866,7 @@ class ApigatewayProvider(ApigatewayApi, ServiceLifecycleHook):
         region_details = get_apigateway_store(context=context)
         vpc_link = region_details.vpc_links.get(vpc_link_id)
         if vpc_link is None:
-            raise NotFoundException(f'VPC link ID "{vpc_link_id}" not found')
+            raise NotFoundException("Invalid Vpc Link identifier specified")
         result = to_vpc_link_response_json(vpc_link)
         return VpcLink(**result)
 
@@ -1859,7 +1880,7 @@ class ApigatewayProvider(ApigatewayApi, ServiceLifecycleHook):
         region_details = get_apigateway_store(context=context)
         vpc_link = region_details.vpc_links.get(vpc_link_id)
         if vpc_link is None:
-            raise NotFoundException(f'VPC link ID "{vpc_link_id}" not found')
+            raise NotFoundException("Invalid Vpc Link identifier specified")
         result = apply_json_patch_safe(vpc_link, patch_operations)
         result = to_vpc_link_response_json(result)
         return VpcLink(**result)
@@ -1868,7 +1889,7 @@ class ApigatewayProvider(ApigatewayApi, ServiceLifecycleHook):
         region_details = get_apigateway_store(context=context)
         vpc_link = region_details.vpc_links.pop(vpc_link_id, None)
         if vpc_link is None:
-            raise NotFoundException(f'VPC link ID "{vpc_link_id}" not found for deletion')
+            raise NotFoundException("Invalid Vpc Link identifier specified")
 
     # request validators
 

localstack/services/cloudformation/engine/v2/change_set_model.py

@@ -1169,6 +1169,15 @@ class ChangeSetModel:
                 fn_transform,
             ],
         )
+
+        # special case of where either the before or after state does not specify properties but
+        # the resource was in the previous template
+        if (
+            terminal_value_type.change_type == ChangeType.UNCHANGED
+            and properties.change_type != ChangeType.UNCHANGED
+        ):
+            change_type = ChangeType.MODIFIED
+
         requires_replacement = self._resolve_requires_replacement(
             node_properties=properties, resource_type=terminal_value_type
         )

localstack/services/cloudformation/engine/v2/change_set_model_preproc.py

@@ -1069,7 +1069,9 @@ class ChangeSetModelPreproc(ChangeSetModelVisitor):
 
         def _resolve_parameter_type(value: str, type_: str) -> Any:
             match type_:
-                case "List<String>" | "CommaDelimitedList":
+                case s if re.match(r"List<[^>]+>", s):
+                    return [item.strip() for item in value.split(",")]
+                case "CommaDelimitedList":
                     return [item.strip() for item in value.split(",")]
                 case "Number":
                     # TODO: validate the parameter type at template parse time (or whatever is in parity with AWS) so we know this cannot fail

localstack/services/cloudformation/engine/v2/change_set_resource_support_checker.py

@@ -0,0 +1,114 @@
+from localstack.services.cloudformation.engine.v2.change_set_model import (
+    NodeResource,
+)
+from localstack.services.cloudformation.engine.v2.change_set_model_visitor import (
+    ChangeSetModelVisitor,
+)
+from localstack.services.cloudformation.resources import AWS_AVAILABLE_CFN_RESOURCES
+from localstack.utils.catalog.catalog import (
+    AwsServicesSupportStatus,
+    CatalogPlugin,
+    CfnResourceSupportStatus,
+)
+from localstack.utils.catalog.common import (
+    AwsServicesSupportInLatest,
+    AwsServiceSupportAtRuntime,
+    CloudFormationResourcesSupportAtRuntime,
+    CloudFormationResourcesSupportInLatest,
+)
+from localstack.utils.catalog.plugins import get_aws_catalog
+
+
+# TODO handle all available resource types
+def _get_service_name(resource_type: str) -> str | None:
+    parts = resource_type.split("::")
+    if len(parts) == 1:
+        return None
+
+    match parts:
+        case _ if "Cognito::IdentityPool" in resource_type:
+            return "cognito-identity"
+        case [*_, "Cognito", "UserPool"]:
+            return "cognito-idp"
+        case [*_, "Cognito", _]:
+            return "cognito-idp"
+        case [*_, "Elasticsearch", _]:
+            return "es"
+        case [*_, "OpenSearchService", _]:
+            return "opensearch"
+        case [*_, "KinesisFirehose", _]:
+            return "firehose"
+        case [*_, "ResourceGroups", _]:
+            return "resource-groups"
+        case [*_, "CertificateManager", _]:
+            return "acm"
+        case _ if "ElasticLoadBalancing::" in resource_type:
+            return "elb"
+        case _ if "ElasticLoadBalancingV2::" in resource_type:
+            return "elbv2"
+        case _ if "ApplicationAutoScaling::" in resource_type:
+            return "application-autoscaling"
+        case _ if "MSK::" in resource_type:
+            return "kafka"
+        case _ if "Timestream::" in resource_type:
+            return "timestream-write"
+        case [_, service, *_]:
+            return service.lower()
+
+
+def _build_resource_failure_message(
+    resource_type: str, status: AwsServicesSupportStatus | CfnResourceSupportStatus
+) -> str:
+    service_name = _get_service_name(resource_type) or "malformed"
+    template = "Sorry, the {resource} resource in the {service} service is not supported."
+    match status:
+        case CloudFormationResourcesSupportAtRuntime.NOT_IMPLEMENTED:
+            template = "Sorry, the {resource} resource (from the {service} service) is not supported by this version of LocalStack, but is available in the latest version."
+        case CloudFormationResourcesSupportInLatest.NOT_SUPPORTED:
+            template = "Sorry, the {resource} resource (from the {service} service) is not currently supported by LocalStack."
+        case AwsServiceSupportAtRuntime.AVAILABLE_WITH_LICENSE_UPGRADE:
+            template = "Sorry, the {service} service (for the {resource} resource) is not included within your LocalStack license, but is available in an upgraded license."
+        case AwsServiceSupportAtRuntime.NOT_IMPLEMENTED:
+            template = "The API for service {service} (for the {resource} resource) is either not included in your current license plan or has not yet been emulated by LocalStack."
+        case AwsServicesSupportInLatest.NOT_SUPPORTED:
+            template = "Sorry, the {service} (for the {resource} resource) service is not currently supported by LocalStack."
+        case AwsServicesSupportInLatest.SUPPORTED_WITH_LICENSE_UPGRADE:
+            template = "Sorry, the {service} service (for the {resource} resource) is not supported by this version of LocalStack, but is available in the latest version if you upgrade to the latest stable version."
+    return template.format(
+        resource=resource_type,
+        service=service_name,
+    )
+
+
+class ChangeSetResourceSupportChecker(ChangeSetModelVisitor):
+    catalog: CatalogPlugin
+
+    TITLE_MESSAGE = "Unsupported resources detected:"
+
+    def __init__(self):
+        self._resource_failure_messages: dict[str, str] = {}
+        self.catalog = get_aws_catalog()
+
+    def visit_node_resource(self, node_resource: NodeResource):
+        resource_type = node_resource.type_.value
+        if resource_type not in self._resource_failure_messages:
+            if resource_type not in AWS_AVAILABLE_CFN_RESOURCES:
+                # Ignore non-AWS resources
+                pass
+            support_status = self._resource_support_status(resource_type)
+            if support_status == CloudFormationResourcesSupportAtRuntime.AVAILABLE:
+                pass
+            else:
+                failure_message = _build_resource_failure_message(resource_type, support_status)
+                self._resource_failure_messages[resource_type] = failure_message
+        super().visit_node_resource(node_resource)
+
+    def _resource_support_status(
+        self, resource_type: str
+    ) -> AwsServicesSupportStatus | CfnResourceSupportStatus:
+        service_name = _get_service_name(resource_type)
+        return self.catalog.get_cloudformation_resource_status(resource_type, service_name, True)
+
+    @property
+    def failure_messages(self) -> list[str]:
+        return list(self._resource_failure_messages.values())

localstack/services/cloudformation/provider.py

@@ -5,6 +5,7 @@ import re
 from collections import defaultdict
 from copy import deepcopy
 
+from localstack import config
 from localstack.aws.api import CommonServiceException, RequestContext, handler
 from localstack.aws.api.cloudformation import (
     AlreadyExistsException,
@@ -120,6 +121,7 @@ from localstack.services.cloudformation.stores import (
     find_stack_by_id,
     get_cloudformation_store,
 )
+from localstack.services.plugins import ServiceLifecycleHook
 from localstack.state import StateVisitor
 from localstack.utils.collections import (
     remove_attributes,
@@ -177,7 +179,30 @@ class InternalFailure(CommonServiceException):
         super().__init__("InternalFailure", status_code=500, message=message, sender_fault=False)
 
 
-class CloudformationProvider(CloudformationApi):
+class CloudformationProvider(CloudformationApi, ServiceLifecycleHook):
+    def on_before_start(self):
+        self._validate_config()
+
+    def _validate_config(self):
+        no_wait_value: int = 5
+        try:
+            no_wait_value = int(config.CFN_NO_WAIT_ITERATIONS or 5)
+        except (TypeError, ValueError):
+            LOG.warning(
+                "You have set CFN_NO_WAIT_ITERATIONS to an invalid value: '%s'. It must be an integer greater or equal to 0. Using the default of 5",
+                config.CFN_NO_WAIT_ITERATIONS,
+            )
+
+        if no_wait_value < 0:
+            LOG.warning(
+                "You have set CFN_NO_WAIT_ITERATIONS to an invalid value: '%s'. It must be an integer greater or equal to 0. Using the default of 5",
+                config.CFN_NO_WAIT_ITERATIONS,
+            )
+            no_wait_value = 5
+
+        # Set the configuration back
+        config.CFN_NO_WAIT_ITERATIONS = no_wait_value
+
     def _stack_status_is_active(self, stack_status: str) -> bool:
         return stack_status not in [StackStatus.DELETE_COMPLETE]
 

localstack/services/cloudformation/provider_utils.py

@@ -275,6 +275,26 @@ def convert_values_to_numbers(input_dict: dict, keys_to_skip: list[str] | None =
     return recursive_convert(input_dict)
 
 
+def resource_tags_to_remove_or_update(
+    prev_tags: list[dict], new_tags: list[dict]
+) -> tuple[list[str], dict[str, str]]:
+    """
+    When updating resources that have tags, we need to determine which tags to remove and which to add/update,
+    as these are typically done in separate API calls. The format of prev_tags and new_tags is expected to
+    be [{ "Key": tagName, "Value": tagValue }, ...]. The return value will be a tuple of (tags_to_remove, tags_to_update),
+    where:
+    - tags_to_remove is a list of tag keys that are present in prev_tags but not in new_tags.
+    - tags_to_update is a dict of tags to add or update, with the format: { tagName: tagValue, ... }.
+    """
+    prev_tag_keys = [tag["Key"] for tag in prev_tags]
+    new_tag_keys = [tag["Key"] for tag in new_tags]
+    tags_to_remove = list(set(prev_tag_keys) - set(new_tag_keys))
+
+    # convert from list of dicts, to a single dict because that's what tag_queue APIs expect.
+    tags_to_update = {tag["Key"]: tag["Value"] for tag in new_tags}
+    return (tags_to_remove, tags_to_update)
+
+
 #  LocalStack specific utilities
 def get_schema_path(file_path: Path) -> dict:
     file_name_base = file_path.name.removesuffix(".py").removesuffix(".py.enc")

localstack/services/cloudformation/resource_provider.py

@@ -436,11 +436,11 @@ class ResourceProviderExecutor:
         resource: dict,
         raw_payload: ResourceProviderPayload,
         max_timeout: int = config.CFN_PER_RESOURCE_TIMEOUT,
-        sleep_time: float = 5,
+        sleep_time: float = 1,
     ) -> ProgressEvent[Properties]:
         payload = copy.deepcopy(raw_payload)
 
-        max_iterations = max(ceil(max_timeout / sleep_time), 2)
+        max_iterations = max(ceil(max_timeout / sleep_time), 10)
 
         for current_iteration in range(max_iterations):
             resource_type = get_resource_type({"Type": raw_payload["resourceType"]})
@@ -486,10 +486,11 @@ class ResourceProviderExecutor:
                     payload["requestData"]["resourceProperties"] = event.resource_model
                     resource["Properties"] = event.resource_model
 
-                    if current_iteration == 0:
-                        time.sleep(0)
+                    if current_iteration < config.CFN_NO_WAIT_ITERATIONS:
+                        pass
                     else:
                         time.sleep(sleep_time)
+
                 case OperationStatus.PENDING:
                     # come back to this resource in another iteration
                     return event