localstack-core 4.11.2.dev14__py3-none-any.whl → 4.12.1.dev25__py3-none-any.whl

localstack/services/lambda_/provider.py

@@ -43,6 +43,7 @@ from localstack.aws.api.lambda_ import (
     DeleteFunctionResponse,
     Description,
     DestinationConfig,
+    DurableExecutionName,
     EventSourceMappingConfiguration,
     FunctionCodeLocation,
     FunctionConfiguration,
@@ -157,6 +158,7 @@ from localstack.services.edge import ROUTER
 from localstack.services.lambda_ import api_utils
 from localstack.services.lambda_ import hooks as lambda_hooks
 from localstack.services.lambda_.analytics import (
+    FunctionInitializationType,
     FunctionOperation,
     FunctionStatus,
     function_counter,
@@ -255,6 +257,7 @@ from localstack.utils.urls import localstack_host
 
 LOG = logging.getLogger(__name__)
 
+CAPACITY_PROVIDER_ARN_NAME = "arn:aws[a-zA-Z-]*:lambda:(eusc-)?[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}:\\d{12}:capacity-provider:[a-zA-Z0-9-_]+"
 LAMBDA_DEFAULT_TIMEOUT = 3
 LAMBDA_DEFAULT_MEMORY_SIZE = 128
 
@@ -304,20 +307,26 @@ class LambdaProvider(LambdaApi, ServiceLifecycleHook):
             for region_name, state in account_bundle.items():
                 for fn in state.functions.values():
                     for fn_version in fn.versions.values():
-                        # restore the "Pending" state for every function version and start it
                         try:
-                            new_state = VersionState(
-                                state=State.Pending,
-                                code=StateReasonCode.Creating,
-                                reason="The function is being created.",
-                            )
-                            new_config = dataclasses.replace(fn_version.config, state=new_state)
-                            new_version = dataclasses.replace(fn_version, config=new_config)
-                            fn.versions[fn_version.id.qualifier] = new_version
-                            # TODO: consider skipping this for $LATEST versions of functions with a capacity provider
-                            self.lambda_service.create_function_version(fn_version).result(
-                                timeout=5
+                            # $LATEST is not invokable for Lambda functions with a capacity provider
+                            # and has a different State (i.e., ActiveNonInvokable)
+                            is_capacity_provider_latest = (
+                                fn_version.config.CapacityProviderConfig
+                                and fn_version.id.qualifier == "$LATEST"
                             )
+                            if not is_capacity_provider_latest:
+                                # Restore the "Pending" state for the function version and start it
+                                new_state = VersionState(
+                                    state=State.Pending,
+                                    code=StateReasonCode.Creating,
+                                    reason="The function is being created.",
+                                )
+                                new_config = dataclasses.replace(fn_version.config, state=new_state)
+                                new_version = dataclasses.replace(fn_version, config=new_config)
+                                fn.versions[fn_version.id.qualifier] = new_version
+                                self.lambda_service.create_function_version(fn_version).result(
+                                    timeout=5
+                                )
                         except Exception:
                             LOG.warning(
                                 "Failed to restore function version %s",
@@ -853,6 +862,30 @@ class LambdaProvider(LambdaApi, ServiceLifecycleHook):
                 )
             visited_layers[layer_arn] = layer_version_arn
 
+    def _validate_capacity_provider_config(
+        self, capacity_provider_config: CapacityProviderConfig, context: RequestContext
+    ):
+        if not capacity_provider_config.get("LambdaManagedInstancesCapacityProviderConfig"):
+            raise ValidationException(
+                "1 validation error detected: Value null at 'capacityProviderConfig.lambdaManagedInstancesCapacityProviderConfig' failed to satisfy constraint: Member must not be null"
+            )
+
+        capacity_provider_arn = capacity_provider_config.get(
+            "LambdaManagedInstancesCapacityProviderConfig", {}
+        ).get("CapacityProviderArn")
+        if not capacity_provider_arn:
+            raise ValidationException(
+                "1 validation error detected: Value null at 'capacityProviderConfig.lambdaManagedInstancesCapacityProviderConfig.capacityProviderArn' failed to satisfy constraint: Member must not be null"
+            )
+
+        if not re.match(CAPACITY_PROVIDER_ARN_NAME, capacity_provider_arn):
+            raise ValidationException(
+                f"1 validation error detected: Value '{capacity_provider_arn}' at 'capacityProviderConfig.lambdaManagedInstancesCapacityProviderConfig.capacityProviderArn' failed to satisfy constraint: Member must satisfy regular expression pattern: {CAPACITY_PROVIDER_ARN_NAME}"
+            )
+
+        capacity_provider_name = capacity_provider_arn.split(":")[-1]
+        self.get_capacity_provider(context, capacity_provider_name)
+
     @staticmethod
     def map_layers(new_layers: list[str]) -> list[LayerVersion]:
         layers = []
@@ -1029,11 +1062,12 @@ class LambdaProvider(LambdaApi, ServiceLifecycleHook):
                 # Runtime management controls are not available when providing a custom image
                 runtime_version_config = None
 
-            # TODO: validations and figure out in which order
             capacity_provider_config = None
             memory_size = request.get("MemorySize", LAMBDA_DEFAULT_MEMORY_SIZE)
             if "CapacityProviderConfig" in request:
                 capacity_provider_config = request["CapacityProviderConfig"]
+                self._validate_capacity_provider_config(capacity_provider_config, context)
+
                 default_config = CapacityProviderConfig(
                     LambdaManagedInstancesCapacityProviderConfig=LambdaManagedInstancesCapacityProviderConfig(
                         ExecutionEnvironmentMemoryGiBPerVCpu=2.0,
@@ -1142,12 +1176,18 @@ class LambdaProvider(LambdaApi, ServiceLifecycleHook):
                 )
             fn.versions["$LATEST"] = version_post_response or version
             state.functions[function_name] = fn
+        initialization_type = (
+            FunctionInitializationType.lambda_managed_instances
+            if capacity_provider_config
+            else FunctionInitializationType.on_demand
+        )
         function_counter.labels(
             operation=FunctionOperation.create,
             runtime=runtime or "n/a",
             status=FunctionStatus.success,
             invocation_type="n/a",
             package_type=package_type,
+            initialization_type=initialization_type,
         )
         # TODO: consider potential other side effects of not having a function version for $LATEST
         # Provisioning happens upon publishing for functions using a capacity provider
@@ -1363,6 +1403,19 @@ class LambdaProvider(LambdaApi, ServiceLifecycleHook):
             if new_mode:
                 replace_kwargs["tracing_config_mode"] = new_mode
 
+        if "CapacityProviderConfig" in request:
+            if latest_version.config.CapacityProviderConfig and not request[
+                "CapacityProviderConfig"
+            ].get("LambdaManagedInstancesCapacityProviderConfig"):
+                raise ValidationException(
+                    "1 validation error detected: Value null at 'capacityProviderConfig.lambdaManagedInstancesCapacityProviderConfig' failed to satisfy constraint: Member must not be null"
+                )
+            if not latest_version.config.CapacityProviderConfig:
+                raise InvalidParameterValueException(
+                    "CapacityProviderConfig isn't supported for Lambda Default functions.",
+                    Type="User",
+                )
+
         new_latest_version = dataclasses.replace(
             latest_version,
             config=dataclasses.replace(
@@ -1701,6 +1754,7 @@ class LambdaProvider(LambdaApi, ServiceLifecycleHook):
         invocation_type: InvocationType | None = None,
         log_type: LogType | None = None,
         client_context: String | None = None,
+        durable_execution_name: DurableExecutionName | None = None,
         payload: IO[Blob] | None = None,
         qualifier: NumericLatestPublishedOrAliasQualifier | None = None,
         tenant_id: TenantId | None = None,
@@ -2210,6 +2264,9 @@ class LambdaProvider(LambdaApi, ServiceLifecycleHook):
                     raise Exception("unknown version")  # TODO: cover via test
             elif qualifier == "$LATEST":
                 pass
+            elif qualifier == "$LATEST.PUBLISHED":
+                if fn.versions.get(qualifier):
+                    pass
             else:
                 raise Exception("invalid functionname")  # TODO: cover via test
             fn_arn = api_utils.qualified_lambda_arn(function_name, qualifier, account, region)

localstack/services/opensearch/packages.py

@@ -107,19 +107,31 @@ class OpensearchPackageInstaller(PackageInstaller):
                 # setup security based on the version
                 self._setup_security(install_dir, parsed_version)
 
+                # Determine network configuration to use for plugin downloads
+                sys_props = {
+                    **java_system_properties_proxy(),
+                    **java_system_properties_ssl(
+                        os.path.join(install_dir, "jdk", "bin", "keytool"),
+                        {"JAVA_HOME": os.path.join(install_dir, "jdk")},
+                    ),
+                }
+                java_opts = system_properties_to_cli_args(sys_props)
+
+                keystore_binary = os.path.join(install_dir, "bin", "opensearch-keystore")
+                if os.path.exists(keystore_binary):
+                    # initialize and create the keystore. Concurrent starts of ES will all try to create it at the same
+                    # time, and fail with a race condition. Creating once when installing solves the issue without
+                    # the need to lock the starts
+                    # Ultimately, each cluster should have its own `config` file and maybe not share the same one
+                    output = run(
+                        [keystore_binary, "create"],
+                        env_vars={"OPENSEARCH_JAVA_OPTS": " ".join(java_opts)},
+                    )
+                    LOG.debug("Keystore init output: %s", output)
+
                 # install other default plugins for opensearch 1.1+
                 # https://forum.opensearch.org/t/ingest-attachment-cannot-be-installed/6494/12
                 if parsed_version >= "1.1.0":
-                    # Determine network configuration to use for plugin downloads
-                    sys_props = {
-                        **java_system_properties_proxy(),
-                        **java_system_properties_ssl(
-                            os.path.join(install_dir, "jdk", "bin", "keytool"),
-                            {"JAVA_HOME": os.path.join(install_dir, "jdk")},
-                        ),
-                    }
-                    java_opts = system_properties_to_cli_args(sys_props)
-
                     for plugin in OPENSEARCH_PLUGIN_LIST:
                         plugin_binary = os.path.join(install_dir, "bin", "opensearch-plugin")
                         plugin_dir = os.path.join(install_dir, "plugins", plugin)
@@ -322,6 +334,18 @@ class ElasticsearchPackageInstaller(PackageInstaller):
                         if not os.environ.get("IGNORE_ES_DOWNLOAD_ERRORS"):
                             raise
 
+            keystore_binary = os.path.join(install_dir, "bin", "elasticsearch-keystore")
+            if os.path.exists(keystore_binary):
+                # initialize and create the keystore. Concurrent starts of ES will all try to create it at the same
+                # time, and fail with a race condition. Creating once when installing solves the issue without
+                # the need to lock the starts
+                # Ultimately, each cluster should have its own `config` file and maybe not share the same one
+                output = run(
+                    [keystore_binary, "create"],
+                    env_vars={"ES_JAVA_OPTS": " ".join(java_opts)},
+                )
+                LOG.debug("Keystore init output: %s", output)
+
         # delete some plugins to free up space
         for plugin in ELASTICSEARCH_DELETE_MODULES:
             module_dir = os.path.join(install_dir, "modules", plugin)
@@ -341,16 +365,6 @@ class ElasticsearchPackageInstaller(PackageInstaller):
             if jvm_options != jvm_options_replaced:
                 save_file(jvm_options_file, jvm_options_replaced)
 
-        # patch JVM options file - replace hardcoded heap size settings
-        jvm_options_file = os.path.join(install_dir, "config", "jvm.options")
-        if os.path.exists(jvm_options_file):
-            jvm_options = load_file(jvm_options_file)
-            jvm_options_replaced = re.sub(
-                r"(^-Xm[sx][a-zA-Z0-9.]+$)", r"# \1", jvm_options, flags=re.MULTILINE
-            )
-            if jvm_options != jvm_options_replaced:
-                save_file(jvm_options_file, jvm_options_replaced)
-
     def _get_install_marker_path(self, install_dir: str) -> str:
         return os.path.join(install_dir, "bin", "elasticsearch")
 

localstack/services/route53/provider.py

@@ -26,9 +26,16 @@ from localstack.aws.api.route53 import (
 from localstack.aws.connect import connect_to
 from localstack.services.moto import call_moto
 from localstack.services.plugins import ServiceLifecycleHook
+from localstack.state import StateVisitor
 
 
 class Route53Provider(Route53Api, ServiceLifecycleHook):
+    def accept_state_visitor(self, visitor: StateVisitor):
+        from localstack.services.route53.models import route53_stores
+
+        visitor.visit(route53_backends)
+        visitor.visit(route53_stores)
+
     def create_hosted_zone(
         self,
         context: RequestContext,

localstack/services/route53resolver/provider.py

@@ -100,6 +100,7 @@ from localstack.services.route53resolver.utils import (
     validate_mutation_protection,
     validate_priority,
 )
+from localstack.state import StateVisitor
 from localstack.utils.aws import arns
 from localstack.utils.aws.arns import extract_account_id_from_arn, extract_region_from_arn
 from localstack.utils.collections import select_from_typed_dict
@@ -107,6 +108,10 @@ from localstack.utils.patch import patch
 
 
 class Route53ResolverProvider(Route53ResolverApi):
+    def accept_state_visitor(self, visitor: StateVisitor):
+        visitor.visit(route53resolver_backends)
+        visitor.visit(route53resolver_stores)
+
     @staticmethod
     def get_store(account_id: str, region: str) -> Route53ResolverStore:
         return route53resolver_stores[account_id][region]

localstack/services/s3/constants.py

@@ -1,4 +1,5 @@
 from localstack.aws.api.s3 import (
+    BucketLocationConstraint,
     ChecksumAlgorithm,
     Grantee,
     Permission,
@@ -66,6 +67,10 @@ CHECKSUM_ALGORITHMS: list[ChecksumAlgorithm] = [
     ChecksumAlgorithm.CRC64NVME,
 ]
 
+BUCKET_LOCATION_CONSTRAINTS = [constraint.value for constraint in BucketLocationConstraint]
+
+EU_WEST_1_LOCATION_CONSTRAINTS = [BucketLocationConstraint.EU, BucketLocationConstraint.eu_west_1]
+
 # response header overrides the client may request
 ALLOWED_HEADER_OVERRIDES = {
     "ResponseContentType": "ContentType",

localstack/services/s3/exceptions.py

@@ -51,3 +51,12 @@ class InvalidBucketOwnerAWSAccountID(CommonServiceException):
 class TooManyConfigurations(CommonServiceException):
     def __init__(self, message=None) -> None:
         super().__init__("TooManyConfigurations", status_code=400, message=message)
+
+
+class IllegalLocationConstraintException(CommonServiceException):
+    def __init__(self, location_constraint: str):
+        super().__init__(
+            "IllegalLocationConstraintException",
+            status_code=400,
+            message=f"The {location_constraint} location constraint is incompatible for the region specific endpoint this request was sent to.",
+        )

localstack/services/s3/models.py

@@ -16,6 +16,7 @@ from localstack.aws.api.s3 import (
     BadDigest,
     BucketAccelerateStatus,
     BucketKeyEnabled,
+    BucketLocationConstraint,
     BucketName,
     BucketRegion,
     BucketVersioningStatus,
@@ -76,7 +77,11 @@ from localstack.services.s3.constants import (
     S3_UPLOAD_PART_MIN_SIZE,
 )
 from localstack.services.s3.exceptions import InvalidRequest
-from localstack.services.s3.utils import CombinedCrcHash, get_s3_checksum, rfc_1123_datetime
+from localstack.services.s3.utils import (
+    CombinedCrcHash,
+    get_s3_checksum,
+    rfc_1123_datetime,
+)
 from localstack.services.stores import (
     AccountRegionBundle,
     BaseStore,
@@ -101,6 +106,7 @@ class S3Bucket:
     name: BucketName
     bucket_account_id: AccountId
     bucket_region: BucketRegion
+    location_constraint: BucketLocationConstraint | Literal[""]
     creation_date: datetime
     multiparts: dict[MultipartUploadId, "S3Multipart"]
     objects: Union["KeyStore", "VersionedKeyStore"]
@@ -137,10 +143,12 @@ class S3Bucket:
         acl: AccessControlPolicy = None,
         object_ownership: ObjectOwnership = None,
         object_lock_enabled_for_bucket: bool = None,
+        location_constraint: BucketLocationConstraint | Literal[""] = "",
     ):
         self.name = name
         self.bucket_account_id = account_id
         self.bucket_region = bucket_region
+        self.location_constraint = location_constraint
         # If ObjectLock is enabled, it forces the bucket to be versioned as well
         self.versioning_status = None if not object_lock_enabled_for_bucket else "Enabled"
         self.objects = KeyStore() if not object_lock_enabled_for_bucket else VersionedKeyStore()

localstack/services/s3/provider.py

@@ -33,6 +33,7 @@ from localstack.aws.api.s3 import (
     BucketAlreadyOwnedByYou,
     BucketCannedACL,
     BucketLifecycleConfiguration,
+    BucketLocationConstraint,
     BucketLoggingStatus,
     BucketName,
     BucketNotEmpty,
@@ -117,7 +118,6 @@ from localstack.aws.api.s3 import (
     InvalidArgument,
     InvalidBucketName,
     InvalidDigest,
-    InvalidLocationConstraint,
     InvalidObjectState,
     InvalidPartNumber,
     InvalidPartOrder,
@@ -229,7 +229,7 @@ from localstack.aws.handlers import (
     preprocess_request,
     serve_custom_service_request_handlers,
 )
-from localstack.constants import AWS_REGION_US_EAST_1
+from localstack.constants import AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1
 from localstack.services.edge import ROUTER
 from localstack.services.plugins import ServiceLifecycleHook
 from localstack.services.s3.codec import AwsChunkedDecoder
@@ -278,6 +278,7 @@ from localstack.services.s3.utils import (
     etag_to_base_64_content_md5,
     extract_bucket_key_version_id_from_copy_source,
     generate_safe_version_id,
+    get_bucket_location_xml,
     get_canned_acl,
     get_class_attrs_from_spec_class,
     get_failed_precondition_copy_source,
@@ -304,6 +305,7 @@ from localstack.services.s3.utils import (
     validate_dict_fields,
     validate_failed_precondition,
     validate_kms_key_id,
+    validate_location_constraint,
     validate_tag_set,
 )
 from localstack.services.s3.validation import (
@@ -493,29 +495,19 @@ class S3Provider(S3Api, ServiceLifecycleHook):
             raise InvalidBucketName("The specified bucket is not valid.", BucketName=bucket_name)
 
         create_bucket_configuration = request.get("CreateBucketConfiguration") or {}
-        bucket_region = create_bucket_configuration.get("LocationConstraint")
+
         bucket_tags = create_bucket_configuration.get("Tags")
         if bucket_tags:
             validate_tag_set(bucket_tags, type_set="create-bucket")
-        if bucket_region:
-            if context.region == AWS_REGION_US_EAST_1:
-                if bucket_region in ("us-east-1", "aws-global"):
-                    raise InvalidLocationConstraint(
-                        "The specified location-constraint is not valid",
-                        LocationConstraint=bucket_region,
-                    )
-            elif context.region != bucket_region:
-                raise CommonServiceException(
-                    code="IllegalLocationConstraintException",
-                    message=f"The {bucket_region} location constraint is incompatible for the region specific endpoint this request was sent to.",
-                )
-        else:
+
+        location_constraint = create_bucket_configuration.get("LocationConstraint", "")
+        validate_location_constraint(context.region, location_constraint)
+
+        bucket_region = location_constraint
+        if not location_constraint:
             bucket_region = AWS_REGION_US_EAST_1
-            if context.region != bucket_region:
-                raise CommonServiceException(
-                    code="IllegalLocationConstraintException",
-                    message="The unspecified location constraint is incompatible for the region specific endpoint this request was sent to.",
-                )
+        if location_constraint == BucketLocationConstraint.EU:
+            bucket_region = AWS_REGION_EU_WEST_1
 
         store = self.get_store(context.account_id, bucket_region)
 
@@ -554,6 +546,7 @@ class S3Provider(S3Api, ServiceLifecycleHook):
             acl=acl,
             object_ownership=request.get("ObjectOwnership"),
             object_lock_enabled_for_bucket=request.get("ObjectLockEnabledForBucket"),
+            location_constraint=location_constraint,
         )
 
         store.buckets[bucket_name] = s3_bucket
@@ -709,16 +702,18 @@ class S3Provider(S3Api, ServiceLifecycleHook):
         """
         store, s3_bucket = self._get_cross_account_bucket(context, bucket)
 
-        location_constraint = (
-            '<?xml version="1.0" encoding="UTF-8"?>\n'
-            '<LocationConstraint xmlns="http://s3.amazonaws.com/doc/2006-03-01/">{{location}}</LocationConstraint>'
-        )
-
-        location = s3_bucket.bucket_region if s3_bucket.bucket_region != "us-east-1" else ""
-        location_constraint = location_constraint.replace("{{location}}", location)
+        # TODO: Remove usage of getattr once persistence mechanism is updated.
+        # If the stored constraint is None the bucket was made before the storage of location_constraint.
+        # The EU location constraint wasn't supported before this point so we can safely default to the region.
+        location_constraint = getattr(s3_bucket, "location_constraint", None)
+        if location_constraint is None:
+            location_constraint = (
+                s3_bucket.bucket_region if s3_bucket.bucket_region != "us-east-1" else ""
+            )
 
-        response = GetBucketLocationOutput(LocationConstraint=location_constraint)
-        return response
+        return GetBucketLocationOutput(
+            LocationConstraint=get_bucket_location_xml(location_constraint)
+        )
 
     @handler("PutObject", expand=False)
     def put_object(

localstack/services/s3/utils.py

@@ -34,6 +34,7 @@ from localstack.aws.api.s3 import (
     Grantee,
     HeadObjectRequest,
     InvalidArgument,
+    InvalidLocationConstraint,
     InvalidRange,
     InvalidTag,
     LifecycleExpiration,
@@ -57,18 +58,25 @@ from localstack.aws.api.s3 import (
 from localstack.aws.api.s3 import Type as GranteeType
 from localstack.aws.chain import HandlerChain
 from localstack.aws.connect import connect_to
+from localstack.constants import AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1
 from localstack.http import Response
 from localstack.services.s3 import checksums
 from localstack.services.s3.constants import (
     ALL_USERS_ACL_GRANTEE,
     AUTHENTICATED_USERS_ACL_GRANTEE,
+    BUCKET_LOCATION_CONSTRAINTS,
     CHECKSUM_ALGORITHMS,
+    EU_WEST_1_LOCATION_CONSTRAINTS,
     LOG_DELIVERY_ACL_GRANTEE,
     SIGNATURE_V2_PARAMS,
     SIGNATURE_V4_PARAMS,
     SYSTEM_METADATA_SETTABLE_HEADERS,
 )
-from localstack.services.s3.exceptions import InvalidRequest, MalformedXML
+from localstack.services.s3.exceptions import (
+    IllegalLocationConstraintException,
+    InvalidRequest,
+    MalformedXML,
+)
 from localstack.utils.aws import arns
 from localstack.utils.aws.arns import parse_arn
 from localstack.utils.objects import singleton_factory
@@ -888,6 +896,27 @@ def validate_tag_set(
         keys.add(key)
 
 
+def validate_location_constraint(context_region: str, location_constraint: str) -> None:
+    if location_constraint:
+        if context_region == AWS_REGION_US_EAST_1:
+            if (
+                not config.ALLOW_NONSTANDARD_REGIONS
+                and location_constraint not in BUCKET_LOCATION_CONSTRAINTS
+            ):
+                raise InvalidLocationConstraint(
+                    "The specified location-constraint is not valid",
+                    LocationConstraint=location_constraint,
+                )
+        elif context_region == AWS_REGION_EU_WEST_1:
+            if location_constraint not in EU_WEST_1_LOCATION_CONSTRAINTS:
+                raise IllegalLocationConstraintException(location_constraint)
+        elif context_region != location_constraint:
+            raise IllegalLocationConstraintException(location_constraint)
+    else:
+        if context_region != AWS_REGION_US_EAST_1:
+            raise IllegalLocationConstraintException("unspecified")
+
+
 def get_unique_key_id(
     bucket: BucketName, object_key: ObjectKey, version_id: ObjectVersionId
 ) -> str:
@@ -1105,3 +1134,19 @@ def is_version_older_than_other(version_id: str, other: str):
     See `generate_safe_version_id`
     """
     return base64.b64decode(version_id, altchars=b"._") < base64.b64decode(other, altchars=b"._")
+
+
+def get_bucket_location_xml(location_constraint: str) -> str:
+    """
+    Returns the formatted XML for the GetBucketLocation operation.
+
+    :param location_constraint: The location constraint to return in the XML. It can be an empty string when
+    it's not specified in the bucket configuration.
+    :return: The XML response.
+    """
+
+    return (
+        '<?xml version="1.0" encoding="UTF-8"?>\n'
+        '<LocationConstraint xmlns="http://s3.amazonaws.com/doc/2006-03-01/"'
+        + ("/>" if not location_constraint else f">{location_constraint}</LocationConstraint>")
+    )

localstack/services/s3control/provider.py

@@ -12,6 +12,7 @@ from localstack.aws.api.s3control import (
 from localstack.aws.forwarder import NotImplementedAvoidFallbackError
 from localstack.services.s3.models import s3_stores
 from localstack.services.s3control.validation import validate_tags
+from localstack.state import StateVisitor
 from localstack.utils.tagging import TaggingService
 
 
@@ -21,6 +22,11 @@ class NoSuchResource(CommonServiceException):
 
 
 class S3ControlProvider(S3ControlApi):
+    def accept_state_visitor(self, visitor: StateVisitor):
+        from moto.s3control.models import s3control_backends
+
+        visitor.visit(s3control_backends)
+
     """
     S3Control is a management interface for S3, and can access some of its internals with no public API
     This requires us to access the s3 stores directly

localstack/services/scheduler/provider.py

@@ -1,11 +1,12 @@
 import logging
 import re
 
-from moto.scheduler.models import EventBridgeSchedulerBackend
+from moto.scheduler.models import EventBridgeSchedulerBackend, scheduler_backends
 
 from localstack.aws.api.scheduler import SchedulerApi, ValidationException
 from localstack.services.events.rule import RULE_SCHEDULE_CRON_REGEX, RULE_SCHEDULE_RATE_REGEX
 from localstack.services.plugins import ServiceLifecycleHook
+from localstack.state import StateVisitor
 from localstack.utils.patch import patch
 
 LOG = logging.getLogger(__name__)
@@ -17,7 +18,8 @@ RULE_SCHEDULE_AT_REGEX = re.compile(AT_REGEX)
 
 
 class SchedulerProvider(SchedulerApi, ServiceLifecycleHook):
-    pass
+    def accept_state_visitor(self, visitor: StateVisitor):
+        visitor.visit(scheduler_backends)
 
 
 def _validate_schedule_expression(schedule_expression: str) -> None:

localstack/services/secretsmanager/provider.py

@@ -65,6 +65,7 @@ from localstack.aws.api.secretsmanager import (
 )
 from localstack.aws.connect import connect_to
 from localstack.services.moto import call_moto
+from localstack.state import StateVisitor
 from localstack.utils.aws import arns
 from localstack.utils.patch import patch
 from localstack.utils.time import today_no_time
@@ -105,6 +106,9 @@ class SecretsmanagerProvider(SecretsmanagerApi):
         super().__init__()
         apply_patches()
 
+    def accept_state_visitor(self, visitor: StateVisitor):
+        visitor.visit(secretsmanager_backends)
+
     @staticmethod
     def get_moto_backend_for_resource(
         name_or_arn: str, context: RequestContext

localstack/services/ses/provider.py

@@ -62,6 +62,7 @@ from localstack.http import Resource, Response
 from localstack.services.moto import call_moto
 from localstack.services.plugins import ServiceLifecycleHook
 from localstack.services.ses.models import EmailType, SentEmail, SentEmailBody
+from localstack.state import StateVisitor
 from localstack.utils.aws import arns
 from localstack.utils.files import mkdir
 from localstack.utils.strings import long_uid, to_str
@@ -177,6 +178,9 @@ def register_ses_api_resource():
 
 
 class SesProvider(SesApi, ServiceLifecycleHook):
+    def accept_state_visitor(self, visitor: StateVisitor):
+        visitor.visit(ses_backends)
+
     #
     # Lifecycle Hooks
     #

localstack/services/sns/constants.py

@@ -25,6 +25,19 @@ VALID_SUBSCRIPTION_ATTR_NAME: list[str] = [
     "SubscriptionRoleArn",
 ]
 
+
+VALID_POLICY_ACTIONS = [
+    "GetTopicAttributes",
+    "SetTopicAttributes",
+    "AddPermission",
+    "RemovePermission",
+    "DeleteTopic",
+    "Subscribe",
+    "ListSubscriptionsByTopic",
+    "Publish",
+    "Receive",
+]
+
 MSG_ATTR_NAME_REGEX = re.compile(r"^(?!\.)(?!.*\.$)(?!.*\.\.)[a-zA-Z0-9_\-.]+$")
 ATTR_TYPE_REGEX = re.compile(r"^(String|Number|Binary)\..+$")
 VALID_MSG_ATTR_NAME_CHARS = set(ascii_letters + digits + "." + "-" + "_")