localstack-core 4.7.1.dev49__py3-none-any.whl → 4.10.1.dev12__py3-none-any.whl

localstack/services/events/models.py

@@ -4,7 +4,7 @@ from datetime import UTC, datetime
 from enum import Enum
 from typing import Literal, TypeAlias, TypedDict
 
-from localstack.aws.api.core import ServiceException
+from localstack.aws.api import CommonServiceException
 from localstack.aws.api.events import (
     ApiDestinationDescription,
     ApiDestinationHttpMethod,
@@ -66,10 +66,9 @@ from localstack.utils.tagging import TaggingService
 TargetDict = dict[TargetId, Target]
 
 
-class ValidationException(ServiceException):
-    code: str = "ValidationException"
-    sender_fault: bool = True
-    status_code: int = 400
+class ValidationException(CommonServiceException):
+    def __init__(self, message: str):
+        super().__init__("ValidationException", message, 400, True)
 
 
 class InvalidEventPatternException(Exception):

localstack/services/events/provider.py

@@ -193,7 +193,7 @@ def encode_next_token(token: int) -> NextToken:
 
 def get_filtered_dict(name_prefix: str, input_dict: dict) -> dict:
     """Filter dictionary by prefix."""
-    return {name: value for name, value in input_dict.items() if name.startswith(name_prefix)}
+    return {name: value for name, value in dict(input_dict).items() if name.startswith(name_prefix)}
 
 
 def validate_event(event: PutEventsRequestEntry) -> None | PutEventsResultEntry:
@@ -768,8 +768,8 @@ class EventsProvider(EventsApi, ServiceLifecycleHook):
 
         # Find all rules that have a target with the specified ARN
         matching_rule_names = []
-        for rule_name, rule in event_bus.rules.items():
-            for target_id, target in rule.targets.items():
+        for rule_name, rule in dict(event_bus.rules).items():
+            for target_id, target in dict(rule.targets).items():
                 if target["Arn"] == target_arn:
                     matching_rule_names.append(rule_name)
                     break  # Found a match in this rule, no need to check other targets
@@ -1028,7 +1028,7 @@ class EventsProvider(EventsApi, ServiceLifecycleHook):
             self._check_event_bus_exists(event_source_arn, store)
             archives = {
                 key: archive
-                for key, archive in store.archives.items()
+                for key, archive in dict(store.archives).items()
                 if archive.event_source_arn == event_source_arn
             }
         elif name_prefix:
@@ -1161,7 +1161,7 @@ class EventsProvider(EventsApi, ServiceLifecycleHook):
         if event_source_arn:
             replays = {
                 key: replay
-                for key, replay in store.replays.items()
+                for key, replay in dict(store.replays).items()
                 if replay.event_source_arn == event_source_arn
             }
         elif name_prefix:
@@ -1508,7 +1508,7 @@ class EventsProvider(EventsApi, ServiceLifecycleHook):
         """
         if isinstance(rules, Rule):
             rules = {rules.name: rules}
-        for rule in rules.values():
+        for rule in list(rules.values()):
             del self._rule_services_store[rule.arn]
 
     def _delete_target_sender(self, ids: TargetIdList, rule) -> None:
@@ -1571,7 +1571,7 @@ class EventsProvider(EventsApi, ServiceLifecycleHook):
     def _get_scheduled_rule_job_function(self, account_id, region, rule: Rule) -> Callable:
         def func(*args, **kwargs):
             """Create custom scheduled event and send it to all targets specified by associated rule using respective TargetSender"""
-            for target in rule.targets.values():
+            for target in list(rule.targets.values()):
                 if custom_input := target.get("Input"):
                     event = json.loads(custom_input)
                 else:
@@ -1636,7 +1636,8 @@ class EventsProvider(EventsApi, ServiceLifecycleHook):
     ) -> EventBusList:
         """Return a converted dict of EventBus model objects as a list of event buses in API type EventBus format."""
         event_bus_list = [
-            self._event_bus_to_api_type_event_bus(event_bus) for event_bus in event_buses.values()
+            self._event_bus_to_api_type_event_bus(event_bus)
+            for event_bus in list(event_buses.values())
         ]
         return event_bus_list
 
@@ -1680,7 +1681,7 @@ class EventsProvider(EventsApi, ServiceLifecycleHook):
 
     def _rule_dict_to_rule_response_list(self, rules: RuleDict) -> RuleResponseList:
         """Return a converted dict of Rule model objects as a list of rules in API type Rule format."""
-        rule_list = [self._rule_to_api_type_rule(rule) for rule in rules.values()]
+        rule_list = [self._rule_to_api_type_rule(rule) for rule in list(rules.values())]
         return rule_list
 
     def _rule_to_api_type_rule(self, rule: Rule) -> ApiTypeRule:
@@ -1700,7 +1701,9 @@ class EventsProvider(EventsApi, ServiceLifecycleHook):
 
     def _archive_dict_to_archive_response_list(self, archives: ArchiveDict) -> ArchiveResponseList:
         """Return a converted dict of Archive model objects as a list of archives in API type Archive format."""
-        archive_list = [self._archive_to_api_type_archive(archive) for archive in archives.values()]
+        archive_list = [
+            self._archive_to_api_type_archive(archive) for archive in list(archives.values())
+        ]
         return archive_list
 
     def _archive_to_api_type_archive(self, archive: Archive) -> ApiTypeArchive:
@@ -1734,7 +1737,7 @@ class EventsProvider(EventsApi, ServiceLifecycleHook):
 
     def _replay_dict_to_replay_response_list(self, replays: ReplayDict) -> ReplayList:
         """Return a converted dict of Replay model objects as a list of replays in API type Replay format."""
-        replay_list = [self._replay_to_api_type_replay(replay) for replay in replays.values()]
+        replay_list = [self._replay_to_api_type_replay(replay) for replay in list(replays.values())]
         return replay_list
 
     def _replay_to_api_type_replay(self, replay: Replay) -> ApiTypeReplay:
@@ -1789,7 +1792,7 @@ class EventsProvider(EventsApi, ServiceLifecycleHook):
         """Return a converted dict of Connection model objects as a list of connections in API type Connection format."""
         connection_list = [
             self._connection_to_api_type_connection(connection)
-            for connection in connections.values()
+            for connection in list(connections.values())
         ]
         return connection_list
 
@@ -1816,7 +1819,7 @@ class EventsProvider(EventsApi, ServiceLifecycleHook):
         """Return a converted dict of ApiDestination model objects as a list of connections in API type ApiDestination format."""
         api_destination_list = [
             self._api_destination_to_api_type_api_destination(api_destination)
-            for api_destination in api_destinations.values()
+            for api_destination in list(api_destinations.values())
         ]
         return api_destination_list
 
@@ -1942,7 +1945,7 @@ class EventsProvider(EventsApi, ServiceLifecycleHook):
                 )
                 return
 
-            for target in rule.targets.values():
+            for target in list(rule.targets.values()):
                 target_id = target["Id"]
                 if is_archive_arn(target["Arn"]):
                     self._put_to_archive(

localstack/services/events/target.py

@@ -90,11 +90,20 @@ def get_template_replacements(
     return template_replacements
 
 
-def replace_template_placeholders(
-    template: str, replacements: dict[str, Any], is_json_template: bool
-) -> TransformedEvent:
-    """Replace placeholders defined by <key> in the template with the values from the replacements dict.
-    Can handle single template string or template dict."""
+def replace_template_placeholders(template: str, replacements: dict[str, Any]) -> TransformedEvent:
+    """
+    Replaces placeholders in an EventBridge-style InputTemplate string.
+
+    :param template: The template string containing placeholders like ``<$.foo.bar>``.
+    :type template: str
+    :param replacements: A dictionary providing values to fill in.
+    :type replacements: dict
+    :returns: The transformed string with placeholders replaced by values from ``replacements``.
+    :rtype: str
+    """
+
+    ...
+    is_json_template = template.strip().startswith("{")
 
     def replace_placeholder(match):
         key = match.group(1)
@@ -110,6 +119,8 @@ def replace_template_placeholders(
             if is_json_template:
                 return json.dumps(value)
             return f"[{','.join(value)}]"
+        if isinstance(value, bool):
+            return json.dumps(value)
         if is_nested_in_string(template, match):
             return value
         if is_json_template:
@@ -222,10 +233,7 @@ class TargetSender(ABC):
         predefined_template_replacements = self._get_predefined_template_replacements(event)
         template_replacements.update(predefined_template_replacements)
 
-        is_json_template = input_template.strip().startswith("{")
-        populated_template = replace_template_placeholders(
-            input_template, template_replacements, is_json_template
-        )
+        populated_template = replace_template_placeholders(input_template, template_replacements)
 
         return populated_template
 

localstack/services/events/v1/provider.py

@@ -206,12 +206,12 @@ class EventsProvider(EventsApi, ServiceLifecycleHook):
                 raise ValueError("If the value is greater than 1, the unit must be plural")
 
             if "minute" in unit:
-                return "*/%s * * * *" % value
+                return f"*/{value} * * * *"
             if "hour" in unit:
-                return "0 */%s * * *" % value
+                return f"0 */{value} * * *"
             if "day" in unit:
-                return "0 0 */%s * *" % value
-            raise ValueError("Unable to parse events schedule expression: %s" % schedule)
+                return f"0 0 */{value} * *"
+            raise ValueError(f"Unable to parse events schedule expression: {schedule}")
         return schedule
 
     @staticmethod
@@ -374,7 +374,7 @@ def _dump_events_to_files(events_with_added_uuid):
         for event in events_with_added_uuid:
             target = os.path.join(
                 _get_events_tmp_dir(),
-                "%s_%s" % (current_time_millis, event["uuid"]),
+                "{}_{}".format(current_time_millis, event["uuid"]),
             )
             save_file(target, json.dumps(event["event"]))
     except Exception as e:

localstack/services/firehose/provider.py

@@ -706,7 +706,11 @@ class FirehoseProvider(FirehoseApi):
                 try:
                     requests.post(url, json=record_to_send, headers=headers)
                 except Exception as e:
-                    LOG.exception("Unable to put Firehose records to HTTP endpoint %s.", url)
+                    LOG.error(
+                        "Unable to put Firehose records to HTTP endpoint %s.",
+                        url,
+                        exc_info=LOG.isEnabledFor(logging.DEBUG),
+                    )
                     raise e
             if "RedshiftDestinationDescription" in destination:
                 s3_dest_desc = destination["RedshiftDestinationDescription"][
@@ -782,7 +786,11 @@ class FirehoseProvider(FirehoseApi):
             try:
                 db_connection.create(index=search_db_index, id=obj_id, body=body)
             except Exception as e:
-                LOG.exception("Unable to put record to stream %s.", delivery_stream_name)
+                LOG.error(
+                    "Unable to put record to stream %s.",
+                    delivery_stream_name,
+                    exc_info=LOG.isEnabledFor(logging.DEBUG),
+                )
                 raise e
 
     def _add_missing_record_attributes(self, records: list[dict]) -> None:
@@ -860,9 +868,10 @@ class FirehoseProvider(FirehoseApi):
             LOG.debug("Publishing to S3 destination: %s. Data: %s", bucket, batched_data)
             s3.put_object(Bucket=bucket, Key=obj_path, Body=batched_data)
         except Exception as e:
-            LOG.exception(
+            LOG.error(
                 "Unable to put records %s to s3 bucket.",
                 records,
+                exc_info=LOG.isEnabledFor(logging.DEBUG),
             )
             raise e
 
@@ -917,9 +926,10 @@ class FirehoseProvider(FirehoseApi):
                 )
                 redshift_data.execute_statement(Parameters=row_to_insert, **execute_statement)
             except Exception as e:
-                LOG.exception(
+                LOG.error(
                     "Unable to put records %s to redshift cluster.",
                     row_to_insert,
+                    exc_info=LOG.isEnabledFor(logging.DEBUG),
                 )
                 raise e
 

localstack/services/iam/provider.py

@@ -20,10 +20,7 @@ from moto.iam.utils import generate_access_key_id_from_account_id
 
 from localstack.aws.api import CommonServiceException, RequestContext, handler
 from localstack.aws.api.iam import (
-    ActionNameListType,
-    ActionNameType,
     AttachedPermissionsBoundary,
-    ContextEntryListType,
     CreateRoleRequest,
     CreateRoleResponse,
     CreateServiceLinkedRoleResponse,
@@ -33,7 +30,6 @@ from localstack.aws.api.iam import (
     DeleteServiceLinkedRoleResponse,
     DeletionTaskIdType,
     DeletionTaskStatusType,
-    EvaluationResult,
     GetServiceLinkedRoleDeletionStatusResponse,
     GetUserResponse,
     IamApi,
@@ -43,16 +39,12 @@ from localstack.aws.api.iam import (
     ListServiceSpecificCredentialsResponse,
     MalformedPolicyDocumentException,
     NoSuchEntityException,
-    PolicyEvaluationDecisionType,
     ResetServiceSpecificCredentialResponse,
-    ResourceHandlingOptionType,
-    ResourceNameListType,
-    ResourceNameType,
     Role,
     ServiceSpecificCredential,
     ServiceSpecificCredentialMetadata,
     SimulatePolicyResponse,
-    SimulationPolicyListType,
+    SimulatePrincipalPolicyRequest,
     User,
     allUsers,
     arnType,
@@ -65,7 +57,6 @@ from localstack.aws.api.iam import (
     maxItemsType,
     pathPrefixType,
     pathType,
-    policyDocumentType,
     roleDescriptionType,
     roleNameType,
     serviceName,
@@ -78,6 +69,10 @@ from localstack.aws.api.iam import (
 from localstack.aws.connect import connect_to
 from localstack.constants import INTERNAL_AWS_SECRET_ACCESS_KEY
 from localstack.services.iam.iam_patches import apply_iam_patches
+from localstack.services.iam.resources.policy_simulator import (
+    BasicIAMPolicySimulator,
+    IAMPolicySimulator,
+)
 from localstack.services.iam.resources.service_linked_roles import SERVICE_LINKED_ROLES
 from localstack.services.moto import call_moto
 from localstack.utils.aws.request_context import extract_access_key_id_from_auth_header
@@ -108,58 +103,12 @@ def get_iam_backend(context: RequestContext) -> IAMBackend:
     return iam_backends[context.account_id][context.partition]
 
 
-def get_policies_from_principal(backend: IAMBackend, principal_arn: str) -> list[dict]:
-    policies = []
-    if ":role" in principal_arn:
-        role_name = principal_arn.split("/")[-1]
-
-        policies.append(backend.get_role(role_name=role_name).assume_role_policy_document)
-
-        policy_names = backend.list_role_policies(role_name=role_name)
-        policies.extend(
-            [
-                backend.get_role_policy(role_name=role_name, policy_name=policy_name)[1]
-                for policy_name in policy_names
-            ]
-        )
-
-        attached_policies, _ = backend.list_attached_role_policies(role_name=role_name)
-        policies.extend([policy.document for policy in attached_policies])
-
-    if ":group" in principal_arn:
-        print(principal_arn)
-        group_name = principal_arn.split("/")[-1]
-        policy_names = backend.list_group_policies(group_name=group_name)
-        policies.extend(
-            [
-                backend.get_group_policy(group_name=group_name, policy_name=policy_name)[1]
-                for policy_name in policy_names
-            ]
-        )
-
-        attached_policies, _ = backend.list_attached_group_policies(group_name=group_name)
-        policies.extend([policy.document for policy in attached_policies])
-
-    if ":user" in principal_arn:
-        print(principal_arn)
-        user_name = principal_arn.split("/")[-1]
-        policy_names = backend.list_user_policies(user_name=user_name)
-        policies.extend(
-            [
-                backend.get_user_policy(user_name=user_name, policy_name=policy_name)[1]
-                for policy_name in policy_names
-            ]
-        )
-
-        attached_policies, _ = backend.list_attached_user_policies(user_name=user_name)
-        policies.extend([policy.document for policy in attached_policies])
-
-    return policies
-
-
 class IamProvider(IamApi):
+    policy_simulator: IAMPolicySimulator
+
     def __init__(self):
         apply_iam_patches()
+        self.policy_simulator = BasicIAMPolicySimulator()
 
     @handler("CreateRole", expand=False)
     def create_role(
@@ -181,68 +130,14 @@ class IamProvider(IamApi):
 
         return result
 
-    @staticmethod
-    def build_evaluation_result(
-        action_name: ActionNameType, resource_name: ResourceNameType, policy_statements: list[dict]
-    ) -> EvaluationResult:
-        eval_res = EvaluationResult()
-        eval_res["EvalActionName"] = action_name
-        eval_res["EvalResourceName"] = resource_name
-        eval_res["EvalDecision"] = PolicyEvaluationDecisionType.explicitDeny
-        for statement in policy_statements:
-            # TODO Implement evaluation logic here
-            if (
-                action_name in statement["Action"]
-                and resource_name in statement["Resource"]
-                and statement["Effect"] == "Allow"
-            ):
-                eval_res["EvalDecision"] = PolicyEvaluationDecisionType.allowed
-                eval_res["MatchedStatements"] = []  # TODO: add support for statement compilation.
-        return eval_res
-
+    @handler("SimulatePrincipalPolicy", expand=False)
     def simulate_principal_policy(
         self,
         context: RequestContext,
-        policy_source_arn: arnType,
-        action_names: ActionNameListType,
-        policy_input_list: SimulationPolicyListType = None,
-        permissions_boundary_policy_input_list: SimulationPolicyListType = None,
-        resource_arns: ResourceNameListType = None,
-        resource_policy: policyDocumentType = None,
-        resource_owner: ResourceNameType = None,
-        caller_arn: ResourceNameType = None,
-        context_entries: ContextEntryListType = None,
-        resource_handling_option: ResourceHandlingOptionType = None,
-        max_items: maxItemsType = None,
-        marker: markerType = None,
+        request: SimulatePrincipalPolicyRequest,
         **kwargs,
     ) -> SimulatePolicyResponse:
-        backend = get_iam_backend(context)
-
-        policies = get_policies_from_principal(backend, policy_source_arn)
-
-        def _get_statements_from_policy_list(policies: list[str]):
-            statements = []
-            for policy_str in policies:
-                policy_dict = json.loads(policy_str)
-                if isinstance(policy_dict["Statement"], list):
-                    statements.extend(policy_dict["Statement"])
-                else:
-                    statements.append(policy_dict["Statement"])
-            return statements
-
-        policy_statements = _get_statements_from_policy_list(policies)
-
-        evaluations = [
-            self.build_evaluation_result(action_name, resource_arn, policy_statements)
-            for action_name in action_names
-            for resource_arn in resource_arns
-        ]
-
-        response = SimulatePolicyResponse()
-        response["IsTruncated"] = False
-        response["EvaluationResults"] = evaluations
-        return response
+        return self.policy_simulator.simulate_principal_policy(context, request)
 
     def delete_policy(self, context: RequestContext, policy_arn: arnType, **kwargs) -> None:
         backend = get_iam_backend(context)

localstack/services/iam/resources/policy_simulator.py

@@ -0,0 +1,133 @@
+import abc
+import json
+
+from moto.iam import iam_backends
+from moto.iam.models import IAMBackend
+
+from localstack.aws.api import RequestContext
+from localstack.aws.api.iam import (
+    ActionNameType,
+    EvaluationResult,
+    PolicyEvaluationDecisionType,
+    ResourceNameType,
+    SimulatePolicyResponse,
+    SimulatePrincipalPolicyRequest,
+)
+
+
+class IAMPolicySimulator(abc.ABC):
+    @abc.abstractmethod
+    def simulate_principal_policy(
+        self, context: RequestContext, request: SimulatePrincipalPolicyRequest
+    ) -> SimulatePolicyResponse:
+        """
+        Simulate principal policy
+        :param request: SimulatePrincipalPolicyRequest
+        :param context: RequestContext
+        :return: SimulatePrincipalResponse
+        """
+        pass
+
+
+class BasicIAMPolicySimulator(IAMPolicySimulator):
+    def simulate_principal_policy(
+        self,
+        context: RequestContext,
+        request: SimulatePrincipalPolicyRequest,
+    ) -> SimulatePolicyResponse:
+        backend = self.get_iam_backend(context)
+        policies = self.get_policies_from_principal(backend, request.get("PolicySourceArn"))
+
+        def _get_statements_from_policy_list(_policies: list[str]):
+            statements = []
+            for policy_str in _policies:
+                policy_dict = json.loads(policy_str)
+                if isinstance(policy_dict["Statement"], list):
+                    statements.extend(policy_dict["Statement"])
+                else:
+                    statements.append(policy_dict["Statement"])
+            return statements
+
+        policy_statements = _get_statements_from_policy_list(policies)
+
+        evaluations = [
+            self.build_evaluation_result(action_name, resource_arn, policy_statements)
+            for action_name in request.get("ActionNames")
+            for resource_arn in request.get("ResourceArns")
+        ]
+
+        response = SimulatePolicyResponse()
+        response["IsTruncated"] = False
+        response["EvaluationResults"] = evaluations
+
+        return response
+
+    @staticmethod
+    def build_evaluation_result(
+        action_name: ActionNameType, resource_name: ResourceNameType, policy_statements: list[dict]
+    ) -> EvaluationResult:
+        eval_res = EvaluationResult()
+        eval_res["EvalActionName"] = action_name
+        eval_res["EvalResourceName"] = resource_name
+        eval_res["EvalDecision"] = PolicyEvaluationDecisionType.explicitDeny
+        for statement in policy_statements:
+            # TODO Implement evaluation logic here
+            if (
+                action_name in statement["Action"]
+                and resource_name in statement["Resource"]
+                and statement["Effect"] == "Allow"
+            ):
+                eval_res["EvalDecision"] = PolicyEvaluationDecisionType.allowed
+                eval_res["MatchedStatements"] = []  # TODO: add support for statement compilation.
+        return eval_res
+
+    @staticmethod
+    def get_iam_backend(context: RequestContext) -> IAMBackend:
+        return iam_backends[context.account_id][context.partition]
+
+    @staticmethod
+    def get_policies_from_principal(backend: IAMBackend, principal_arn: str) -> list[dict]:
+        policies = []
+        if ":role" in principal_arn:
+            role_name = principal_arn.split("/")[-1]
+
+            policies.append(backend.get_role(role_name=role_name).assume_role_policy_document)
+
+            policy_names = backend.list_role_policies(role_name=role_name)
+            policies.extend(
+                [
+                    backend.get_role_policy(role_name=role_name, policy_name=policy_name)[1]
+                    for policy_name in policy_names
+                ]
+            )
+
+            attached_policies, _ = backend.list_attached_role_policies(role_name=role_name)
+            policies.extend([policy.document for policy in attached_policies])
+
+        if ":group" in principal_arn:
+            group_name = principal_arn.split("/")[-1]
+            policy_names = backend.list_group_policies(group_name=group_name)
+            policies.extend(
+                [
+                    backend.get_group_policy(group_name=group_name, policy_name=policy_name)[1]
+                    for policy_name in policy_names
+                ]
+            )
+
+            attached_policies, _ = backend.list_attached_group_policies(group_name=group_name)
+            policies.extend([policy.document for policy in attached_policies])
+
+        if ":user" in principal_arn:
+            user_name = principal_arn.split("/")[-1]
+            policy_names = backend.list_user_policies(user_name=user_name)
+            policies.extend(
+                [
+                    backend.get_user_policy(user_name=user_name, policy_name=policy_name)[1]
+                    for policy_name in policy_names
+                ]
+            )
+
+            attached_policies, _ = backend.list_attached_user_policies(user_name=user_name)
+            policies.extend([policy.document for policy in attached_policies])
+
+        return policies

localstack/services/kinesis/models.py

@@ -1,7 +1,18 @@
 from collections import defaultdict
 
-from localstack.aws.api.kinesis import ConsumerDescription, MetricsName, StreamName
-from localstack.services.stores import AccountRegionBundle, BaseStore, LocalAttribute
+from localstack.aws.api.kinesis import (
+    ConsumerDescription,
+    MetricsName,
+    Policy,
+    ResourceARN,
+    StreamName,
+)
+from localstack.services.stores import (
+    AccountRegionBundle,
+    BaseStore,
+    CrossAccountAttribute,
+    LocalAttribute,
+)
 
 
 class KinesisStore(BaseStore):
@@ -13,5 +24,7 @@ class KinesisStore(BaseStore):
         default=lambda: defaultdict(set)
     )
 
+    resource_policies: dict[ResourceARN, Policy] = CrossAccountAttribute(default=dict)
+
 
 kinesis_stores = AccountRegionBundle("kinesis", KinesisStore)