From 6716157c478ffbe3b09820a9d8447be4fda8a5bb Mon Sep 17 00:00:00 2001 From: Daniel Fangl Date: Thu, 9 Nov 2023 22:23:59 +0100 Subject: [PATCH] sort dict keys to have more stable diffs, fix test asserting ssl policy count --- moto/elbv2/responses.py | 36 +++++++++++++++++----------------- scripts/update_ssl_policies.py | 2 +- tests/test_elbv2/test_elbv2.py | 2 +- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/moto/elbv2/responses.py b/moto/elbv2/responses.py index b57778c5d448..0f9030d968b4 100644 --- a/moto/elbv2/responses.py +++ b/moto/elbv2/responses.py @@ -7,7 +7,6 @@ SSL_POLICIES = [ { - "ssl_protocols": ["TLSv1", "TLSv1.1", "TLSv1.2"], "ciphers": [ {"name": "ECDHE-ECDSA-AES128-GCM-SHA256", "priority": 1}, {"name": "ECDHE-RSA-AES128-GCM-SHA256", "priority": 2}, @@ -29,9 +28,9 @@ {"name": "AES256-SHA", "priority": 18}, ], "name": "ELBSecurityPolicy-2016-08", + "ssl_protocols": ["TLSv1", "TLSv1.1", "TLSv1.2"], }, { - "ssl_protocols": ["TLSv1.2", "TLSv1.3"], "ciphers": [ {"name": "TLS_AES_128_GCM_SHA256", "priority": 1}, {"name": "TLS_AES_256_GCM_SHA384", "priority": 2}, @@ -46,9 +45,9 @@ {"name": "ECDHE-RSA-AES256-SHA384", "priority": 11}, ], "name": "ELBSecurityPolicy-TLS13-1-2-2021-06", + "ssl_protocols": ["TLSv1.2", "TLSv1.3"], }, { - "ssl_protocols": ["TLSv1.2", "TLSv1.3"], "ciphers": [ {"name": "TLS_AES_128_GCM_SHA256", "priority": 1}, {"name": "TLS_AES_256_GCM_SHA384", "priority": 2}, @@ -59,9 +58,9 @@ {"name": "ECDHE-RSA-AES256-GCM-SHA384", "priority": 7}, ], "name": "ELBSecurityPolicy-TLS13-1-2-Res-2021-06", + "ssl_protocols": ["TLSv1.2", "TLSv1.3"], }, { - "ssl_protocols": ["TLSv1.2", "TLSv1.3"], "ciphers": [ {"name": "TLS_AES_128_GCM_SHA256", "priority": 1}, {"name": "TLS_AES_256_GCM_SHA384", "priority": 2}, @@ -80,9 +79,9 @@ {"name": "AES256-SHA256", "priority": 15}, ], "name": "ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06", + "ssl_protocols": ["TLSv1.2", "TLSv1.3"], }, { - "ssl_protocols": ["TLSv1.2", "TLSv1.3"], "ciphers": [ {"name": "TLS_AES_128_GCM_SHA256", "priority": 1}, {"name": "TLS_AES_256_GCM_SHA384", "priority": 2}, @@ -107,9 +106,9 @@ {"name": "AES256-SHA", "priority": 21}, ], "name": "ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06", + "ssl_protocols": ["TLSv1.2", "TLSv1.3"], }, { - "ssl_protocols": ["TLSv1.1", "TLSv1.2", "TLSv1.3"], "ciphers": [ {"name": "TLS_AES_128_GCM_SHA256", "priority": 1}, {"name": "TLS_AES_256_GCM_SHA384", "priority": 2}, @@ -134,9 +133,9 @@ {"name": "AES256-SHA", "priority": 21}, ], "name": "ELBSecurityPolicy-TLS13-1-1-2021-06", + "ssl_protocols": ["TLSv1.1", "TLSv1.2", "TLSv1.3"], }, { - "ssl_protocols": ["TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"], "ciphers": [ {"name": "TLS_AES_128_GCM_SHA256", "priority": 1}, {"name": "TLS_AES_256_GCM_SHA384", "priority": 2}, @@ -161,18 +160,18 @@ {"name": "AES256-SHA", "priority": 21}, ], "name": "ELBSecurityPolicy-TLS13-1-0-2021-06", + "ssl_protocols": ["TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"], }, { - "ssl_protocols": ["TLSv1.3"], "ciphers": [ {"name": "TLS_AES_128_GCM_SHA256", "priority": 1}, {"name": "TLS_AES_256_GCM_SHA384", "priority": 2}, {"name": "TLS_CHACHA20_POLY1305_SHA256", "priority": 3}, ], "name": "ELBSecurityPolicy-TLS13-1-3-2021-06", + "ssl_protocols": ["TLSv1.3"], }, { - "ssl_protocols": ["TLSv1.2"], "ciphers": [ {"name": "ECDHE-ECDSA-AES128-GCM-SHA256", "priority": 1}, {"name": "ECDHE-RSA-AES128-GCM-SHA256", "priority": 2}, @@ -188,9 +187,9 @@ {"name": "AES256-SHA256", "priority": 12}, ], "name": "ELBSecurityPolicy-TLS-1-2-2017-01", + "ssl_protocols": ["TLSv1.2"], }, { - "ssl_protocols": ["TLSv1.1", "TLSv1.2"], "ciphers": [ {"name": "ECDHE-ECDSA-AES128-GCM-SHA256", "priority": 1}, {"name": "ECDHE-RSA-AES128-GCM-SHA256", "priority": 2}, @@ -212,9 +211,9 @@ {"name": "AES256-SHA", "priority": 18}, ], "name": "ELBSecurityPolicy-TLS-1-1-2017-01", + "ssl_protocols": ["TLSv1.1", "TLSv1.2"], }, { - "ssl_protocols": ["TLSv1.2"], "ciphers": [ {"name": "ECDHE-ECDSA-AES128-GCM-SHA256", "priority": 1}, {"name": "ECDHE-RSA-AES128-GCM-SHA256", "priority": 2}, @@ -236,9 +235,9 @@ {"name": "AES256-SHA", "priority": 18}, ], "name": "ELBSecurityPolicy-TLS-1-2-Ext-2018-06", + "ssl_protocols": ["TLSv1.2"], }, { - "ssl_protocols": ["TLSv1", "TLSv1.1", "TLSv1.2"], "ciphers": [ {"name": "ECDHE-ECDSA-AES128-GCM-SHA256", "priority": 1}, {"name": "ECDHE-RSA-AES128-GCM-SHA256", "priority": 2}, @@ -254,9 +253,9 @@ {"name": "ECDHE-ECDSA-AES256-SHA", "priority": 12}, ], "name": "ELBSecurityPolicy-FS-2018-06", + "ssl_protocols": ["TLSv1", "TLSv1.1", "TLSv1.2"], }, { - "ssl_protocols": ["TLSv1", "TLSv1.1", "TLSv1.2"], "ciphers": [ {"name": "ECDHE-ECDSA-AES128-GCM-SHA256", "priority": 1}, {"name": "ECDHE-RSA-AES128-GCM-SHA256", "priority": 2}, @@ -278,9 +277,9 @@ {"name": "AES256-SHA", "priority": 18}, ], "name": "ELBSecurityPolicy-2015-05", + "ssl_protocols": ["TLSv1", "TLSv1.1", "TLSv1.2"], }, { - "ssl_protocols": ["TLSv1", "TLSv1.1", "TLSv1.2"], "ciphers": [ {"name": "ECDHE-ECDSA-AES128-GCM-SHA256", "priority": 1}, {"name": "ECDHE-RSA-AES128-GCM-SHA256", "priority": 2}, @@ -303,9 +302,9 @@ {"name": "DES-CBC3-SHA", "priority": 19}, ], "name": "ELBSecurityPolicy-TLS-1-0-2015-04", + "ssl_protocols": ["TLSv1", "TLSv1.1", "TLSv1.2"], }, { - "ssl_protocols": ["TLSv1.2"], "ciphers": [ {"name": "ECDHE-ECDSA-AES128-GCM-SHA256", "priority": 1}, {"name": "ECDHE-RSA-AES128-GCM-SHA256", "priority": 2}, @@ -317,9 +316,9 @@ {"name": "ECDHE-RSA-AES256-SHA384", "priority": 8}, ], "name": "ELBSecurityPolicy-FS-1-2-Res-2019-08", + "ssl_protocols": ["TLSv1.2"], }, { - "ssl_protocols": ["TLSv1.1", "TLSv1.2"], "ciphers": [ {"name": "ECDHE-ECDSA-AES128-GCM-SHA256", "priority": 1}, {"name": "ECDHE-RSA-AES128-GCM-SHA256", "priority": 2}, @@ -335,9 +334,9 @@ {"name": "ECDHE-ECDSA-AES256-SHA", "priority": 12}, ], "name": "ELBSecurityPolicy-FS-1-1-2019-08", + "ssl_protocols": ["TLSv1.1", "TLSv1.2"], }, { - "ssl_protocols": ["TLSv1.2"], "ciphers": [ {"name": "ECDHE-ECDSA-AES128-GCM-SHA256", "priority": 1}, {"name": "ECDHE-RSA-AES128-GCM-SHA256", "priority": 2}, @@ -353,9 +352,9 @@ {"name": "ECDHE-ECDSA-AES256-SHA", "priority": 12}, ], "name": "ELBSecurityPolicy-FS-1-2-2019-08", + "ssl_protocols": ["TLSv1.2"], }, { - "ssl_protocols": ["TLSv1.2"], "ciphers": [ {"name": "ECDHE-ECDSA-AES128-GCM-SHA256", "priority": 1}, {"name": "ECDHE-RSA-AES128-GCM-SHA256", "priority": 2}, @@ -363,6 +362,7 @@ {"name": "ECDHE-RSA-AES256-GCM-SHA384", "priority": 4}, ], "name": "ELBSecurityPolicy-FS-1-2-Res-2020-10", + "ssl_protocols": ["TLSv1.2"], }, ] diff --git a/scripts/update_ssl_policies.py b/scripts/update_ssl_policies.py index ea77d515b13d..fcf447325981 100755 --- a/scripts/update_ssl_policies.py +++ b/scripts/update_ssl_policies.py @@ -23,7 +23,7 @@ def transform_policies(ssl_policies: dict): if not isinstance(ssl_policies, dict): return ssl_policies result = {} - for key, value in ssl_policies.items(): + for key, value in sorted(ssl_policies.items()): if key in KEY_BLACKLIST: continue new_key = camel_case_to_snake_case(key) diff --git a/tests/test_elbv2/test_elbv2.py b/tests/test_elbv2/test_elbv2.py index 84fcf9675f73..734a24addf9b 100644 --- a/tests/test_elbv2/test_elbv2.py +++ b/tests/test_elbv2/test_elbv2.py @@ -1120,7 +1120,7 @@ def test_describe_ssl_policies(): client = boto3.client("elbv2", region_name="eu-central-1") resp = client.describe_ssl_policies() - assert len(resp["SslPolicies"]) == 7 + assert len(resp["SslPolicies"]) > 0 resp = client.describe_ssl_policies( Names=["ELBSecurityPolicy-TLS-1-2-2017-01", "ELBSecurityPolicy-2016-08"]