Skip to content
This repository was archived by the owner on Mar 23, 2026. It is now read-only.

Migrate MFA, server certificate and signing certificate tests#13783

Merged
dfangl merged 9 commits into
iam/moto-migrationfrom
iam/tests-mfa-and-certificates
Feb 17, 2026
Merged

Migrate MFA, server certificate and signing certificate tests#13783
dfangl merged 9 commits into
iam/moto-migrationfrom
iam/tests-mfa-and-certificates

Conversation

@dfangl

@dfangl dfangl commented Feb 17, 2026

Copy link
Copy Markdown
Member

Motivation

This PR migrates the MFA, server certificate and sigining certificate tests from moto to LocalStack. The tests were adapted to be parity tested against AWS.

Changes

Generated migration summary:

Summary

Category Moto Tests (Commented) LocalStack Tests Created Migration Status
MFA 7 5 Fully migrated + enhanced
Server Certificates 6 3 Fully migrated
Signing Certificates 6 2 5/6 migrated

MFA Tests Migration

Source: moto/tests/test_iam/test_iam.py (lines 1705-1903)
Destination: localstack/tests/aws/services/iam/test_iam_mfa.py

Mapping Table

Moto Test (Commented) LocalStack Test Notes
test_create_virtual_mfa_device (L1705-1733) test_virtual_mfa_device_lifecycle Consolidated with delete; parameterized for paths (None, /, /test-path/, /test//double/)
test_create_virtual_mfa_device_errors (L1735-1777) test_virtual_mfa_device_errors Merged error cases: duplicate device, invalid path patterns, path too long
test_delete_virtual_mfa_device (L1779-1791) test_virtual_mfa_device_lifecycle Delete covered in lifecycle test
test_delete_virtual_mfa_device_errors (L1793-1805) test_virtual_mfa_device_errors Delete non-existent device error case
test_list_virtual_mfa_devices (L1807-1847) test_list_virtual_mfa_devices Enhanced with assignment status filtering (Assigned, Unassigned, Any)
test_list_virtual_mfa_devices_errors (L1849-1858) test_list_virtual_mfa_devices Invalid marker error included
test_enable_virtual_mfa_device (L1860-1903) test_enable_virtual_mfa_device Uses pyotp for valid TOTP codes; includes deactivation flow
test_mfa_devices (L1682-1702) test_physical_token_mfa Tests physical token MFA activation (LocalStack-only, no real device to validate)

New LocalStack Tests (Not in Moto)

LocalStack Test Description
test_enable_mfa_device_errors Error cases for enable/deactivate: non-existent user, non-existent MFA device

Server Certificate Tests Migration

Source: moto/tests/test_iam/test_iam_server_certificates.py
Destination: localstack/tests/aws/services/iam/test_iam_server_certificates.py

Mapping Table

Moto Test (Commented) LocalStack Test Notes
test_get_all_server_certs (L11-25) test_server_certificate_lifecycle List operation included in lifecycle
test_get_server_cert_doesnt_exist (L27-39) test_server_certificate_errors Get non-existent certificate error
test_get_server_cert (L41-63) test_server_certificate_lifecycle Get operation included; parameterized paths
test_delete_server_cert (L65-84) test_server_certificate_lifecycle Delete and verify deletion in lifecycle
test_delete_unknown_server_cert (L86-97) test_server_certificate_errors Delete non-existent certificate error
test_get_server_cert_with_certificate_chain (L99-122) test_server_certificate_with_chain Uses proper X.509 cert chain generation

Signing Certificate Tests Migration

Source: moto/tests/test_iam/test_iam_signing_certificates.py
Destination: localstack/tests/aws/services/iam/test_iam_signing_certificates.py

Mapping Table

Moto Test (Commented) LocalStack Test Notes
test_signing_certs (L16-46) test_signing_certificate_lifecycle Full CRUD: upload, list, update status (Active/Inactive), delete
test_create_too_many_certificates (L48-73) test_signing_certificate_errors Limit exceeded (2 certs per user) error
test_retrieve_cert_details_using_credentials_report (L75-131) Not migrated Depends on credential report (4-hour AWS cache makes validation difficult)
test_upload_cert_for_unknown_user (L133-166) test_signing_certificate_errors Consolidated: upload/list/update/delete for non-existent user
test_upload_invalid_certificate (L168-177) test_signing_certificate_errors MalformedCertificate error case
test_update_unknown_certificate (L179-191) test_signing_certificate_errors Update/delete non-existent certificate errors

Not Migrated

Moto Test Reason
test_retrieve_cert_details_using_credentials_report Test depends on credential report which AWS caches for 4 hours, making AWS validation impractical. Will be migrated separately

Tests

Tests pass against AWS even without snapshot tests.

Related

Closes UNC-244
Closes UNC-226

@dfangl dfangl added this to the 4.14 milestone Feb 17, 2026
@dfangl dfangl requested a review from bentsku as a code owner February 17, 2026 13:01
@dfangl dfangl added semver: patch Non-breaking changes which can be included in patch releases docs: skip Pull request does not require documentation changes notes: skip Pull request does not have to be mentioned in the release notes labels Feb 17, 2026
@github-actions

github-actions Bot commented Feb 17, 2026

Copy link
Copy Markdown

S3 Image Test Results (AMD64 / ARM64)

    2 files      2 suites   7m 58s ⏱️
  564 tests   512 ✅  52 💤 0 ❌
1 128 runs  1 024 ✅ 104 💤 0 ❌

Results for commit f0fb9c7.

@github-actions

github-actions Bot commented Feb 17, 2026
edited
Loading

Copy link
Copy Markdown

Test Results - Preflight, Unit

23 123 tests  ±0   21 252 ✅ ±0   6m 13s ⏱️ +7s
     1 suites ±0    1 871 💤 ±0 
     1 files   ±0        0 ❌ ±0 

Results for commit 8f094fb. ± Comparison against base commit aabae16.

♻️ This comment has been updated with latest results.

@github-actions

github-actions Bot commented Feb 17, 2026
edited
Loading

Copy link
Copy Markdown

Test Results (amd64) - Acceptance

7 tests  ±0   5 ✅ ±0   3m 0s ⏱️ -1s
1 suites ±0   2 💤 ±0 
1 files   ±0   0 ❌ ±0 

Results for commit 8f094fb. ± Comparison against base commit aabae16.

♻️ This comment has been updated with latest results.

@dfangl dfangl force-pushed the iam/moto-migration branch from 7211a8d to aabae16 Compare February 17, 2026 13:30
@github-actions

github-actions Bot commented Feb 17, 2026

Copy link
Copy Markdown

Test Results (amd64) - Integration, Bootstrap

    5 files  ± 0      5 suites  ±0   2h 36m 16s ⏱️ - 1m 11s
5 876 tests  - 91  5 152 ✅  - 92  723 💤 ±0  1 ❌ +1 
5 882 runs   - 91  5 152 ✅  - 92  729 💤 ±0  1 ❌ +1 

For more details on these failures, see this check.

Results for commit f0fb9c7. ± Comparison against base commit 7211a8d.

@dfangl dfangl force-pushed the iam/tests-mfa-and-certificates branch from f0fb9c7 to 8f094fb Compare February 17, 2026 14:04
pinzon
pinzon approved these changes Feb 17, 2026
View reviewed changes

@pinzon pinzon left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

Comment thread tests/aws/services/iam/test_iam_mfa.py Outdated
Comment on lines +1 to +5
"""
Tests for IAM Virtual MFA Device operations.

Migrated from moto's test suite to LocalStack with snapshot testing for AWS parity validation.
"""

@pinzon pinzon Feb 17, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: I don't think this is necessary

@dfangl dfangl Feb 17, 2026

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Valid point, I completely overlooked that one!

@github-actions

github-actions Bot commented Feb 17, 2026

Copy link
Copy Markdown

LocalStack Community integration with Pro

    2 files  ± 0      2 suites  ±0   2h 6m 7s ⏱️ + 1m 48s
5 578 tests +16  4 995 ✅ ±0  583 💤 +16  0 ❌ ±0 
5 580 runs  +16  4 995 ✅ ±0  585 💤 +16  0 ❌ ±0 

Results for commit 8f094fb. ± Comparison against base commit aabae16.

@dfangl dfangl force-pushed the iam/tests-mfa-and-certificates branch from 2a4a871 to 9ad687c Compare February 17, 2026 15:18
@dfangl dfangl force-pushed the iam/tests-mfa-and-certificates branch from 9ad687c to 1447a87 Compare February 17, 2026 15:19
@dfangl dfangl merged commit e38208b into iam/moto-migration Feb 17, 2026
8 of 9 checks passed
@dfangl dfangl deleted the iam/tests-mfa-and-certificates branch February 17, 2026 15:20
dfangl added a commit that referenced this pull request Feb 19, 2026
@dfangl
Migrate MFA, server certificate and signing certificate tests (#13783)
0c331c9
dfangl added a commit that referenced this pull request Feb 26, 2026
@dfangl
Migrate MFA, server certificate and signing certificate tests (#13783)
e3b8c32
dfangl added a commit that referenced this pull request Feb 26, 2026
@dfangl
Migrate MFA, server certificate and signing certificate tests (#13783)
edbe87b
dfangl added a commit that referenced this pull request Mar 4, 2026
@dfangl
Migrate MFA, server certificate and signing certificate tests (#13783)
6e528e5
dfangl added a commit that referenced this pull request Mar 6, 2026
@dfangl
Migrate MFA, server certificate and signing certificate tests (#13783)
571deba
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@pinzon pinzon pinzon approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

docs: skip Pull request does not require documentation changes notes: skip Pull request does not have to be mentioned in the release notes semver: patch Non-breaking changes which can be included in patch releases

Projects

None yet

Milestone

4.14

Development

Successfully merging this pull request may close these issues.

2 participants

@dfangl @pinzon