Skip to content
This repository was archived by the owner on Mar 23, 2026. It is now read-only.

IAM/STS: fix avro compatibility for new providers#13891

Merged
dfangl merged 2 commits into
iam/moto-migrationfrom
daniel/unc-335
Mar 5, 2026
Merged

IAM/STS: fix avro compatibility for new providers#13891
dfangl merged 2 commits into
iam/moto-migrationfrom
daniel/unc-335

Conversation

@dfangl

@dfangl dfangl commented Mar 5, 2026

Copy link
Copy Markdown
Member

Motivation

Avro does not allow union of typedicts or union of str | list[str].

This PR clarifies those usages to avoid serialization issues.

Changes

  • Virtual and physical MFA devices are now in different stores, making runtime checks for attributes unnecessary and cleaning up the logic a bit
  • The IAM context now differentiates between single and multi valued context values.
  • Some datetime objects were not timezone aware

Tests

  • All tests still pass, and pro tests checking avro compatibility also pass now

Related

Closes UNC-335

@dfangl dfangl requested a review from pinzon as a code owner March 5, 2026 15:24
@dfangl dfangl added semver: minor Non-breaking changes which can be included in minor releases, but not in patch releases docs: skip Pull request does not require documentation changes notes: skip Pull request does not have to be mentioned in the release notes labels Mar 5, 2026
@dfangl dfangl requested a review from bentsku March 5, 2026 15:24
@github-actions

github-actions Bot commented Mar 5, 2026

Copy link
Copy Markdown

Test Results - Preflight, Unit

23 104 tests  ±0   21 217 ✅ ±0   6m 39s ⏱️ +31s
     1 suites ±0    1 887 💤 ±0 
     1 files   ±0        0 ❌ ±0 

Results for commit 957b4b9. ± Comparison against base commit 34b8b65.

@github-actions

github-actions Bot commented Mar 5, 2026

Copy link
Copy Markdown

Test Results (amd64) - Acceptance

7 tests  ±0   5 ✅ ±0   3m 1s ⏱️ -4s
1 suites ±0   2 💤 ±0 
1 files   ±0   0 ❌ ±0 

Results for commit 957b4b9. ± Comparison against base commit 34b8b65.

@github-actions

github-actions Bot commented Mar 5, 2026

Copy link
Copy Markdown

Test Results (amd64) - Integration, Bootstrap

    5 files      5 suites   1h 28m 25s ⏱️
1 735 tests 1 592 ✅ 143 💤 0 ❌
1 741 runs  1 592 ✅ 149 💤 0 ❌

Results for commit 957b4b9.

@dfangl

dfangl commented Mar 5, 2026

Copy link
Copy Markdown
Member Author

Community integration tests against pro are broken on the parent - I'll rebase it after this is merged.

bentsku
bentsku approved these changes Mar 5, 2026
View reviewed changes

@bentsku bentsku left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, nice workaround 👍

might be worth adding iam and sts to the list of migrated Avro services so you'd get the store police to check it as well 👍

Comment thread localstack-core/localstack/services/sts/models.py
transitive_tags: list[str] = field(default_factory=list)
# other stored context variables
iam_context: dict[str, str | list[str]] = field(default_factory=dict)
iam_context: dict[str, SingleValuedContextValue | MultiValuedContextValue] = field(

@bentsku bentsku Mar 5, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

question: is this not used anywhere yet? as I cannot see any updated usage

@dfangl dfangl Mar 5, 2026

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It’s only used in pro, I adapted it to the in draft iam migration PR

@bentsku bentsku Mar 5, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

awesome, thanks 🙏

pinzon
pinzon approved these changes Mar 5, 2026
View reviewed changes

@pinzon pinzon left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving. But for the record, I spent some time making an entity for both Virtual and physical MFA. 😅

@dfangl dfangl merged commit 9655ffd into iam/moto-migration Mar 5, 2026
29 of 32 checks passed
@dfangl dfangl deleted the daniel/unc-335 branch March 5, 2026 21:44
dfangl added a commit that referenced this pull request Mar 6, 2026
@dfangl
IAM/STS: fix avro compatibility for new providers (#13891)
708a15e
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

2 more reviewers

@bentsku bentsku bentsku approved these changes

@pinzon pinzon pinzon approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

docs: skip Pull request does not require documentation changes notes: skip Pull request does not have to be mentioned in the release notes semver: minor Non-breaking changes which can be included in minor releases, but not in patch releases

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dfangl @pinzon @bentsku