We're implementing a cross-account configuration utility, and selecting a mocking framework. From what I can tell localstack implements a wide range of services, but the scope of the mocking is a single account. To test that hypothesis (using localstack-client I've implemented two sessions and added same-named roles to each. This should create a name collision failure, but instead creates a consistent set of same-named roles across both sessions.
[digression ... that's probably a defect and should throw a 'RoleExists' exception]
So it looks like all sessions are one, which pretty much prevents using localstack for cross account testing
:(
Is there a recommended approach for the use case:
- Create a user in account A
- Create a role in account B and allow user to assume it
- Create another role in account C and allow user to assume it
?
I see there are some partly hidden flags on creating sessions for each invocation like CREATE_NEW_SESSION_PER_BOTO3_CONNECTION and CUSTOM_BOTO3_SESSION, but not much documentation there, and given that session separation doesn't seem to exist, I'm not too hopeful -- they may just be sugar for what I did by hand?
Then there are nasty kludges like settling for just 2 accounts and trying to drive them to different regions. Could that work in a pinch?
Do we have any capability or experience/doc in dealing with multiple accounts in a test?
pytest_localstack does seem to have some separation for accounts, but sadly does not implement IAM, where the bulk of the work is!
┆Issue is synchronized with this Jira Bug by Unito
We're implementing a cross-account configuration utility, and selecting a mocking framework. From what I can tell localstack implements a wide range of services, but the scope of the mocking is a single account. To test that hypothesis (using localstack-client I've implemented two sessions and added same-named roles to each. This should create a name collision failure, but instead creates a consistent set of same-named roles across both sessions.
[digression ... that's probably a defect and should throw a 'RoleExists' exception]
So it looks like all sessions are one, which pretty much prevents using localstack for cross account testing
:(
Is there a recommended approach for the use case:
?
I see there are some partly hidden flags on creating sessions for each invocation like
CREATE_NEW_SESSION_PER_BOTO3_CONNECTIONandCUSTOM_BOTO3_SESSION, but not much documentation there, and given that session separation doesn't seem to exist, I'm not too hopeful -- they may just be sugar for what I did by hand?Then there are nasty kludges like settling for just 2 accounts and trying to drive them to different regions. Could that work in a pinch?
Do we have any capability or experience/doc in dealing with multiple accounts in a test?
pytest_localstack does seem to have some separation for accounts, but sadly does not implement IAM, where the bulk of the work is!
┆Issue is synchronized with this Jira Bug by Unito