Mocking / whitelisting specific services with v5

[jwhitaker-gridcog]

Hey guys,
Thanks for this great library, it's been invaluable in many orgs I've worked at.

With v5, you've changed the API from mocking specific services (@moto_s3) to mocking all services at once (@moto). This is overall fine and simplifies things.

However, one aspect I appreciated from the specific services API was that I could expose dodgy app code that calls out to AWS when it shouldn't. If I ran my tests with @moto_s3 and no AWS credentials, then if some random lib e.g. decides to call out to Dynamo behind my back, then it would be exposed by failing in the tests. This was a great way to nail down inappropriate behaviour that has snuck into big codebases.

With v5, I can't do this: the random lib would successfully go on being able to talk to Dynamo (enabled via Moto in the tests) and I would be blissfully ignorant.

Is there any way to achieve this "service whitelisting" aspect of the v4 api? I wouldn't necessarily need the @moto_s3 service-specific decorator pattern; there could be other ways to achieve this - e.g. a "whitelist" arg to @moto?

[bblommers]

Hi @jwhitaker-gridcog! It is possible to blacklist services - does that work for you? I know it's not quite the same, but that is currently possible by (ab)using the passthrough configuration option:

@mock_aws(config={
    "core": {
        "mock_credentials": True,
        "passthrough": {
            "services": ["dynamodb"]
        },
    },
})

The original idea behind the config is to mock most services, but allow some services to still talk to AWS. As long as mock_credentials is True, any operation that's passed through, and talks to AWS, will fail because of the fake credentials, so that acts like a blacklist.

[jwhitaker-gridcog]

that kinda gets there, but I'm looking for something that acts as a whitelist, not a blacklist - in my example, if I didn't know beforehand that code was calling dynamo, I probably wouldn't have added "dynamo" to every mocking config. Any way to rig this up?

[bblommers]

moto >= 5.0.13.dev16 now has the option to whitelist services. Here's how you can use it:

@mock_aws(config={"core": {"service_whitelist": ["dynamodb"]}})

If your application makes a request to a service that's not listed here, it will throw a ServiceNotWhitelisted-exception.

Feedback would be welcome @jwhitaker-gridcog - let us know if that works for you!

[jwhitaker-gridcog]

That looks awesome, I'll have a play