github ministackorg/ministack v1.1.0
on GitHub

latest releases: v1.3.38, v1.3.37, v1.3.36...
one month ago

Added

  • Amazon Cognito (ministack/services/cognito.py) — full User Pool and Identity Pool emulation
    • User Pools (cognito-idp): CreateUserPool, DeleteUserPool, DescribeUserPool, ListUserPools, UpdateUserPool
    • User Pool Clients: CreateUserPoolClient, DeleteUserPoolClient, DescribeUserPoolClient, ListUserPoolClients, UpdateUserPoolClient
    • User management: AdminCreateUser, AdminDeleteUser, AdminGetUser, ListUsers (with filter support: =, ^=, !=), AdminSetUserPassword, AdminUpdateUserAttributes, AdminConfirmSignUp, AdminDisableUser, AdminEnableUser, AdminResetUserPassword, AdminUserGlobalSignOut
    • Auth flows: AdminInitiateAuth, AdminRespondToAuthChallenge, InitiateAuth, RespondToAuthChallenge — ADMIN_USER_PASSWORD_AUTH, ADMIN_NO_SRP_AUTH, USER_PASSWORD_AUTH, REFRESH_TOKEN_AUTH / REFRESH_TOKEN (both accepted), USER_SRP_AUTH (returns PASSWORD_VERIFIER challenge); FORCE_CHANGE_PASSWORD challenge on first login
    • Self-service: SignUp (always UNCONFIRMED — AutoVerifiedAttributes verifies the attribute, not the account), ConfirmSignUp, ForgotPassword, ConfirmForgotPassword, ChangePassword (decodes access token and updates stored password), GetUser, UpdateUserAttributes, DeleteUser, GlobalSignOut, RevokeToken
    • Groups: CreateGroup, DeleteGroup, GetGroup, ListGroups, ListUsersInGroup, AdminAddUserToGroup, AdminRemoveUserFromGroup, AdminListGroupsForUser, AdminListUserAuthEvents
    • Domain: CreateUserPoolDomain, DeleteUserPoolDomain, DescribeUserPoolDomain
    • MFA: GetUserPoolMfaConfig, SetUserPoolMfaConfig, AssociateSoftwareToken, VerifySoftwareToken
    • Tags: TagResource, UntagResource, ListTagsForResource
    • Identity Pools (cognito-identity): CreateIdentityPool, DeleteIdentityPool, DescribeIdentityPool, ListIdentityPools, UpdateIdentityPool, GetId, GetCredentialsForIdentity, GetOpenIdToken, SetIdentityPoolRoles, GetIdentityPoolRoles, ListIdentities, DescribeIdentity, MergeDeveloperIdentities, UnlinkDeveloperIdentity, UnlinkIdentity, TagResource, UntagResource, ListTagsForResource
    • OAuth2: POST /oauth2/token — client_credentials flow; returns stub Bearer token
    • Stub JWT tokens: structurally valid base64url JWTs (non-cryptographic); IDP pool ARN format arn:aws:cognito-idp:region:account:userpool/{id}; Identity pool ID format region:{uuid}
    • _user_from_token shared helper — decodes stub JWT payload to find user by sub, used by GetUser, UpdateUserAttributes, DeleteUser, ChangePassword, and REFRESH_TOKEN_AUTH
    • Wired into router, SERVICE_HANDLERS, SERVICE_NAME_ALIASES, _reset_all_state(), and both credential scopes (cognito-idp, cognito-identity)
    • 43 integration tests covering full CRUD lifecycle for User Pools, Pool Clients, Users, Auth flows, Refresh tokens, Groups, Domains, MFA, Tags, and Identity Pools

Changed

  • Package restructure: all source code moved into ministack/ package (ministack/app.py, ministack/core/, ministack/services/) — fixes pip install ministack entrypoint crash (app:main was unresolvable because app.py was not included in the wheel)
  • Entrypoint: ministack = "app:main"ministack = "ministack.app:main"
  • ASGI module: app:appministack.app:app in Dockerfile and CI
  • PyPI trusted publishing: OIDC workflow added (pypi-publish.yml) — no API token needed, publishes on v*.*.* tag push

Fixed

  • Lambda GetFunctionConcurrency: returns {} instead of 404 after DeleteFunctionConcurrency — matches AWS behaviour where an unset concurrency limit returns an empty response
  • Cognito GetCredentialsForIdentity: response field is SecretKey (correct boto3 wire name) — was incorrectly named SecretAccessKey
  • ElastiCache ModifyCacheParameterGroup / ResetCacheParameterGroup: parameter list key was ParameterNameValues.member.{n}.* — corrected to ParameterNameValues.ParameterNameValue.{n}.* matching actual boto3 Query API serialisation
  • RDS / ElastiCache / ECS reset(): container.remove()container.remove(v=True) — Docker volumes created by stopped containers are now removed along with the container, preventing anonymous volume accumulation across test runs
  • RDS containers.run(): added tmpfs mount for /var/lib/postgresql/data and /var/lib/mysql — postgres/mysql data lives in container RAM; no anonymous Docker volumes created per instance
  • Docker Compose: added build: . so docker compose up --build uses local source instead of always pulling from Docker Hub

Infrastructure

  • Makefile purge target: kills all containers labelled ministack, prunes dangling volumes, and clears ./data/s3/ — safe to run alongside other projects (filter is label-scoped, not image-scoped)

Tests

  • 3 package structure tests: test_package_core_importable, test_package_services_importable, test_app_asgi_callable
  • Merged all 97 tests from test_qa_comprehensive.py into test_services.py — single test file, test_qa_comprehensive.py deleted
  • Fixed test_cognito_get_id_and_credentials: SecretAccessKeySecretKey
  • Fixed test_apigwv1_usage_plan_key_crud: Name/Enabledname/enabled (boto3 lowercase params)
  • Fixed test_lambda_reset_terminates_workers: timeout 5 s → 15 s with 3-attempt retry
  • Fixed test_rds_snapshot_crud / test_rds_deletion_protection: added finally cleanup so RDS containers are deleted after each test
  • 613 integration tests — all passing against Docker image
Check out latest releases or
releases around ministackorg/ministack v1.1.0

Don't miss a new ministack release

NewReleases is sending notifications on new releases.

Get notifications