PHANTOM
🇮🇳 IN
Skip to content

STS: New internalized STS provider#13737

Open
pinzon wants to merge 5 commits intoiam/moto-migrationfrom
sts/new-provider
Open

STS: New internalized STS provider#13737
pinzon wants to merge 5 commits intoiam/moto-migrationfrom
sts/new-provider

Conversation

@pinzon
Copy link
Member

@pinzon pinzon commented Feb 10, 2026
edited
Loading

Motivation

With the objective to internalize the STS service. This PR implements a new service provider based on ASF and LocalStack stores, completly independent of the Moto library.

Changes

  • Added STS store with support for Cross-Account attributes.
  • Replaced the STS provider with an entirely new provider.
  • Added the necessary changes to providers.py

@github-actions
Copy link

github-actions bot commented Feb 10, 2026
edited
Loading

Test Results - Preflight, Unit

0 tests   - 23 070   0 ✅  - 21 179   0s ⏱️ - 6m 9s
0 suites  -      1   0 💤  -  1 891 
0 files    -      1   0 ❌ ±     0 

Results for commit 721a71e. ± Comparison against base commit 69158c9.

♻️ This comment has been updated with latest results.

@pinzon pinzon added aws:sts AWS Security Token Service semver: minor Non-breaking changes which can be included in minor releases, but not in patch releases docs: skip Pull request does not require documentation changes notes: skip Pull request does not have to be mentioned in the release notes labels Feb 10, 2026
@github-actions
Copy link

github-actions bot commented Feb 10, 2026
edited
Loading

Test Results (amd64) - Acceptance

7 tests  ±0   5 ✅ ±0   3m 0s ⏱️ -1s
1 suites ±0   2 💤 ±0 
1 files   ±0   0 ❌ ±0 

Results for commit de9bf7a. ± Comparison against base commit 5a24286.

♻️ This comment has been updated with latest results.

@github-actions
Copy link

github-actions bot commented Feb 10, 2026
edited
Loading

Test Results (amd64) - Integration, Bootstrap

    5 files  ±0      5 suites  ±0   2h 42m 0s ⏱️ - 2m 9s
6 006 tests  - 2  5 244 ✅ +3  761 💤 ±0  1 ❌  - 5 
6 012 runs   - 2  5 244 ✅ +3  767 💤 ±0  1 ❌  - 5 

For more details on these failures, see this check.

Results for commit de9bf7a. ± Comparison against base commit 5a24286.

♻️ This comment has been updated with latest results.

@github-actions
Copy link

github-actions bot commented Feb 10, 2026
edited
Loading

LocalStack Community integration with Pro

    2 files  ±0      2 suites  ±0   2h 6m 4s ⏱️ -45s
5 634 tests ±0  5 251 ✅ +4  372 💤 ±0  11 ❌  - 4 
5 636 runs  ±0  5 251 ✅ +4  374 💤 ±0  11 ❌  - 4 

For more details on these failures, see this check.

Results for commit 3a2a336. ± Comparison against base commit 69158c9.

♻️ This comment has been updated with latest results.

@pinzon pinzon marked this pull request as ready for review February 11, 2026 19:30
@pinzon pinzon requested a review from dfangl as a code owner February 11, 2026 19:30
@dfangl dfangl mentioned this pull request Feb 12, 2026
Merged
@dfangl dfangl force-pushed the iam/moto-migration branch from a2a079c to 37f4eb0 Compare February 12, 2026 10:25
@pinzon pinzon added this to the 4.14 milestone Feb 16, 2026
@dfangl dfangl force-pushed the iam/moto-migration branch from cdcd4df to 4526785 Compare February 16, 2026 18:25
@dfangl dfangl force-pushed the iam/moto-migration branch from 7211a8d to aabae16 Compare February 17, 2026 13:30
@dfangl dfangl force-pushed the iam/moto-migration branch from 49e13e2 to cbcd0f4 Compare February 19, 2026 18:50
@bentsku bentsku removed their request for review February 20, 2026 13:56
@anisaoshafi
Copy link
Contributor

anisaoshafi commented Feb 25, 2026

ℹ️ @pinzon I've changed the milestone to playground for now.

@anisaoshafi anisaoshafi modified the milestones: 4.14, Playground Feb 25, 2026
@dfangl dfangl modified the milestones: Playground, 2026.03 Feb 26, 2026
@dfangl dfangl force-pushed the iam/moto-migration branch from b1990ab to 4b158e1 Compare February 26, 2026 09:17
dfangl
dfangl requested changes Feb 26, 2026
View reviewed changes
localstack-core/localstack/services/sts/models.py Outdated
Comment on lines 48 to 51
def generate_secret_access_key() -> str:
"""Generate a secret access key (40 characters)."""
chars = string.ascii_letters + string.digits + "+/"
return "".join(secrets.choice(chars) for _ in range(40))
Copy link
Member

@dfangl dfangl Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could move this into the iam utils, and reuse it for the user access key generation as well!

@dfangl dfangl force-pushed the iam/moto-migration branch from 1751aaf to 2347778 Compare February 26, 2026 16:47
@pinzon pinzon requested a review from dfangl February 26, 2026 20:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dominikschubert dominikschubert Awaiting requested review from dominikschubert

@steffyP steffyP Awaiting requested review from steffyP

@alexrashed alexrashed Awaiting requested review from alexrashed

@silv-io silv-io Awaiting requested review from silv-io

@k-a-il k-a-il Awaiting requested review from k-a-il

@aidehn aidehn Awaiting requested review from aidehn

@dfangl dfangl Awaiting requested review from dfangl dfangl is a code owner

Assignees

No one assigned

Labels

aws:sts AWS Security Token Service docs: skip Pull request does not require documentation changes notes: skip Pull request does not have to be mentioned in the release notes semver: minor Non-breaking changes which can be included in minor releases, but not in patch releases

Projects

None yet

Milestone

2026.03

Development

Successfully merging this pull request may close these issues.

3 participants

@pinzon @anisaoshafi @dfangl