Techdebt: Remove ACM/pytest warnings (#7350)

Author: bblommers

.github/workflows/build.yml

@@ -22,7 +22,7 @@ jobs:
           echo "dir=$(pip cache dir)" >> $GITHUB_OUTPUT
       - name: pip cache
         id: pip-cache
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ${{ steps.pip-cache-dir.outputs.dir }}
           key: pip-${{ matrix.python-version }}-${{ hashFiles('**/setup.cfg') }}
@@ -55,7 +55,7 @@ jobs:
       run: |
         echo "dir=$(pip cache dir)" >> $GITHUB_OUTPUT
     - name: pip cache
-      uses: actions/cache@v3
+      uses: actions/cache@v4
       with:
         path: ${{ steps.pip-cache.outputs.dir }}
         key: pip-${{ matrix.python-version }}-${{ hashFiles('**/setup.cfg') }}

.github/workflows/dockertests.yml

@@ -22,7 +22,7 @@ jobs:
           echo "dir=$(pip cache dir)" >> $GITHUB_OUTPUT
       - name: pip cache
         id: pip-cache
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ${{ steps.pip-cache-dir.outputs.dir }}
           key: pip-${{ matrix.python-version }}-${{ hashFiles('**/setup.cfg') }}
@@ -62,7 +62,7 @@ jobs:
       run: |
         echo "dir=$(pip cache dir)" >> $GITHUB_OUTPUT
     - name: pip cache
-      uses: actions/cache@v3
+      uses: actions/cache@v4
       with:
         path: ${{ steps.pip-cache.outputs.dir }}
         key: pip-${{ matrix.python-version }}-${{ hashFiles('**/setup.cfg') }}
@@ -82,8 +82,6 @@ jobs:
       if: always()
       run: |
         mkdir serverlogs1
-        pwd
-        ls -la
         cp server_output.log serverlogs1/server_output.log
         docker stop motoserver
     - name: Archive Logs
@@ -122,7 +120,7 @@ jobs:
       run: |
         echo "dir=$(pip cache dir)" >> $GITHUB_OUTPUT
     - name: pip cache
-      uses: actions/cache@v3
+      uses: actions/cache@v4
       with:
         path: ${{ steps.pip-cache.outputs.dir }}
         key: pip-${{ matrix.python-version }}-${{ hashFiles('**/setup.cfg') }}
@@ -141,8 +139,6 @@ jobs:
       if: always()
       run: |
         mkdir serverlogs2
-        pwd
-        ls -la
         cp server_output.log serverlogs2/server_output.log
     - name: Archive logs
       if: always()
@@ -179,7 +175,7 @@ jobs:
       run: |
         echo "dir=$(pip cache dir)" >> $GITHUB_OUTPUT
     - name: pip cache
-      uses: actions/cache@v3
+      uses: actions/cache@v4
       with:
         path: ${{ steps.pip-cache.outputs.dir }}
         key: pip-${{ matrix.python-version }}-${{ hashFiles('**/setup.cfg') }}
@@ -200,10 +196,7 @@ jobs:
       if: always()
       run: |
         mkdir serverlogs3
-        pwd
-        ls -la
         cp server_output.log serverlogs3/server_output.log
-        ls -la serverlogs3
     - name: Archive Logs
       if: always()
       uses: actions/upload-artifact@v4

.github/workflows/test_outdated_versions.yml

@@ -18,6 +18,7 @@ jobs:
         responses-version: ["0.15.0", "0.17.0", "0.19.0", "0.20.0" ]
         werkzeug-version: ["2.0.1", "2.1.1", "2.2.2"]
         openapi-spec-validator-version: ["0.5.0"]
+        cryptography-version: ["39.0.0"]
 
     steps:
     - name: Checkout repository
@@ -40,6 +41,7 @@ jobs:
         pip install werkzeug==${{ matrix.werkzeug-version }}
         pip install openapi-spec-validator==${{ matrix.openapi-spec-validator-version }}
         pip install ${{ matrix.botocore }}
+        pip install cryptography==${{ matrix.cryptography-version }}
 
     - name: Run tests
       run: |
@@ -59,8 +61,6 @@ jobs:
       if: always()
       run: |
         mkdir serverlogs
-        pwd
-        ls -la
         cp server_output.log serverlogs/server_output.log
         docker stop motoserver
     - name: Archive TF logs

.github/workflows/tests_decoratormode.yml

@@ -22,7 +22,7 @@ jobs:
       run: |
         echo "dir=$(pip cache dir)" >> $GITHUB_OUTPUT
     - name: pip cache
-      uses: actions/cache@v3
+      uses: actions/cache@v4
       with:
         path: ${{ steps.pip-cache.outputs.dir }}
         key: pip-${{ matrix.python-version }}-${{ hashFiles('**/setup.cfg') }}

.github/workflows/tests_proxymode.yml

@@ -22,7 +22,7 @@ jobs:
       run: |
         echo "dir=$(pip cache dir)" >> $GITHUB_OUTPUT
     - name: pip cache
-      uses: actions/cache@v3
+      uses: actions/cache@v4
       with:
         path: ${{ steps.pip-cache.outputs.dir }}
         key: pip-${{ matrix.python-version }}-${{ hashFiles('**/setup.cfg') }}
@@ -45,8 +45,6 @@ jobs:
     - name: "Stop MotoProxy"
       if: always()
       run: |
-        pwd
-        ls -la
         kill $(lsof -t -i:5005)
     - name: Archive Proxy logs
       if: always()

.github/workflows/tests_real_aws.yml

@@ -23,7 +23,7 @@ jobs:
       run: |
         echo "dir=$(pip cache dir)" >> $GITHUB_OUTPUT
     - name: pip cache
-      uses: actions/cache@v3
+      uses: actions/cache@v4
       with:
         path: ${{ steps.pip-cache.outputs.dir }}
         key: pip-3.11-${{ hashFiles('**/setup.cfg') }}

.github/workflows/tests_sdk_dotnet.yml

@@ -20,7 +20,7 @@ jobs:
         docker run --rm -t --name motoserver -e TEST_SERVER_MODE=true -e AWS_SECRET_ACCESS_KEY=server_secret -e AWS_ACCESS_KEY_ID=server_key -v `pwd`:/moto -p 5000:5000 -v /var/run/docker.sock:/var/run/docker.sock python:3.10-slim /moto/scripts/ci_moto_server.sh &
         python scripts/ci_wait_for_server.py
     - uses: actions/setup-dotnet@v4
-    - uses: actions/cache@v3
+    - uses: actions/cache@v4
       with:
         path: ~/.nuget/packages
         # Look to see if there is a cache hit for the corresponding requirements file

.github/workflows/tests_servermode.yml

@@ -28,7 +28,7 @@ jobs:
       run: |
         echo "dir=$(pip cache dir)" >> $GITHUB_OUTPUT
     - name: pip cache
-      uses: actions/cache@v3
+      uses: actions/cache@v4
       with:
         path: ${{ steps.pip-cache.outputs.dir }}
         key: pip-${{ matrix.python-version }}-${{ hashFiles('**/setup.cfg') }}
@@ -60,8 +60,6 @@ jobs:
       if: always()
       run: |
         mkdir serverlogs
-        pwd
-        ls -la
         cp server_output.log serverlogs/server_output.log
         docker stop motoserver
     - name: Archive TF logs

moto/acm/models.py

@@ -238,12 +238,12 @@ def validate_certificate(self) -> cryptography.x509.base.Certificate:
             )
 
             now = utcnow()
-            if _cert.not_valid_after < now:
+            if self._not_valid_after(_cert) < now:
                 raise AWSValidationException(
                     "The certificate has expired, is not valid."
                 )
 
-            if _cert.not_valid_before > now:
+            if self._not_valid_before(_cert) > now:
                 raise AWSValidationException(
                     "The certificate is not in effect yet, is not valid."
                 )
@@ -256,6 +256,22 @@ def validate_certificate(self) -> cryptography.x509.base.Certificate:
             )
         return _cert
 
+    def _not_valid_after(
+        self, _cert: cryptography.x509.base.Certificate
+    ) -> datetime.datetime:
+        try:
+            return _cert.not_valid_after_utc.replace(tzinfo=None)
+        except AttributeError:
+            return _cert.not_valid_after
+
+    def _not_valid_before(
+        self, _cert: cryptography.x509.base.Certificate
+    ) -> datetime.datetime:
+        try:
+            return _cert.not_valid_before_utc.replace(tzinfo=None)
+        except AttributeError:
+            return _cert.not_valid_before
+
     def validate_chain(self) -> None:
         try:
             for cert_armored in self.chain.split(b"-\n-"):
@@ -267,12 +283,12 @@ def validate_chain(self) -> None:
                 )
 
                 now = utcnow()
-                if self._cert.not_valid_after < now:
+                if self._not_valid_after(self._cert) < now:
                     raise AWSValidationException(
                         "The certificate chain has expired, is not valid."
                     )
 
-                if self._cert.not_valid_before > now:
+                if self._not_valid_before(self._cert) > now:
                     raise AWSValidationException(
                         "The certificate chain is not in effect yet, is not valid."
                     )
@@ -325,8 +341,8 @@ def describe(self) -> Dict[str, Any]:
                     0
                 ].value,
                 "KeyAlgorithm": key_algo,
-                "NotAfter": datetime_to_epoch(self._cert.not_valid_after),
-                "NotBefore": datetime_to_epoch(self._cert.not_valid_before),
+                "NotAfter": datetime_to_epoch(self._not_valid_after(self._cert)),
+                "NotBefore": datetime_to_epoch(self._not_valid_before(self._cert)),
                 "Serial": str(self._cert.serial_number),
                 "SignatureAlgorithm": self._cert.signature_algorithm_oid._name.upper().replace(
                     "ENCRYPTION", ""

moto/acmpca/models.py

@@ -149,13 +149,19 @@ def certificate_bytes(self) -> bytes:
     def not_valid_after(self) -> Optional[float]:
         if self.certificate is None:
             return None
-        return unix_time(self.certificate.not_valid_after)
+        try:
+            return unix_time(self.certificate.not_valid_after_utc.replace(tzinfo=None))
+        except AttributeError:
+            return unix_time(self.certificate.not_valid_after)
 
     @property
     def not_valid_before(self) -> Optional[float]:
         if self.certificate is None:
             return None
-        return unix_time(self.certificate.not_valid_before)
+        try:
+            return unix_time(self.certificate.not_valid_before_utc.replace(tzinfo=None))
+        except AttributeError:
+            return unix_time(self.certificate.not_valid_before)
 
     def import_certificate_authority_certificate(
         self, certificate: bytes, certificate_chain: Optional[bytes]