Skip to content

Resolve queues by exact name; accept all credential providers (fixes #43, #61, #62)#68

Open
1waterrj wants to merge 1 commit into
jegesh:masterfrom
1waterrj:fix/queue-discovery-and-credentials
Open

Resolve queues by exact name; accept all credential providers (fixes #43, #61, #62)#68
1waterrj wants to merge 1 commit into
jegesh:masterfrom
1waterrj:fix/queue-discovery-and-credentials

Conversation

@1waterrj

@1waterrj 1waterrj commented Jun 23, 2026

Copy link
Copy Markdown

Summary

Closes #43. Closes #61. Closes #62.

Fixes three related issues. All changes are covered by a new moto-based test suite.

Queue discovery — fixes #61 and #43

Both SqsListener and SqsLauncher located queues with list_queues(QueueNamePrefix=<main queue name>). This breaks down whenever a queue's name doesn't fall under the main queue's prefix:

Each queue is now resolved by its exact name via get_queue_url, and created only when it genuinely doesn't exist (caught via QueueDoesNotExist). The resolved error-queue URL is stored and reused when forwarding failed messages, instead of re-discovering it on every failure.

Credentials — fixes #62

The AWS_ACCOUNT_ID gate only accepted a hard-coded set of role-based credential methods (iam-role, assume-role, …), so valid providers like a shared credentials file, environment variables, or a config-file profile were rejected with EnvironmentError — and when no credentials resolved at all the code raised AttributeError (None.method) rather than a clear error.

The gate now accepts credentials from any provider boto3 can resolve and only falls back to requiring AWS_ACCOUNT_ID when no credentials are found. AWS_ACCOUNT_ID, when set, is still passed through as QueueOwnerAWSAccountId.

Tests

Added tests/ (moto + pytest):

pip install -r requirements-test.txt
python -m pytest

Covers: exact-name discovery of pre-existing non-prefix-sharing error queues, prefix-collision resolution, queue creation when absent, the error-queue push path, and the credential gate (accept resolvable providers, still error when nothing resolves).

Notes

The remaining open issues (#39 service-resource refactor, #51 heartbeat) are larger changes and intentionally left out of this PR to keep it focused and low-risk.

🤖 Generated with Claude Code

Fixes three related issues with queue discovery and credential handling.

Queue discovery (jegesh#61, jegesh#43): queues were located via
`list_queues(QueueNamePrefix=...)` using the main queue's name as the
prefix. An error queue whose name does not share that prefix (or a
CloudFormation-generated name) was never matched, so the listener tried
to create it and hit `QueueNameExists` when it already existed with
different attributes. Both SqsListener and SqsLauncher now resolve each
queue by its exact name with `get_queue_url`, creating it only when it
genuinely does not exist. The resolved error-queue URL is now stored and
reused when forwarding failed messages.

Credentials (jegesh#62): the AWS_ACCOUNT_ID gate only accepted a hard-coded set
of role-based credential methods, rejecting valid providers such as a
shared credentials file, env vars, or a config-file profile (and raising
AttributeError instead of EnvironmentError when no credentials resolved).
The gate now accepts credentials from any provider boto3 can resolve and
only falls back to requiring AWS_ACCOUNT_ID when none are found.

Adds a moto-based test suite covering all three cases.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

1 participant