moto/tests/test_firehose/test_firehose_encryption.py

from uuid import uuid4

import boto3
import pytest
from botocore.exceptions import ClientError

from moto import mock_aws

from .test_firehose import sample_s3_dest_config


@mock_aws
def test_firehose_without_encryption():
    client = boto3.client("firehose", region_name="us-east-2")
    name = str(uuid4())[0:6]
    client.create_delivery_stream(
        DeliveryStreamName=name,
        ExtendedS3DestinationConfiguration=sample_s3_dest_config(),
    )

    resp = client.describe_delivery_stream(DeliveryStreamName=name)[
        "DeliveryStreamDescription"
    ]
    assert "DeliveryStreamEncryptionConfiguration" not in resp

    client.start_delivery_stream_encryption(
        DeliveryStreamName=name,
        DeliveryStreamEncryptionConfigurationInput={"KeyType": "AWS_OWNED_CMK"},
    )

    stream = client.describe_delivery_stream(DeliveryStreamName=name)[
        "DeliveryStreamDescription"
    ]
    assert stream["DeliveryStreamEncryptionConfiguration"] == {
        "KeyType": "AWS_OWNED_CMK",
        "Status": "ENABLED",
    }


@mock_aws
def test_firehose_with_encryption():
    client = boto3.client("firehose", region_name="us-east-2")
    name = str(uuid4())[0:6]
    client.create_delivery_stream(
        DeliveryStreamName=name,
        ExtendedS3DestinationConfiguration=sample_s3_dest_config(),
        DeliveryStreamEncryptionConfigurationInput={"KeyType": "AWS_OWNED_CMK"},
    )

    stream = client.describe_delivery_stream(DeliveryStreamName=name)[
        "DeliveryStreamDescription"
    ]
    assert stream["DeliveryStreamEncryptionConfiguration"] == {
        "KeyType": "AWS_OWNED_CMK"
    }

    client.stop_delivery_stream_encryption(DeliveryStreamName=name)

    stream = client.describe_delivery_stream(DeliveryStreamName=name)[
        "DeliveryStreamDescription"
    ]
    assert stream["DeliveryStreamEncryptionConfiguration"]["Status"] == "DISABLED"


@mock_aws
def test_start_encryption_on_unknown_stream():
    client = boto3.client("firehose", region_name="us-east-2")

    with pytest.raises(ClientError) as exc:
        client.start_delivery_stream_encryption(
            DeliveryStreamName="?",
            DeliveryStreamEncryptionConfigurationInput={"KeyType": "AWS_OWNED_CMK"},
        )
    err = exc.value.response["Error"]
    assert err["Code"] == "ResourceNotFoundException"
    assert err["Message"] == "Firehose ? under account 123456789012 not found."


@mock_aws
def test_stop_encryption_on_unknown_stream():
    client = boto3.client("firehose", region_name="us-east-2")

    with pytest.raises(ClientError) as exc:
        client.stop_delivery_stream_encryption(DeliveryStreamName="?")
    err = exc.value.response["Error"]
    assert err["Code"] == "ResourceNotFoundException"
    assert err["Message"] == "Firehose ? under account 123456789012 not found."
Admin: sorting imports with ruff (#7075) 2023-11-30 15:55:51 +00:00			`from uuid import uuid4`

Firehose Improvements (#6028) 2023-03-07 23:08:55 +00:00			`import boto3`
			`import pytest`
			`from botocore.exceptions import ClientError`
Admin: sorting imports with ruff (#7075) 2023-11-30 15:55:51 +00:00
Introduce mock_aws() (#7194) 2024-01-07 12:03:33 +00:00			`from moto import mock_aws`
Admin: sorting imports with ruff (#7075) 2023-11-30 15:55:51 +00:00
Firehose Improvements (#6028) 2023-03-07 23:08:55 +00:00			`from .test_firehose import sample_s3_dest_config`


Introduce mock_aws() (#7194) 2024-01-07 12:03:33 +00:00			`@mock_aws`
Firehose Improvements (#6028) 2023-03-07 23:08:55 +00:00			`def test_firehose_without_encryption():`
			`client = boto3.client("firehose", region_name="us-east-2")`
			`name = str(uuid4())[0:6]`
			`client.create_delivery_stream(`
			`DeliveryStreamName=name,`
			`ExtendedS3DestinationConfiguration=sample_s3_dest_config(),`
			`)`

			`resp = client.describe_delivery_stream(DeliveryStreamName=name)[`
			`"DeliveryStreamDescription"`
			`]`
Techdebt: Replace sure with regular assertions in Firehose (#6565) 2023-07-27 22:25:43 +00:00			`assert "DeliveryStreamEncryptionConfiguration" not in resp`
Firehose Improvements (#6028) 2023-03-07 23:08:55 +00:00
			`client.start_delivery_stream_encryption(`
			`DeliveryStreamName=name,`
			`DeliveryStreamEncryptionConfigurationInput={"KeyType": "AWS_OWNED_CMK"},`
			`)`

			`stream = client.describe_delivery_stream(DeliveryStreamName=name)[`
			`"DeliveryStreamDescription"`
			`]`
Techdebt: Replace sure with regular assertions in Firehose (#6565) 2023-07-27 22:25:43 +00:00			`assert stream["DeliveryStreamEncryptionConfiguration"] == {`
			`"KeyType": "AWS_OWNED_CMK",`
			`"Status": "ENABLED",`
			`}`
Firehose Improvements (#6028) 2023-03-07 23:08:55 +00:00

Introduce mock_aws() (#7194) 2024-01-07 12:03:33 +00:00			`@mock_aws`
Firehose Improvements (#6028) 2023-03-07 23:08:55 +00:00			`def test_firehose_with_encryption():`
			`client = boto3.client("firehose", region_name="us-east-2")`
			`name = str(uuid4())[0:6]`
			`client.create_delivery_stream(`
			`DeliveryStreamName=name,`
			`ExtendedS3DestinationConfiguration=sample_s3_dest_config(),`
			`DeliveryStreamEncryptionConfigurationInput={"KeyType": "AWS_OWNED_CMK"},`
			`)`

			`stream = client.describe_delivery_stream(DeliveryStreamName=name)[`
			`"DeliveryStreamDescription"`
			`]`
Techdebt: Replace sure with regular assertions in Firehose (#6565) 2023-07-27 22:25:43 +00:00			`assert stream["DeliveryStreamEncryptionConfiguration"] == {`
			`"KeyType": "AWS_OWNED_CMK"`
			`}`
Firehose Improvements (#6028) 2023-03-07 23:08:55 +00:00
			`client.stop_delivery_stream_encryption(DeliveryStreamName=name)`

			`stream = client.describe_delivery_stream(DeliveryStreamName=name)[`
			`"DeliveryStreamDescription"`
			`]`
Techdebt: Replace sure with regular assertions in Firehose (#6565) 2023-07-27 22:25:43 +00:00			`assert stream["DeliveryStreamEncryptionConfiguration"]["Status"] == "DISABLED"`
Firehose Improvements (#6028) 2023-03-07 23:08:55 +00:00

Introduce mock_aws() (#7194) 2024-01-07 12:03:33 +00:00			`@mock_aws`
Firehose Improvements (#6028) 2023-03-07 23:08:55 +00:00			`def test_start_encryption_on_unknown_stream():`
			`client = boto3.client("firehose", region_name="us-east-2")`

			`with pytest.raises(ClientError) as exc:`
			`client.start_delivery_stream_encryption(`
			`DeliveryStreamName="?",`
			`DeliveryStreamEncryptionConfigurationInput={"KeyType": "AWS_OWNED_CMK"},`
			`)`
			`err = exc.value.response["Error"]`
Techdebt: Replace sure with regular assertions in Firehose (#6565) 2023-07-27 22:25:43 +00:00			`assert err["Code"] == "ResourceNotFoundException"`
			`assert err["Message"] == "Firehose ? under account 123456789012 not found."`
Firehose Improvements (#6028) 2023-03-07 23:08:55 +00:00

Introduce mock_aws() (#7194) 2024-01-07 12:03:33 +00:00			`@mock_aws`
Firehose Improvements (#6028) 2023-03-07 23:08:55 +00:00			`def test_stop_encryption_on_unknown_stream():`
			`client = boto3.client("firehose", region_name="us-east-2")`

			`with pytest.raises(ClientError) as exc:`
			`client.stop_delivery_stream_encryption(DeliveryStreamName="?")`
			`err = exc.value.response["Error"]`
Techdebt: Replace sure with regular assertions in Firehose (#6565) 2023-07-27 22:25:43 +00:00			`assert err["Code"] == "ResourceNotFoundException"`
			`assert err["Message"] == "Firehose ? under account 123456789012 not found."`