Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
moto/tests/test_kms/test_kms.py

993 lines
32 KiB
Python
Raw Normal View History

Add basic KMS key endpoints.
2015-06-30 05:44:39 -04:00
from __future__ import unicode_literals
need os for checking server mode env variable
2018-10-08 08:38:49 -05:00
import os, re
Add kms boto3 test.
2017-03-14 23:42:47 -04:00
import boto3
Add basic KMS key endpoints.
2015-06-30 05:44:39 -04:00
import boto.kms
KMS generate_data_key (#2071) * Added KMS.generate_data_key and KMS.generate_date_key_without_plaintext Increase test coverage to cover Key not found * Added test for kms.put_key_policy key not found
2019-04-26 20:52:24 +01:00
import botocore.exceptions
Add basic KMS key endpoints.
2015-06-30 05:44:39 -04:00
from boto.exception import JSONResponseError
KMS: aliases
2015-07-22 11:42:26 -04:00
from boto.kms.exceptions import AlreadyExistsException, NotFoundException
KMS generate_data_key (#2071) * Added KMS.generate_data_key and KMS.generate_date_key_without_plaintext Increase test coverage to cover Key not found * Added test for kms.put_key_policy key not found
2019-04-26 20:52:24 +01:00
from moto.kms.exceptions import NotFoundException as MotoNotFoundException
Add basic KMS key endpoints.
2015-06-30 05:44:39 -04:00
import sure # noqa
Add kms boto3 test.
2017-03-14 23:42:47 -04:00
from moto import mock_kms, mock_kms_deprecated
KMS: aliases
2015-07-22 11:42:26 -04:00
from nose.tools import assert_raises
add freezegun and test DeletionDate for chedule_key_deletion
2018-10-05 16:21:16 -05:00
from freezegun import freeze_time
Supporting tags in KMS (#2332) The CreateKey API method accepts tags but does not return them.
2019-07-24 19:15:43 -07:00
from datetime import date
Fixing broken tests #2126 - KMS - S3 - CloudFormation (Thanks kgutwin!)
2019-03-25 13:19:01 -07:00
from datetime import datetime
from dateutil.tz import tzutc
Add basic KMS key endpoints.
2015-06-30 05:44:39 -04:00
Lints.
2017-02-23 21:37:43 -05:00
Supporting tags in KMS (#2332) The CreateKey API method accepts tags but does not return them.
2019-07-24 19:15:43 -07:00
@mock_kms
Add basic KMS key endpoints.
2015-06-30 05:44:39 -04:00
def test_create_key():
Supporting tags in KMS (#2332) The CreateKey API method accepts tags but does not return them.
2019-07-24 19:15:43 -07:00
conn = boto3.client('kms', region_name='us-east-1')
Platform independent KMS timestamp generation (#2193) * Platform independent KMS timestamp generation Fixes #2192 * Switch to moto.core.unix_time Fixes #2192
2019-05-22 02:46:22 +10:00
with freeze_time("2015-01-01 00:00:00"):
Supporting tags in KMS (#2332) The CreateKey API method accepts tags but does not return them.
2019-07-24 19:15:43 -07:00
key = conn.create_key(Policy="my policy",
Description="my key",
KeyUsage='ENCRYPT_DECRYPT',
Tags=[
{
'TagKey': 'project',
'TagValue': 'moto',
},
])
Add basic KMS key endpoints.
2015-06-30 05:44:39 -04:00
Platform independent KMS timestamp generation (#2193) * Platform independent KMS timestamp generation Fixes #2192 * Switch to moto.core.unix_time Fixes #2192
2019-05-22 02:46:22 +10:00
key['KeyMetadata']['Description'].should.equal("my key")
key['KeyMetadata']['KeyUsage'].should.equal("ENCRYPT_DECRYPT")
key['KeyMetadata']['Enabled'].should.equal(True)
Supporting tags in KMS (#2332) The CreateKey API method accepts tags but does not return them.
2019-07-24 19:15:43 -07:00
key['KeyMetadata']['CreationDate'].should.be.a(date)
Add basic KMS key endpoints.
2015-06-30 05:44:39 -04:00
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
Add basic KMS key endpoints.
2015-06-30 05:44:39 -04:00
def test_describe_key():
conn = boto.kms.connect_to_region("us-west-2")
Lints.
2017-02-23 21:37:43 -05:00
key = conn.create_key(policy="my policy",
description="my key", key_usage='ENCRYPT_DECRYPT')
Add basic KMS key endpoints.
2015-06-30 05:44:39 -04:00
key_id = key['KeyMetadata']['KeyId']
key = conn.describe_key(key_id)
key['KeyMetadata']['Description'].should.equal("my key")
key['KeyMetadata']['KeyUsage'].should.equal("ENCRYPT_DECRYPT")
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
Add ARN and Alias functionality to KMS
2016-10-03 01:33:59 +11:00
def test_describe_key_via_alias():
conn = boto.kms.connect_to_region("us-west-2")
Lints.
2017-02-23 21:37:43 -05:00
key = conn.create_key(policy="my policy",
description="my key", key_usage='ENCRYPT_DECRYPT')
conn.create_alias(alias_name='alias/my-key-alias',
target_key_id=key['KeyMetadata']['KeyId'])
Add ARN and Alias functionality to KMS
2016-10-03 01:33:59 +11:00
alias_key = conn.describe_key('alias/my-key-alias')
alias_key['KeyMetadata']['Description'].should.equal("my key")
alias_key['KeyMetadata']['KeyUsage'].should.equal("ENCRYPT_DECRYPT")
alias_key['KeyMetadata']['Arn'].should.equal(key['KeyMetadata']['Arn'])
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
Add ARN and Alias functionality to KMS
2016-10-03 01:33:59 +11:00
def test_describe_key_via_alias_not_found():
conn = boto.kms.connect_to_region("us-west-2")
Lints.
2017-02-23 21:37:43 -05:00
key = conn.create_key(policy="my policy",
description="my key", key_usage='ENCRYPT_DECRYPT')
conn.create_alias(alias_name='alias/my-key-alias',
target_key_id=key['KeyMetadata']['KeyId'])
Add ARN and Alias functionality to KMS
2016-10-03 01:33:59 +11:00
Lints.
2017-02-23 21:37:43 -05:00
conn.describe_key.when.called_with(
'alias/not-found-alias').should.throw(JSONResponseError)
Add ARN and Alias functionality to KMS
2016-10-03 01:33:59 +11:00
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
Add ARN and Alias functionality to KMS
2016-10-03 01:33:59 +11:00
def test_describe_key_via_arn():
conn = boto.kms.connect_to_region("us-west-2")
Lints.
2017-02-23 21:37:43 -05:00
key = conn.create_key(policy="my policy",
description="my key", key_usage='ENCRYPT_DECRYPT')
Add ARN and Alias functionality to KMS
2016-10-03 01:33:59 +11:00
arn = key['KeyMetadata']['Arn']
the_key = conn.describe_key(arn)
the_key['KeyMetadata']['Description'].should.equal("my key")
the_key['KeyMetadata']['KeyUsage'].should.equal("ENCRYPT_DECRYPT")
the_key['KeyMetadata']['KeyId'].should.equal(key['KeyMetadata']['KeyId'])
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
Add basic KMS key endpoints.
2015-06-30 05:44:39 -04:00
def test_describe_missing_key():
conn = boto.kms.connect_to_region("us-west-2")
Lints.
2017-02-23 21:37:43 -05:00
conn.describe_key.when.called_with(
"not-a-key").should.throw(JSONResponseError)
Add basic KMS key endpoints.
2015-06-30 05:44:39 -04:00
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
Add basic KMS key endpoints.
2015-06-30 05:44:39 -04:00
def test_list_keys():
conn = boto.kms.connect_to_region("us-west-2")
Lints.
2017-02-23 21:37:43 -05:00
conn.create_key(policy="my policy", description="my key1",
key_usage='ENCRYPT_DECRYPT')
conn.create_key(policy="my policy", description="my key2",
key_usage='ENCRYPT_DECRYPT')
Add basic KMS key endpoints.
2015-06-30 05:44:39 -04:00
keys = conn.list_keys()
keys['Keys'].should.have.length_of(2)
KMS: aliases
2015-07-22 11:42:26 -04:00
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
Add support for KMS key rotation operations This adds support for the following KMS endpoints: * EnableKeyRotation * DisableKeyRotation * GetKeyRotationStatus Signed-off-by: Jesse Szwedko <jesse.szwedko@getbraintree.com>
2015-11-24 23:44:55 +00:00
def test_enable_key_rotation():
conn = boto.kms.connect_to_region("us-west-2")
Lints.
2017-02-23 21:37:43 -05:00
key = conn.create_key(policy="my policy",
description="my key", key_usage='ENCRYPT_DECRYPT')
Add support for KMS key rotation operations This adds support for the following KMS endpoints: * EnableKeyRotation * DisableKeyRotation * GetKeyRotationStatus Signed-off-by: Jesse Szwedko <jesse.szwedko@getbraintree.com>
2015-11-24 23:44:55 +00:00
key_id = key['KeyMetadata']['KeyId']
conn.enable_key_rotation(key_id)
Lints.
2017-02-23 21:37:43 -05:00
conn.get_key_rotation_status(
key_id)['KeyRotationEnabled'].should.equal(True)
Add support for KMS key rotation operations This adds support for the following KMS endpoints: * EnableKeyRotation * DisableKeyRotation * GetKeyRotationStatus Signed-off-by: Jesse Szwedko <jesse.szwedko@getbraintree.com>
2015-11-24 23:44:55 +00:00
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
Add ARN and Alias functionality to KMS
2016-10-03 01:33:59 +11:00
def test_enable_key_rotation_via_arn():
conn = boto.kms.connect_to_region("us-west-2")
Lints.
2017-02-23 21:37:43 -05:00
key = conn.create_key(policy="my policy",
description="my key", key_usage='ENCRYPT_DECRYPT')
Add ARN and Alias functionality to KMS
2016-10-03 01:33:59 +11:00
key_id = key['KeyMetadata']['Arn']
conn.enable_key_rotation(key_id)
Lints.
2017-02-23 21:37:43 -05:00
conn.get_key_rotation_status(
key_id)['KeyRotationEnabled'].should.equal(True)
Add ARN and Alias functionality to KMS
2016-10-03 01:33:59 +11:00
Add support for KMS key rotation operations This adds support for the following KMS endpoints: * EnableKeyRotation * DisableKeyRotation * GetKeyRotationStatus Signed-off-by: Jesse Szwedko <jesse.szwedko@getbraintree.com>
2015-11-24 23:44:55 +00:00
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
Add support for KMS key rotation operations This adds support for the following KMS endpoints: * EnableKeyRotation * DisableKeyRotation * GetKeyRotationStatus Signed-off-by: Jesse Szwedko <jesse.szwedko@getbraintree.com>
2015-11-24 23:44:55 +00:00
def test_enable_key_rotation_with_missing_key():
conn = boto.kms.connect_to_region("us-west-2")
Lints.
2017-02-23 21:37:43 -05:00
conn.enable_key_rotation.when.called_with(
KMS generate_data_key (#2071) * Added KMS.generate_data_key and KMS.generate_date_key_without_plaintext Increase test coverage to cover Key not found * Added test for kms.put_key_policy key not found
2019-04-26 20:52:24 +01:00
"not-a-key").should.throw(NotFoundException)
Add support for KMS key rotation operations This adds support for the following KMS endpoints: * EnableKeyRotation * DisableKeyRotation * GetKeyRotationStatus Signed-off-by: Jesse Szwedko <jesse.szwedko@getbraintree.com>
2015-11-24 23:44:55 +00:00
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
Add ARN and Alias functionality to KMS
2016-10-03 01:33:59 +11:00
def test_enable_key_rotation_with_alias_name_should_fail():
conn = boto.kms.connect_to_region("us-west-2")
Lints.
2017-02-23 21:37:43 -05:00
key = conn.create_key(policy="my policy",
description="my key", key_usage='ENCRYPT_DECRYPT')
conn.create_alias(alias_name='alias/my-key-alias',
target_key_id=key['KeyMetadata']['KeyId'])
Add ARN and Alias functionality to KMS
2016-10-03 01:33:59 +11:00
alias_key = conn.describe_key('alias/my-key-alias')
alias_key['KeyMetadata']['Arn'].should.equal(key['KeyMetadata']['Arn'])
Lints.
2017-02-23 21:37:43 -05:00
conn.enable_key_rotation.when.called_with(
KMS generate_data_key (#2071) * Added KMS.generate_data_key and KMS.generate_date_key_without_plaintext Increase test coverage to cover Key not found * Added test for kms.put_key_policy key not found
2019-04-26 20:52:24 +01:00
'alias/my-alias').should.throw(NotFoundException)
Add ARN and Alias functionality to KMS
2016-10-03 01:33:59 +11:00
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
Add support for KMS key rotation operations This adds support for the following KMS endpoints: * EnableKeyRotation * DisableKeyRotation * GetKeyRotationStatus Signed-off-by: Jesse Szwedko <jesse.szwedko@getbraintree.com>
2015-11-24 23:44:55 +00:00
def test_disable_key_rotation():
conn = boto.kms.connect_to_region("us-west-2")
Lints.
2017-02-23 21:37:43 -05:00
key = conn.create_key(policy="my policy",
description="my key", key_usage='ENCRYPT_DECRYPT')
Add support for KMS key rotation operations This adds support for the following KMS endpoints: * EnableKeyRotation * DisableKeyRotation * GetKeyRotationStatus Signed-off-by: Jesse Szwedko <jesse.szwedko@getbraintree.com>
2015-11-24 23:44:55 +00:00
key_id = key['KeyMetadata']['KeyId']
conn.enable_key_rotation(key_id)
Lints.
2017-02-23 21:37:43 -05:00
conn.get_key_rotation_status(
key_id)['KeyRotationEnabled'].should.equal(True)
Add support for KMS key rotation operations This adds support for the following KMS endpoints: * EnableKeyRotation * DisableKeyRotation * GetKeyRotationStatus Signed-off-by: Jesse Szwedko <jesse.szwedko@getbraintree.com>
2015-11-24 23:44:55 +00:00
conn.disable_key_rotation(key_id)
Lints.
2017-02-23 21:37:43 -05:00
conn.get_key_rotation_status(
key_id)['KeyRotationEnabled'].should.equal(False)
Add support for KMS key rotation operations This adds support for the following KMS endpoints: * EnableKeyRotation * DisableKeyRotation * GetKeyRotationStatus Signed-off-by: Jesse Szwedko <jesse.szwedko@getbraintree.com>
2015-11-24 23:44:55 +00:00
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
KMS encryption under Python 3 (#826) This upgrades the KMS encrypt and decrypt endpoints to work under both Python 2 and 3
2017-02-09 19:36:24 -08:00
def test_encrypt():
"""
test_encrypt
Using base64 encoding to merely test that the endpoint was called
"""
conn = boto.kms.connect_to_region("us-west-2")
response = conn.encrypt('key_id', 'encryptme'.encode('utf-8'))
response['CiphertextBlob'].should.equal(b'ZW5jcnlwdG1l')
add KeyId value to kms.responses.encrypt and kms.responses.decrypt
2019-03-29 21:02:25 -04:00
response['KeyId'].should.equal('key_id')
KMS encryption under Python 3 (#826) This upgrades the KMS encrypt and decrypt endpoints to work under both Python 2 and 3
2017-02-09 19:36:24 -08:00
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
KMS encryption under Python 3 (#826) This upgrades the KMS encrypt and decrypt endpoints to work under both Python 2 and 3
2017-02-09 19:36:24 -08:00
def test_decrypt():
conn = boto.kms.connect_to_region('us-west-2')
response = conn.decrypt('ZW5jcnlwdG1l'.encode('utf-8'))
response['Plaintext'].should.equal(b'encryptme')
restore KeyId to test_decrypt in test_kms
2019-08-14 08:39:54 -04:00
response['KeyId'].should.equal('key_id')
Implementing KMS encrypt/decrypt This adds support for testing the /encrypt and /decrypt endpoints of Amazon KMS
2016-10-12 11:47:38 -07:00
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
Add support for KMS key rotation operations This adds support for the following KMS endpoints: * EnableKeyRotation * DisableKeyRotation * GetKeyRotationStatus Signed-off-by: Jesse Szwedko <jesse.szwedko@getbraintree.com>
2015-11-24 23:44:55 +00:00
def test_disable_key_rotation_with_missing_key():
conn = boto.kms.connect_to_region("us-west-2")
Lints.
2017-02-23 21:37:43 -05:00
conn.disable_key_rotation.when.called_with(
KMS generate_data_key (#2071) * Added KMS.generate_data_key and KMS.generate_date_key_without_plaintext Increase test coverage to cover Key not found * Added test for kms.put_key_policy key not found
2019-04-26 20:52:24 +01:00
"not-a-key").should.throw(NotFoundException)
Add support for KMS key rotation operations This adds support for the following KMS endpoints: * EnableKeyRotation * DisableKeyRotation * GetKeyRotationStatus Signed-off-by: Jesse Szwedko <jesse.szwedko@getbraintree.com>
2015-11-24 23:44:55 +00:00
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
Add support for KMS key rotation operations This adds support for the following KMS endpoints: * EnableKeyRotation * DisableKeyRotation * GetKeyRotationStatus Signed-off-by: Jesse Szwedko <jesse.szwedko@getbraintree.com>
2015-11-24 23:44:55 +00:00
def test_get_key_rotation_status_with_missing_key():
conn = boto.kms.connect_to_region("us-west-2")
Lints.
2017-02-23 21:37:43 -05:00
conn.get_key_rotation_status.when.called_with(
KMS generate_data_key (#2071) * Added KMS.generate_data_key and KMS.generate_date_key_without_plaintext Increase test coverage to cover Key not found * Added test for kms.put_key_policy key not found
2019-04-26 20:52:24 +01:00
"not-a-key").should.throw(NotFoundException)
Add support for KMS key rotation operations This adds support for the following KMS endpoints: * EnableKeyRotation * DisableKeyRotation * GetKeyRotationStatus Signed-off-by: Jesse Szwedko <jesse.szwedko@getbraintree.com>
2015-11-24 23:44:55 +00:00
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
Add support for KMS key rotation operations This adds support for the following KMS endpoints: * EnableKeyRotation * DisableKeyRotation * GetKeyRotationStatus Signed-off-by: Jesse Szwedko <jesse.szwedko@getbraintree.com>
2015-11-24 23:44:55 +00:00
def test_get_key_rotation_status():
conn = boto.kms.connect_to_region("us-west-2")
Lints.
2017-02-23 21:37:43 -05:00
key = conn.create_key(policy="my policy",
description="my key", key_usage='ENCRYPT_DECRYPT')
Add support for KMS key rotation operations This adds support for the following KMS endpoints: * EnableKeyRotation * DisableKeyRotation * GetKeyRotationStatus Signed-off-by: Jesse Szwedko <jesse.szwedko@getbraintree.com>
2015-11-24 23:44:55 +00:00
key_id = key['KeyMetadata']['KeyId']
Lints.
2017-02-23 21:37:43 -05:00
conn.get_key_rotation_status(
key_id)['KeyRotationEnabled'].should.equal(False)
Add support for KMS key rotation operations This adds support for the following KMS endpoints: * EnableKeyRotation * DisableKeyRotation * GetKeyRotationStatus Signed-off-by: Jesse Szwedko <jesse.szwedko@getbraintree.com>
2015-11-24 23:44:55 +00:00
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
Add support for KMS key rotation operations This adds support for the following KMS endpoints: * EnableKeyRotation * DisableKeyRotation * GetKeyRotationStatus Signed-off-by: Jesse Szwedko <jesse.szwedko@getbraintree.com>
2015-11-24 23:44:55 +00:00
def test_create_key_defaults_key_rotation():
conn = boto.kms.connect_to_region("us-west-2")
Lints.
2017-02-23 21:37:43 -05:00
key = conn.create_key(policy="my policy",
description="my key", key_usage='ENCRYPT_DECRYPT')
Add support for KMS key rotation operations This adds support for the following KMS endpoints: * EnableKeyRotation * DisableKeyRotation * GetKeyRotationStatus Signed-off-by: Jesse Szwedko <jesse.szwedko@getbraintree.com>
2015-11-24 23:44:55 +00:00
key_id = key['KeyMetadata']['KeyId']
Lints.
2017-02-23 21:37:43 -05:00
conn.get_key_rotation_status(
key_id)['KeyRotationEnabled'].should.equal(False)
Add support for KMS key rotation operations This adds support for the following KMS endpoints: * EnableKeyRotation * DisableKeyRotation * GetKeyRotationStatus Signed-off-by: Jesse Szwedko <jesse.szwedko@getbraintree.com>
2015-11-24 23:44:55 +00:00
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
Add KMS policy actions Adds the following to the KMS service * PutKeyPolicy * GetKeyPolicy * ListKeyPolicies Signed-off-by: Jesse Szwedko <jesse.szwedko@getbraintree.com>
2015-11-25 19:50:55 +00:00
def test_get_key_policy():
conn = boto.kms.connect_to_region('us-west-2')
Lints.
2017-02-23 21:37:43 -05:00
key = conn.create_key(policy='my policy',
description='my key1', key_usage='ENCRYPT_DECRYPT')
Add KMS policy actions Adds the following to the KMS service * PutKeyPolicy * GetKeyPolicy * ListKeyPolicies Signed-off-by: Jesse Szwedko <jesse.szwedko@getbraintree.com>
2015-11-25 19:50:55 +00:00
key_id = key['KeyMetadata']['KeyId']
policy = conn.get_key_policy(key_id, 'default')
policy['Policy'].should.equal('my policy')
Lints.
2017-02-23 21:37:43 -05:00
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
Add ARN and Alias functionality to KMS
2016-10-03 01:33:59 +11:00
def test_get_key_policy_via_arn():
conn = boto.kms.connect_to_region('us-west-2')
Lints.
2017-02-23 21:37:43 -05:00
key = conn.create_key(policy='my policy',
description='my key1', key_usage='ENCRYPT_DECRYPT')
Add ARN and Alias functionality to KMS
2016-10-03 01:33:59 +11:00
policy = conn.get_key_policy(key['KeyMetadata']['Arn'], 'default')
policy['Policy'].should.equal('my policy')
Add KMS policy actions Adds the following to the KMS service * PutKeyPolicy * GetKeyPolicy * ListKeyPolicies Signed-off-by: Jesse Szwedko <jesse.szwedko@getbraintree.com>
2015-11-25 19:50:55 +00:00
Lints.
2017-02-23 21:37:43 -05:00
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
Add KMS policy actions Adds the following to the KMS service * PutKeyPolicy * GetKeyPolicy * ListKeyPolicies Signed-off-by: Jesse Szwedko <jesse.szwedko@getbraintree.com>
2015-11-25 19:50:55 +00:00
def test_put_key_policy():
conn = boto.kms.connect_to_region('us-west-2')
Lints.
2017-02-23 21:37:43 -05:00
key = conn.create_key(policy='my policy',
description='my key1', key_usage='ENCRYPT_DECRYPT')
Add KMS policy actions Adds the following to the KMS service * PutKeyPolicy * GetKeyPolicy * ListKeyPolicies Signed-off-by: Jesse Szwedko <jesse.szwedko@getbraintree.com>
2015-11-25 19:50:55 +00:00
key_id = key['KeyMetadata']['KeyId']
conn.put_key_policy(key_id, 'default', 'new policy')
policy = conn.get_key_policy(key_id, 'default')
policy['Policy'].should.equal('new policy')
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
Add ARN and Alias functionality to KMS
2016-10-03 01:33:59 +11:00
def test_put_key_policy_via_arn():
conn = boto.kms.connect_to_region('us-west-2')
Lints.
2017-02-23 21:37:43 -05:00
key = conn.create_key(policy='my policy',
description='my key1', key_usage='ENCRYPT_DECRYPT')
Add ARN and Alias functionality to KMS
2016-10-03 01:33:59 +11:00
key_id = key['KeyMetadata']['Arn']
conn.put_key_policy(key_id, 'default', 'new policy')
policy = conn.get_key_policy(key_id, 'default')
policy['Policy'].should.equal('new policy')
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
Add ARN and Alias functionality to KMS
2016-10-03 01:33:59 +11:00
def test_put_key_policy_via_alias_should_not_update():
conn = boto.kms.connect_to_region('us-west-2')
Lints.
2017-02-23 21:37:43 -05:00
key = conn.create_key(policy='my policy',
description='my key1', key_usage='ENCRYPT_DECRYPT')
conn.create_alias(alias_name='alias/my-key-alias',
target_key_id=key['KeyMetadata']['KeyId'])
Add ARN and Alias functionality to KMS
2016-10-03 01:33:59 +11:00
Lints.
2017-02-23 21:37:43 -05:00
conn.put_key_policy.when.called_with(
KMS generate_data_key (#2071) * Added KMS.generate_data_key and KMS.generate_date_key_without_plaintext Increase test coverage to cover Key not found * Added test for kms.put_key_policy key not found
2019-04-26 20:52:24 +01:00
'alias/my-key-alias', 'default', 'new policy').should.throw(NotFoundException)
Add ARN and Alias functionality to KMS
2016-10-03 01:33:59 +11:00
policy = conn.get_key_policy(key['KeyMetadata']['KeyId'], 'default')
policy['Policy'].should.equal('my policy')
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
Add ARN and Alias functionality to KMS
2016-10-03 01:33:59 +11:00
def test_put_key_policy():
conn = boto.kms.connect_to_region('us-west-2')
Lints.
2017-02-23 21:37:43 -05:00
key = conn.create_key(policy='my policy',
description='my key1', key_usage='ENCRYPT_DECRYPT')
Add ARN and Alias functionality to KMS
2016-10-03 01:33:59 +11:00
conn.put_key_policy(key['KeyMetadata']['Arn'], 'default', 'new policy')
policy = conn.get_key_policy(key['KeyMetadata']['KeyId'], 'default')
policy['Policy'].should.equal('new policy')
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
Add KMS policy actions Adds the following to the KMS service * PutKeyPolicy * GetKeyPolicy * ListKeyPolicies Signed-off-by: Jesse Szwedko <jesse.szwedko@getbraintree.com>
2015-11-25 19:50:55 +00:00
def test_list_key_policies():
conn = boto.kms.connect_to_region('us-west-2')
Lints.
2017-02-23 21:37:43 -05:00
key = conn.create_key(policy='my policy',
description='my key1', key_usage='ENCRYPT_DECRYPT')
Add KMS policy actions Adds the following to the KMS service * PutKeyPolicy * GetKeyPolicy * ListKeyPolicies Signed-off-by: Jesse Szwedko <jesse.szwedko@getbraintree.com>
2015-11-25 19:50:55 +00:00
key_id = key['KeyMetadata']['KeyId']
policies = conn.list_key_policies(key_id)
policies['PolicyNames'].should.equal(['default'])
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
KMS: aliases
2015-07-22 11:42:26 -04:00
def test__create_alias__returns_none_if_correct():
kms = boto.connect_kms()
create_resp = kms.create_key()
key_id = create_resp['KeyMetadata']['KeyId']
resp = kms.create_alias('alias/my-alias', key_id)
resp.should.be.none
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
KMS: aliases
2015-07-22 11:42:26 -04:00
def test__create_alias__raises_if_reserved_alias():
kms = boto.connect_kms()
create_resp = kms.create_key()
key_id = create_resp['KeyMetadata']['KeyId']
reserved_aliases = [
'alias/aws/ebs',
'alias/aws/s3',
'alias/aws/redshift',
'alias/aws/rds',
]
for alias_name in reserved_aliases:
with assert_raises(JSONResponseError) as err:
kms.create_alias(alias_name, key_id)
ex = err.exception
ex.error_message.should.be.none
ex.error_code.should.equal('NotAuthorizedException')
ex.body.should.equal({'__type': 'NotAuthorizedException'})
ex.reason.should.equal('Bad Request')
ex.status.should.equal(400)
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
KMS: aliases
2015-07-22 11:42:26 -04:00
def test__create_alias__can_create_multiple_aliases_for_same_key_id():
kms = boto.connect_kms()
create_resp = kms.create_key()
key_id = create_resp['KeyMetadata']['KeyId']
kms.create_alias('alias/my-alias3', key_id).should.be.none
kms.create_alias('alias/my-alias4', key_id).should.be.none
kms.create_alias('alias/my-alias5', key_id).should.be.none
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
KMS: aliases
2015-07-22 11:42:26 -04:00
def test__create_alias__raises_if_wrong_prefix():
kms = boto.connect_kms()
create_resp = kms.create_key()
key_id = create_resp['KeyMetadata']['KeyId']
with assert_raises(JSONResponseError) as err:
kms.create_alias('wrongprefix/my-alias', key_id)
ex = err.exception
ex.error_message.should.equal('Invalid identifier')
ex.error_code.should.equal('ValidationException')
Lints.
2017-02-23 21:37:43 -05:00
ex.body.should.equal({'message': 'Invalid identifier',
'__type': 'ValidationException'})
KMS: aliases
2015-07-22 11:42:26 -04:00
ex.reason.should.equal('Bad Request')
ex.status.should.equal(400)
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
KMS: aliases
2015-07-22 11:42:26 -04:00
def test__create_alias__raises_if_duplicate():
region = 'us-west-2'
kms = boto.kms.connect_to_region(region)
create_resp = kms.create_key()
key_id = create_resp['KeyMetadata']['KeyId']
alias = 'alias/my-alias'
kms.create_alias(alias, key_id)
with assert_raises(AlreadyExistsException) as err:
kms.create_alias(alias, key_id)
ex = err.exception
ex.error_message.should.match(r'An alias with the name arn:aws:kms:{region}:\d{{12}}:{alias} already exists'
.format(**locals()))
ex.error_code.should.be.none
ex.box_usage.should.be.none
ex.request_id.should.be.none
ex.body['message'].should.match(r'An alias with the name arn:aws:kms:{region}:\d{{12}}:{alias} already exists'
.format(**locals()))
ex.body['__type'].should.equal('AlreadyExistsException')
ex.reason.should.equal('Bad Request')
ex.status.should.equal(400)
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
KMS: aliases
2015-07-22 11:42:26 -04:00
def test__create_alias__raises_if_alias_has_restricted_characters():
kms = boto.connect_kms()
create_resp = kms.create_key()
key_id = create_resp['KeyMetadata']['KeyId']
alias_names_with_restricted_characters = [
'alias/my-alias!',
'alias/my-alias$',
'alias/my-alias@',
]
for alias_name in alias_names_with_restricted_characters:
with assert_raises(JSONResponseError) as err:
kms.create_alias(alias_name, key_id)
ex = err.exception
ex.body['__type'].should.equal('ValidationException')
Lints.
2017-02-23 21:37:43 -05:00
ex.body['message'].should.equal(
"1 validation error detected: Value '{alias_name}' at 'aliasName' failed to satisfy constraint: Member must satisfy regular expression pattern: ^[a-zA-Z0-9:/_-]+$".format(**locals()))
KMS: aliases
2015-07-22 11:42:26 -04:00
ex.error_code.should.equal('ValidationException')
Lints.
2017-02-23 21:37:43 -05:00
ex.message.should.equal(
"1 validation error detected: Value '{alias_name}' at 'aliasName' failed to satisfy constraint: Member must satisfy regular expression pattern: ^[a-zA-Z0-9:/_-]+$".format(**locals()))
KMS: aliases
2015-07-22 11:42:26 -04:00
ex.reason.should.equal('Bad Request')
ex.status.should.equal(400)
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
KMS: aliases
2015-07-22 11:42:26 -04:00
def test__create_alias__raises_if_alias_has_colon_character():
Lints.
2017-02-23 21:37:43 -05:00
# For some reason, colons are not accepted for an alias, even though they
# are accepted by regex ^[a-zA-Z0-9:/_-]+$
KMS: aliases
2015-07-22 11:42:26 -04:00
kms = boto.connect_kms()
create_resp = kms.create_key()
key_id = create_resp['KeyMetadata']['KeyId']
alias_names_with_restricted_characters = [
'alias/my:alias',
]
for alias_name in alias_names_with_restricted_characters:
with assert_raises(JSONResponseError) as err:
kms.create_alias(alias_name, key_id)
ex = err.exception
ex.body['__type'].should.equal('ValidationException')
Lints.
2017-02-23 21:37:43 -05:00
ex.body['message'].should.equal(
"{alias_name} contains invalid characters for an alias".format(**locals()))
KMS: aliases
2015-07-22 11:42:26 -04:00
ex.error_code.should.equal('ValidationException')
Lints.
2017-02-23 21:37:43 -05:00
ex.message.should.equal(
"{alias_name} contains invalid characters for an alias".format(**locals()))
KMS: aliases
2015-07-22 11:42:26 -04:00
ex.reason.should.equal('Bad Request')
ex.status.should.equal(400)
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
KMS: aliases
2015-07-22 11:42:26 -04:00
def test__create_alias__accepted_characters():
kms = boto.connect_kms()
create_resp = kms.create_key()
key_id = create_resp['KeyMetadata']['KeyId']
alias_names_with_accepted_characters = [
'alias/my-alias_/',
'alias/my_alias-/',
]
for alias_name in alias_names_with_accepted_characters:
kms.create_alias(alias_name, key_id)
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
KMS: aliases
2015-07-22 11:42:26 -04:00
def test__create_alias__raises_if_target_key_id_is_existing_alias():
kms = boto.connect_kms()
create_resp = kms.create_key()
key_id = create_resp['KeyMetadata']['KeyId']
alias = 'alias/my-alias'
kms.create_alias(alias, key_id)
with assert_raises(JSONResponseError) as err:
kms.create_alias(alias, alias)
ex = err.exception
ex.body['__type'].should.equal('ValidationException')
ex.body['message'].should.equal('Aliases must refer to keys. Not aliases')
ex.error_code.should.equal('ValidationException')
ex.message.should.equal('Aliases must refer to keys. Not aliases')
ex.reason.should.equal('Bad Request')
ex.status.should.equal(400)
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
KMS: aliases
2015-07-22 11:42:26 -04:00
def test__delete_alias():
kms = boto.connect_kms()
create_resp = kms.create_key()
key_id = create_resp['KeyMetadata']['KeyId']
alias = 'alias/my-alias'
fix KeyError in delete_alias in the KmsBackend. (#1359) * fix KeyError in delete_alias in the KmsBackend. If there're several aliases in the backend, previously we will bump into a KeyError here. Signed-off-by: Kai Xia <xiaket@gmail.com> * add doc to make travis try one more time. Signed-off-by: Kai Xia <xiaket@gmail.com> a * add another key and alias before the deletion of an alias. This was done to make sure that we can correctly handle the deletion when there are more than one alias defined. Signed-off-by: Kai Xia <xiaket@gmail.com>
2017-11-27 21:36:25 +11:00
# added another alias here to make sure that the deletion of the alias can
# be done when there are multiple existing aliases.
another_create_resp = kms.create_key()
another_key_id = create_resp['KeyMetadata']['KeyId']
another_alias = 'alias/another-alias'
KMS: aliases
2015-07-22 11:42:26 -04:00
kms.create_alias(alias, key_id)
fix KeyError in delete_alias in the KmsBackend. (#1359) * fix KeyError in delete_alias in the KmsBackend. If there're several aliases in the backend, previously we will bump into a KeyError here. Signed-off-by: Kai Xia <xiaket@gmail.com> * add doc to make travis try one more time. Signed-off-by: Kai Xia <xiaket@gmail.com> a * add another key and alias before the deletion of an alias. This was done to make sure that we can correctly handle the deletion when there are more than one alias defined. Signed-off-by: Kai Xia <xiaket@gmail.com>
2017-11-27 21:36:25 +11:00
kms.create_alias(another_alias, another_key_id)
KMS: aliases
2015-07-22 11:42:26 -04:00
resp = kms.delete_alias(alias)
resp.should.be.none
# we can create the alias again, since it has been deleted
kms.create_alias(alias, key_id)
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
KMS: aliases
2015-07-22 11:42:26 -04:00
def test__delete_alias__raises_if_wrong_prefix():
kms = boto.connect_kms()
with assert_raises(JSONResponseError) as err:
kms.delete_alias('wrongprefix/my-alias')
ex = err.exception
ex.body['__type'].should.equal('ValidationException')
ex.body['message'].should.equal('Invalid identifier')
ex.error_code.should.equal('ValidationException')
ex.message.should.equal('Invalid identifier')
ex.reason.should.equal('Bad Request')
ex.status.should.equal(400)
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
KMS: aliases
2015-07-22 11:42:26 -04:00
def test__delete_alias__raises_if_alias_is_not_found():
region = 'us-west-2'
kms = boto.kms.connect_to_region(region)
alias_name = 'alias/unexisting-alias'
with assert_raises(NotFoundException) as err:
kms.delete_alias(alias_name)
ex = err.exception
ex.body['__type'].should.equal('NotFoundException')
Lints.
2017-02-23 21:37:43 -05:00
ex.body['message'].should.match(
r'Alias arn:aws:kms:{region}:\d{{12}}:{alias_name} is not found.'.format(**locals()))
KMS: aliases
2015-07-22 11:42:26 -04:00
ex.box_usage.should.be.none
ex.error_code.should.be.none
Lints.
2017-02-23 21:37:43 -05:00
ex.message.should.match(
r'Alias arn:aws:kms:{region}:\d{{12}}:{alias_name} is not found.'.format(**locals()))
KMS: aliases
2015-07-22 11:42:26 -04:00
ex.reason.should.equal('Bad Request')
ex.request_id.should.be.none
ex.status.should.equal(400)
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
KMS: aliases
2015-07-22 11:42:26 -04:00
def test__list_aliases():
region = "eu-west-1"
kms = boto.kms.connect_to_region(region)
create_resp = kms.create_key()
key_id = create_resp['KeyMetadata']['KeyId']
kms.create_alias('alias/my-alias1', key_id)
kms.create_alias('alias/my-alias2', key_id)
kms.create_alias('alias/my-alias3', key_id)
resp = kms.list_aliases()
resp['Truncated'].should.be.false
aliases = resp['Aliases']
def has_correct_arn(alias_obj):
alias_name = alias_obj['AliasName']
alias_arn = alias_obj['AliasArn']
return re.match(r'arn:aws:kms:{region}:\d{{12}}:{alias_name}'.format(region=region, alias_name=alias_name),
alias_arn)
len([alias for alias in aliases if
has_correct_arn(alias) and 'alias/aws/ebs' == alias['AliasName']]).should.equal(1)
len([alias for alias in aliases if
has_correct_arn(alias) and 'alias/aws/rds' == alias['AliasName']]).should.equal(1)
len([alias for alias in aliases if
has_correct_arn(alias) and 'alias/aws/redshift' == alias['AliasName']]).should.equal(1)
len([alias for alias in aliases if
has_correct_arn(alias) and 'alias/aws/s3' == alias['AliasName']]).should.equal(1)
len([alias for alias in aliases if
has_correct_arn(alias) and 'alias/my-alias1' == alias['AliasName']]).should.equal(1)
len([alias for alias in aliases if
has_correct_arn(alias) and 'alias/my-alias2' == alias['AliasName']]).should.equal(1)
Lints.
2017-02-23 21:37:43 -05:00
len([alias for alias in aliases if 'TargetKeyId' in alias and key_id ==
alias['TargetKeyId']]).should.equal(3)
KMS: aliases
2015-07-22 11:42:26 -04:00
len(aliases).should.equal(7)
Add support for KMS key rotation operations This adds support for the following KMS endpoints: * EnableKeyRotation * DisableKeyRotation * GetKeyRotationStatus Signed-off-by: Jesse Szwedko <jesse.szwedko@getbraintree.com>
2015-11-24 23:44:55 +00:00
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
Add support for KMS key rotation operations This adds support for the following KMS endpoints: * EnableKeyRotation * DisableKeyRotation * GetKeyRotationStatus Signed-off-by: Jesse Szwedko <jesse.szwedko@getbraintree.com>
2015-11-24 23:44:55 +00:00
def test__assert_valid_key_id():
from moto.kms.responses import _assert_valid_key_id
import uuid
Lints.
2017-02-23 21:37:43 -05:00
_assert_valid_key_id.when.called_with(
KMS generate_data_key (#2071) * Added KMS.generate_data_key and KMS.generate_date_key_without_plaintext Increase test coverage to cover Key not found * Added test for kms.put_key_policy key not found
2019-04-26 20:52:24 +01:00
"not-a-key").should.throw(MotoNotFoundException)
Lints.
2017-02-23 21:37:43 -05:00
_assert_valid_key_id.when.called_with(
KMS generate_data_key (#2071) * Added KMS.generate_data_key and KMS.generate_date_key_without_plaintext Increase test coverage to cover Key not found * Added test for kms.put_key_policy key not found
2019-04-26 20:52:24 +01:00
str(uuid.uuid4())).should_not.throw(MotoNotFoundException)
Add KMS policy actions Adds the following to the KMS service * PutKeyPolicy * GetKeyPolicy * ListKeyPolicies Signed-off-by: Jesse Szwedko <jesse.szwedko@getbraintree.com>
2015-11-25 19:50:55 +00:00
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_kms_deprecated
Add KMS policy actions Adds the following to the KMS service * PutKeyPolicy * GetKeyPolicy * ListKeyPolicies Signed-off-by: Jesse Szwedko <jesse.szwedko@getbraintree.com>
2015-11-25 19:50:55 +00:00
def test__assert_default_policy():
from moto.kms.responses import _assert_default_policy
Lints.
2017-02-23 21:37:43 -05:00
_assert_default_policy.when.called_with(
KMS generate_data_key (#2071) * Added KMS.generate_data_key and KMS.generate_date_key_without_plaintext Increase test coverage to cover Key not found * Added test for kms.put_key_policy key not found
2019-04-26 20:52:24 +01:00
"not-default").should.throw(MotoNotFoundException)
Lints.
2017-02-23 21:37:43 -05:00
_assert_default_policy.when.called_with(
KMS generate_data_key (#2071) * Added KMS.generate_data_key and KMS.generate_date_key_without_plaintext Increase test coverage to cover Key not found * Added test for kms.put_key_policy key not found
2019-04-26 20:52:24 +01:00
"default").should_not.throw(MotoNotFoundException)
Add kms boto3 test.
2017-03-14 23:42:47 -04:00
@mock_kms
def test_kms_encrypt_boto3():
client = boto3.client('kms', region_name='us-east-1')
response = client.encrypt(KeyId='foo', Plaintext=b'bar')
response = client.decrypt(CiphertextBlob=response['CiphertextBlob'])
response['Plaintext'].should.equal(b'bar')
add disable_key, enable_key, cancel_key_deletion, and schedule_key_deletion actions to KMS endpoint
2018-10-05 15:55:47 -05:00
@mock_kms
def test_disable_key():
need region for kms client
2018-10-05 22:17:48 -05:00
client = boto3.client('kms', region_name='us-east-1')
fix invalid variables used in kms testing
2018-10-05 21:56:32 -05:00
key = client.create_key(Description='disable-key')
add disable_key, enable_key, cancel_key_deletion, and schedule_key_deletion actions to KMS endpoint
2018-10-05 15:55:47 -05:00
client.disable_key(
KeyId=key['KeyMetadata']['KeyId']
)
missed some KeyMetadata and need to transform datetime for testing
2018-10-05 23:48:19 -05:00
result = client.describe_key(KeyId=key['KeyMetadata']['KeyId'])
add disable_key, enable_key, cancel_key_deletion, and schedule_key_deletion actions to KMS endpoint
2018-10-05 15:55:47 -05:00
assert result["KeyMetadata"]["Enabled"] == False
assert result["KeyMetadata"]["KeyState"] == 'Disabled'
@mock_kms
def test_enable_key():
need region for kms client
2018-10-05 22:17:48 -05:00
client = boto3.client('kms', region_name='us-east-1')
fix invalid variables used in kms testing
2018-10-05 21:56:32 -05:00
key = client.create_key(Description='enable-key')
add disable_key, enable_key, cancel_key_deletion, and schedule_key_deletion actions to KMS endpoint
2018-10-05 15:55:47 -05:00
client.disable_key(
KeyId=key['KeyMetadata']['KeyId']
)
client.enable_key(
KeyId=key['KeyMetadata']['KeyId']
)
missed some KeyMetadata and need to transform datetime for testing
2018-10-05 23:48:19 -05:00
result = client.describe_key(KeyId=key['KeyMetadata']['KeyId'])
add disable_key, enable_key, cancel_key_deletion, and schedule_key_deletion actions to KMS endpoint
2018-10-05 15:55:47 -05:00
assert result["KeyMetadata"]["Enabled"] == True
assert result["KeyMetadata"]["KeyState"] == 'Enabled'
@mock_kms
def test_schedule_key_deletion():
need region for kms client
2018-10-05 22:17:48 -05:00
client = boto3.client('kms', region_name='us-east-1')
fix invalid variables used in kms testing
2018-10-05 21:56:32 -05:00
key = client.create_key(Description='schedule-key-deletion')
cant manipulate time in server mode tests
2018-10-08 08:29:21 -05:00
if os.environ.get('TEST_SERVER_MODE', 'false').lower() == 'false':
with freeze_time("2015-01-01 12:00:00"):
response = client.schedule_key_deletion(
KeyId=key['KeyMetadata']['KeyId']
)
assert response['KeyId'] == key['KeyMetadata']['KeyId']
Fixing broken tests #2126 - KMS - S3 - CloudFormation (Thanks kgutwin!)
2019-03-25 13:19:01 -07:00
assert response['DeletionDate'] == datetime(2015, 1, 31, 12, 0, tzinfo=tzutc())
cant manipulate time in server mode tests
2018-10-08 08:29:21 -05:00
else:
# Can't manipulate time in server mode
add freezegun and test DeletionDate for chedule_key_deletion
2018-10-05 16:21:16 -05:00
response = client.schedule_key_deletion(
KeyId=key['KeyMetadata']['KeyId']
)
use initial KeyMetadata for identifying keys in KMS tests
2018-10-05 23:35:34 -05:00
assert response['KeyId'] == key['KeyMetadata']['KeyId']
add disable_key, enable_key, cancel_key_deletion, and schedule_key_deletion actions to KMS endpoint
2018-10-05 15:55:47 -05:00
use initial KeyMetadata for identifying keys in KMS tests
2018-10-05 23:35:34 -05:00
result = client.describe_key(KeyId=key['KeyMetadata']['KeyId'])
add disable_key, enable_key, cancel_key_deletion, and schedule_key_deletion actions to KMS endpoint
2018-10-05 15:55:47 -05:00
assert result["KeyMetadata"]["Enabled"] == False
assert result["KeyMetadata"]["KeyState"] == 'PendingDeletion'
assert 'DeletionDate' in result["KeyMetadata"]
@mock_kms
def test_schedule_key_deletion_custom():
need region for kms client
2018-10-05 22:17:48 -05:00
client = boto3.client('kms', region_name='us-east-1')
fix invalid variables used in kms testing
2018-10-05 21:56:32 -05:00
key = client.create_key(Description='schedule-key-deletion')
cant manipulate time in server mode tests
2018-10-08 08:29:21 -05:00
if os.environ.get('TEST_SERVER_MODE', 'false').lower() == 'false':
with freeze_time("2015-01-01 12:00:00"):
response = client.schedule_key_deletion(
KeyId=key['KeyMetadata']['KeyId'],
PendingWindowInDays=7
)
assert response['KeyId'] == key['KeyMetadata']['KeyId']
Fixing broken tests #2126 - KMS - S3 - CloudFormation (Thanks kgutwin!)
2019-03-25 13:19:01 -07:00
assert response['DeletionDate'] == datetime(2015, 1, 8, 12, 0, tzinfo=tzutc())
cant manipulate time in server mode tests
2018-10-08 08:29:21 -05:00
else:
# Can't manipulate time in server mode
add freezegun and test DeletionDate for chedule_key_deletion
2018-10-05 16:21:16 -05:00
response = client.schedule_key_deletion(
KeyId=key['KeyMetadata']['KeyId'],
PendingWindowInDays=7
)
use initial KeyMetadata for identifying keys in KMS tests
2018-10-05 23:35:34 -05:00
assert response['KeyId'] == key['KeyMetadata']['KeyId']
add disable_key, enable_key, cancel_key_deletion, and schedule_key_deletion actions to KMS endpoint
2018-10-05 15:55:47 -05:00
use initial KeyMetadata for identifying keys in KMS tests
2018-10-05 23:35:34 -05:00
result = client.describe_key(KeyId=key['KeyMetadata']['KeyId'])
add disable_key, enable_key, cancel_key_deletion, and schedule_key_deletion actions to KMS endpoint
2018-10-05 15:55:47 -05:00
assert result["KeyMetadata"]["Enabled"] == False
assert result["KeyMetadata"]["KeyState"] == 'PendingDeletion'
assert 'DeletionDate' in result["KeyMetadata"]
@mock_kms
def test_cancel_key_deletion():
need region for kms client
2018-10-05 22:17:48 -05:00
client = boto3.client('kms', region_name='us-east-1')
fix invalid variables used in kms testing
2018-10-05 21:56:32 -05:00
key = client.create_key(Description='cancel-key-deletion')
add disable_key, enable_key, cancel_key_deletion, and schedule_key_deletion actions to KMS endpoint
2018-10-05 15:55:47 -05:00
client.schedule_key_deletion(
KeyId=key['KeyMetadata']['KeyId']
)
response = client.cancel_key_deletion(
KeyId=key['KeyMetadata']['KeyId']
)
use initial KeyMetadata for identifying keys in KMS tests
2018-10-05 23:35:34 -05:00
assert response['KeyId'] == key['KeyMetadata']['KeyId']
add disable_key, enable_key, cancel_key_deletion, and schedule_key_deletion actions to KMS endpoint
2018-10-05 15:55:47 -05:00
use initial KeyMetadata for identifying keys in KMS tests
2018-10-05 23:35:34 -05:00
result = client.describe_key(KeyId=key['KeyMetadata']['KeyId'])
add disable_key, enable_key, cancel_key_deletion, and schedule_key_deletion actions to KMS endpoint
2018-10-05 15:55:47 -05:00
assert result["KeyMetadata"]["Enabled"] == False
assert result["KeyMetadata"]["KeyState"] == 'Disabled'
assert 'DeletionDate' not in result["KeyMetadata"]
Update kms and lambda to work with terraform
2019-02-16 09:27:23 -06:00
@mock_kms
def test_update_key_description():
client = boto3.client('kms', region_name='us-east-1')
key = client.create_key(Description='old_description')
key_id = key['KeyMetadata']['KeyId']
result = client.update_key_description(KeyId=key_id, Description='new_description')
assert 'ResponseMetadata' in result
@mock_kms
def test_tag_resource():
client = boto3.client('kms', region_name='us-east-1')
key = client.create_key(Description='cancel-key-deletion')
response = client.schedule_key_deletion(
KeyId=key['KeyMetadata']['KeyId']
)
keyid = response['KeyId']
response = client.tag_resource(
KeyId=keyid,
Tags=[
{
'TagKey': 'string',
'TagValue': 'string'
},
]
)
# Shouldn't have any data, just header
assert len(response.keys()) == 1
@mock_kms
def test_list_resource_tags():
client = boto3.client('kms', region_name='us-east-1')
key = client.create_key(Description='cancel-key-deletion')
response = client.schedule_key_deletion(
KeyId=key['KeyMetadata']['KeyId']
)
keyid = response['KeyId']
response = client.tag_resource(
KeyId=keyid,
Tags=[
{
'TagKey': 'string',
'TagValue': 'string'
},
]
)
response = client.list_resource_tags(KeyId=keyid)
assert response['Tags'][0]['TagKey'] == 'string'
assert response['Tags'][0]['TagValue'] == 'string'
KMS generate_data_key (#2071) * Added KMS.generate_data_key and KMS.generate_date_key_without_plaintext Increase test coverage to cover Key not found * Added test for kms.put_key_policy key not found
2019-04-26 20:52:24 +01:00
@mock_kms
def test_generate_data_key_sizes():
client = boto3.client('kms', region_name='us-east-1')
key = client.create_key(Description='generate-data-key-size')
resp1 = client.generate_data_key(
KeyId=key['KeyMetadata']['KeyId'],
KeySpec='AES_256'
)
resp2 = client.generate_data_key(
KeyId=key['KeyMetadata']['KeyId'],
KeySpec='AES_128'
)
resp3 = client.generate_data_key(
KeyId=key['KeyMetadata']['KeyId'],
NumberOfBytes=64
)
assert len(resp1['Plaintext']) == 32
assert len(resp2['Plaintext']) == 16
assert len(resp3['Plaintext']) == 64
@mock_kms
def test_generate_data_key_decrypt():
client = boto3.client('kms', region_name='us-east-1')
key = client.create_key(Description='generate-data-key-decrypt')
resp1 = client.generate_data_key(
KeyId=key['KeyMetadata']['KeyId'],
KeySpec='AES_256'
)
resp2 = client.decrypt(
CiphertextBlob=resp1['CiphertextBlob']
)
assert resp1['Plaintext'] == resp2['Plaintext']
@mock_kms
def test_generate_data_key_invalid_size_params():
client = boto3.client('kms', region_name='us-east-1')
key = client.create_key(Description='generate-data-key-size')
with assert_raises(botocore.exceptions.ClientError) as err:
client.generate_data_key(
KeyId=key['KeyMetadata']['KeyId'],
KeySpec='AES_257'
)
with assert_raises(botocore.exceptions.ClientError) as err:
client.generate_data_key(
KeyId=key['KeyMetadata']['KeyId'],
KeySpec='AES_128',
NumberOfBytes=16
)
with assert_raises(botocore.exceptions.ClientError) as err:
client.generate_data_key(
KeyId=key['KeyMetadata']['KeyId'],
NumberOfBytes=2048
)
with assert_raises(botocore.exceptions.ClientError) as err:
client.generate_data_key(
KeyId=key['KeyMetadata']['KeyId']
)
@mock_kms
def test_generate_data_key_invalid_key():
client = boto3.client('kms', region_name='us-east-1')
key = client.create_key(Description='generate-data-key-size')
with assert_raises(client.exceptions.NotFoundException):
client.generate_data_key(
KeyId='alias/randomnonexistantkey',
KeySpec='AES_256'
)
with assert_raises(client.exceptions.NotFoundException):
client.generate_data_key(
KeyId=key['KeyMetadata']['KeyId'] + '4',
KeySpec='AES_256'
)
@mock_kms
def test_generate_data_key_without_plaintext_decrypt():
client = boto3.client('kms', region_name='us-east-1')
key = client.create_key(Description='generate-data-key-decrypt')
resp1 = client.generate_data_key_without_plaintext(
KeyId=key['KeyMetadata']['KeyId'],
KeySpec='AES_256'
)
assert 'Plaintext' not in resp1
@mock_kms
def test_enable_key_rotation_key_not_found():
client = boto3.client('kms', region_name='us-east-1')
with assert_raises(client.exceptions.NotFoundException):
client.enable_key_rotation(
KeyId='12366f9b-1230-123d-123e-123e6ae60c02'
)
@mock_kms
def test_disable_key_rotation_key_not_found():
client = boto3.client('kms', region_name='us-east-1')
with assert_raises(client.exceptions.NotFoundException):
client.disable_key_rotation(
KeyId='12366f9b-1230-123d-123e-123e6ae60c02'
)
@mock_kms
def test_enable_key_key_not_found():
client = boto3.client('kms', region_name='us-east-1')
with assert_raises(client.exceptions.NotFoundException):
client.enable_key(
KeyId='12366f9b-1230-123d-123e-123e6ae60c02'
)
@mock_kms
def test_disable_key_key_not_found():
client = boto3.client('kms', region_name='us-east-1')
with assert_raises(client.exceptions.NotFoundException):
client.disable_key(
KeyId='12366f9b-1230-123d-123e-123e6ae60c02'
)
@mock_kms
def test_cancel_key_deletion_key_not_found():
client = boto3.client('kms', region_name='us-east-1')
with assert_raises(client.exceptions.NotFoundException):
client.cancel_key_deletion(
KeyId='12366f9b-1230-123d-123e-123e6ae60c02'
)
@mock_kms
def test_schedule_key_deletion_key_not_found():
client = boto3.client('kms', region_name='us-east-1')
with assert_raises(client.exceptions.NotFoundException):
client.schedule_key_deletion(
KeyId='12366f9b-1230-123d-123e-123e6ae60c02'
)
@mock_kms
def test_get_key_rotation_status_key_not_found():
client = boto3.client('kms', region_name='us-east-1')
with assert_raises(client.exceptions.NotFoundException):
client.get_key_rotation_status(
KeyId='12366f9b-1230-123d-123e-123e6ae60c02'
)
@mock_kms
def test_get_key_policy_key_not_found():
client = boto3.client('kms', region_name='us-east-1')
with assert_raises(client.exceptions.NotFoundException):
client.get_key_policy(
KeyId='12366f9b-1230-123d-123e-123e6ae60c02',
PolicyName='default'
)
@mock_kms
def test_list_key_policies_key_not_found():
client = boto3.client('kms', region_name='us-east-1')
with assert_raises(client.exceptions.NotFoundException):
client.list_key_policies(
KeyId='12366f9b-1230-123d-123e-123e6ae60c02'
)
@mock_kms
def test_put_key_policy_key_not_found():
client = boto3.client('kms', region_name='us-east-1')
with assert_raises(client.exceptions.NotFoundException):
client.put_key_policy(
KeyId='00000000-0000-0000-0000-000000000000',
PolicyName='default',
Policy='new policy'
)
Reference in New Issue Copy Permalink