From 267509413e8f9f5e3db0c878385d4de59ef85bb1 Mon Sep 17 00:00:00 2001
From: Joseph Eichenhofer <jeichenhofer@users.noreply.github.com>
Date: Mon, 27 Feb 2023 07:43:43 -0800
Subject: [PATCH] KMS - implement KeyId parameter for ListAliases (#5991)

---
 moto/kms/models.py               |  3 ++-
 moto/kms/responses.py            | 11 ++++++++-
 tests/test_kms/test_kms_boto3.py | 39 ++++++++++++++++++++++++++++++++
 3 files changed, 51 insertions(+), 2 deletions(-)

diff --git a/moto/kms/models.py b/moto/kms/models.py
index 917407699..0ce417126 100644
--- a/moto/kms/models.py
+++ b/moto/kms/models.py
@@ -374,7 +374,8 @@ class KmsBackend(BaseBackend):
         return False
 
     def add_alias(self, target_key_id, alias_name):
-        self.key_to_aliases[target_key_id].add(alias_name)
+        raw_key_id = self.get_key_id(target_key_id)
+        self.key_to_aliases[raw_key_id].add(alias_name)
 
     def delete_alias(self, alias_name):
         """Delete the alias."""
diff --git a/moto/kms/responses.py b/moto/kms/responses.py
index 8e3d595eb..b02c5cb27 100644
--- a/moto/kms/responses.py
+++ b/moto/kms/responses.py
@@ -239,7 +239,6 @@ class KmsResponse(BaseResponse):
             )
 
         self._validate_cmk_id(target_key_id)
-
         self.kms_backend.add_alias(target_key_id, alias_name)
 
         return json.dumps(None)
@@ -260,6 +259,11 @@ class KmsResponse(BaseResponse):
     def list_aliases(self):
         """https://docs.aws.amazon.com/kms/latest/APIReference/API_ListAliases.html"""
         region = self.region
+        key_id = self.parameters.get("KeyId")
+        if key_id is not None:
+            self._validate_key_id(key_id)
+            key_id = self.kms_backend.get_key_id(key_id)
+
         response_aliases = []
 
         backend_aliases = self.kms_backend.get_all_aliases()
@@ -287,6 +291,11 @@ class KmsResponse(BaseResponse):
                     }
                 )
 
+        if key_id is not None:
+            response_aliases = list(
+                filter(lambda alias: alias["TargetKeyId"] == key_id, response_aliases)
+            )
+
         return json.dumps({"Truncated": False, "Aliases": response_aliases})
 
     def create_grant(self):
diff --git a/tests/test_kms/test_kms_boto3.py b/tests/test_kms/test_kms_boto3.py
index f82d56309..d04cdc919 100644
--- a/tests/test_kms/test_kms_boto3.py
+++ b/tests/test_kms/test_kms_boto3.py
@@ -281,6 +281,45 @@ def test_list_aliases():
         )
 
 
+@mock_kms
+def test_list_aliases_for_key_id():
+    region = "us-west-1"
+    client = boto3.client("kms", region_name=region)
+
+    my_alias = "alias/my-alias"
+    alias_arn = f"arn:aws:kms:{region}:{ACCOUNT_ID}:{my_alias}"
+    key_id = create_simple_key(client, description="my key")
+    client.create_alias(AliasName=my_alias, TargetKeyId=key_id)
+
+    aliases = client.list_aliases(KeyId=key_id)["Aliases"]
+    aliases.should.have.length_of(1)
+    aliases.should.contain(
+        {"AliasName": my_alias, "AliasArn": alias_arn, "TargetKeyId": key_id}
+    )
+
+
+@mock_kms
+def test_list_aliases_for_key_arn():
+    region = "us-west-1"
+    client = boto3.client("kms", region_name=region)
+    key = client.create_key()
+    key_id = key["KeyMetadata"]["KeyId"]
+    key_arn = key["KeyMetadata"]["Arn"]
+
+    id_alias = "alias/my-alias-1"
+    client.create_alias(AliasName=id_alias, TargetKeyId=key_id)
+    arn_alias = "alias/my-alias-2"
+    client.create_alias(AliasName=arn_alias, TargetKeyId=key_arn)
+
+    aliases = client.list_aliases(KeyId=key_arn)["Aliases"]
+    aliases.should.have.length_of(2)
+    for alias in [id_alias, arn_alias]:
+        alias_arn = f"arn:aws:kms:{region}:{ACCOUNT_ID}:{alias}"
+        aliases.should.contain(
+            {"AliasName": alias, "AliasArn": alias_arn, "TargetKeyId": key_id}
+        )
+
+
 @pytest.mark.parametrize(
     "key_id",
     [