KMS - implement KeyId parameter for ListAliases (#5991)

2023-02-27 07:43:43 -08:00 · 2023-02-27 07:43:43 -08:00 · 267509413e
commit 267509413e
parent fd66843cf7
3 changed files with 51 additions and 2 deletions
--- a/moto/kms/models.py
+++ b/moto/kms/models.py
@ -374,7 +374,8 @@ class KmsBackend(BaseBackend):
        return False

    def add_alias(self, target_key_id, alias_name):
-        self.key_to_aliases[target_key_id].add(alias_name)
+        raw_key_id = self.get_key_id(target_key_id)
+        self.key_to_aliases[raw_key_id].add(alias_name)

    def delete_alias(self, alias_name):
        """Delete the alias."""
--- a/moto/kms/responses.py
+++ b/moto/kms/responses.py
@ -239,7 +239,6 @@ class KmsResponse(BaseResponse):
            )

        self._validate_cmk_id(target_key_id)
-
        self.kms_backend.add_alias(target_key_id, alias_name)

        return json.dumps(None)
@ -260,6 +259,11 @@ class KmsResponse(BaseResponse):
    def list_aliases(self):
        """https://docs.aws.amazon.com/kms/latest/APIReference/API_ListAliases.html"""
        region = self.region
+        key_id = self.parameters.get("KeyId")
+        if key_id is not None:
+            self._validate_key_id(key_id)
+            key_id = self.kms_backend.get_key_id(key_id)
+
        response_aliases = []

        backend_aliases = self.kms_backend.get_all_aliases()
@ -287,6 +291,11 @@ class KmsResponse(BaseResponse):
                    }
                )

+        if key_id is not None:
+            response_aliases = list(
+                filter(lambda alias: alias["TargetKeyId"] == key_id, response_aliases)
+            )
+
        return json.dumps({"Truncated": False, "Aliases": response_aliases})

    def create_grant(self):
--- a/tests/test_kms/test_kms_boto3.py
+++ b/tests/test_kms/test_kms_boto3.py
@ -281,6 +281,45 @@ def test_list_aliases():
        )


+@mock_kms
+def test_list_aliases_for_key_id():
+    region = "us-west-1"
+    client = boto3.client("kms", region_name=region)
+
+    my_alias = "alias/my-alias"
+    alias_arn = f"arn:aws:kms:{region}:{ACCOUNT_ID}:{my_alias}"
+    key_id = create_simple_key(client, description="my key")
+    client.create_alias(AliasName=my_alias, TargetKeyId=key_id)
+
+    aliases = client.list_aliases(KeyId=key_id)["Aliases"]
+    aliases.should.have.length_of(1)
+    aliases.should.contain(
+        {"AliasName": my_alias, "AliasArn": alias_arn, "TargetKeyId": key_id}
+    )
+
+
+@mock_kms
+def test_list_aliases_for_key_arn():
+    region = "us-west-1"
+    client = boto3.client("kms", region_name=region)
+    key = client.create_key()
+    key_id = key["KeyMetadata"]["KeyId"]
+    key_arn = key["KeyMetadata"]["Arn"]
+
+    id_alias = "alias/my-alias-1"
+    client.create_alias(AliasName=id_alias, TargetKeyId=key_id)
+    arn_alias = "alias/my-alias-2"
+    client.create_alias(AliasName=arn_alias, TargetKeyId=key_arn)
+
+    aliases = client.list_aliases(KeyId=key_arn)["Aliases"]
+    aliases.should.have.length_of(2)
+    for alias in [id_alias, arn_alias]:
+        alias_arn = f"arn:aws:kms:{region}:{ACCOUNT_ID}:{alias}"
+        aliases.should.contain(
+            {"AliasName": alias, "AliasArn": alias_arn, "TargetKeyId": key_id}
+        )
+
+
@pytest.mark.parametrize(
    "key_id",
    [