Add support for KMS update-alias (#4143)

moto/kms/responses.py

@@ -188,6 +188,13 @@ class KmsResponse(BaseResponse):
 
     def create_alias(self):
         """https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateAlias.html"""
+        return self._set_alias()
+
+    def update_alias(self):
+        """https://docs.aws.amazon.com/kms/latest/APIReference/API_UpdateAlias.html"""
+        return self._set_alias(update=True)
+
+    def _set_alias(self, update=False):
         alias_name = self.parameters["AliasName"]
         target_key_id = self.parameters["TargetKeyId"]
 
@@ -214,6 +221,10 @@ class KmsResponse(BaseResponse):
         if self.kms_backend.alias_exists(target_key_id):
             raise ValidationException("Aliases must refer to keys. Not aliases")
 
+        if update:
+            # delete any existing aliases with that name (should be a no-op if none exist)
+            self.kms_backend.delete_alias(alias_name)
+
         if self.kms_backend.alias_exists(alias_name):
             raise AlreadyExistsException(
                 "An alias with the name arn:aws:kms:{region}:012345678912:{alias_name} "
@@ -321,7 +332,8 @@ class KmsResponse(BaseResponse):
 
         self._validate_cmk_id(key_id)
 
-        return json.dumps({"Policy": self.kms_backend.get_key_policy(key_id)})
+        policy = self.kms_backend.get_key_policy(key_id) or "{}"
+        return json.dumps({"Policy": policy})
 
     def list_key_policies(self):
         """https://docs.aws.amazon.com/kms/latest/APIReference/API_ListKeyPolicies.html"""

tests/terraform-tests.success.txt

@@ -56,6 +56,7 @@ TestAccAWSIAMGroupPolicyAttachment
 TestAccAWSIAMRole
 TestAccAWSIAMUserPolicy
 TestAccAWSIPRanges
+TestAccAWSKmsAlias
 TestAccAWSKmsSecretDataSource
 TestAccAWSPartition
 TestAccAWSProvider