Add support for KMS update-alias (#4143)

2021-08-07 09:07:40 +02:00 · 2021-08-07 09:07:40 +02:00 · 35d0ddef24
commit 35d0ddef24
parent 76094f012b
2 changed files with 14 additions and 1 deletions
--- a/moto/kms/responses.py
+++ b/moto/kms/responses.py
@ -188,6 +188,13 @@ class KmsResponse(BaseResponse):

    def create_alias(self):
        """https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateAlias.html"""
+        return self._set_alias()
+
+    def update_alias(self):
+        """https://docs.aws.amazon.com/kms/latest/APIReference/API_UpdateAlias.html"""
+        return self._set_alias(update=True)
+
+    def _set_alias(self, update=False):
        alias_name = self.parameters["AliasName"]
        target_key_id = self.parameters["TargetKeyId"]

@ -214,6 +221,10 @@ class KmsResponse(BaseResponse):
        if self.kms_backend.alias_exists(target_key_id):
            raise ValidationException("Aliases must refer to keys. Not aliases")

+        if update:
+            # delete any existing aliases with that name (should be a no-op if none exist)
+            self.kms_backend.delete_alias(alias_name)
+
        if self.kms_backend.alias_exists(alias_name):
            raise AlreadyExistsException(
                "An alias with the name arn:aws:kms:{region}:012345678912:{alias_name} "
@ -321,7 +332,8 @@ class KmsResponse(BaseResponse):

        self._validate_cmk_id(key_id)

-        return json.dumps({"Policy": self.kms_backend.get_key_policy(key_id)})
+        policy = self.kms_backend.get_key_policy(key_id) or "{}"
+        return json.dumps({"Policy": policy})

    def list_key_policies(self):
        """https://docs.aws.amazon.com/kms/latest/APIReference/API_ListKeyPolicies.html"""
--- a/tests/terraform-tests.success.txt
+++ b/tests/terraform-tests.success.txt
@ -56,6 +56,7 @@ TestAccAWSIAMGroupPolicyAttachment
 TestAccAWSIAMRole
 TestAccAWSIAMUserPolicy
 TestAccAWSIPRanges
+TestAccAWSKmsAlias
 TestAccAWSKmsSecretDataSource
 TestAccAWSPartition
 TestAccAWSProvider