Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Techdebt: KMS: Mock RSA calls in some tests (#5782)

Browse Source
This commit is contained in:
Bert Blommers 2022-12-17 20:35:07 -01:00 committed by GitHub
parent f67abbe1f3
commit 42d8216623
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 78 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
tests/test_kms/test_kms_boto3.py
View File

@ -1,6 +1,8 @@
import json import json
from datetime import datetime from datetime import datetime
from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import rsa
from unittest import mock
from dateutil.tz import tzutc from dateutil.tz import tzutc
import base64 import base64
import os import os
@ -167,7 +169,10 @@ def test_replicate_key():
with pytest.raises(to_region_client.exceptions.NotFoundException): with pytest.raises(to_region_client.exceptions.NotFoundException):
to_region_client.describe_key(KeyId=key_id) to_region_client.describe_key(KeyId=key_id)
from_region_client.replicate_key(KeyId=key_id, ReplicaRegion=region_to_replicate_to) with mock.patch.object(rsa, "generate_private_key", return_value=""):
from_region_client.replicate_key(
KeyId=key_id, ReplicaRegion=region_to_replicate_to
)
to_region_client.describe_key(KeyId=key_id) to_region_client.describe_key(KeyId=key_id)
from_region_client.describe_key(KeyId=key_id) from_region_client.describe_key(KeyId=key_id)
@ -212,7 +217,7 @@ def test_describe_key(id_or_arn):
def test_get_key_policy_default(): def test_get_key_policy_default():
# given # given
client = boto3.client("kms", region_name="us-east-1") client = boto3.client("kms", region_name="us-east-1")
key_id = client.create_key()["KeyMetadata"]["KeyId"] key_id = create_simple_key(client)
# when # when
policy = client.get_key_policy(KeyId=key_id, PolicyName="default")["Policy"] policy = client.get_key_policy(KeyId=key_id, PolicyName="default")["Policy"]
@ -238,8 +243,7 @@ def test_get_key_policy_default():
@mock_kms @mock_kms
def test_describe_key_via_alias(): def test_describe_key_via_alias():
client = boto3.client("kms", region_name="us-east-1") client = boto3.client("kms", region_name="us-east-1")
response = client.create_key(Description="my key") key_id = create_simple_key(client, description="my key")
key_id = response["KeyMetadata"]["KeyId"]
client.create_alias(AliasName="alias/my-alias", TargetKeyId=key_id) client.create_alias(AliasName="alias/my-alias", TargetKeyId=key_id)
@ -250,8 +254,7 @@ def test_describe_key_via_alias():
@mock_kms @mock_kms
def test__create_alias__can_create_multiple_aliases_for_same_key_id(): def test__create_alias__can_create_multiple_aliases_for_same_key_id():
client = boto3.client("kms", region_name="us-east-1") client = boto3.client("kms", region_name="us-east-1")
response = client.create_key(Description="my key") key_id = create_simple_key(client)
key_id = response["KeyMetadata"]["KeyId"]
alias_names = ["alias/al1", "alias/al2", "alias/al3"] alias_names = ["alias/al1", "alias/al2", "alias/al3"]
for name in alias_names: for name in alias_names:
@ -270,7 +273,7 @@ def test__create_alias__can_create_multiple_aliases_for_same_key_id():
def test_list_aliases(): def test_list_aliases():
region = "us-west-1" region = "us-west-1"
client = boto3.client("kms", region_name=region) client = boto3.client("kms", region_name=region)
client.create_key(Description="my key") create_simple_key(client)
aliases = client.list_aliases()["Aliases"] aliases = client.list_aliases()["Aliases"]
aliases.should.have.length_of(14) aliases.should.have.length_of(14)
@ -292,7 +295,6 @@ def test_list_aliases():
@mock_kms @mock_kms
def test_describe_key_via_alias_invalid_alias(key_id): def test_describe_key_via_alias_invalid_alias(key_id):
client = boto3.client("kms", region_name="us-east-1") client = boto3.client("kms", region_name="us-east-1")
client.create_key(Description="key")
with pytest.raises(client.exceptions.NotFoundException): with pytest.raises(client.exceptions.NotFoundException):
client.describe_key(KeyId=key_id) client.describe_key(KeyId=key_id)
@ -301,8 +303,9 @@ def test_describe_key_via_alias_invalid_alias(key_id):
@mock_kms @mock_kms
def test_list_keys(): def test_list_keys():
client = boto3.client("kms", region_name="us-east-1") client = boto3.client("kms", region_name="us-east-1")
k1 = client.create_key(Description="key1")["KeyMetadata"] with mock.patch.object(rsa, "generate_private_key", return_value=""):
k2 = client.create_key(Description="key2")["KeyMetadata"] k1 = client.create_key(Description="key1")["KeyMetadata"]
k2 = client.create_key(Description="key2")["KeyMetadata"]
keys = client.list_keys()["Keys"] keys = client.list_keys()["Keys"]
keys.should.have.length_of(2) keys.should.have.length_of(2)
@ -314,8 +317,7 @@ def test_list_keys():
@mock_kms @mock_kms
def test_enable_key_rotation(id_or_arn): def test_enable_key_rotation(id_or_arn):
client = boto3.client("kms", region_name="us-east-1") client = boto3.client("kms", region_name="us-east-1")
key = client.create_key(Description="key1")["KeyMetadata"] key_id = create_simple_key(client, id_or_arn=id_or_arn)
key_id = key[id_or_arn]
client.get_key_rotation_status(KeyId=key_id)["KeyRotationEnabled"].should.equal( client.get_key_rotation_status(KeyId=key_id)["KeyRotationEnabled"].should.equal(
False False
@ -335,8 +337,7 @@ def test_enable_key_rotation(id_or_arn):
@mock_kms @mock_kms
def test_enable_key_rotation_with_alias_name_should_fail(): def test_enable_key_rotation_with_alias_name_should_fail():
client = boto3.client("kms", region_name="us-east-1") client = boto3.client("kms", region_name="us-east-1")
key = client.create_key(Description="my key")["KeyMetadata"] key_id = create_simple_key(client)
key_id = key["KeyId"]
client.create_alias(AliasName="alias/my-alias", TargetKeyId=key_id) client.create_alias(AliasName="alias/my-alias", TargetKeyId=key_id)
with pytest.raises(ClientError) as ex: with pytest.raises(ClientError) as ex:
@ -443,10 +444,10 @@ def test_kms_encrypt(plaintext):
@mock_kms @mock_kms
def test_disable_key(): def test_disable_key():
client = boto3.client("kms", region_name="us-east-1") client = boto3.client("kms", region_name="us-east-1")
key = client.create_key(Description="disable-key") key_id = create_simple_key(client)
client.disable_key(KeyId=key["KeyMetadata"]["KeyId"]) client.disable_key(KeyId=key_id)
result = client.describe_key(KeyId=key["KeyMetadata"]["KeyId"]) result = client.describe_key(KeyId=key_id)
assert result["KeyMetadata"]["Enabled"] is False assert result["KeyMetadata"]["Enabled"] is False
assert result["KeyMetadata"]["KeyState"] == "Disabled" assert result["KeyMetadata"]["KeyState"] == "Disabled"
@ -454,11 +455,11 @@ def test_disable_key():
@mock_kms @mock_kms
def test_enable_key(): def test_enable_key():
client = boto3.client("kms", region_name="us-east-1") client = boto3.client("kms", region_name="us-east-1")
key = client.create_key(Description="enable-key") key_id = create_simple_key(client)
client.disable_key(KeyId=key["KeyMetadata"]["KeyId"]) client.disable_key(KeyId=key_id)
client.enable_key(KeyId=key["KeyMetadata"]["KeyId"]) client.enable_key(KeyId=key_id)
result = client.describe_key(KeyId=key["KeyMetadata"]["KeyId"]) result = client.describe_key(KeyId=key_id)
assert result["KeyMetadata"]["Enabled"] is True assert result["KeyMetadata"]["Enabled"] is True
assert result["KeyMetadata"]["KeyState"] == "Enabled" assert result["KeyMetadata"]["KeyState"] == "Enabled"
@ -466,20 +467,20 @@ def test_enable_key():
@mock_kms @mock_kms
def test_schedule_key_deletion(): def test_schedule_key_deletion():
client = boto3.client("kms", region_name="us-east-1") client = boto3.client("kms", region_name="us-east-1")
key = client.create_key(Description="schedule-key-deletion") key_id = create_simple_key(client)
if os.environ.get("TEST_SERVER_MODE", "false").lower() == "false": if os.environ.get("TEST_SERVER_MODE", "false").lower() == "false":
with freeze_time("2015-01-01 12:00:00"): with freeze_time("2015-01-01 12:00:00"):
response = client.schedule_key_deletion(KeyId=key["KeyMetadata"]["KeyId"]) response = client.schedule_key_deletion(KeyId=key_id)
assert response["KeyId"] == key["KeyMetadata"]["KeyId"] assert response["KeyId"] == key_id
assert response["DeletionDate"] == datetime( assert response["DeletionDate"] == datetime(
2015, 1, 31, 12, 0, tzinfo=tzutc() 2015, 1, 31, 12, 0, tzinfo=tzutc()
) )
else: else:
# Can't manipulate time in server mode # Can't manipulate time in server mode
response = client.schedule_key_deletion(KeyId=key["KeyMetadata"]["KeyId"]) response = client.schedule_key_deletion(KeyId=key_id)
assert response["KeyId"] == key["KeyMetadata"]["KeyId"] assert response["KeyId"] == key_id
result = client.describe_key(KeyId=key["KeyMetadata"]["KeyId"]) result = client.describe_key(KeyId=key_id)
assert result["KeyMetadata"]["Enabled"] is False assert result["KeyMetadata"]["Enabled"] is False
assert result["KeyMetadata"]["KeyState"] == "PendingDeletion" assert result["KeyMetadata"]["KeyState"] == "PendingDeletion"
assert "DeletionDate" in result["KeyMetadata"] assert "DeletionDate" in result["KeyMetadata"]
@ -528,8 +529,7 @@ def test_cancel_key_deletion():
@mock_kms @mock_kms
def test_update_key_description(): def test_update_key_description():
client = boto3.client("kms", region_name="us-east-1") client = boto3.client("kms", region_name="us-east-1")
key = client.create_key(Description="old_description") key_id = create_simple_key(client)
key_id = key["KeyMetadata"]["KeyId"]
result = client.update_key_description(KeyId=key_id, Description="new_description") result = client.update_key_description(KeyId=key_id, Description="new_description")
assert "ResponseMetadata" in result assert "ResponseMetadata" in result
@ -606,21 +606,19 @@ def test_unknown_tag_methods():
@mock_kms @mock_kms
def test_list_resource_tags_after_untagging(): def test_list_resource_tags_after_untagging():
client = boto3.client("kms", region_name="us-east-1") client = boto3.client("kms", region_name="us-east-1")
key = client.create_key(Description="cancel-key-deletion") key_id = create_simple_key(client)
response = client.schedule_key_deletion(KeyId=key["KeyMetadata"]["KeyId"])
keyid = response["KeyId"]
client.tag_resource( client.tag_resource(
KeyId=keyid, KeyId=key_id,
Tags=[ Tags=[
{"TagKey": "key1", "TagValue": "s1"}, {"TagKey": "key1", "TagValue": "s1"},
{"TagKey": "key2", "TagValue": "s2"}, {"TagKey": "key2", "TagValue": "s2"},
], ],
) )
client.untag_resource(KeyId=keyid, TagKeys=["key2"]) client.untag_resource(KeyId=key_id, TagKeys=["key2"])
tags = client.list_resource_tags(KeyId=keyid)["Tags"] tags = client.list_resource_tags(KeyId=key_id)["Tags"]
tags.should.equal([{"TagKey": "key1", "TagValue": "s1"}]) tags.should.equal([{"TagKey": "key1", "TagValue": "s1"}])
@ -637,9 +635,9 @@ def test_list_resource_tags_after_untagging():
@mock_kms @mock_kms
def test_generate_data_key_sizes(kwargs, expected_key_length): def test_generate_data_key_sizes(kwargs, expected_key_length):
client = boto3.client("kms", region_name="us-east-1") client = boto3.client("kms", region_name="us-east-1")
key = client.create_key(Description="generate-data-key-size") key_id = create_simple_key(client)
response = client.generate_data_key(KeyId=key["KeyMetadata"]["KeyId"], **kwargs) response = client.generate_data_key(KeyId=key_id, **kwargs)
assert len(response["Plaintext"]) == expected_key_length assert len(response["Plaintext"]) == expected_key_length
@ -920,8 +918,7 @@ def test_get_key_policy(id_or_arn):
@mock_kms @mock_kms
def test_put_key_policy(id_or_arn): def test_put_key_policy(id_or_arn):
client = boto3.client("kms", region_name="us-east-1") client = boto3.client("kms", region_name="us-east-1")
key = client.create_key(Description="key1", Policy="initial policy") key_id = create_simple_key(client, id_or_arn)
key_id = key["KeyMetadata"][id_or_arn]
client.put_key_policy(KeyId=key_id, PolicyName="default", Policy="policy 2.0") client.put_key_policy(KeyId=key_id, PolicyName="default", Policy="policy 2.0")
@ -932,8 +929,7 @@ def test_put_key_policy(id_or_arn):
@mock_kms @mock_kms
def test_put_key_policy_using_alias_shouldnt_work(): def test_put_key_policy_using_alias_shouldnt_work():
client = boto3.client("kms", region_name="us-east-1") client = boto3.client("kms", region_name="us-east-1")
key = client.create_key(Description="key1", Policy="initial policy") key_id = create_simple_key(client, policy="my policy")
key_id = key["KeyMetadata"]["KeyId"]
client.create_alias(AliasName="alias/my-alias", TargetKeyId=key_id) client.create_alias(AliasName="alias/my-alias", TargetKeyId=key_id)
with pytest.raises(ClientError) as ex: with pytest.raises(ClientError) as ex:
@ -945,14 +941,13 @@ def test_put_key_policy_using_alias_shouldnt_work():
err["Message"].should.equal("Invalid keyId alias/my-alias") err["Message"].should.equal("Invalid keyId alias/my-alias")
response = client.get_key_policy(KeyId=key_id, PolicyName="default") response = client.get_key_policy(KeyId=key_id, PolicyName="default")
response["Policy"].should.equal("initial policy") response["Policy"].should.equal("my policy")
@mock_kms @mock_kms
def test_list_key_policies(): def test_list_key_policies():
client = boto3.client("kms", region_name="us-east-1") client = boto3.client("kms", region_name="us-east-1")
key = client.create_key(Description="key1", Policy="initial policy") key_id = create_simple_key(client)
key_id = key["KeyMetadata"]["KeyId"]
policies = client.list_key_policies(KeyId=key_id) policies = client.list_key_policies(KeyId=key_id)
policies["PolicyNames"].should.equal(["default"]) policies["PolicyNames"].should.equal(["default"])
@ -965,8 +960,7 @@ def test_list_key_policies():
@mock_kms @mock_kms
def test__create_alias__raises_if_reserved_alias(reserved_alias): def test__create_alias__raises_if_reserved_alias(reserved_alias):
client = boto3.client("kms", region_name="us-east-1") client = boto3.client("kms", region_name="us-east-1")
key = client.create_key(Description="key1", Policy="initial policy") key_id = create_simple_key(client)
key_id = key["KeyMetadata"]["KeyId"]
with pytest.raises(ClientError) as ex: with pytest.raises(ClientError) as ex:
client.create_alias(AliasName=reserved_alias, TargetKeyId=key_id) client.create_alias(AliasName=reserved_alias, TargetKeyId=key_id)
@ -981,8 +975,7 @@ def test__create_alias__raises_if_reserved_alias(reserved_alias):
@mock_kms @mock_kms
def test__create_alias__raises_if_alias_has_restricted_characters(name): def test__create_alias__raises_if_alias_has_restricted_characters(name):
client = boto3.client("kms", region_name="us-east-1") client = boto3.client("kms", region_name="us-east-1")
key = client.create_key(Description="key1", Policy="initial policy") key_id = create_simple_key(client)
key_id = key["KeyMetadata"]["KeyId"]
with pytest.raises(ClientError) as ex: with pytest.raises(ClientError) as ex:
client.create_alias(AliasName=name, TargetKeyId=key_id) client.create_alias(AliasName=name, TargetKeyId=key_id)
@ -997,8 +990,7 @@ def test__create_alias__raises_if_alias_has_restricted_characters(name):
def test__create_alias__raises_if_alias_has_restricted_characters_semicolon(): def test__create_alias__raises_if_alias_has_restricted_characters_semicolon():
# Similar test as above, but with different error msg # Similar test as above, but with different error msg
client = boto3.client("kms", region_name="us-east-1") client = boto3.client("kms", region_name="us-east-1")
key = client.create_key(Description="key1", Policy="initial policy") key_id = create_simple_key(client)
key_id = key["KeyMetadata"]["KeyId"]
with pytest.raises(ClientError) as ex: with pytest.raises(ClientError) as ex:
client.create_alias(AliasName="alias/my:alias", TargetKeyId=key_id) client.create_alias(AliasName="alias/my:alias", TargetKeyId=key_id)
@ -1013,8 +1005,7 @@ def test__create_alias__raises_if_alias_has_restricted_characters_semicolon():
@mock_kms @mock_kms
def test__create_alias__accepted_characters(name): def test__create_alias__accepted_characters(name):
client = boto3.client("kms", region_name="us-east-1") client = boto3.client("kms", region_name="us-east-1")
key = client.create_key(Description="key1", Policy="initial policy") key_id = create_simple_key(client)
key_id = key["KeyMetadata"]["KeyId"]
client.create_alias(AliasName=name, TargetKeyId=key_id) client.create_alias(AliasName=name, TargetKeyId=key_id)
@ -1022,8 +1013,7 @@ def test__create_alias__accepted_characters(name):
@mock_kms @mock_kms
def test__create_alias__raises_if_target_key_id_is_existing_alias(): def test__create_alias__raises_if_target_key_id_is_existing_alias():
client = boto3.client("kms", region_name="us-east-1") client = boto3.client("kms", region_name="us-east-1")
key = client.create_key(Description="key1", Policy="initial policy") key_id = create_simple_key(client)
key_id = key["KeyMetadata"]["KeyId"]
name = "alias/my-alias" name = "alias/my-alias"
client.create_alias(AliasName=name, TargetKeyId=key_id) client.create_alias(AliasName=name, TargetKeyId=key_id)
@ -1038,8 +1028,7 @@ def test__create_alias__raises_if_target_key_id_is_existing_alias():
@mock_kms @mock_kms
def test__create_alias__raises_if_wrong_prefix(): def test__create_alias__raises_if_wrong_prefix():
client = boto3.client("kms", region_name="us-east-1") client = boto3.client("kms", region_name="us-east-1")
key = client.create_key(Description="key1", Policy="initial policy") key_id = create_simple_key(client)
key_id = key["KeyMetadata"]["KeyId"]
with pytest.raises(ClientError) as ex: with pytest.raises(ClientError) as ex:
client.create_alias(AliasName="wrongprefix/my-alias", TargetKeyId=key_id) client.create_alias(AliasName="wrongprefix/my-alias", TargetKeyId=key_id)
@ -1051,8 +1040,7 @@ def test__create_alias__raises_if_wrong_prefix():
@mock_kms @mock_kms
def test__create_alias__raises_if_duplicate(): def test__create_alias__raises_if_duplicate():
client = boto3.client("kms", region_name="us-east-1") client = boto3.client("kms", region_name="us-east-1")
key = client.create_key(Description="key1", Policy="initial policy") key_id = create_simple_key(client)
key_id = key["KeyMetadata"]["KeyId"]
alias = "alias/my-alias" alias = "alias/my-alias"
client.create_alias(AliasName=alias, TargetKeyId=key_id) client.create_alias(AliasName=alias, TargetKeyId=key_id)
@ -1070,16 +1058,16 @@ def test__create_alias__raises_if_duplicate():
def test__delete_alias(): def test__delete_alias():
client = boto3.client("kms", region_name="us-east-1") client = boto3.client("kms", region_name="us-east-1")
key = client.create_key(Description="key1", Policy="initial policy") key_id = create_simple_key(client)
client.create_alias(AliasName="alias/a1", TargetKeyId=key["KeyMetadata"]["KeyId"]) client.create_alias(AliasName="alias/a1", TargetKeyId=key_id)
key = client.create_key(Description="key2", Policy="initial policy") key_id = create_simple_key(client)
client.create_alias(AliasName="alias/a2", TargetKeyId=key["KeyMetadata"]["KeyId"]) client.create_alias(AliasName="alias/a2", TargetKeyId=key_id)
client.delete_alias(AliasName="alias/a1") client.delete_alias(AliasName="alias/a1")
# we can create the alias again, since it has been deleted # we can create the alias again, since it has been deleted
client.create_alias(AliasName="alias/a1", TargetKeyId=key["KeyMetadata"]["KeyId"]) client.create_alias(AliasName="alias/a1", TargetKeyId=key_id)
@mock_kms @mock_kms
@ -1150,8 +1138,7 @@ def test_key_tag_on_create_key_on_arn_happy():
def test_key_tag_added_happy(): def test_key_tag_added_happy():
client = boto3.client("kms", region_name="us-east-1") client = boto3.client("kms", region_name="us-east-1")
key = client.create_key(Description="test-key-tagging") key_id = create_simple_key(client)
key_id = key["KeyMetadata"]["KeyId"]
tags = [ tags = [
{"TagKey": "key1", "TagValue": "value1"}, {"TagKey": "key1", "TagValue": "value1"},
{"TagKey": "key2", "TagValue": "value2"}, {"TagKey": "key2", "TagValue": "value2"},
@ -1164,8 +1151,7 @@ def test_key_tag_added_happy():
def test_key_tag_added_arn_based_happy(): def test_key_tag_added_arn_based_happy():
client = boto3.client("kms", region_name="us-east-1") client = boto3.client("kms", region_name="us-east-1")
key = client.create_key(Description="test-key-tagging") key_id = create_simple_key(client)
key_id = key["KeyMetadata"]["Arn"]
tags = [ tags = [
{"TagKey": "key1", "TagValue": "value1"}, {"TagKey": "key1", "TagValue": "value1"},
{"TagKey": "key2", "TagValue": "value2"}, {"TagKey": "key2", "TagValue": "value2"},
@ -1430,3 +1416,13 @@ def test_verify_empty_signature():
err["Message"].should.equal( err["Message"].should.equal(
"1 validation error detected: Value at 'Signature' failed to satisfy constraint: Member must have length greater than or equal to 1" "1 validation error detected: Value at 'Signature' failed to satisfy constraint: Member must have length greater than or equal to 1"
) )
def create_simple_key(client, id_or_arn="KeyId", description=None, policy=None):
with mock.patch.object(rsa, "generate_private_key", return_value=""):
params = {}
if description:
params["Description"] = description
if policy:
params["Policy"] = policy
return client.create_key(**params)["KeyMetadata"][id_or_arn]

23
tests/test_kms/test_kms_grants.py
View File

@ -1,6 +1,8 @@
import boto3 import boto3
import sure # noqa # pylint: disable=unused-import import sure # noqa # pylint: disable=unused-import
import pytest import pytest
from cryptography.hazmat.primitives.asymmetric import rsa
from unittest import mock
from moto import mock_kms from moto import mock_kms
from moto.core import DEFAULT_ACCOUNT_ID as ACCOUNT_ID from moto.core import DEFAULT_ACCOUNT_ID as ACCOUNT_ID
@ -14,7 +16,7 @@ grantee_principal = (
@mock_kms @mock_kms
def test_create_grant(): def test_create_grant():
client = boto3.client("kms", region_name="us-east-1") client = boto3.client("kms", region_name="us-east-1")
key_id = client.create_key(Policy="my policy")["KeyMetadata"]["KeyId"] key_id = create_key(client)
resp = client.create_grant( resp = client.create_grant(
KeyId=key_id, KeyId=key_id,
@ -29,7 +31,7 @@ def test_create_grant():
@mock_kms @mock_kms
def test_list_grants(): def test_list_grants():
client = boto3.client("kms", region_name="us-east-1") client = boto3.client("kms", region_name="us-east-1")
key_id = client.create_key(Policy="my policy")["KeyMetadata"]["KeyId"] key_id = create_key(client)
client.list_grants(KeyId=key_id).should.have.key("Grants").equals([]) client.list_grants(KeyId=key_id).should.have.key("Grants").equals([])
@ -81,8 +83,8 @@ def test_list_grants():
@mock_kms @mock_kms
def test_list_retirable_grants(): def test_list_retirable_grants():
client = boto3.client("kms", region_name="us-east-1") client = boto3.client("kms", region_name="us-east-1")
key_id1 = client.create_key(Policy="my policy")["KeyMetadata"]["KeyId"] key_id1 = create_key(client)
key_id2 = client.create_key(Policy="my policy")["KeyMetadata"]["KeyId"] key_id2 = create_key(client)
client.create_grant( client.create_grant(
KeyId=key_id1, KeyId=key_id1,
@ -121,7 +123,7 @@ def test_list_retirable_grants():
def test_revoke_grant(): def test_revoke_grant():
client = boto3.client("kms", region_name="us-east-1") client = boto3.client("kms", region_name="us-east-1")
key_id = client.create_key(Policy="my policy")["KeyMetadata"]["KeyId"] key_id = create_key(client)
client.list_grants(KeyId=key_id).should.have.key("Grants").equals([]) client.list_grants(KeyId=key_id).should.have.key("Grants").equals([])
@ -140,7 +142,7 @@ def test_revoke_grant():
@mock_kms @mock_kms
def test_revoke_grant_raises_when_grant_does_not_exist(): def test_revoke_grant_raises_when_grant_does_not_exist():
client = boto3.client("kms", region_name="us-east-1") client = boto3.client("kms", region_name="us-east-1")
key_id = client.create_key(Policy="my policy")["KeyMetadata"]["KeyId"] key_id = create_key(client)
not_existent_grant_id = "aabbccdd" not_existent_grant_id = "aabbccdd"
with pytest.raises(client.exceptions.NotFoundException) as ex: with pytest.raises(client.exceptions.NotFoundException) as ex:
@ -156,7 +158,7 @@ def test_revoke_grant_raises_when_grant_does_not_exist():
def test_retire_grant_by_token(): def test_retire_grant_by_token():
client = boto3.client("kms", region_name="us-east-1") client = boto3.client("kms", region_name="us-east-1")
key_id = client.create_key(Policy="my policy")["KeyMetadata"]["KeyId"] key_id = create_key(client)
for idx in range(0, 3): for idx in range(0, 3):
grant_token = client.create_grant( grant_token = client.create_grant(
@ -175,7 +177,7 @@ def test_retire_grant_by_token():
def test_retire_grant_by_grant_id(): def test_retire_grant_by_grant_id():
client = boto3.client("kms", region_name="us-east-1") client = boto3.client("kms", region_name="us-east-1")
key_id = client.create_key(Policy="my policy")["KeyMetadata"]["KeyId"] key_id = create_key(client)
for idx in range(0, 3): for idx in range(0, 3):
grant_id = client.create_grant( grant_id = client.create_grant(
@ -188,3 +190,8 @@ def test_retire_grant_by_grant_id():
client.retire_grant(KeyId=key_id, GrantId=grant_id) client.retire_grant(KeyId=key_id, GrantId=grant_id)
client.list_grants(KeyId=key_id)["Grants"].should.have.length_of(2) client.list_grants(KeyId=key_id)["Grants"].should.have.length_of(2)
def create_key(client):
with mock.patch.object(rsa, "generate_private_key", return_value=""):
return client.create_key(Policy="my policy")["KeyMetadata"]["KeyId"]