Fix CreationDate handling

moto/kms/models.py

@@ -7,7 +7,7 @@ from datetime import datetime, timedelta
 from boto3 import Session
 
 from moto.core import BaseBackend, BaseModel
-from moto.core.utils import iso_8601_datetime_without_milliseconds
+from moto.core.utils import unix_time
 
 from moto.iam.models import ACCOUNT_ID
 
@@ -15,8 +15,11 @@ from .utils import decrypt, encrypt, generate_key_id, generate_master_key
 
 
 class Key(BaseModel):
-    def __init__(self, policy, key_usage, customer_master_key_spec, description, tags, region):
+    def __init__(
+        self, policy, key_usage, customer_master_key_spec, description, tags, region
+    ):
         self.id = generate_key_id()
+        self.creation_date = unix_time()
         self.policy = policy
         self.key_usage = key_usage
         self.key_state = "Enabled"
@@ -49,10 +52,7 @@ class Key(BaseModel):
         elif self.customer_master_key_spec == "SYMMETRIC_DEFAULT":
             return ["SYMMETRIC_DEFAULT"]
         else:
-            return [
-                "RSAES_OAEP_SHA_1",
-                "RSAES_OAEP_SHA_256"
-            ]
+            return ["RSAES_OAEP_SHA_1", "RSAES_OAEP_SHA_256"]
 
     @property
     def signing_algorithms(self):
@@ -71,7 +71,7 @@ class Key(BaseModel):
                 "RSASSA_PKCS1_V1_5_SHA_512",
                 "RSASSA_PSS_SHA_256",
                 "RSASSA_PSS_SHA_384",
-                "RSASSA_PSS_SHA_512"
+                "RSASSA_PSS_SHA_512",
             ]
 
     def to_dict(self):
@@ -79,7 +79,7 @@ class Key(BaseModel):
             "KeyMetadata": {
                 "AWSAccountId": self.account_id,
                 "Arn": self.arn,
-                "CreationDate": iso_8601_datetime_without_milliseconds(datetime.now()),
+                "CreationDate": self.creation_date,
                 "CustomerMasterKeySpec": self.customer_master_key_spec,
                 "Description": self.description,
                 "Enabled": self.enabled,
@@ -93,9 +93,7 @@ class Key(BaseModel):
             }
         }
         if self.key_state == "PendingDeletion":
-            key_dict["KeyMetadata"][
-                "DeletionDate"
-            ] = iso_8601_datetime_without_milliseconds(self.deletion_date)
+            key_dict["KeyMetadata"]["DeletionDate"] = unix_time(self.deletion_date)
         return key_dict
 
     def delete(self, region_name):
@@ -133,8 +131,12 @@ class KmsBackend(BaseBackend):
         self.keys = {}
         self.key_to_aliases = defaultdict(set)
 
-    def create_key(self, policy, key_usage, customer_master_key_spec, description, tags, region):
-        key = Key(policy, key_usage, customer_master_key_spec, description, tags, region)
+    def create_key(
+        self, policy, key_usage, customer_master_key_spec, description, tags, region
+    ):
+        key = Key(
+            policy, key_usage, customer_master_key_spec, description, tags, region
+        )
         self.keys[key.id] = key
         return key
 
@@ -258,9 +260,7 @@ class KmsBackend(BaseBackend):
             self.keys[key_id].deletion_date = datetime.now() + timedelta(
                 days=pending_window_in_days
             )
-            return iso_8601_datetime_without_milliseconds(
-                self.keys[key_id].deletion_date
-            )
+            return unix_time(self.keys[key_id].deletion_date)
 
     def encrypt(self, key_id, plaintext, encryption_context):
         key_id = self.any_id_to_key_id(key_id)

tests/test_kms/test_kms.py

@@ -65,47 +65,44 @@ def test_create_key():
         key["KeyMetadata"].should_not.have.key("SigningAlgorithms")
 
         key = conn.create_key(
-            KeyUsage = "ENCRYPT_DECRYPT",
-            CustomerMasterKeySpec = 'RSA_2048',
+            KeyUsage="ENCRYPT_DECRYPT", CustomerMasterKeySpec="RSA_2048",
         )
 
-        sorted(key["KeyMetadata"]["EncryptionAlgorithms"]).should.equal(["RSAES_OAEP_SHA_1", "RSAES_OAEP_SHA_256"])
+        sorted(key["KeyMetadata"]["EncryptionAlgorithms"]).should.equal(
+            ["RSAES_OAEP_SHA_1", "RSAES_OAEP_SHA_256"]
+        )
         key["KeyMetadata"].should_not.have.key("SigningAlgorithms")
 
-        key = conn.create_key(
-            KeyUsage = "SIGN_VERIFY",
-            CustomerMasterKeySpec = 'RSA_2048',
-        )
+        key = conn.create_key(KeyUsage="SIGN_VERIFY", CustomerMasterKeySpec="RSA_2048",)
 
         key["KeyMetadata"].should_not.have.key("EncryptionAlgorithms")
-        sorted(key["KeyMetadata"]["SigningAlgorithms"]).should.equal([
-            "RSASSA_PKCS1_V1_5_SHA_256",
-            "RSASSA_PKCS1_V1_5_SHA_384",
-            "RSASSA_PKCS1_V1_5_SHA_512",
-            "RSASSA_PSS_SHA_256",
-            "RSASSA_PSS_SHA_384",
-            "RSASSA_PSS_SHA_512"
-        ])
+        sorted(key["KeyMetadata"]["SigningAlgorithms"]).should.equal(
+            [
+                "RSASSA_PKCS1_V1_5_SHA_256",
+                "RSASSA_PKCS1_V1_5_SHA_384",
+                "RSASSA_PKCS1_V1_5_SHA_512",
+                "RSASSA_PSS_SHA_256",
+                "RSASSA_PSS_SHA_384",
+                "RSASSA_PSS_SHA_512",
+            ]
+        )
 
         key = conn.create_key(
-            KeyUsage = "SIGN_VERIFY",
-            CustomerMasterKeySpec = 'ECC_SECG_P256K1',
+            KeyUsage="SIGN_VERIFY", CustomerMasterKeySpec="ECC_SECG_P256K1",
         )
 
         key["KeyMetadata"].should_not.have.key("EncryptionAlgorithms")
         key["KeyMetadata"]["SigningAlgorithms"].should.equal(["ECDSA_SHA_256"])
 
         key = conn.create_key(
-            KeyUsage = "SIGN_VERIFY",
-            CustomerMasterKeySpec = 'ECC_NIST_P384',
+            KeyUsage="SIGN_VERIFY", CustomerMasterKeySpec="ECC_NIST_P384",
         )
 
         key["KeyMetadata"].should_not.have.key("EncryptionAlgorithms")
         key["KeyMetadata"]["SigningAlgorithms"].should.equal(["ECDSA_SHA_384"])
 
         key = conn.create_key(
-            KeyUsage = "SIGN_VERIFY",
-            CustomerMasterKeySpec = 'ECC_NIST_P521',
+            KeyUsage="SIGN_VERIFY", CustomerMasterKeySpec="ECC_NIST_P521",
         )
 
         key["KeyMetadata"].should_not.have.key("EncryptionAlgorithms")
@@ -125,6 +122,28 @@ def test_describe_key():
     key["KeyMetadata"]["KeyUsage"].should.equal("ENCRYPT_DECRYPT")
 
 
+@mock_kms
+def test_boto3_describe_key():
+    client = boto3.client("kms", region_name="us-east-1")
+    response = client.create_key(Description="my key", KeyUsage="ENCRYPT_DECRYPT",)
+    key_id = response["KeyMetadata"]["KeyId"]
+
+    response = client.describe_key(KeyId=key_id)
+
+    response["KeyMetadata"]["AWSAccountId"].should.equal("123456789012")
+    response["KeyMetadata"]["CreationDate"].should.be.a(datetime)
+    response["KeyMetadata"]["CustomerMasterKeySpec"].should.equal("SYMMETRIC_DEFAULT")
+    response["KeyMetadata"]["Description"].should.equal("my key")
+    response["KeyMetadata"]["Enabled"].should.be.ok
+    response["KeyMetadata"]["EncryptionAlgorithms"].should.equal(["SYMMETRIC_DEFAULT"])
+    response["KeyMetadata"]["KeyId"].should_not.be.empty
+    response["KeyMetadata"]["KeyManager"].should.equal("CUSTOMER")
+    response["KeyMetadata"]["KeyState"].should.equal("Enabled")
+    response["KeyMetadata"]["KeyUsage"].should.equal("ENCRYPT_DECRYPT")
+    response["KeyMetadata"]["Origin"].should.equal("AWS_KMS")
+    response["KeyMetadata"].should_not.have.key("SigningAlgorithms")
+
+
 @mock_kms_deprecated
 def test_describe_key_via_alias():
     conn = boto.kms.connect_to_region("us-west-2")