Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CreationDate handling

Browse Source
This commit is contained in:
gruebel 2020-02-07 15:38:37 +01:00
parent 5d05044491
commit 4833419499
2 changed files with 56 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
moto/kms/models.py
View File

@ -7,7 +7,7 @@ from datetime import datetime, timedelta
from boto3 import Session from boto3 import Session
from moto.core import BaseBackend, BaseModel from moto.core import BaseBackend, BaseModel
from moto.core.utils import iso_8601_datetime_without_milliseconds from moto.core.utils import unix_time
from moto.iam.models import ACCOUNT_ID from moto.iam.models import ACCOUNT_ID
@ -15,8 +15,11 @@ from .utils import decrypt, encrypt, generate_key_id, generate_master_key
class Key(BaseModel): class Key(BaseModel):
def __init__(self, policy, key_usage, customer_master_key_spec, description, tags, region): def __init__(
self, policy, key_usage, customer_master_key_spec, description, tags, region
):
self.id = generate_key_id() self.id = generate_key_id()
self.creation_date = unix_time()
self.policy = policy self.policy = policy
self.key_usage = key_usage self.key_usage = key_usage
self.key_state = "Enabled" self.key_state = "Enabled"
@ -49,10 +52,7 @@ class Key(BaseModel):
elif self.customer_master_key_spec == "SYMMETRIC_DEFAULT": elif self.customer_master_key_spec == "SYMMETRIC_DEFAULT":
return ["SYMMETRIC_DEFAULT"] return ["SYMMETRIC_DEFAULT"]
else: else:
return [ return ["RSAES_OAEP_SHA_1", "RSAES_OAEP_SHA_256"]
"RSAES_OAEP_SHA_1",
"RSAES_OAEP_SHA_256"
]
@property @property
def signing_algorithms(self): def signing_algorithms(self):
@ -71,7 +71,7 @@ class Key(BaseModel):
"RSASSA_PKCS1_V1_5_SHA_512", "RSASSA_PKCS1_V1_5_SHA_512",
"RSASSA_PSS_SHA_256", "RSASSA_PSS_SHA_256",
"RSASSA_PSS_SHA_384", "RSASSA_PSS_SHA_384",
"RSASSA_PSS_SHA_512" "RSASSA_PSS_SHA_512",
] ]
def to_dict(self): def to_dict(self):
@ -79,7 +79,7 @@ class Key(BaseModel):
"KeyMetadata": { "KeyMetadata": {
"AWSAccountId": self.account_id, "AWSAccountId": self.account_id,
"Arn": self.arn, "Arn": self.arn,
"CreationDate": iso_8601_datetime_without_milliseconds(datetime.now()), "CreationDate": self.creation_date,
"CustomerMasterKeySpec": self.customer_master_key_spec, "CustomerMasterKeySpec": self.customer_master_key_spec,
"Description": self.description, "Description": self.description,
"Enabled": self.enabled, "Enabled": self.enabled,
@ -93,9 +93,7 @@ class Key(BaseModel):
} }
} }
if self.key_state == "PendingDeletion": if self.key_state == "PendingDeletion":
key_dict["KeyMetadata"][ key_dict["KeyMetadata"]["DeletionDate"] = unix_time(self.deletion_date)
"DeletionDate"
] = iso_8601_datetime_without_milliseconds(self.deletion_date)
return key_dict return key_dict
def delete(self, region_name): def delete(self, region_name):
@ -133,8 +131,12 @@ class KmsBackend(BaseBackend):
self.keys = {} self.keys = {}
self.key_to_aliases = defaultdict(set) self.key_to_aliases = defaultdict(set)
def create_key(self, policy, key_usage, customer_master_key_spec, description, tags, region): def create_key(
key = Key(policy, key_usage, customer_master_key_spec, description, tags, region) self, policy, key_usage, customer_master_key_spec, description, tags, region
):
key = Key(
policy, key_usage, customer_master_key_spec, description, tags, region
)
self.keys[key.id] = key self.keys[key.id] = key
return key return key
@ -258,9 +260,7 @@ class KmsBackend(BaseBackend):
self.keys[key_id].deletion_date = datetime.now() + timedelta( self.keys[key_id].deletion_date = datetime.now() + timedelta(
days=pending_window_in_days days=pending_window_in_days
) )
return iso_8601_datetime_without_milliseconds( return unix_time(self.keys[key_id].deletion_date)
self.keys[key_id].deletion_date
)
def encrypt(self, key_id, plaintext, encryption_context): def encrypt(self, key_id, plaintext, encryption_context):
key_id = self.any_id_to_key_id(key_id) key_id = self.any_id_to_key_id(key_id)

61
tests/test_kms/test_kms.py
View File

@ -65,47 +65,44 @@ def test_create_key():
key["KeyMetadata"].should_not.have.key("SigningAlgorithms") key["KeyMetadata"].should_not.have.key("SigningAlgorithms")
key = conn.create_key( key = conn.create_key(
KeyUsage = "ENCRYPT_DECRYPT", KeyUsage="ENCRYPT_DECRYPT", CustomerMasterKeySpec="RSA_2048",
CustomerMasterKeySpec = 'RSA_2048',
) )
sorted(key["KeyMetadata"]["EncryptionAlgorithms"]).should.equal(["RSAES_OAEP_SHA_1", "RSAES_OAEP_SHA_256"]) sorted(key["KeyMetadata"]["EncryptionAlgorithms"]).should.equal(
["RSAES_OAEP_SHA_1", "RSAES_OAEP_SHA_256"]
)
key["KeyMetadata"].should_not.have.key("SigningAlgorithms") key["KeyMetadata"].should_not.have.key("SigningAlgorithms")
key = conn.create_key( key = conn.create_key(KeyUsage="SIGN_VERIFY", CustomerMasterKeySpec="RSA_2048",)
KeyUsage = "SIGN_VERIFY",
CustomerMasterKeySpec = 'RSA_2048',
)
key["KeyMetadata"].should_not.have.key("EncryptionAlgorithms") key["KeyMetadata"].should_not.have.key("EncryptionAlgorithms")
sorted(key["KeyMetadata"]["SigningAlgorithms"]).should.equal([ sorted(key["KeyMetadata"]["SigningAlgorithms"]).should.equal(
"RSASSA_PKCS1_V1_5_SHA_256", [
"RSASSA_PKCS1_V1_5_SHA_384", "RSASSA_PKCS1_V1_5_SHA_256",
"RSASSA_PKCS1_V1_5_SHA_512", "RSASSA_PKCS1_V1_5_SHA_384",
"RSASSA_PSS_SHA_256", "RSASSA_PKCS1_V1_5_SHA_512",
"RSASSA_PSS_SHA_384", "RSASSA_PSS_SHA_256",
"RSASSA_PSS_SHA_512" "RSASSA_PSS_SHA_384",
]) "RSASSA_PSS_SHA_512",
]
)
key = conn.create_key( key = conn.create_key(
KeyUsage = "SIGN_VERIFY", KeyUsage="SIGN_VERIFY", CustomerMasterKeySpec="ECC_SECG_P256K1",
CustomerMasterKeySpec = 'ECC_SECG_P256K1',
) )
key["KeyMetadata"].should_not.have.key("EncryptionAlgorithms") key["KeyMetadata"].should_not.have.key("EncryptionAlgorithms")
key["KeyMetadata"]["SigningAlgorithms"].should.equal(["ECDSA_SHA_256"]) key["KeyMetadata"]["SigningAlgorithms"].should.equal(["ECDSA_SHA_256"])
key = conn.create_key( key = conn.create_key(
KeyUsage = "SIGN_VERIFY", KeyUsage="SIGN_VERIFY", CustomerMasterKeySpec="ECC_NIST_P384",
CustomerMasterKeySpec = 'ECC_NIST_P384',
) )
key["KeyMetadata"].should_not.have.key("EncryptionAlgorithms") key["KeyMetadata"].should_not.have.key("EncryptionAlgorithms")
key["KeyMetadata"]["SigningAlgorithms"].should.equal(["ECDSA_SHA_384"]) key["KeyMetadata"]["SigningAlgorithms"].should.equal(["ECDSA_SHA_384"])
key = conn.create_key( key = conn.create_key(
KeyUsage = "SIGN_VERIFY", KeyUsage="SIGN_VERIFY", CustomerMasterKeySpec="ECC_NIST_P521",
CustomerMasterKeySpec = 'ECC_NIST_P521',
) )
key["KeyMetadata"].should_not.have.key("EncryptionAlgorithms") key["KeyMetadata"].should_not.have.key("EncryptionAlgorithms")
@ -125,6 +122,28 @@ def test_describe_key():
key["KeyMetadata"]["KeyUsage"].should.equal("ENCRYPT_DECRYPT") key["KeyMetadata"]["KeyUsage"].should.equal("ENCRYPT_DECRYPT")
@mock_kms
def test_boto3_describe_key():
client = boto3.client("kms", region_name="us-east-1")
response = client.create_key(Description="my key", KeyUsage="ENCRYPT_DECRYPT",)
key_id = response["KeyMetadata"]["KeyId"]
response = client.describe_key(KeyId=key_id)
response["KeyMetadata"]["AWSAccountId"].should.equal("123456789012")
response["KeyMetadata"]["CreationDate"].should.be.a(datetime)
response["KeyMetadata"]["CustomerMasterKeySpec"].should.equal("SYMMETRIC_DEFAULT")
response["KeyMetadata"]["Description"].should.equal("my key")
response["KeyMetadata"]["Enabled"].should.be.ok
response["KeyMetadata"]["EncryptionAlgorithms"].should.equal(["SYMMETRIC_DEFAULT"])
response["KeyMetadata"]["KeyId"].should_not.be.empty
response["KeyMetadata"]["KeyManager"].should.equal("CUSTOMER")
response["KeyMetadata"]["KeyState"].should.equal("Enabled")
response["KeyMetadata"]["KeyUsage"].should.equal("ENCRYPT_DECRYPT")
response["KeyMetadata"]["Origin"].should.equal("AWS_KMS")
response["KeyMetadata"].should_not.have.key("SigningAlgorithms")
@mock_kms_deprecated @mock_kms_deprecated
def test_describe_key_via_alias(): def test_describe_key_via_alias():
conn = boto.kms.connect_to_region("us-west-2") conn = boto.kms.connect_to_region("us-west-2")