KMS: re_encrypt() should accept alias (#5969)

2023-02-24 13:54:17 -01:00 · 2023-02-24 13:54:17 -01:00 · 5d87085435
commit 5d87085435
parent 4d6271d1bd
2 changed files with 19 additions and 1 deletions
--- a/moto/kms/responses.py
+++ b/moto/kms/responses.py
@ -451,7 +451,7 @@ class KmsResponse(BaseResponse):
            "DestinationEncryptionContext", {}
        )

-        self._validate_cmk_id(destination_key_id)
+        self._validate_key_id(destination_key_id)

        (
            new_ciphertext_blob,
--- a/tests/test_kms/test_kms_encrypt.py
+++ b/tests/test_kms/test_kms_encrypt.py
@ -76,6 +76,24 @@ def test_encrypt_using_key_arn():
    kms.encrypt(KeyId=key_details["KeyMetadata"]["Arn"], Plaintext="hello")


+@mock_kms
+def test_re_encrypt_using_aliases():
+    client = boto3.client("kms", region_name="us-west-2")
+
+    key_1_id = client.create_key(Description="key 1")["KeyMetadata"]["KeyId"]
+    key_2_arn = client.create_key(Description="key 2")["KeyMetadata"]["Arn"]
+
+    key_alias = "alias/examplekey"
+    client.create_alias(AliasName=key_alias, TargetKeyId=key_2_arn)
+
+    encrypt_response = client.encrypt(KeyId=key_1_id, Plaintext="data")
+
+    client.re_encrypt(
+        CiphertextBlob=encrypt_response["CiphertextBlob"],
+        DestinationKeyId=key_alias,
+    )
+
+
@pytest.mark.parametrize("plaintext", PLAINTEXT_VECTORS)
@mock_kms
 def test_decrypt(plaintext):