Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

KMS: re_encrypt() should accept alias (#5969)

Browse Source
This commit is contained in:
Bert Blommers 2023-02-24 13:54:17 -01:00 committed by GitHub
parent 4d6271d1bd
commit 5d87085435
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
moto/kms/responses.py
View File

@ -451,7 +451,7 @@ class KmsResponse(BaseResponse):
"DestinationEncryptionContext", {} "DestinationEncryptionContext", {}
) )
self._validate_cmk_id(destination_key_id) self._validate_key_id(destination_key_id)
( (
new_ciphertext_blob, new_ciphertext_blob,

18
tests/test_kms/test_kms_encrypt.py
View File

@ -76,6 +76,24 @@ def test_encrypt_using_key_arn():
kms.encrypt(KeyId=key_details["KeyMetadata"]["Arn"], Plaintext="hello") kms.encrypt(KeyId=key_details["KeyMetadata"]["Arn"], Plaintext="hello")
@mock_kms
def test_re_encrypt_using_aliases():
client = boto3.client("kms", region_name="us-west-2")
key_1_id = client.create_key(Description="key 1")["KeyMetadata"]["KeyId"]
key_2_arn = client.create_key(Description="key 2")["KeyMetadata"]["Arn"]
key_alias = "alias/examplekey"
client.create_alias(AliasName=key_alias, TargetKeyId=key_2_arn)
encrypt_response = client.encrypt(KeyId=key_1_id, Plaintext="data")
client.re_encrypt(
CiphertextBlob=encrypt_response["CiphertextBlob"],
DestinationKeyId=key_alias,
)
@pytest.mark.parametrize("plaintext", PLAINTEXT_VECTORS) @pytest.mark.parametrize("plaintext", PLAINTEXT_VECTORS)
@mock_kms @mock_kms
def test_decrypt(plaintext): def test_decrypt(plaintext):