KMS: re_encrypt() should accept alias (#5969)

This commit is contained in:
Bert Blommers 2023-02-24 13:54:17 -01:00 committed by GitHub
parent 4d6271d1bd
commit 5d87085435
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 19 additions and 1 deletions

View File

@ -451,7 +451,7 @@ class KmsResponse(BaseResponse):
"DestinationEncryptionContext", {}
)
self._validate_cmk_id(destination_key_id)
self._validate_key_id(destination_key_id)
(
new_ciphertext_blob,

View File

@ -76,6 +76,24 @@ def test_encrypt_using_key_arn():
kms.encrypt(KeyId=key_details["KeyMetadata"]["Arn"], Plaintext="hello")
@mock_kms
def test_re_encrypt_using_aliases():
client = boto3.client("kms", region_name="us-west-2")
key_1_id = client.create_key(Description="key 1")["KeyMetadata"]["KeyId"]
key_2_arn = client.create_key(Description="key 2")["KeyMetadata"]["Arn"]
key_alias = "alias/examplekey"
client.create_alias(AliasName=key_alias, TargetKeyId=key_2_arn)
encrypt_response = client.encrypt(KeyId=key_1_id, Plaintext="data")
client.re_encrypt(
CiphertextBlob=encrypt_response["CiphertextBlob"],
DestinationKeyId=key_alias,
)
@pytest.mark.parametrize("plaintext", PLAINTEXT_VECTORS)
@mock_kms
def test_decrypt(plaintext):