From 6232ccfa5782c04b3dba0297263c2d483e19f453 Mon Sep 17 00:00:00 2001
From: Giorgio Ruffa <gioruffa@gmail.com>
Date: Wed, 24 Aug 2022 12:48:37 +0200
Subject: [PATCH] KMS: revoke grant raises NotFound (#5410)

---
 moto/kms/models.py                |  3 ++-
 tests/test_kms/test_kms_grants.py | 22 +++++++++-------------
 2 files changed, 11 insertions(+), 14 deletions(-)

diff --git a/moto/kms/models.py b/moto/kms/models.py
index 4bec69f64..0a4120654 100644
--- a/moto/kms/models.py
+++ b/moto/kms/models.py
@@ -113,7 +113,8 @@ class Key(CloudFormationModel):
         ]
 
     def revoke_grant(self, grant_id) -> None:
-        self.grants.pop(grant_id, None)
+        if not self.grants.pop(grant_id, None):
+            raise JsonRESTError("NotFoundException", f"Grant ID {grant_id} not found")
 
     def retire_grant(self, grant_id) -> None:
         self.grants.pop(grant_id, None)
diff --git a/tests/test_kms/test_kms_grants.py b/tests/test_kms/test_kms_grants.py
index 964f8bc5a..6bc382aed 100644
--- a/tests/test_kms/test_kms_grants.py
+++ b/tests/test_kms/test_kms_grants.py
@@ -1,5 +1,6 @@
 import boto3
 import sure  # noqa # pylint: disable=unused-import
+import pytest
 
 from moto import mock_kms
 from moto.core import DEFAULT_ACCOUNT_ID as ACCOUNT_ID
@@ -137,23 +138,18 @@ def test_revoke_grant():
 
 
 @mock_kms
-def test_revoke_grant_by_token():
-
+def test_revoke_grant_raises_when_grant_does_not_exist():
     client = boto3.client("kms", region_name="us-east-1")
     key_id = client.create_key(Policy="my policy")["KeyMetadata"]["KeyId"]
+    not_existent_grant_id = "aabbccdd"
 
-    client.list_grants(KeyId=key_id).should.have.key("Grants").equals([])
+    with pytest.raises(client.exceptions.NotFoundException) as ex:
+        client.revoke_grant(KeyId=key_id, GrantId=not_existent_grant_id)
 
-    grant_id = client.create_grant(
-        KeyId=key_id,
-        GranteePrincipal=grantee_principal,
-        Operations=["DECRYPT"],
-        Name="testgrant",
-    )["GrantId"]
-
-    client.revoke_grant(KeyId=key_id, GrantId=grant_id)
-
-    client.list_grants(KeyId=key_id)["Grants"].should.have.length_of(0)
+    ex.value.response["Error"]["Code"].should.equal("NotFoundException")
+    ex.value.response["Error"]["Message"].should.equal(
+        f"Grant ID {not_existent_grant_id} not found"
+    )
 
 
 @mock_kms