Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add support for KmsKeyId in ec2:RunInstances (#3943)

Browse Source
This commit is contained in:
Brian Pandola 2021-05-19 23:11:50 -07:00 committed by GitHub
parent 58f7ab0d25
commit 752b508738
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 49 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
moto/ec2/models.py
View File

@ -612,9 +612,10 @@ class Instance(TaggedEC2Resource, BotoInstance, CloudFormationModel):
snapshot_id=None, snapshot_id=None,
encrypted=False, encrypted=False,
delete_on_termination=False, delete_on_termination=False,
kms_key_id=None,
): ):
volume = self.ec2_backend.create_volume( volume = self.ec2_backend.create_volume(
size, self.region_name, snapshot_id, encrypted size, self.region_name, snapshot_id, encrypted, kms_key_id
) )
self.ec2_backend.attach_volume( self.ec2_backend.attach_volume(
volume.id, self.id, device_path, delete_on_termination volume.id, self.id, device_path, delete_on_termination
@ -984,12 +985,14 @@ class InstanceBackend(object):
delete_on_termination = block_device["Ebs"].get( delete_on_termination = block_device["Ebs"].get(
"DeleteOnTermination", False "DeleteOnTermination", False
) )
kms_key_id = block_device["Ebs"].get("KmsKeyId")
new_instance.add_block_device( new_instance.add_block_device(
volume_size, volume_size,
device_name, device_name,
snapshot_id, snapshot_id,
encrypted, encrypted,
delete_on_termination, delete_on_termination,
kms_key_id,
) )
else: else:
new_instance.setup_defaults() new_instance.setup_defaults()

1
moto/ec2/responses/instances.py
View File

@ -301,6 +301,7 @@ class InstanceResponse(BaseResponse):
device_template["Ebs"]["Encrypted"] = self._convert_to_bool( device_template["Ebs"]["Encrypted"] = self._convert_to_bool(
device_mapping.get("ebs._encrypted", False) device_mapping.get("ebs._encrypted", False)
) )
device_template["Ebs"]["KmsKeyId"] = device_mapping.get("ebs._kms_key_id")
mappings.append(device_template) mappings.append(device_template)
return mappings return mappings

44
tests/test_ec2/test_ec2_integration.py Normal file
View File

@ -0,0 +1,44 @@
from __future__ import unicode_literals
import boto3
import sure # noqa
from moto import mock_ec2, mock_kms
from tests import EXAMPLE_AMI_ID
@mock_ec2
@mock_kms
def test_run_instance_with_encrypted_ebs():
kms = boto3.client("kms", region_name="us-east-1")
resp = kms.create_key(Description="my key", KeyUsage="ENCRYPT_DECRYPT")
key_id = resp["KeyMetadata"]["Arn"]
ec2 = boto3.client("ec2", region_name="us-east-1")
kwargs = {
"MinCount": 1,
"MaxCount": 1,
"ImageId": EXAMPLE_AMI_ID,
"KeyName": "the_key",
"InstanceType": "t1.micro",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda2",
"Ebs": {
"VolumeSize": 50,
"VolumeType": "gp2",
"Encrypted": True,
"KmsKeyId": key_id,
},
}
],
}
ec2.run_instances(**kwargs)
instances = ec2.describe_instances().get("Reservations")[0].get("Instances")
volume = instances[0]["BlockDeviceMappings"][0]["Ebs"]
volumes = ec2.describe_volumes(VolumeIds=[volume["VolumeId"]])
volumes["Volumes"][0]["Size"].should.equal(50)
volumes["Volumes"][0]["Encrypted"].should.equal(True)
volumes["Volumes"][0]["KmsKeyId"].should.equal(key_id)