From c3b690114c11703c110cd310ca24cceb948fffab Mon Sep 17 00:00:00 2001
From: temyers <temyers@users.noreply.github.com>
Date: Fri, 13 Jul 2018 18:40:54 +0800
Subject: [PATCH] Add support for CloudFormation Fn::GetAtt to KMS Key (#1681)

---
 moto/kms/models.py                            |  6 +++
 tests/test_cloudformation/fixtures/kms_key.py | 39 +++++++++++++++++++
 .../test_cloudformation/test_stack_parsing.py | 15 +++++++
 3 files changed, 60 insertions(+)
 create mode 100644 tests/test_cloudformation/fixtures/kms_key.py

diff --git a/moto/kms/models.py b/moto/kms/models.py
index ca27f030a..89ebf0082 100644
--- a/moto/kms/models.py
+++ b/moto/kms/models.py
@@ -58,6 +58,12 @@ class Key(BaseModel):
 
         return key
 
+    def get_cfn_attribute(self, attribute_name):
+        from moto.cloudformation.exceptions import UnformattedGetAttTemplateException
+        if attribute_name == 'Arn':
+            return self.arn
+        raise UnformattedGetAttTemplateException()
+
 
 class KmsBackend(BaseBackend):
 
diff --git a/tests/test_cloudformation/fixtures/kms_key.py b/tests/test_cloudformation/fixtures/kms_key.py
new file mode 100644
index 000000000..366dbfcf5
--- /dev/null
+++ b/tests/test_cloudformation/fixtures/kms_key.py
@@ -0,0 +1,39 @@
+from __future__ import unicode_literals
+
+template = {
+    "AWSTemplateFormatVersion": "2010-09-09",
+
+    "Description": "AWS CloudFormation Sample Template to create a KMS Key.  The Fn::GetAtt is used to retrieve the ARN",
+
+    "Resources" : {
+        "myKey" : {
+            "Type" : "AWS::KMS::Key",
+            "Properties" : {
+                "Description": "Sample KmsKey",
+                "EnableKeyRotation": False,
+                "Enabled": True,
+                "KeyPolicy" : {
+                    "Version": "2012-10-17",
+                    "Id": "key-default-1",
+                    "Statement": [
+                        {
+                        "Sid": "Enable IAM User Permissions",
+                        "Effect": "Allow",
+                        "Principal": {
+                            "AWS": { "Fn::Join" : ["" , ["arn:aws:iam::", {"Ref" : "AWS::AccountId"} ,":root" ]] }
+                        },
+                        "Action": "kms:*",
+                        "Resource": "*"
+                        }
+                    ]
+                }
+            }
+        }
+    },
+    "Outputs" : {
+        "KeyArn" : {
+            "Description": "Generated Key Arn",
+            "Value" : { "Fn::GetAtt" : [ "myKey", "Arn" ] }
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/test_cloudformation/test_stack_parsing.py b/tests/test_cloudformation/test_stack_parsing.py
index af7e608db..d25c69cf1 100644
--- a/tests/test_cloudformation/test_stack_parsing.py
+++ b/tests/test_cloudformation/test_stack_parsing.py
@@ -254,6 +254,21 @@ def test_parse_stack_with_get_attribute_outputs():
     output.should.be.a(Output)
     output.value.should.equal("my-queue")
 
+def test_parse_stack_with_get_attribute_kms():
+    from .fixtures.kms_key import template
+
+    template_json = json.dumps(template)
+    stack = FakeStack(
+        stack_id="test_id",
+        name="test_stack",
+        template=template_json,
+        parameters={},
+        region_name='us-west-1')
+
+    stack.output_map.should.have.length_of(1)
+    list(stack.output_map.keys())[0].should.equal('KeyArn')
+    output = list(stack.output_map.values())[0]
+    output.should.be.a(Output)
 
 def test_parse_stack_with_get_availability_zones():
     stack = FakeStack(