add disable_key, enable_key, cancel_key_deletion, and schedule_key_deletion actions to KMS endpoint

2018-10-05 15:55:47 -05:00 · 2018-10-05 15:55:47 -05:00 · 60ec840eef
commit 60ec840eef
parent fe9b312fd2
3 changed files with 155 additions and 1 deletions
--- a/moto/kms/models.py
+++ b/moto/kms/models.py
@ -12,11 +12,13 @@ class Key(BaseModel):
        self.id = generate_key_id()
        self.policy = policy
        self.key_usage = key_usage
+        self.key_state = "Enabled"
        self.description = description
        self.enabled = True
        self.region = region
        self.account_id = "0123456789012"
        self.key_rotation_status = False
+        self.deletion_date = None

    @property
    def physical_resource_id(self):
@ -27,7 +29,7 @@ class Key(BaseModel):
        return "arn:aws:kms:{0}:{1}:key/{2}".format(self.region, self.account_id, self.id)

    def to_dict(self):
-        return {
+        key_dict = {
            "KeyMetadata": {
                "AWSAccountId": self.account_id,
                "Arn": self.arn,
@ -36,8 +38,11 @@ class Key(BaseModel):
                "Enabled": self.enabled,
                "KeyId": self.id,
                "KeyUsage": self.key_usage,
+                "KeyState": self.key_state,
            }
        }
+        key_dict['KeyMetadata']['DeletionDate'] = self.deletion_date if self.key_state == 'PendingDeletion'
+        return key_dict

    def delete(self, region_name):
        kms_backends[region_name].delete_key(self.id)
@ -138,6 +143,29 @@ class KmsBackend(BaseBackend):
    def get_key_policy(self, key_id):
        return self.keys[self.get_key_id(key_id)].policy

+    def disable_key(self, key_id):
+        if key_id in self.keys:
+            self.keys[key_id].enabled = False
+            self.keys[key_id].key_state = 'Disabled'
+
+    def enable_key(self, key_id):
+        if key_id in self.keys:
+            self.keys[key_id].enabled = True
+            self.keys[key_id].key_state = 'Enabled'
+
+    def cancel_key_deletion(self, key_id):
+        if key_id in self.keys:
+            self.keys[key_id].key_state = 'Disabled'
+            self.keys[key_id].deletion_date = None
+
+    def schedule_key_deletion(self, key_id, pending_window_in_days=30):
+        if key_id in self.keys:
+            if 7 <= pending_window_in_days <= 30:
+                self.keys[key_id].enabled = False
+                self.keys[key_id].key_state = 'PendingDeletion'
+                self.keys[key_id].deletion_date = datetime.now() + timedelta(days=pending_window_in_days)
+                return self.keys[key_id].deletion_date
+

 kms_backends = {}
 for region in boto.kms.regions():