Merge pull request #2758 from brady-gsa/kms-tagging

Kms tagging and untag support
2020-02-22 10:25:43 +00:00 · 2020-02-22 10:25:43 +00:00 · dc9129955b
commit dc9129955b
parent ec3f6bbc6c c162f02091
6 changed files with 136 additions and 29 deletions
--- a/tests/test_events/test_events.py
+++ b/tests/test_events/test_events.py
@ -1,15 +1,15 @@
+from moto.events.models import EventsBackend
+from moto.events import mock_events
 import json
 import random
 import unittest

 import boto3
 from botocore.exceptions import ClientError
+from moto.core.exceptions import JsonRESTError
 from nose.tools import assert_raises

 from moto.core import ACCOUNT_ID
-from moto.core.exceptions import JsonRESTError
-from moto.events import mock_events
-from moto.events.models import EventsBackend

 RULES = [
    {"Name": "test1", "ScheduleExpression": "rate(5 minutes)"},
--- a/tests/test_kms/test_kms.py
+++ b/tests/test_kms/test_kms.py
@ -4,15 +4,17 @@ import base64
 import re

 import boto.kms
+import boto3
 import six
 import sure  # noqa
 from boto.exception import JSONResponseError
 from boto.kms.exceptions import AlreadyExistsException, NotFoundException
 from nose.tools import assert_raises
 from parameterized import parameterized
-
+from moto.core.exceptions import JsonRESTError
+from moto.kms.models import KmsBackend
 from moto.kms.exceptions import NotFoundException as MotoNotFoundException
-from moto import mock_kms_deprecated
+from moto import mock_kms_deprecated, mock_kms

 PLAINTEXT_VECTORS = (
    (b"some encodeable plaintext",),
@ -679,3 +681,77 @@ def test__assert_default_policy():
    _assert_default_policy.when.called_with("default").should_not.throw(
        MotoNotFoundException
    )
+
+
+if six.PY2:
+    sort = sorted
+else:
+    sort = lambda l: sorted(l, key=lambda d: d.keys())
+
+
+@mock_kms
+def test_key_tag_on_create_key_happy():
+    client = boto3.client("kms", region_name="us-east-1")
+
+    tags = [
+        {"TagKey": "key1", "TagValue": "value1"},
+        {"TagKey": "key2", "TagValue": "value2"},
+    ]
+    key = client.create_key(Description="test-key-tagging", Tags=tags)
+    key_id = key["KeyMetadata"]["KeyId"]
+
+    result = client.list_resource_tags(KeyId=key_id)
+    actual = result.get("Tags", [])
+    assert sort(tags) == sort(actual)
+
+    client.untag_resource(KeyId=key_id, TagKeys=["key1"])
+
+    actual = client.list_resource_tags(KeyId=key_id).get("Tags", [])
+    expected = [{"TagKey": "key2", "TagValue": "value2"}]
+    assert sort(expected) == sort(actual)
+
+
+@mock_kms
+def test_key_tag_added_happy():
+    client = boto3.client("kms", region_name="us-east-1")
+
+    key = client.create_key(Description="test-key-tagging")
+    key_id = key["KeyMetadata"]["KeyId"]
+    tags = [
+        {"TagKey": "key1", "TagValue": "value1"},
+        {"TagKey": "key2", "TagValue": "value2"},
+    ]
+    client.tag_resource(KeyId=key_id, Tags=tags)
+
+    result = client.list_resource_tags(KeyId=key_id)
+    actual = result.get("Tags", [])
+    assert sort(tags) == sort(actual)
+
+    client.untag_resource(KeyId=key_id, TagKeys=["key1"])
+
+    actual = client.list_resource_tags(KeyId=key_id).get("Tags", [])
+    expected = [{"TagKey": "key2", "TagValue": "value2"}]
+    assert sort(expected) == sort(actual)
+
+
+@mock_kms_deprecated
+def test_key_tagging_sad():
+    b = KmsBackend()
+
+    try:
+        b.tag_resource("unknown", [])
+        raise "tag_resource should fail if KeyId is not known"
+    except JsonRESTError:
+        pass
+
+    try:
+        b.untag_resource("unknown", [])
+        raise "untag_resource should fail if KeyId is not known"
+    except JsonRESTError:
+        pass
+
+    try:
+        b.list_resource_tags("unknown")
+        raise "list_resource_tags should fail if KeyId is not known"
+    except JsonRESTError:
+        pass
--- a/tests/test_kms/test_utils.py
+++ b/tests/test_kms/test_utils.py
@ -102,7 +102,7 @@ def test_deserialize_ciphertext_blob(raw, serialized):
@parameterized(((ec[0],) for ec in ENCRYPTION_CONTEXT_VECTORS))
 def test_encrypt_decrypt_cycle(encryption_context):
    plaintext = b"some secret plaintext"
-    master_key = Key("nop", "nop", "nop", "nop", [], "nop")
+    master_key = Key("nop", "nop", "nop", "nop", "nop")
    master_key_map = {master_key.id: master_key}

    ciphertext_blob = encrypt(
@ -133,7 +133,7 @@ def test_encrypt_unknown_key_id():


 def test_decrypt_invalid_ciphertext_format():
-    master_key = Key("nop", "nop", "nop", "nop", [], "nop")
+    master_key = Key("nop", "nop", "nop", "nop", "nop")
    master_key_map = {master_key.id: master_key}

    with assert_raises(InvalidCiphertextException):
@ -153,7 +153,7 @@ def test_decrypt_unknwown_key_id():


 def test_decrypt_invalid_ciphertext():
-    master_key = Key("nop", "nop", "nop", "nop", [], "nop")
+    master_key = Key("nop", "nop", "nop", "nop", "nop")
    master_key_map = {master_key.id: master_key}
    ciphertext_blob = (
        master_key.id.encode("utf-8") + b"123456789012"
@ -171,7 +171,7 @@ def test_decrypt_invalid_ciphertext():

 def test_decrypt_invalid_encryption_context():
    plaintext = b"some secret plaintext"
-    master_key = Key("nop", "nop", "nop", "nop", [], "nop")
+    master_key = Key("nop", "nop", "nop", "nop", "nop")
    master_key_map = {master_key.id: master_key}

    ciphertext_blob = encrypt(