Add support for KMS key rotation operations

This adds support for the following KMS endpoints: * EnableKeyRotation * DisableKeyRotation * GetKeyRotationStatus Signed-off-by: Jesse Szwedko <jesse.szwedko@getbraintree.com>
2015-11-24 23:44:55 +00:00 · 2015-11-24 23:44:55 +00:00 · f1566cecf4
commit f1566cecf4
parent 32dd72f6b7
3 changed files with 122 additions and 0 deletions
--- a/moto/kms/models.py
+++ b/moto/kms/models.py
@ -15,6 +15,7 @@ class Key(object):
        self.enabled = True
        self.region = region
        self.account_id = "0123456789012"
+        self.key_rotation_status = False

    @property
    def arn(self):
@ -68,6 +69,16 @@ class KmsBackend(BaseBackend):
    def get_all_aliases(self):
        return self.key_to_aliases

+    def enable_key_rotation(self, key_id):
+        self.keys[key_id].key_rotation_status = True
+
+    def disable_key_rotation(self, key_id):
+        self.keys[key_id].key_rotation_status = False
+
+    def get_key_rotation_status(self, key_id):
+        return self.keys[key_id].key_rotation_status
+
+
 kms_backends = {}
 for region in boto.kms.regions():
    kms_backends[region.name] = KmsBackend()
--- a/moto/kms/responses.py
+++ b/moto/kms/responses.py
@ -136,3 +136,41 @@ class KmsResponse(BaseResponse):
            'Truncated': False,
            'Aliases': response_aliases,
        })
+
+    def enable_key_rotation(self):
+        key_id = self.parameters.get('KeyId')
+        _assert_valid_key_id(key_id)
+        try:
+            self.kms_backend.enable_key_rotation(key_id)
+        except KeyError:
+            raise JSONResponseError(404, 'Not Found', body={
+                'message': "Key 'arn:aws:kms:{region}:012345678912:key/{key_id}' does not exist".format(region=self.region,key_id=key_id),
+                '__type': 'NotFoundException'})
+
+        return json.dumps(None)
+
+    def disable_key_rotation(self):
+        key_id = self.parameters.get('KeyId')
+        _assert_valid_key_id(key_id)
+        try:
+            self.kms_backend.disable_key_rotation(key_id)
+        except KeyError:
+            raise JSONResponseError(404, 'Not Found', body={
+                'message': "Key 'arn:aws:kms:{region}:012345678912:key/{key_id}' does not exist".format(region=self.region,key_id=key_id),
+                '__type': 'NotFoundException'})
+        return json.dumps(None)
+
+    def get_key_rotation_status(self):
+        key_id = self.parameters.get('KeyId')
+        _assert_valid_key_id(key_id)
+        try:
+            rotation_enabled = self.kms_backend.get_key_rotation_status(key_id)
+        except KeyError:
+            raise JSONResponseError(404, 'Not Found', body={
+                'message': "Key 'arn:aws:kms:{region}:012345678912:key/{key_id}' does not exist".format(region=self.region,key_id=key_id),
+                '__type': 'NotFoundException'})
+        return json.dumps({'KeyRotationEnabled': rotation_enabled})
+
+def _assert_valid_key_id(key_id):
+    if not re.match(r'^[A-F0-9]{8}-[A-F0-9]{4}-[A-F0-9]{4}-[A-F0-9]{4}-[A-F0-9]{12}$', key_id, re.IGNORECASE):
+        raise JSONResponseError(404, 'Not Found', body={'message': ' Invalid keyId', '__type': 'NotFoundException'})