def test_kms_create_key_eventual_consistency_failure(self, patched_time_sleep):
"""
Validate that create_key call fails after 5 MalformedPolicyDocumentException's.
"""
self.mock_kms.create_key.side_effect = self.malformed_policy_client_error
with self.assertRaises(SystemExit) as error:
ef_generate.conditionally_create_kms_key(self.service_name, self.service_type)
self.assertEquals(error.exception.code, 1)
def test_not_kms_service_type(self):
"""
Validates that a key/alias is not created for unsupported service types
"""
self.service_type = "invalid_service"
ef_generate.conditionally_create_kms_key(self.service_name, self.service_type)
self.mock_kms.describe_key.assert_not_called()
self.mock_kms.create_key.assert_not_called()
self.mock_kms.create_alias.assert_not_called()
def test_kms_key_already_exists(self):
"""
Check that when an existing key is found the create key/alias methods are not called.
"""
self.mock_kms.describe_key.side_effect = None
self.mock_kms.describe_key.return_value = Mock()
ef_generate.conditionally_create_kms_key(self.service_name, self.service_type)
self.mock_kms.create_key.assert_not_called()
self.mock_kms.create_alias.assert_not_called()
def test_create_kms_key(self):
"""
Check that when an existing key is not found that the create key/alias methods are called with the correct
parameters.
"""
ef_generate.conditionally_create_kms_key(self.service_name, self.service_type)
self.mock_kms.create_key.assert_called()
self.mock_kms.create_alias.assert_called_with(
AliasName='alias/{}'.format(self.service_name),
TargetKeyId='1234'
)
def test_kms_service_type_fixture(self):
"""
Verify that a KMS key is created when of service_type "aws_fixture"
"""
self.service_type = "aws_fixture"
ef_generate.conditionally_create_kms_key(self.service_name, self.service_type)
self.mock_kms.create_key.assert_called()
self.mock_kms.create_alias.assert_called_with(
AliasName='alias/{}'.format(self.service_name),
TargetKeyId='1234'
)
def test_create_kms_key_subservice(self):
"""
Verify that subservices (formatted as service-name.subservice in the service registry) are created using an
underscore in place of a period for the key alias.
"""
subservice = self.service_name + ".subservice"
ef_generate.conditionally_create_kms_key(subservice, self.service_type)
self.mock_kms.create_key.assert_called()
self.mock_kms.create_alias.assert_called_with(
AliasName='alias/{}'.format(self.service_name + "_subservice"),
TargetKeyId='1234'
)
def test_kms_eventual_consistency_resilience(self, patched_time_sleep):
"""
Validate that conditionally_create_kms_key will account for aws eventual consistency when attempting to
reference a newly created ec2 role. Providing three exceptions and then success.
"""
self.mock_kms.create_key.side_effect = [
self.malformed_policy_client_error,
self.malformed_policy_client_error,
self.malformed_policy_client_error,
{"KeyMetadata": {"KeyId": "1234"}}
]
ef_generate.conditionally_create_kms_key(self.service_name, self.service_type)
self.mock_kms.create_alias.assert_called_with(
AliasName='alias/{}'.format(self.service_name),
TargetKeyId='1234'
)