def setup(self):
self.kms_mocker = mock_kms()
self.kms_mocker.start()
setup_mock_kms(REGION, KMS_ALIAS)
self._plaintext_payload = 'plaintext credentials'
self._credentials = Credentials(self._plaintext_payload,
is_encrypted=False)
def setUp(self):
self.plain = "my secret"
with mock_kms():
kms = boto3.client("kms", region_name="us-east-1")
self.secret = kms.encrypt(
KeyId="alias/stacker",
Plaintext=self.plain.encode("base64"))["CiphertextBlob"]
def _handle_kms_key(resources):
from moto import mock_kms
kms = mock_kms()
def before():
kms.start()
for resource_definition in resources:
params = _get_property(
resource_definition["Properties"], ("Description", "KeyUsage", "Tags")
)
if "KeyPolicy" in resource_definition["Properties"]:
params["Policy"] = resource_definition["Properties"]["KeyPolicy"]
if "KeySpec" in resource_definition["Properties"]:
params["CustomerMasterKeySpec"] = resource_definition["Properties"][
"KeySpec"
]
boto3.client("kms").create_key(**params)
def after():
kms.stop()
return before, after
def test_kms_handler_with_region(self):
region = "us-east-1"
value = "%s@%s" % (region, self.secret)
print value
with mock_kms():
decrypted = handler(value)
self.assertEqual(decrypted, self.plain)
def setUp(self):
self.plain = b"my secret"
with mock_kms():
kms = boto3.client("kms", region_name="us-east-1")
self.secret = kms.encrypt(
KeyId="alias/stacker",
Plaintext=codecs.encode(self.plain, 'base64').decode('utf-8'),
)["CiphertextBlob"]
if isinstance(self.secret, bytes):
self.secret = self.secret.decode()
def setUp(self):
self.plain = b"my secret"
with mock_kms():
kms = boto3.client("kms", region_name="us-east-1")
self.secret = kms.encrypt(
KeyId="alias/stacker",
Plaintext=codecs.encode(self.plain, 'base64').decode('utf-8'),
)["CiphertextBlob"]
if isinstance(self.secret, bytes):
self.secret = self.secret.decode()
def setup(self):
self.kms_mocker = mock_kms()
self.kms_mocker.start()
setup_mock_kms(REGION, KMS_ALIAS)
self._plaintext_payload = 'plaintext credentials'
self._encrypted_payload = encrypt_with_kms(self._plaintext_payload,
REGION, KMS_ALIAS)
self._credentials = Credentials(self._encrypted_payload,
is_encrypted=True,
region=REGION)
def setup(self):
"""Setup before each method"""
self._mock_s3 = mock_s3()
self._mock_s3.start()
self._mock_kms = mock_kms()
self._mock_kms.start()
self._dispatcher = PagerDutyOutput(REGION, ACCOUNT_ID, FUNCTION_NAME, None)
remove_temp_secrets()
output_name = self._dispatcher.output_cred_name(self.DESCRIPTOR)
put_mock_creds(output_name, self.CREDS, self._dispatcher.secrets_bucket, REGION, KMS_ALIAS)
def setup(self):
"""Setup before each method"""
self._mock_s3 = mock_s3()
self._mock_s3.start()
self._mock_kms = mock_kms()
self._mock_kms.start()
self._dispatcher = SlackOutput(None)
remove_temp_secrets()
output_name = self._dispatcher.output_cred_name(self.DESCRIPTOR)
put_mock_creds(output_name, self.CREDS, self._dispatcher.secrets_bucket, REGION, KMS_ALIAS)
def setup(self):
"""Setup before each method"""
self._mock_s3 = mock_s3()
self._mock_s3.start()
self._mock_kms = mock_kms()
self._mock_kms.start()
self._dispatcher = PagerDutyIncidentOutput(None)
self._dispatcher._base_url = self.CREDS['api']
remove_temp_secrets()
output_name = self._dispatcher.output_cred_name(self.DESCRIPTOR)
put_mock_creds(output_name, self.CREDS, self._dispatcher.secrets_bucket, REGION, KMS_ALIAS)
def setUp(self):
with warnings.catch_warnings():
warnings.filterwarnings("ignore", category=DeprecationWarning)
self.mock = mock_kms()
self.mock.start()
region = "us-east-1"
current_account_id = "123456789012"
self.client = get_boto3_client(profile=None,
service="kms",
region=region)
self.key_id = self.client.create_key()["KeyMetadata"]["KeyId"]
self.client.create_alias(AliasName=MY_RESOURCE,
TargetKeyId=self.key_id)
self.example = KmsKey(name=MY_RESOURCE,
region=region,
client=self.client,
current_account_id=current_account_id)
self.keys = KmsKeys(client=self.client,
current_account_id=current_account_id,
region=region)
def mocked_env():
os.environ["SCUMBLR_URL"] = SCUMBLR_URL
os.environ["SCUMBLR_CERT_PATH"] = '.'
with mock_kms():
client = boto3.client('kms')
os.environ["WEBHOOK_SECRET"] = client.encrypt(
KeyId='1234abcd-12ab-34cd-56ef-1234567890ab',
Plaintext=b'bytes')['CiphertextBlob'].decode('utf-8')
os.environ["GITHUB_OAUTH_TOKEN"] = client.encrypt(
KeyId='1234abcd-12ab-34cd-56ef-1234567890ac',
Plaintext=b'bytes')['CiphertextBlob'].decode('utf-8')
os.environ["GITHUB_OAUTH_TOKEN"] = client.encrypt(
KeyId='1234abcd-12ab-34cd-56ef-1234567890ae',
Plaintext=b'bytes')['CiphertextBlob'].decode('utf-8')
os.environ["SCUMBLR_KEY"] = client.encrypt(
KeyId='1234abcd-12ab-34cd-56ef-1234567890af',
Plaintext=b'bytes')['CiphertextBlob'].decode('utf-8')
yield
def __call__(self, *args, **kwargs):
with mock_kms():
super(TestKmsEncryptor, self).__call__(*args, **kwargs)
def kms(aws_credentials):
with mock_kms():
yield boto3.client('kms', region_name='eu-west-2')
def setup(self):
self.kms_mocker = mock_kms()
self.kms_mocker.start()
setup_mock_kms(REGION, KMS_ALIAS)
LocalFileDriver.clear()
self._fs_driver = LocalFileDriver(REGION, 'service')
def test_kms_handler(self):
with mock_kms():
decrypted = handler(self.secret)
print "DECRYPTED: %s" % decrypted
self.assertEqual(decrypted, self.plain)
def test_kms_handler(self):
with mock_kms():
decrypted = KmsLookup.handle(self.secret)
self.assertEqual(decrypted, self.plain)
def apply_moto_mocks():
with mock_cloudformation(), mock_iam(), mock_s3(), mock_lambda(), mock_kms(
):
boto3.setup_default_session()
yield None
def test_kms_handler_with_region(self):
region = "us-east-1"
value = "%s@%s" % (region, self.secret)
with mock_kms():
decrypted = KmsLookup.handle(value)
self.assertEqual(decrypted, self.plain)
def setUp(self):
with warnings.catch_warnings():
warnings.filterwarnings("ignore", category=DeprecationWarning)
self.mock_kms = mock_kms()
self.mock_iam = mock_iam()
self.mock_ecr = mock_ecr()
self.mock_kms.start()
self.mock_ecr.start()
self.mock_iam.start()
self.current_account_id = "123456789012"
# Set up KMS keys in 3 regions
self.ue1_kms_client = get_boto3_client(profile=None,
service="kms",
region="us-east-1")
self.ue2_kms_client = get_boto3_client(profile=None,
service="kms",
region="us-east-2")
self.euw1_kms_client = get_boto3_client(profile=None,
service="kms",
region="eu-west-1")
region = "us-east-1"
self.iam_client = get_boto3_client(profile=None,
service="iam",
region=region)
# self.iam_client = get_boto3_client(profile=None, service="iam", region="us-east-1")
self.uw1_ecr_client = get_boto3_client(profile=None,
service="ecr",
region="us-west-1")
# Get the ARNs so you can test them later
self.ue1_key_arn = self.ue1_kms_client.create_key(
)["KeyMetadata"]["Arn"]
self.ue2_key_arn = self.ue2_kms_client.create_key(
)["KeyMetadata"]["Arn"]
self.euw1_key_arn = self.euw1_kms_client.create_key(
)["KeyMetadata"]["Arn"]
iam_role = self.iam_client.create_role(
RoleName="yolo",
AssumeRolePolicyDocument=json.dumps(
constants.EC2_ASSUME_ROLE_POLICY))
self.iam_role_arn = iam_role["Role"]["Arn"]
self.ecr_arn = self.uw1_ecr_client.create_repository(
repositoryName="alpine")["repository"]["repositoryArn"]
# Create the objects that will store our results
self.service_resources_single_region = ServiceResourcesSingleRegion(
user_provided_service="kms",
region="us-east-1",
current_account_id=self.current_account_id,
profile=None,
cloak=False)
self.service_resources_multi_region = ServiceResourcesMultiRegion(
user_provided_service="kms",
user_provided_region="all",
current_account_id=self.current_account_id,
profile=None,
cloak=False)
# Let's exclude all the services that do not match the ones we specified above.
# That way, we can avoid an issue where moto tries to make API calls it does not support
excluded_services = []
for supported_service in constants.SUPPORTED_AWS_SERVICES:
if supported_service not in ["all", "iam", "ecr", "kms"]:
excluded_services.append(supported_service)
print(f"Excluded services: {excluded_services}")
self.resource_results = ResourceResults(
user_provided_service="all",
user_provided_region="all",
current_account_id=self.current_account_id,
profile=None,
cloak=False,
excluded_names=[],
excluded_services=excluded_services)
def setup(self):
self.kms_mocker = mock_kms()
self.kms_mocker.start()
setup_mock_kms(REGION, KMS_ALIAS)
SpooledTempfileDriver.clear()
self._sp_driver = SpooledTempfileDriver('service', REGION)
def test_kms_handler(self):
with mock_kms():
decrypted = handler(self.secret)
self.assertEqual(decrypted, self.plain)
def setup(self):
self.kms_mocker = mock_kms()
self.kms_mocker.start()
setup_mock_kms(REGION, KMS_ALIAS)
EphemeralUnencryptedDriver.clear()
self._ep_driver = EphemeralUnencryptedDriver('service')
def kms():
with mock_kms():
yield boto3.client('kms')
def test_create_kms_key(self):
with mock_kms():
result = self._use_case.create_kms_key()
assert result
def sh(self):
with moto.mock_kms(), moto.mock_sts():
sh = security_hub_rules.SecurityHubRules(logging)
yield sh
def kms():
with mock_kms():
kms = boto3.client("kms", region_name="us-east-1")
yield kms
