def test_rm_kms_master_keys_where_none_existed(self):
""" test removing a kms master key to an existing tree
that does not have any kms master key yet
"""
tree = {'sops': { 'pgp': [ {'fp': '1022470DE3F0BC54BC6AB62DE05550BC07FB1A0A' } ] } }
rmkms = 'arn:aws:kms:us-east-1:656532927350:key/920abb2e-c2b3-9090-943a-047fa387f3ac+arn:aws:iam::927034868273:role/sops-dev-xyz'
tree = sops.remove_master_keys(tree, rmkms, '')
assert tree['sops']['pgp'][0]['fp'] == '1022470DE3F0BC54BC6AB62DE05550BC07FB1A0A'
assert len(tree['sops']['pgp']) == 1
assert 'kms' not in tree['sops']
def test_rm_pgp_master_keys_where_none_existed(self):
""" test removing a pgp master key to an existing tree
that does not have any pgp master key yet
"""
tree = {'sops': { 'kms': [ {'arn': 'arn:aws:kms:us-east-1:656532927350:key/920aff2e-c5f1-4040-943a-047fa387b27e' } ] } }
rmpgp = 'E60892BB9BD89A69F759A1A0A3D652173B763E8F'
tree = sops.remove_master_keys(tree, '', rmpgp)
assert tree['sops']['kms'][0]['arn'] == 'arn:aws:kms:us-east-1:656532927350:key/920aff2e-c5f1-4040-943a-047fa387b27e'
assert len(tree['sops']['kms']) == 1
assert 'pgp' not in tree['sops']
def test_rm_pgp_master_keys(self):
""" test removing a pgp master key to an existing tree """
tree = {'sops': { 'pgp': [
{'fp': '1022470DE3F0BC54BC6AB62DE05550BC07FB1A0A' },
{'fp': 'E60892BB9BD89A69F759A1A0A3D652173B763E8F' }
] } }
rmpgp = 'E60892BB9BD89A69F759A1A0A3D652173B763E8F'
assert len(tree['sops']['pgp']) == 2
tree = sops.remove_master_keys(tree, '', rmpgp)
assert len(tree['sops']['pgp']) == 1
assert tree['sops']['pgp'][0]['fp'] == '1022470DE3F0BC54BC6AB62DE05550BC07FB1A0A'
def test_rm_kms_master_keys(self):
""" test removing a kms master key to an existing tree """
tree = {'sops': { 'kms': [
{'arn': 'arn:aws:kms:us-east-1:656532927350:key/920aff2e-c5f1-4040-943a-047fa387b27e' },
{'arn': 'arn:aws:kms:us-east-1:656532927350:key/920abb2e-c2b3-9090-943a-047fa387f3ac' }
] } }
rmkms = 'arn:aws:kms:us-east-1:656532927350:key/920abb2e-c2b3-9090-943a-047fa387f3ac+arn:aws:iam::927034868273:role/sops-dev-xyz'
assert len(tree['sops']['kms']) == 2
tree = sops.remove_master_keys(tree, rmkms, '')
assert tree['sops']['kms'][0]['arn'] == 'arn:aws:kms:us-east-1:656532927350:key/920aff2e-c5f1-4040-943a-047fa387b27e'
assert len(tree['sops']['kms']) == 1
def test_rm_kms_master_keys_where_none_existed(self):
""" test removing a kms master key to an existing tree
that does not have any kms master key yet
"""
tree = {
'sops': {
'pgp': [{
'fp': '1022470DE3F0BC54BC6AB62DE05550BC07FB1A0A'
}]
}
}
rmkms = 'arn:aws:kms:us-east-1:656532927350:key/920abb2e-c2b3-9090-943a-047fa387f3ac+arn:aws:iam::927034868273:role/sops-dev-xyz'
tree = sops.remove_master_keys(tree, rmkms, '')
assert tree['sops']['pgp'][0][
'fp'] == '1022470DE3F0BC54BC6AB62DE05550BC07FB1A0A'
assert len(tree['sops']['pgp']) == 1
assert 'kms' not in tree['sops']
def test_rm_pgp_master_keys(self):
""" test removing a pgp master key to an existing tree """
tree = {
'sops': {
'pgp': [{
'fp': '1022470DE3F0BC54BC6AB62DE05550BC07FB1A0A'
}, {
'fp': 'E60892BB9BD89A69F759A1A0A3D652173B763E8F'
}]
}
}
rmpgp = 'E60892BB9BD89A69F759A1A0A3D652173B763E8F'
assert len(tree['sops']['pgp']) == 2
tree = sops.remove_master_keys(tree, '', rmpgp)
assert len(tree['sops']['pgp']) == 1
assert tree['sops']['pgp'][0][
'fp'] == '1022470DE3F0BC54BC6AB62DE05550BC07FB1A0A'
def test_rm_pgp_master_keys_where_none_existed(self):
""" test removing a pgp master key to an existing tree
that does not have any pgp master key yet
"""
tree = {
'sops': {
'kms': [{
'arn':
'arn:aws:kms:us-east-1:656532927350:key/920aff2e-c5f1-4040-943a-047fa387b27e'
}]
}
}
rmpgp = 'E60892BB9BD89A69F759A1A0A3D652173B763E8F'
tree = sops.remove_master_keys(tree, '', rmpgp)
assert tree['sops']['kms'][0][
'arn'] == 'arn:aws:kms:us-east-1:656532927350:key/920aff2e-c5f1-4040-943a-047fa387b27e'
assert len(tree['sops']['kms']) == 1
assert 'pgp' not in tree['sops']
def test_rm_kms_master_keys(self):
""" test removing a kms master key to an existing tree """
tree = {
'sops': {
'kms': [{
'arn':
'arn:aws:kms:us-east-1:656532927350:key/920aff2e-c5f1-4040-943a-047fa387b27e'
}, {
'arn':
'arn:aws:kms:us-east-1:656532927350:key/920abb2e-c2b3-9090-943a-047fa387f3ac'
}]
}
}
rmkms = 'arn:aws:kms:us-east-1:656532927350:key/920abb2e-c2b3-9090-943a-047fa387f3ac+arn:aws:iam::927034868273:role/sops-dev-xyz'
assert len(tree['sops']['kms']) == 2
tree = sops.remove_master_keys(tree, rmkms, '')
assert tree['sops']['kms'][0][
'arn'] == 'arn:aws:kms:us-east-1:656532927350:key/920aff2e-c5f1-4040-943a-047fa387b27e'
assert len(tree['sops']['kms']) == 1
