def get_policy(key: Dict, client: botocore.client.BaseClient) -> Any:
"""
Gets the KMS Key policy. Returns policy string or None if we are unable to retrieve it.
"""
try:
policy = client.get_key_policy(KeyId=key["KeyId"], PolicyName='default')
except ClientError:
policy = None
logger.warning(f"Failed to retrieve Key Policy for key id - {key['KeyId']}, skipping.", exc_info=True)
return policy
def get_policy(key: Dict, client: botocore.client.BaseClient) -> Any:
"""
Gets the KMS Key policy. Returns policy string or None if no policy
"""
try:
policy = client.get_key_policy(KeyId=key["KeyId"],
PolicyName='default')
except ClientError as e:
policy = None
logger.warning(
"Failed to retrieve Key Policy for key id - {}. Error - {}".format(
key["KeyId"], e))
raise
return policy
def get_policy(key: Dict, client: botocore.client.BaseClient) -> Any:
"""
Gets the KMS Key policy. Returns policy string or None if we are unable to retrieve it.
"""
try:
policy = client.get_key_policy(KeyId=key["KeyId"], PolicyName='default')
except ClientError as e:
policy = None
if e.response['Error']['Code'] == 'AccessDeniedException':
logger.warning(
f"kms:get_key_policy on key id {key['KeyId']} failed with AccessDeniedException; continuing sync.",
exc_info=True,
)
else:
raise
return policy