def setup(self): self.kms_mocker = mock_kms() self.kms_mocker.start() setup_mock_kms(REGION, KMS_ALIAS) self._plaintext_payload = 'plaintext credentials' self._credentials = Credentials(self._plaintext_payload, is_encrypted=False)
def setUp(self): self.plain = "my secret" with mock_kms(): kms = boto3.client("kms", region_name="us-east-1") self.secret = kms.encrypt( KeyId="alias/stacker", Plaintext=self.plain.encode("base64"))["CiphertextBlob"]
def _handle_kms_key(resources): from moto import mock_kms kms = mock_kms() def before(): kms.start() for resource_definition in resources: params = _get_property( resource_definition["Properties"], ("Description", "KeyUsage", "Tags") ) if "KeyPolicy" in resource_definition["Properties"]: params["Policy"] = resource_definition["Properties"]["KeyPolicy"] if "KeySpec" in resource_definition["Properties"]: params["CustomerMasterKeySpec"] = resource_definition["Properties"][ "KeySpec" ] boto3.client("kms").create_key(**params) def after(): kms.stop() return before, after
def test_kms_handler_with_region(self): region = "us-east-1" value = "%s@%s" % (region, self.secret) print value with mock_kms(): decrypted = handler(value) self.assertEqual(decrypted, self.plain)
def setUp(self): self.plain = b"my secret" with mock_kms(): kms = boto3.client("kms", region_name="us-east-1") self.secret = kms.encrypt( KeyId="alias/stacker", Plaintext=codecs.encode(self.plain, 'base64').decode('utf-8'), )["CiphertextBlob"] if isinstance(self.secret, bytes): self.secret = self.secret.decode()
def setup(self): self.kms_mocker = mock_kms() self.kms_mocker.start() setup_mock_kms(REGION, KMS_ALIAS) self._plaintext_payload = 'plaintext credentials' self._encrypted_payload = encrypt_with_kms(self._plaintext_payload, REGION, KMS_ALIAS) self._credentials = Credentials(self._encrypted_payload, is_encrypted=True, region=REGION)
def setup(self): """Setup before each method""" self._mock_s3 = mock_s3() self._mock_s3.start() self._mock_kms = mock_kms() self._mock_kms.start() self._dispatcher = PagerDutyOutput(REGION, ACCOUNT_ID, FUNCTION_NAME, None) remove_temp_secrets() output_name = self._dispatcher.output_cred_name(self.DESCRIPTOR) put_mock_creds(output_name, self.CREDS, self._dispatcher.secrets_bucket, REGION, KMS_ALIAS)
def setup(self): """Setup before each method""" self._mock_s3 = mock_s3() self._mock_s3.start() self._mock_kms = mock_kms() self._mock_kms.start() self._dispatcher = SlackOutput(None) remove_temp_secrets() output_name = self._dispatcher.output_cred_name(self.DESCRIPTOR) put_mock_creds(output_name, self.CREDS, self._dispatcher.secrets_bucket, REGION, KMS_ALIAS)
def setup(self): """Setup before each method""" self._mock_s3 = mock_s3() self._mock_s3.start() self._mock_kms = mock_kms() self._mock_kms.start() self._dispatcher = PagerDutyIncidentOutput(None) self._dispatcher._base_url = self.CREDS['api'] remove_temp_secrets() output_name = self._dispatcher.output_cred_name(self.DESCRIPTOR) put_mock_creds(output_name, self.CREDS, self._dispatcher.secrets_bucket, REGION, KMS_ALIAS)
def setUp(self): with warnings.catch_warnings(): warnings.filterwarnings("ignore", category=DeprecationWarning) self.mock = mock_kms() self.mock.start() region = "us-east-1" current_account_id = "123456789012" self.client = get_boto3_client(profile=None, service="kms", region=region) self.key_id = self.client.create_key()["KeyMetadata"]["KeyId"] self.client.create_alias(AliasName=MY_RESOURCE, TargetKeyId=self.key_id) self.example = KmsKey(name=MY_RESOURCE, region=region, client=self.client, current_account_id=current_account_id) self.keys = KmsKeys(client=self.client, current_account_id=current_account_id, region=region)
def mocked_env(): os.environ["SCUMBLR_URL"] = SCUMBLR_URL os.environ["SCUMBLR_CERT_PATH"] = '.' with mock_kms(): client = boto3.client('kms') os.environ["WEBHOOK_SECRET"] = client.encrypt( KeyId='1234abcd-12ab-34cd-56ef-1234567890ab', Plaintext=b'bytes')['CiphertextBlob'].decode('utf-8') os.environ["GITHUB_OAUTH_TOKEN"] = client.encrypt( KeyId='1234abcd-12ab-34cd-56ef-1234567890ac', Plaintext=b'bytes')['CiphertextBlob'].decode('utf-8') os.environ["GITHUB_OAUTH_TOKEN"] = client.encrypt( KeyId='1234abcd-12ab-34cd-56ef-1234567890ae', Plaintext=b'bytes')['CiphertextBlob'].decode('utf-8') os.environ["SCUMBLR_KEY"] = client.encrypt( KeyId='1234abcd-12ab-34cd-56ef-1234567890af', Plaintext=b'bytes')['CiphertextBlob'].decode('utf-8') yield
def __call__(self, *args, **kwargs): with mock_kms(): super(TestKmsEncryptor, self).__call__(*args, **kwargs)
def kms(aws_credentials): with mock_kms(): yield boto3.client('kms', region_name='eu-west-2')
def setup(self): self.kms_mocker = mock_kms() self.kms_mocker.start() setup_mock_kms(REGION, KMS_ALIAS) LocalFileDriver.clear() self._fs_driver = LocalFileDriver(REGION, 'service')
def test_kms_handler(self): with mock_kms(): decrypted = handler(self.secret) print "DECRYPTED: %s" % decrypted self.assertEqual(decrypted, self.plain)
def test_kms_handler(self): with mock_kms(): decrypted = KmsLookup.handle(self.secret) self.assertEqual(decrypted, self.plain)
def apply_moto_mocks(): with mock_cloudformation(), mock_iam(), mock_s3(), mock_lambda(), mock_kms( ): boto3.setup_default_session() yield None
def test_kms_handler_with_region(self): region = "us-east-1" value = "%s@%s" % (region, self.secret) with mock_kms(): decrypted = KmsLookup.handle(value) self.assertEqual(decrypted, self.plain)
def setUp(self): with warnings.catch_warnings(): warnings.filterwarnings("ignore", category=DeprecationWarning) self.mock_kms = mock_kms() self.mock_iam = mock_iam() self.mock_ecr = mock_ecr() self.mock_kms.start() self.mock_ecr.start() self.mock_iam.start() self.current_account_id = "123456789012" # Set up KMS keys in 3 regions self.ue1_kms_client = get_boto3_client(profile=None, service="kms", region="us-east-1") self.ue2_kms_client = get_boto3_client(profile=None, service="kms", region="us-east-2") self.euw1_kms_client = get_boto3_client(profile=None, service="kms", region="eu-west-1") region = "us-east-1" self.iam_client = get_boto3_client(profile=None, service="iam", region=region) # self.iam_client = get_boto3_client(profile=None, service="iam", region="us-east-1") self.uw1_ecr_client = get_boto3_client(profile=None, service="ecr", region="us-west-1") # Get the ARNs so you can test them later self.ue1_key_arn = self.ue1_kms_client.create_key( )["KeyMetadata"]["Arn"] self.ue2_key_arn = self.ue2_kms_client.create_key( )["KeyMetadata"]["Arn"] self.euw1_key_arn = self.euw1_kms_client.create_key( )["KeyMetadata"]["Arn"] iam_role = self.iam_client.create_role( RoleName="yolo", AssumeRolePolicyDocument=json.dumps( constants.EC2_ASSUME_ROLE_POLICY)) self.iam_role_arn = iam_role["Role"]["Arn"] self.ecr_arn = self.uw1_ecr_client.create_repository( repositoryName="alpine")["repository"]["repositoryArn"] # Create the objects that will store our results self.service_resources_single_region = ServiceResourcesSingleRegion( user_provided_service="kms", region="us-east-1", current_account_id=self.current_account_id, profile=None, cloak=False) self.service_resources_multi_region = ServiceResourcesMultiRegion( user_provided_service="kms", user_provided_region="all", current_account_id=self.current_account_id, profile=None, cloak=False) # Let's exclude all the services that do not match the ones we specified above. # That way, we can avoid an issue where moto tries to make API calls it does not support excluded_services = [] for supported_service in constants.SUPPORTED_AWS_SERVICES: if supported_service not in ["all", "iam", "ecr", "kms"]: excluded_services.append(supported_service) print(f"Excluded services: {excluded_services}") self.resource_results = ResourceResults( user_provided_service="all", user_provided_region="all", current_account_id=self.current_account_id, profile=None, cloak=False, excluded_names=[], excluded_services=excluded_services)
def setup(self): self.kms_mocker = mock_kms() self.kms_mocker.start() setup_mock_kms(REGION, KMS_ALIAS) SpooledTempfileDriver.clear() self._sp_driver = SpooledTempfileDriver('service', REGION)
def test_kms_handler(self): with mock_kms(): decrypted = handler(self.secret) self.assertEqual(decrypted, self.plain)
def setup(self): self.kms_mocker = mock_kms() self.kms_mocker.start() setup_mock_kms(REGION, KMS_ALIAS) EphemeralUnencryptedDriver.clear() self._ep_driver = EphemeralUnencryptedDriver('service')
def kms(): with mock_kms(): yield boto3.client('kms')
def test_create_kms_key(self): with mock_kms(): result = self._use_case.create_kms_key() assert result
def sh(self): with moto.mock_kms(), moto.mock_sts(): sh = security_hub_rules.SecurityHubRules(logging) yield sh
def kms(): with mock_kms(): kms = boto3.client("kms", region_name="us-east-1") yield kms