def test_kms(self):
if "CFPP_RUN_KMS_TESTS" not in os.environ:
return
import boto3
import botocore
output = subprocess.check_output(["cfpp", "-s", "tests",
"tests/kms_test.template"])
parsed = json.loads(output)["Parameters"]
without_context = parsed["EncryptedValue"]["Default"]
with_context = parsed["EncryptedValueWithContext"]["Default"]
kms = boto3.client('kms')
kms.decrypt(CiphertextBlob=base64.b64decode(without_context))
try:
kms.decrypt(CiphertextBlob=with_context)
self.fail("expected KMS to fail due to lack of context")
except botocore.exceptions.ClientError:
pass
kms.decrypt(CiphertextBlob=base64.b64decode(with_context),
EncryptionContext={"ContextKey": "ContextValue"})
评论列表
文章目录
