Skip to content
This repository has been archived by the owner on Sep 9, 2022. It is now read-only.

Commit

Permalink
Merge pull request #363 from dtan4/ignore-external-key
Browse files Browse the repository at this point in the history 
Ignore external key
  • Loading branch information
@dtan4
dtan4 authored Sep 18, 2017
2 parents 5e934a1 + f04432c commit a7a9367
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 8 deletions.
4 changes: 4 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -349,6 +349,10 @@ terraforming help | grep terraforming | grep -v help | awk '{print "terraforming
find . -type f -name '*.tf' | xargs wc -l | grep ' 1 .'
```
### Caveats
- `terraforming kmsk` does not export EXTERNAL origin key, bacause Terraform does not support it.
## Run as Docker container [![Docker Repository on Quay.io](https://quay.io/repository/dtan4/terraforming/status "Docker Repository on Quay.io")](https://quay.io/repository/dtan4/terraforming)
Terraforming Docker Image is available at [quay.io/dtan4/terraforming](https://quay.io/repository/dtan4/terraforming) and developed at [dtan4/dockerfile-terraforming](https://github.com/dtan4/dockerfile-terraforming).
Expand Down
1 change: 1 addition & 0 deletions lib/terraforming/resource/kms_key.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ def keys
.reject { |key| managed_master_key?(key) }
.map { |key| @client.describe_key(key_id: key.key_id) }
.map(&:key_metadata)
.reject { |metadata| metadata.origin == "EXTERNAL" } # external origin key is not supoprted by Terraform
end

def key_policy_of(key)
Expand Down
25 changes: 17 additions & 8 deletions spec/lib/terraforming/resource/kms_key_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,10 @@ module Resource
key_id: "12ab34cd-56ef-12ab-34cd-12ab34cd56ef",
key_arn: "arn:aws:kms:ap-northeast-1:123456789012:key/12ab34cd-56ef-12ab-34cd-12ab34cd56ef",
},
{
key_id: "ab12cd34-ef56-ab12-cd34-ab12cd34ef56",
key_arn: "arn:aws:kms:ap-northeast-1:123456789012:key/ab12cd34-ef56-ab12-cd34-ab12cd34ef56",
},
]
end

Expand Down Expand Up @@ -56,18 +60,18 @@ module Resource
}
end

let(:piyo_key) do
let(:foobar_key) do
{
key_metadata: {
aws_account_id: "123456789012",
key_id: "12ab34cd-56ef-12ab-34cd-12ab34cd56ef",
arn: "arn:aws:kms:ap-northeast-1:123456789012:key/12ab34cd-56ef-12ab-34cd-12ab34cd56ef",
creation_date: Time.new("2016-09-09 12:34:56 +0900"),
key_id: "ab12cd34-ef56-ab12-cd34-ab12cd34ef56",
arn: "arn:aws:kms:ap-northeast-1:123456789012:key/ab12cd34-ef56-ab12-cd34-ab12cd34ef56",
creation_date: Time.new("2017-09-09 12:34:56 +0900"),
enabled: true,
description: "Default master key that protects my ACM private keys when no other key is defined",
description: "Default master key that protects my ACM private keys when no other key is foobar",
key_usage: "ENCRYPT_DECRYPT",
key_state: "Enabled",
origin: "AWS_KMS",
key_state: "PendingImport",
origin: "EXTERNAL",
},
}
end
Expand All @@ -89,6 +93,11 @@ module Resource
alias_arn: "arn:aws:kms:ap-northeast-1:123456789012:alias/fuga",
target_key_id: "abcd1234-ab12-cd34-ef56-abcdef123456"
},
{
alias_name: "alias/foobar",
alias_arn: "arn:aws:kms:ap-northeast-1:123456789012:alias/foobar",
target_key_id: "ab12cd34-ef56-ab12-cd34-ab12cd34ef56"
},
]
end

Expand Down Expand Up @@ -186,7 +195,7 @@ module Resource
before do
client.stub_responses(:list_keys, keys: keys)
client.stub_responses(:list_aliases, aliases: aliases)
client.stub_responses(:describe_key, [hoge_key, fuga_key, piyo_key])
client.stub_responses(:describe_key, [hoge_key, fuga_key, foobar_key])
client.stub_responses(:list_key_policies, [hoge_policies, fuga_policies])
client.stub_responses(:get_key_policy, [hoge_policy, fuga_policy])
client.stub_responses(:get_key_rotation_status, [hoge_key_rotation_status, fuga_key_rotation_status])
Expand Down

0 comments on commit a7a9367

Please sign in to comment.