Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork4.2k
KMS: Add list-key-rotations flag#12853
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
base:main
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Welcome to LocalStack! Thanks for raising your first Pull Request and landing in your contributions. Our team will reach out with any reviews or feedbacks that we have shortly. We recommend joining ourSlack Community and share your PR on the#community channel to share your contributions with us. Please make sure you are following ourcontributing guidelines and ourCode of Conduct.
localstack-bot commentedJul 11, 2025 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
All contributors have signed the CLA ✍️ ✅ |
I have read the CLA Document and I hereby sign the CLA |
6570477 tofd7df95Compare| f"failed to satisfy constraint: Member must satisfy enum value set: [ALL_KEY_MATERIAL, ROTATIONS_ONLY]" | ||
| ) | ||
| if key.metadata["KeySpec"] != KeySpec.SYMMETRIC_DEFAULT: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
As per AWS docs, for asymmetric keys whenIncludeKeyMaterial is not provided we simply return theRotations as empty[].
See here:https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-compare.html#key-type-table
| if include_key_material == IncludeKeyMaterial.ALL_KEY_MATERIAL: | ||
| rotation_history.append(rotation_entry) | ||
| else: # Default ROTATIONS_ONLY | ||
| if rotation.rotation_type in ["AUTOMATIC", "ON_DEMAND"]: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
A KMS key on its creation doesn't have any rotation_type.
| initial_rotation = KeyRotationEntry( | ||
| key_id=self.metadata["Arn"], | ||
| key_material_state="CURRENT", | ||
| key_material_id=long_uid(), # FIXME: a more appropriate KMS output |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Currently relying on uuid, open to suggestions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I'm getting"Truncated": false here. Not entirely sure why it's being included, I do not see it on my awscli output; there is a discrepancy between AWS Docs and AWS CLI.
Removed them manually from this file (I know we're not supposed to manually edit it). Let me know if I should re-add it and make changes on the function's response payload.
Uh oh!
There was an error while loading.Please reload this page.
Motivation
Adding support forListKeyRotations. Mentioned in#12342.
Changes
Implementation oflist-key-rotations feature for keys that may have multiple key materials associated with them.
As per AWS's, list-key-rotation is only allowed for:
TODO
What's left to do: