# frozen_string_literal: true
Aws.config[:kms] = {
stub_responses: {
list_aliases: {
aliases: [
{
alias_arn: 'arn:aws:kms:us-east-1:1234567890:alias/my-kms-key',
alias_name: 'alias/my-kms-key',
target_key_id: 'b9989d41-eeaa-401f-8616-00546948aa92'
},
{
alias_arn: 'arn:aws:kms:us-east-1:1234567890:alias/aws/example',
alias_name: 'alias/aws/example'
}
]
},
describe_key: {
key_metadata: {
key_id: 'b9989d41-eeaa-401f-8616-00546948aa92',
description: '',
enabled: true,
key_usage: 'ENCRYPT_DECRYPT',
key_state: 'Enabled',
creation_date: Time.new(2015, 1, 2, 10, 10, 00, '+00:00'),
arn: 'arn:aws:kms:us-east-1:1234567890:key/b9989d41-eeaa-401f-8616-00546948aa92',
aws_account_id: '1234567890'
}
},
get_key_policy: {
policy: <<-DOC
{
"Version" : "2012-10-17",
"Id" : "key-consolepolicy-2",
"Statement" : [ {
"Sid" : "Enable IAM User Permissions",
"Effect" : "Allow",
"Principal" : {
"AWS" : "arn:aws:iam::1234567890:root"
},
"Action" : "kms:*",
"Resource" : "*"
}, {
"Sid" : "Allow access for Key Administrators",
"Effect" : "Allow",
"Principal" : {
"AWS" : "arn:aws:iam::1234567890:user/test-user"
},
"Action" : [ "kms:Create*", "kms:Describe*", "kms:Enable*", "kms:List*", "kms:Put*", "kms:Update*", "kms:Revoke*", "kms:Disable*", "kms:Get*", "kms:Delete*", "kms:ScheduleKeyDeletion", "kms:CancelKeyDeletion" ],
"Resource" : "*"
}, {
"Sid" : "Allow use of the key",
"Effect" : "Allow",
"Principal" : {
"AWS" : [ "arn:aws:iam::1234567890:user/test-user", "arn:aws:iam::1234567890:role/test-role" ]
},
"Action" : [ "kms:Encrypt", "kms:Decrypt", "kms:ReEncrypt*", "kms:GenerateDataKey*", "kms:DescribeKey" ],
"Resource" : "*"
}, {
"Sid" : "Allow attachment of persistent resources",
"Effect" : "Allow",
"Principal" : {
"AWS" : [ "arn:aws:iam::1234567890:user/test-user", "arn:aws:iam::1234567890:role/test-role" ]
},
"Action" : [ "kms:CreateGrant", "kms:ListGrants", "kms:RevokeGrant" ],
"Resource" : "*",
"Condition" : {
"Bool" : {
"kms:GrantIsForAWSResource" : "true"
}
}
} ]
}
DOC
}
}
}