add KMS alias name validation (#7826)

deepak2431 · web-flow · commit d3a21e8aec61 · 2023-03-13T11:10:50.000+01:00
diff --git a/localstack/services/kms/provider.py b/localstack/services/kms/provider.py
@@ -712,6 +712,7 @@ def import_key_material(
     def create_alias(self, context: RequestContext, request: CreateAliasRequest) -> None:
         store = self._get_store(context)
         alias_name = request["AliasName"]
+        validate_alias_name(alias_name)
         if alias_name in store.aliases:
             alias_arn = store.aliases.get(alias_name).metadata["AliasArn"]
             # AWS itself uses AliasArn instead of AliasName in this exception.
diff --git a/tests/integration/test_kms.py b/tests/integration/test_kms.py
@@ -58,6 +58,16 @@ class TestKMS:
     def user_arn(self, sts_client):
         return sts_client.get_caller_identity()["Arn"]
 
+    @pytest.mark.aws_validated
+    def test_create_alias(self, kms_create_alias, kms_create_key, snapshot):
+
+        alias_name = f"{short_uid()}"
+        alias_key_id = kms_create_key()["KeyId"]
+        with pytest.raises(Exception) as e:
+            kms_create_alias(AliasName=alias_name, TargetKeyId=alias_key_id)
+
+        snapshot.match("create_alias", e.value.response)
+
     @pytest.mark.aws_validated
     def test_create_key(self, kms_client_for_region, kms_create_key, sts_client, snapshot):
         region = "us-east-1"
diff --git a/tests/integration/test_kms.snapshot.json b/tests/integration/test_kms.snapshot.json
@@ -389,5 +389,20 @@
         }
       }
     }
+  },
+  "tests/integration/test_kms.py::TestKMS::test_create_alias": {
+    "recorded-date": "11-03-2023, 13:11:50",
+    "recorded-content": {
+      "create_alias": {
+        "Error": {
+          "Code": "ValidationException",
+          "Message": "Alias must start with the prefix \"alias/\". Please see https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html"
+        },
+        "ResponseMetadata": {
+          "HTTPHeaders": {},
+          "HTTPStatusCode": 400
+        }
+      }
+    }
   }
 }
diff --git a/tests/unit/test_kms.py b/tests/unit/test_kms.py
@@ -0,0 +1,9 @@
+import pytest
+
+from localstack.services.kms.models import validate_alias_name
+
+
+def test_alias_name_validator():
+
+    with pytest.raises(Exception):
+        validate_alias_name("test-alias")

Original file line number	Diff line number	Diff line change
`@@ -389,5 +389,20 @@`
`389`	`389`	`}`
`390`	`390`	`}`
`391`	`391`	`}`
	`392`	`+ },`
	`393`	`+ "tests/integration/test_kms.py::TestKMS::test_create_alias": {`
	`394`	`+ "recorded-date": "11-03-2023, 13:11:50",`
	`395`	`+ "recorded-content": {`
	`396`	`+ "create_alias": {`
	`397`	`+ "Error": {`
	`398`	`+ "Code": "ValidationException",`
	`399`	`+ "Message": "Alias must start with the prefix \"alias/\". Please see https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html"`
	`400`	`+ },`
	`401`	`+ "ResponseMetadata": {`
	`402`	`+ "HTTPHeaders": {},`
	`403`	`+ "HTTPStatusCode": 400`
	`404`	`+ }`
	`405`	`+ }`
	`406`	`+ }`
`392`	`407`	`}`
`393`	`408`	`}`