bug: Cannot CreateGrant with the same name for two different KMS keys #7910
Description
Is there an existing issue for this?
- I have searched the existing issues
Current Behavior
When attempting to CreateGrant on KMS key A, if there is an existing grant with the same name on a different key B, the CreateGrant will return a reference to the already existing grant. Listing grants on key A will show no grants
Expected Behavior
CreateGrant on key A should successfully create a new grant, instead of returning a reference to the existing one
How are you starting LocalStack?
With a docker-compose file
Steps To Reproduce
How are you starting localstack (e.g., bin/localstack command, arguments, or docker-compose.yml)
docker run localstack/localstack
Client commands (e.g., AWS SDK code snippet, or sequence of "awslocal" commands)
@pytest.mark.aws_validated
def test_create_grant_with_same_name_two_keys(self, kms_client, kms_create_key, user_arn):
first_key_id = kms_create_key()["KeyId"]
second_key_id = kms_create_key()["KeyId"]
grant_name = "TestGrantName"
first_grant = kms_client.create_grant(
KeyId=first_key_id,
GranteePrincipal=user_arn,
Name=grant_name,
Operations=["Decrypt", "DescribeKey"],
)
assert "GrantId" in first_grant
assert "GrantToken" in first_grant
second_grant = kms_client.create_grant(
KeyId=second_key_id,
GranteePrincipal=user_arn,
Name=grant_name,
Operations=["Decrypt", "DescribeKey"],
)
assert "GrantId" in second_grant
assert "GrantToken" in second_grant
first_grants_after = kms_client.list_grants(KeyId=first_key_id)["Grants"]
assert len(first_grants_after) == 1
second_grants_after = kms_client.list_grants(KeyId=second_key_id)["Grants"]
assert len(second_grants_after) == 1
Currently the second grants list is empty
Environment
- OS: MacOS
- LocalStack:1.4.0Anything else?
I have a patch prepared to fix this issue already along with unit tests. PR incoming shortly