chore(dafny): Test hv1 to hv2 mutation #1461
Conversation
…ws/aws-cryptographic-material-providers-library into rishav/hv-2/M2/addhv1tohv2Test
…ws/aws-cryptographic-material-providers-library into rishav/hv-2/M2/addhv1tohv2Test
This reverts commit e202c04.
| const KmsSrkConfigWest : Types.KMSConfiguration := Types.KMSConfiguration.kmsKeyArn(MrkArnWest) | ||
| const KmsMrkConfigAP : Types.KMSConfiguration := Types.KMSConfiguration.kmsMRKeyArn(MrkArnAP) | ||
| const KmsMrkEC : Types.EncryptionContext := map[UTF8.EncodeAscii("abc") := UTF8.EncodeAscii("123")] | ||
| const RobbieEC : Types.EncryptionContext := map[UTF8.EncodeAscii("Robbie") := UTF8.EncodeAscii("is a dog.")] |
There was a problem hiding this comment.
This did not break any test because this was only used in create keys
| var encryptRes :- expect KMSKeystoreOperations.EncryptKey( | ||
| plainTextTuple, | ||
| HVUtils.SelectKmsEncryptionContextForHv2(terminalBKC), | ||
| item.EncryptionContext[Structure.KMS_FIELD], |
There was a problem hiding this comment.
item will be overwritten with new mutation properties on Structure.ConstructEncryptedHierarchicalKey (line 605). So, using item.* won't work
| expect "type" in item.EncryptionContext, "Decrypt Only item is missing 'type' from EC!!"; | ||
| verifyTerminalProperties(item.EncryptionContext, expectedEncryptionContext, expectedKmsArn); | ||
|
|
||
| // Get branchKeyVersion from storage |
There was a problem hiding this comment.
Keystore returns EC send to KMS (customer send EC without transformation) but storage returns a "actual" EC (with transformation)
rishav-karanjit
changed the title
| include "AdminFixtures.dfy" | ||
| include "Mutations/TestMutationHappyPath.dfy" | ||
|
|
||
| // TODO-HV-2-M2: Move this to ./Mutations |
There was a problem hiding this comment.
Did it in this PR but the Github was showing diff as whole file which makes reviewer's life hard. So, doing this right after this PR.
There was a problem hiding this comment.
yay removing dead code
| HVUtils.SelectKmsEncryptionContextForHv2(terminalBKC), | ||
| item.EncryptionContext[Structure.KMS_FIELD], | ||
| KmsUtils.KmsSymmetricKeyArnToKMSConfiguration(Types.KmsSymmetricKeyArn.KmsKeyArn(item.KmsArn)), | ||
| terminalBKC[Structure.KMS_FIELD], |
There was a problem hiding this comment.
nit: I would move
terminalBKC[Structure.KMS_FIELD] to a variable above
and call it
var terminalBKCKmsArn := terminalBKC[Structure.KMS_FIELD]
2 participants
Issue #, if available:
Description of changes:
Squash/merge commit message, if applicable:
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.