Feature Request: Implementation of Additional KMS Endpoint - generate_data_key

[jblacker]

I was looking to see if there is any plan to implement the generate_data_key endpoint for KMS.

I was trying to use moto in stand-alone server mode to mock the behavior of CredStash (JCredStash to be exact), however upon the putSecret() call in my Java code, I was hit with the following traceback in my logs ending with

File "/usr/local/lib/python3.6/site-packages/moto/core/responses.py", line 295, in call_action
    "The {0} action has not been implemented".format(action))
NotImplementedError: The generate_data_key action has not been implemented

Many other endpoints needed to simulate a local usage of CredStash are available though moto, but we need 3 more to get it working:

• generate_data_key
• ~encrypt~
• ~decrypt~

~Obviously these don't need to be actually secure since we're just mocking, but it would be extremely helpful to get these up and running. I don't know if it would be best to just encrypt / decrypt with whatever key is in the store already, or ignore encryption all together and just return the same values that were provided like an echo server for the encrypt/decrypt endpoints.~ Turns out that these are implemented, but the documentation wasn't updated.

I'm willing to take a stab at it myself, but to be frank KMS is still a magic service to me and I'm not quite sure how it works in order to implement mock endpoints that provides anything worthwhile to the masses.

[kyleaolson]

Any update on this? #1555 looks to be stale and I'm also seeing a more recent #2071 out there. Anything I can do to help?

[jblacker]

@kyleaolson I was never able to get the tests to pass since I had a screwed up environment and it was my first time writing non-trivial Python code. #2071 would be a way better candidate than my stale PR at this point.

[terricain]

I'll have a look at merging the conflicts this week.

[terricain]

2071 merged