Closed lukpueh closed 6 months ago
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 100.00%. Comparing base (
714a29d
) to head (60e7514
). Report is 3 commits behind head on main.
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
AWS_*
ambient settings (environment variables) to RSTUF_AWS_*
in tox.ini so that Dynaconf can pick them up.Update SignerStore to re-export ambient settings as AWS_*
into the isolated environment used by (AWSSigner)
(The PR now includes an unrelated preparatory commit simplify the settings translation: c0c9a4e52668fe2cc816d2925f0165ebc81fe6d1)
Unfortunately, this also means that "0 worker code changes" is no longer fully accurate, but I think that doesn't matter. :)
Now that the important blockers are resolved, I think we can actually treat this as AWS KMS support PR. Let me update the PR title/description and mark this ready for review...
[EDIT 02/14/24: remove poc/draft status]
Add AWS KMS support to SignerStore and test with localstack (
tox -e local-aws-kms
)Change details
Whitelist required ambient settings in SignerStore (see tox.ini for required settings)
Add independent tox environment to init/cleanup localstack, configure ambient AWS KMS credentials, create a test key, and run the test.
Add test to "import" test public key from AWS KMS and configure private key URI - this would typically happen in a key management UI (e.g. RSTUF CLI) - and use
SignerStore.get
to load the signer.Todo
This PR adds a single unit test method, which is ran against a 3rd party service. This doesn't fit into the current test architecture, where 3rd party services are consistently mocked in unit tests, and only included in more comprehensive functional tests.
Please advise how to best test this!
[^1]: ignores preparatory refactor commit and ambient settings whitelist