Merge pull request #130 from Skyscanner/kms_keypolicy_optional

ignaciobolonio · web-flow · commit 4b52ade0da14 · 2024-02-08T17:34:41.000+01:00
KeyPolicy made optional for KMS Key
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,10 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
+## 0.22.0
+### Fixes
+- KeyPolicy made optional for KMS Key resource type.
+
 ## 0.21.2
 ### Fixes
 - Add the BypassPolicyLockoutSafetyCheck and Origin fields in the KMS resource
diff --git a/pycfmodel/model/resources/kms_key.py b/pycfmodel/model/resources/kms_key.py
@@ -28,7 +28,7 @@ class KMSKeyProperties(CustomModel):
     Description: Optional[ResolvableStr] = None
     Enabled: Optional[ResolvableBool] = None
     EnableKeyRotation: Optional[ResolvableBool] = None
-    KeyPolicy: Resolvable[PolicyDocument]
+    KeyPolicy: Optional[Resolvable[PolicyDocument]] = None
     KeySpec: Optional[ResolvableStr] = None
     KeyUsage: Optional[ResolvableStr] = None
     MultiRegion: Optional[ResolvableBool] = None
diff --git a/setup.py b/setup.py
@@ -28,7 +28,7 @@
 
 setup(
     name="pycfmodel",
-    version="0.21.2",
+    version="0.22.0",
     description="A python model for CloudFormation scripts",
     author="Skyscanner Product Security",
     author_email="security@skyscanner.net",
diff --git a/tests/resources/test_kms_key.py b/tests/resources/test_kms_key.py
@@ -63,6 +63,19 @@ def kms_key():
     )
 
 
+@pytest.fixture()
+def kms_key_no_policy():
+    return KMSKey(
+        **{
+            "Type": "AWS::KMS::Key",
+            "Properties": {
+                "Enabled": True,
+                "EnableKeyRotation": True,
+            },
+        }
+    )
+
+
 def test_actions(kms_key):
     assert [
         "kms:CancelKeyDeletion",
@@ -168,3 +181,7 @@ def test_kms_policy_documents(kms_key):
             ),
         )
     ]
+
+
+def test_kms_no_policy(kms_key_no_policy):
+    assert kms_key_no_policy.Properties.KeyPolicy is None
