diff --git a/CHANGELOG.md b/CHANGELOG.md index ac46845..114bb84 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,10 @@ # Change Log All notable changes to this project will be documented in this file. +## 0.22.0 +### Fixes +- KeyPolicy made optional for KMS Key resource type. + ## 0.21.2 ### Fixes - Add the BypassPolicyLockoutSafetyCheck and Origin fields in the KMS resource diff --git a/pycfmodel/model/resources/kms_key.py b/pycfmodel/model/resources/kms_key.py index 40820c0..86971c5 100644 --- a/pycfmodel/model/resources/kms_key.py +++ b/pycfmodel/model/resources/kms_key.py @@ -28,7 +28,7 @@ class KMSKeyProperties(CustomModel): Description: Optional[ResolvableStr] = None Enabled: Optional[ResolvableBool] = None EnableKeyRotation: Optional[ResolvableBool] = None - KeyPolicy: Resolvable[PolicyDocument] + KeyPolicy: Optional[Resolvable[PolicyDocument]] = None KeySpec: Optional[ResolvableStr] = None KeyUsage: Optional[ResolvableStr] = None MultiRegion: Optional[ResolvableBool] = None diff --git a/setup.py b/setup.py index a65481d..c6711fb 100644 --- a/setup.py +++ b/setup.py @@ -28,7 +28,7 @@ setup( name="pycfmodel", - version="0.21.2", + version="0.22.0", description="A python model for CloudFormation scripts", author="Skyscanner Product Security", author_email="security@skyscanner.net", diff --git a/tests/resources/test_kms_key.py b/tests/resources/test_kms_key.py index 861a77b..44db252 100644 --- a/tests/resources/test_kms_key.py +++ b/tests/resources/test_kms_key.py @@ -63,6 +63,19 @@ def kms_key(): ) +@pytest.fixture() +def kms_key_no_policy(): + return KMSKey( + **{ + "Type": "AWS::KMS::Key", + "Properties": { + "Enabled": True, + "EnableKeyRotation": True, + }, + } + ) + + def test_actions(kms_key): assert [ "kms:CancelKeyDeletion", @@ -168,3 +181,7 @@ def test_kms_policy_documents(kms_key): ), ) ] + + +def test_kms_no_policy(kms_key_no_policy): + assert kms_key_no_policy.Properties.KeyPolicy is None