Merge pull request #33 from cloudfoundry/kms-shared-accounts

AWS Stemcells: only use account sharing...
cloudfoundry · Nov 22, 2023 · edae318 · edae318
2 parents c0619f5 + 24752fb
commit edae318
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 2 deletions.
diff --git a/driver/copy_ami_driver_test.go b/driver/copy_ami_driver_test.go
@@ -90,6 +90,13 @@ func copyAmi(encrypted bool, kmsKeyId string, cb ...func(*ec2.EC2, *ec2.Describe
 		accessibility = resources.PrivateAmiAccessibility
 	}
 
+	var sharedWithAccounts []string
+	if kmsKeyId != "" {
+		sharedWithAccounts = []string{awsAccount}
+	} else {
+		sharedWithAccounts = []string{}
+	}
+
 	amiDriverConfig := resources.AmiDriverConfig{
 		ExistingAmiID:     amiFixtureID,
 		DestinationRegion: destinationRegion,
@@ -100,7 +107,7 @@ func copyAmi(encrypted bool, kmsKeyId string, cb ...func(*ec2.EC2, *ec2.Describe
 			Accessibility:      accessibility,
 			Encrypted:          encrypted,
 			KmsKeyId:           kmsKeyId,
-			SharedWithAccounts: []string{awsAccount},
+			SharedWithAccounts: sharedWithAccounts,
 		},
 	}
 

diff --git a/driver/kms_driver.go b/driver/kms_driver.go
@@ -87,7 +87,10 @@ func (d *SDKKmsDriver) ReplicateKey(driverConfig resources.KmsReplicateKeyDriver
 		d.logger.Printf("Completed ReplicateKey() in %f minutes\n", time.Since(startTime).Minutes())
 	}(createStartTime)
 
-	d.logger.Printf("Replicating kms key: %s\n", driverConfig.KmsKeyId)
+	d.logger.Printf("Replicating kms key: %s from region %s to region %s\n",
+		driverConfig.KmsKeyId,
+		driverConfig.SourceRegion,
+		driverConfig.TargetRegion)
 	_, err := d.createKmsClient(driverConfig.SourceRegion).ReplicateKey(&kms.ReplicateKeyInput{
 		KeyId:         &driverConfig.KmsKeyId,
 		ReplicaRegion: &driverConfig.TargetRegion,