remove 'key-' prefix from kms key aliases

uc-cdis · Jan 28, 2025 · 38986e2 · 38986e2
1 parent 71e4867
commit 38986e2
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 5 deletions.
diff --git a/gen3workflow/aws_utils.py b/gen3workflow/aws_utils.py
@@ -50,7 +50,7 @@ def get_existing_kms_key_for_bucket(bucket_name):
     Returns:
         Tuple (str, str or None): KMS key alias, and KMS key ARN if the key exists, None otherwise
     """
-    kms_key_alias = f"alias/key-{bucket_name}"
+    kms_key_alias = f"alias/{bucket_name}"
     try:
         output = kms_client.describe_key(KeyId=kms_key_alias)
         return kms_key_alias, output["KeyMetadata"]["Arn"]

diff --git a/tests/test_misc.py b/tests/test_misc.py
@@ -63,9 +63,7 @@ async def test_storage_info(client, access_token_patcher, mock_aws_services):
     }
 
     # check that the bucket is setup with KMS encryption
-    kms_key = aws_utils.kms_client.describe_key(
-        KeyId=f"alias/key-{expected_bucket_name}"
-    )
+    kms_key = aws_utils.kms_client.describe_key(KeyId=f"alias/{expected_bucket_name}")
     kms_key_arn = kms_key["KeyMetadata"]["Arn"]
     bucket_encryption = aws_utils.s3_client.get_bucket_encryption(
         Bucket=expected_bucket_name
@@ -164,7 +162,7 @@ async def test_bucket_enforces_encryption(
     # in `moto.mock_aws`. This test works well when ran against the real AWS.
     # Against the real AWS, the 2 calls above also raise `AccessDenied` instead of `Forbidden`.
 
-    # authorized_kms_key_arn = aws_utils.kms_client.describe_key(KeyId=f"alias/key-{storage_info['bucket']}")["KeyMetadata"]["Arn"]
+    # authorized_kms_key_arn = aws_utils.kms_client.describe_key(KeyId=f"alias/{storage_info['bucket']}")["KeyMetadata"]["Arn"]
     # aws_utils.s3_client.put_object(
     #     Bucket=storage_info["bucket"],
     #     Key="test-file.txt",