AwsEncryptionSdk.Keyring.KmsClient.Mock (AWS Encryption SDK v0.7.0)
View SourceMock KMS client for testing.
Provides a configurable mock that returns pre-defined responses for KMS operations. Useful for unit testing keyrings without requiring AWS credentials.
Example
# Set up mock with expected responses
{:ok, mock} = Mock.new(%{
{:generate_data_key, "arn:aws:kms:us-east-1:123:key/abc"} => %{
plaintext: <<1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16,
17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32>>,
ciphertext: <<...encrypted...>>,
key_id: "arn:aws:kms:us-east-1:123:key/abc"
},
{:decrypt, "arn:aws:kms:us-east-1:123:key/abc"} => %{
plaintext: <<1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16,
17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32>>,
key_id: "arn:aws:kms:us-east-1:123:key/abc"
}
})
# Use in tests
{:ok, result} = Mock.generate_data_key(mock, "arn:aws:kms:us-east-1:123:key/abc", 32, %{}, [])Summary
Functions
Creates a new mock client with pre-configured responses.
Types
@type response_key() :: {:generate_data_key, AwsEncryptionSdk.Keyring.KmsClient.key_id()} | {:encrypt, AwsEncryptionSdk.Keyring.KmsClient.key_id()} | {:decrypt, AwsEncryptionSdk.Keyring.KmsClient.key_id()}
@type responses() :: %{ optional(response_key()) => AwsEncryptionSdk.Keyring.KmsClient.generate_data_key_result() | AwsEncryptionSdk.Keyring.KmsClient.encrypt_result() | AwsEncryptionSdk.Keyring.KmsClient.decrypt_result() | {:error, AwsEncryptionSdk.Keyring.KmsClient.kms_error()} }
@type t() :: %AwsEncryptionSdk.Keyring.KmsClient.Mock{responses: responses()}
Functions
Creates a new mock client with pre-configured responses.
Parameters
responses- Map of{operation, key_id}to response values
Example
Mock.new(%{
{:generate_data_key, "key-arn"} => %{plaintext: <<...>>, ciphertext: <<...>>, key_id: "key-arn"},
{:decrypt, "key-arn"} => %{plaintext: <<...>>, key_id: "key-arn"},
{:encrypt, "key-arn"} => {:error, {:kms_error, :access_denied, "Access denied"}}
})