ARSN-436 Add error handling for KMS key deletion

(cherry picked from commit 2c2c749)
scality · Nov 12, 2024 · 3017b78 · 3017b78
1 parent ba28f66
commit 3017b78
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 0 deletions.
diff --git a/lib/network/kmsAWS/Client.ts b/lib/network/kmsAWS/Client.ts
@@ -121,6 +121,13 @@ export default class Client {
         };
         this.client.scheduleKeyDeletion(params, (err: AWSError, data) => {
             if (err) {
+                if (err.code === 'NotFoundException' || err.code === 'KMSInvalidStateException') {
+                    // master key does not exist or is already pending deletion
+                    logger.info('AWS KMS: key does not exist or is already pending deletion', { masterKeyId, error: err });
+                    cb(null);
+                    return;
+                }
+
                 const error = arsenalErrorAWSKMS(err);
                 logger.error("AWS KMS: failed to delete master encryption key", { err });
                 cb(error);

diff --git a/tests/functional/kmsAWS/highlevel.spec.js b/tests/functional/kmsAWS/highlevel.spec.js
@@ -4,6 +4,7 @@ const Client = require('../../../lib/network/kmsAWS/Client').default;
 
 describe('KmsAWSClient', () => {
     const logger = {
+        info: () => {},
         debug: () => {},
         error: () => {},
     };
@@ -165,6 +166,32 @@ describe('KmsAWSClient', () => {
         });
     });
 
+    it('should handle NotFoundException when deleting master key', done => {
+        const mockError = new Error('NotFoundException');
+        mockError.code = 'NotFoundException';
+
+        scheduleKeyDeletionStub.yields(mockError, null);
+
+        client.deleteMasterKey('mock-key-id', logger, err => {
+            assert.ifError(err);
+            assert(scheduleKeyDeletionStub.calledOnce);
+            done();
+        });
+    });
+
+    it('should handle KMSInvalidStateException when deleting master key', done => {
+        const mockError = new Error('KMSInvalidStateException');
+        mockError.code = 'KMSInvalidStateException';
+
+        scheduleKeyDeletionStub.yields(mockError, null);
+
+        client.deleteMasterKey('mock-key-id', logger, err => {
+            assert.ifError(err);
+            assert(scheduleKeyDeletionStub.calledOnce);
+            done();
+        });
+    });
+
     it('should generate a data key for ciphering', done => {
         const mockResponse = {
             Plaintext: Buffer.from('plaintext'),