Skip to content

bug: kms create-key with tags don't appear in resourcegrouptagging API #11922

New issue
New issue
Closed
Closed
bug: kms create-key with tags don't appear in resourcegrouptagging API#11922
Labels
aws:kmsAWS Key Management Servicestatus: backlogTriaged but not yet being worked onstatus: resolved/staleClosed due to stalenesstype: bugBug report
@jvilhuber

Description

@jvilhuber
jvilhuber
opened on Nov 25, 2024

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

I ran the command

aws --endpoint-url=http://localhost:4566 kms create-key --key-spec RSA_2048 --tags '[{"TagKey":"source","TagValue":"key-management-service"}, {"TagKey": "keyId", "TagValue": "deadbeef"}, {"TagKey": "label", "TagValue": "testkey"}]' --description "Key generated by key-management-service" --key-usage=SIGN_VERIFY

I can see the key with

aws --endpoint-url=http://localhost:4566 kms list-keys

output:

{
    "Keys": [
        {
            "KeyId": "5f17ba09-6c11-47b1-9680-a340d17b2810",
            "KeyArn": "arn:aws:kms:us-west-2:000000000000:key/5f17ba09-6c11-47b1-9680-a340d17b2810"
        }
    ]
}

But I can't find them with the resourcegroupstaggingapi:

aws --endpoint-url=http://localhost:4566 resourcegroupstaggingapi get-resources --resource-type-filters "kms:key" --tag-filters Key=source,Values=key-management-service

Output:

{
    "ResourceTagMappingList": []
}

In AWS itself, I do get this result:

$ aws resourcegroupstaggingapi get-resources --resource-type-filters "kms:key" --tag-filters Key=source,Values=key-management-service
{
    "ResourceTagMappingList": [
        {
            "ResourceARN": "arn:aws:kms:us-east-1:123456789:key/ced8cd91-4dc8-4dd3-9684-6ddf81cb0aa9",
            "Tags": [
                {
                    "Key": "keyId",
                    "Value": "deadbeef"
                },
                {
                    "Key": "label",
                    "Value": "testkey"
                },
                {
                    "Key": "source",
                    "Value": "key-management-service"
                }
            ]
        },....

Expected Behavior

As far as I understand the resourcegroupstaggingapi, I should be able to get the ARNs of the KMS key with the filters above.

How are you starting LocalStack?

Custom (please describe below)

Steps To Reproduce

I launched localstack with the helm chart via tilt.

load('ext://helm_remote', 'helm_remote')
helm_remote('localstack', repo_url='https://helm.localstack.cloud', set=['debug=false'])
k8s_resource('localstack', port_forwards=['4566:4566'])

Output on startup:

LocalStack version: 4.0.3.dev4
LocalStack build date: 2024-11-25
LocalStack build git hash: 08ad92b19

Then run the commands above.

Environment

- OS: docker-desktop mac os
- LocalStack:
LocalStack version: 4.0.3.dev4
LocalStack build date: 2024-11-25
LocalStack build git hash: 08ad92b19

[event: pod localstack-7bd66957cf-lf4tj] Pulling image "localstack/localstack:latest"
[event: pod localstack-7bd66957cf-lf4tj] Successfully pulled image "localstack/localstack:latest" in 1m1.432s (1m1.432s including waiting). Image size: 487849163 bytes.

Anything else?

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    aws:kmsAWS Key Management Servicestatus: backlogTriaged but not yet being worked onstatus: resolved/staleClosed due to stalenesstype: bugBug report

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions