From 7ef7aa290b4454242d0d2811505b253f92a66eae Mon Sep 17 00:00:00 2001
From: Bohdan <polamayster@gmail.com>
Date: Fri, 20 Sep 2019 21:10:12 +0300
Subject: [PATCH] [issue-190] Regional clients modify default botocore session
 (#193)

* [issue-190] Creation of regional clients modifies default botocore session's region
---
 src/aws_encryption_sdk/key_providers/kms.py   |  4 ++--
 test/integration/integration_test_utils.py    | 19 +++++++++++++++++++
 .../test_i_aws_encrytion_sdk_client.py        | 15 ++++++++++++++-
 .../test_providers_kms_master_key_provider.py |  8 ++++++--
 4 files changed, 41 insertions(+), 5 deletions(-)

diff --git a/src/aws_encryption_sdk/key_providers/kms.py b/src/aws_encryption_sdk/key_providers/kms.py
index df089e3b1..c0a2dc46e 100644
--- a/src/aws_encryption_sdk/key_providers/kms.py
+++ b/src/aws_encryption_sdk/key_providers/kms.py
@@ -161,8 +161,8 @@ def add_regional_client(self, region_name):
         :param str region_name: AWS Region ID (ex: us-east-1)
         """
         if region_name not in self._regional_clients:
-            session = boto3.session.Session(region_name=region_name, botocore_session=self.config.botocore_session)
-            client = session.client("kms", config=self._user_agent_adding_config)
+            session = boto3.session.Session(botocore_session=self.config.botocore_session)
+            client = session.client("kms", region_name=region_name, config=self._user_agent_adding_config)
             self._register_client(client, region_name)
             self._regional_clients[region_name] = client
 
diff --git a/test/integration/integration_test_utils.py b/test/integration/integration_test_utils.py
index a5b4d6001..b65d93570 100644
--- a/test/integration/integration_test_utils.py
+++ b/test/integration/integration_test_utils.py
@@ -13,10 +13,13 @@
 """Utility functions to handle configuration and credentials setup for integration tests."""
 import os
 
+import botocore.session
+
 from aws_encryption_sdk.key_providers.kms import KMSMasterKeyProvider
 
 AWS_KMS_KEY_ID = "AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID"
 _KMS_MKP = None
+_KMS_MKP_BOTO = None
 
 
 def get_cmk_arn():
@@ -47,3 +50,19 @@ def setup_kms_master_key_provider(cache=True):
         _KMS_MKP = kms_master_key_provider
 
     return kms_master_key_provider
+
+
+def setup_kms_master_key_provider_with_botocore_session(cache=True):
+    """Reads the test_values config file and builds the requested KMS Master Key Provider with botocore_session."""
+    global _KMS_MKP_BOTO  # pylint: disable=global-statement
+    if cache and _KMS_MKP_BOTO is not None:
+        return _KMS_MKP_BOTO
+
+    cmk_arn = get_cmk_arn()
+    kms_master_key_provider = KMSMasterKeyProvider(botocore_session=botocore.session.Session())
+    kms_master_key_provider.add_master_key(cmk_arn)
+
+    if cache:
+        _KMS_MKP_BOTO = kms_master_key_provider
+
+    return kms_master_key_provider
diff --git a/test/integration/test_i_aws_encrytion_sdk_client.py b/test/integration/test_i_aws_encrytion_sdk_client.py
index 56b0536fd..26df431dc 100644
--- a/test/integration/test_i_aws_encrytion_sdk_client.py
+++ b/test/integration/test_i_aws_encrytion_sdk_client.py
@@ -21,7 +21,11 @@
 from aws_encryption_sdk.identifiers import USER_AGENT_SUFFIX, Algorithm
 from aws_encryption_sdk.key_providers.kms import KMSMasterKey, KMSMasterKeyProvider
 
-from .integration_test_utils import get_cmk_arn, setup_kms_master_key_provider
+from .integration_test_utils import (
+    get_cmk_arn,
+    setup_kms_master_key_provider,
+    setup_kms_master_key_provider_with_botocore_session,
+)
 
 pytestmark = [pytest.mark.integ]
 
@@ -68,6 +72,15 @@ def test_remove_bad_client():
     assert not test._regional_clients
 
 
+def test_regional_client_does_not_modify_botocore_session(caplog):
+    mkp = setup_kms_master_key_provider_with_botocore_session()
+    fake_region = "us-fakey-12"
+
+    assert mkp.config.botocore_session.get_config_variable("region") != fake_region
+    mkp.add_regional_client(fake_region)
+    assert mkp.config.botocore_session.get_config_variable("region") != fake_region
+
+
 class TestKMSThickClientIntegration(object):
     @pytest.fixture(autouse=True)
     def apply_fixtures(self):
diff --git a/test/unit/test_providers_kms_master_key_provider.py b/test/unit/test_providers_kms_master_key_provider.py
index 9a122e622..b99a8bb94 100644
--- a/test/unit/test_providers_kms_master_key_provider.py
+++ b/test/unit/test_providers_kms_master_key_provider.py
@@ -108,8 +108,12 @@ def test_add_regional_client_new(self):
         test = KMSMasterKeyProvider()
         test._regional_clients = {}
         test.add_regional_client("ex_region_name")
-        self.mock_boto3_session.assert_called_with(region_name="ex_region_name", botocore_session=ANY)
-        self.mock_boto3_session_instance.client.assert_called_with("kms", config=test._user_agent_adding_config)
+        self.mock_boto3_session.assert_called_with(botocore_session=ANY)
+        self.mock_boto3_session_instance.client.assert_called_with(
+            "kms",
+            region_name="ex_region_name",
+            config=test._user_agent_adding_config,
+        )
         assert test._regional_clients["ex_region_name"] is self.mock_boto3_client_instance
 
     def test_add_regional_client_exists(self):