moto/tests/test_secretsmanager/test_policy.py

import json

import boto3
import pytest
from botocore.exceptions import ClientError

from moto import mock_aws


@mock_aws
def test_get_initial_policy():
    client = boto3.client("secretsmanager", region_name="us-west-2")
    client.create_secret(Name="test-secret")

    resp = client.get_resource_policy(SecretId="test-secret")
    assert resp.get("Name") == "test-secret"
    assert "ARN" in resp
    assert "ResourcePolicy" not in resp


@mock_aws
def test_put_resource_policy():
    client = boto3.client("secretsmanager", region_name="us-west-2")
    client.create_secret(Name="test-secret")

    policy = {
        "Statement": [
            {
                "Action": "secretsmanager:GetSecretValue",
                "Effect": "Allow",
                "Principal": {
                    "AWS": "arn:aws:iam::123456789012:role/tf-acc-test-655046176950657276"
                },
                "Resource": "*",
                "Sid": "EnableAllPermissions",
            }
        ],
        "Version": "2012-10-17",
    }
    resp = client.put_resource_policy(
        SecretId="test-secret", ResourcePolicy=json.dumps(policy)
    )
    assert "ARN" in resp
    assert "Name" in resp

    resp = client.get_resource_policy(SecretId="test-secret")
    assert "ResourcePolicy" in resp
    assert json.loads(resp["ResourcePolicy"]) == policy


@mock_aws
def test_delete_resource_policy():
    client = boto3.client("secretsmanager", region_name="us-west-2")
    client.create_secret(Name="test-secret")

    client.put_resource_policy(SecretId="test-secret", ResourcePolicy="some policy")

    client.delete_resource_policy(SecretId="test-secret")

    resp = client.get_resource_policy(SecretId="test-secret")
    assert "ResourcePolicy" not in resp


@mock_aws
def test_policies_for_unknown_secrets():
    client = boto3.client("secretsmanager", region_name="us-west-2")

    with pytest.raises(ClientError) as exc:
        client.put_resource_policy(SecretId="unknown secret", ResourcePolicy="p")
    assert exc.value.response["Error"]["Code"] == "ResourceNotFoundException"

    with pytest.raises(ClientError) as exc:
        client.get_resource_policy(SecretId="unknown secret")
    assert exc.value.response["Error"]["Code"] == "ResourceNotFoundException"

    with pytest.raises(ClientError) as exc:
        client.delete_resource_policy(SecretId="unknown secret")
    assert exc.value.response["Error"]["Code"] == "ResourceNotFoundException"
SecretsManager - put/delete_resource_policy (#6049) 2023-03-10 23:45:21 +00:00			`import json`

Techdebt: Replace sure with regular assertions in secretsmanager (#6616) 2023-08-08 10:08:15 +00:00			`import boto3`
			`import pytest`
Admin: sorting imports with ruff (#7075) 2023-11-30 15:55:51 +00:00			`from botocore.exceptions import ClientError`
Techdebt: Replace sure with regular assertions in secretsmanager (#6616) 2023-08-08 10:08:15 +00:00
Introduce mock_aws() (#7194) 2024-01-07 12:03:33 +00:00			`from moto import mock_aws`
SecretsManager - put/delete_resource_policy (#6049) 2023-03-10 23:45:21 +00:00

Introduce mock_aws() (#7194) 2024-01-07 12:03:33 +00:00			`@mock_aws`
SecretsManager - put/delete_resource_policy (#6049) 2023-03-10 23:45:21 +00:00			`def test_get_initial_policy():`
			`client = boto3.client("secretsmanager", region_name="us-west-2")`
			`client.create_secret(Name="test-secret")`

			`resp = client.get_resource_policy(SecretId="test-secret")`
			`assert resp.get("Name") == "test-secret"`
			`assert "ARN" in resp`
			`assert "ResourcePolicy" not in resp`


Introduce mock_aws() (#7194) 2024-01-07 12:03:33 +00:00			`@mock_aws`
SecretsManager - put/delete_resource_policy (#6049) 2023-03-10 23:45:21 +00:00			`def test_put_resource_policy():`
			`client = boto3.client("secretsmanager", region_name="us-west-2")`
			`client.create_secret(Name="test-secret")`

			`policy = {`
			`"Statement": [`
			`{`
			`"Action": "secretsmanager:GetSecretValue",`
			`"Effect": "Allow",`
			`"Principal": {`
			`"AWS": "arn:aws:iam::123456789012:role/tf-acc-test-655046176950657276"`
			`},`
			`"Resource": "*",`
			`"Sid": "EnableAllPermissions",`
			`}`
			`],`
			`"Version": "2012-10-17",`
			`}`
			`resp = client.put_resource_policy(`
			`SecretId="test-secret", ResourcePolicy=json.dumps(policy)`
			`)`
			`assert "ARN" in resp`
			`assert "Name" in resp`

			`resp = client.get_resource_policy(SecretId="test-secret")`
			`assert "ResourcePolicy" in resp`
			`assert json.loads(resp["ResourcePolicy"]) == policy`


Introduce mock_aws() (#7194) 2024-01-07 12:03:33 +00:00			`@mock_aws`
SecretsManager - put/delete_resource_policy (#6049) 2023-03-10 23:45:21 +00:00			`def test_delete_resource_policy():`
			`client = boto3.client("secretsmanager", region_name="us-west-2")`
			`client.create_secret(Name="test-secret")`

			`client.put_resource_policy(SecretId="test-secret", ResourcePolicy="some policy")`

			`client.delete_resource_policy(SecretId="test-secret")`

			`resp = client.get_resource_policy(SecretId="test-secret")`
			`assert "ResourcePolicy" not in resp`


Introduce mock_aws() (#7194) 2024-01-07 12:03:33 +00:00			`@mock_aws`
SecretsManager - put/delete_resource_policy (#6049) 2023-03-10 23:45:21 +00:00			`def test_policies_for_unknown_secrets():`
			`client = boto3.client("secretsmanager", region_name="us-west-2")`

			`with pytest.raises(ClientError) as exc:`
			`client.put_resource_policy(SecretId="unknown secret", ResourcePolicy="p")`
			`assert exc.value.response["Error"]["Code"] == "ResourceNotFoundException"`

			`with pytest.raises(ClientError) as exc:`
			`client.get_resource_policy(SecretId="unknown secret")`
			`assert exc.value.response["Error"]["Code"] == "ResourceNotFoundException"`

			`with pytest.raises(ClientError) as exc:`
			`client.delete_resource_policy(SecretId="unknown secret")`
			`assert exc.value.response["Error"]["Code"] == "ResourceNotFoundException"`