Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
734a39b3e4
moto/tests/test_secretsmanager/test_secretsmanager.py

466 lines
17 KiB
Python
Raw Normal View History

Adding response, urls and test
2018-06-08 05:31:44 +00:00
from __future__ import unicode_literals
import boto3
from moto import mock_secretsmanager
Adding create_secret, exception handle, fix (#1680)
2018-07-14 07:39:19 +00:00
from botocore.exceptions import ClientError
Adding response, urls and test
2018-06-08 05:31:44 +00:00
import sure # noqa
Added get_random_password mock with tests
2018-07-16 19:39:59 +00:00
import string
Use pytz instead of timezone
2019-04-18 16:27:13 +00:00
import pytz
from datetime import datetime
Added get_random_password mock with tests
2018-07-16 19:39:59 +00:00
import unittest
Adding create_secret, exception handle, fix (#1680)
2018-07-14 07:39:19 +00:00
from nose.tools import assert_raises
Adding response, urls and test
2018-06-08 05:31:44 +00:00
@mock_secretsmanager
def test_get_secret_value():
UPdate
2018-06-10 05:08:10 +00:00
conn = boto3.client('secretsmanager', region_name='us-west-2')
Adding response, urls and test
2018-06-08 05:31:44 +00:00
Adding create_secret, exception handle, fix (#1680)
2018-07-14 07:39:19 +00:00
create_secret = conn.create_secret(Name='java-util-test-password',
SecretString="foosecret")
Adding response, urls and test
2018-06-08 05:31:44 +00:00
result = conn.get_secret_value(SecretId='java-util-test-password')
Adding create_secret, exception handle, fix (#1680)
2018-07-14 07:39:19 +00:00
assert result['SecretString'] == 'foosecret'
@mock_secretsmanager
def test_get_secret_that_does_not_exist():
conn = boto3.client('secretsmanager', region_name='us-west-2')
with assert_raises(ClientError):
result = conn.get_secret_value(SecretId='i-dont-exist')
@mock_secretsmanager
Opportunistic update to unit test for consistency.
2018-08-15 17:33:38 +00:00
def test_get_secret_that_does_not_match():
Issue 1770: Deal with the friendly name properly - Save friendly name in create_secret. - Reference the saved friendly name in responses that have "Name" field. - Verify the received secret_id matches the current value. Don't just test for an empty string. - Add test for mismatched secret_id.
2018-08-10 23:40:31 +00:00
conn = boto3.client('secretsmanager', region_name='us-west-2')
create_secret = conn.create_secret(Name='java-util-test-password',
SecretString="foosecret")
with assert_raises(ClientError):
Opportunistic update to unit test for consistency.
2018-08-15 17:33:38 +00:00
result = conn.get_secret_value(SecretId='i-dont-match')
Adding create_secret, exception handle, fix (#1680)
2018-07-14 07:39:19 +00:00
Allow soft deletion of secrets
2019-04-18 11:58:50 +00:00
@mock_secretsmanager
def test_get_secret_value_that_is_marked_deleted():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn.create_secret(Name='test-secret',
SecretString='foosecret')
Also throw exception if client tries to RotateSecret on a soft-deleted secret
2019-04-18 15:47:15 +00:00
conn.delete_secret(SecretId='test-secret')
Allow soft deletion of secrets
2019-04-18 11:58:50 +00:00
with assert_raises(ClientError):
result = conn.get_secret_value(SecretId='test-secret')
Adding create_secret, exception handle, fix (#1680)
2018-07-14 07:39:19 +00:00
@mock_secretsmanager
def test_create_secret():
conn = boto3.client('secretsmanager', region_name='us-east-1')
result = conn.create_secret(Name='test-secret', SecretString="foosecret")
refactor to store multiple scrects, use uuid
2018-10-24 21:06:23 +00:00
assert result['ARN']
Adding create_secret, exception handle, fix (#1680)
2018-07-14 07:39:19 +00:00
assert result['Name'] == 'test-secret'
secret = conn.get_secret_value(SecretId='test-secret')
assert secret['SecretString'] == 'foosecret'
Added get_random_password mock with tests
2018-07-16 19:39:59 +00:00
adding Tags support
2018-12-21 22:04:52 +00:00
@mock_secretsmanager
def test_create_secret_with_tags():
conn = boto3.client('secretsmanager', region_name='us-east-1')
secret_name = 'test-secret-with-tags'
result = conn.create_secret(
Name=secret_name,
SecretString="foosecret",
Tags=[{"Key": "Foo", "Value": "Bar"}, {"Key": "Mykey", "Value": "Myvalue"}]
)
assert result['ARN']
assert result['Name'] == secret_name
secret_value = conn.get_secret_value(SecretId=secret_name)
assert secret_value['SecretString'] == 'foosecret'
secret_details = conn.describe_secret(SecretId=secret_name)
assert secret_details['Tags'] == [{"Key": "Foo", "Value": "Bar"}, {"Key": "Mykey", "Value": "Myvalue"}]
Feature: AWS Secrets Manager delete-secret
2019-04-05 14:00:11 +00:00
@mock_secretsmanager
def test_delete_secret():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn.create_secret(Name='test-secret',
SecretString='foosecret')
Allow soft deletion of secrets
2019-04-18 11:58:50 +00:00
deleted_secret = conn.delete_secret(SecretId='test-secret')
Feature: AWS Secrets Manager delete-secret
2019-04-05 14:00:11 +00:00
Allow soft deletion of secrets
2019-04-18 11:58:50 +00:00
assert deleted_secret['ARN']
assert deleted_secret['Name'] == 'test-secret'
Use pytz instead of timezone
2019-04-18 16:27:13 +00:00
assert deleted_secret['DeletionDate'] > datetime.fromtimestamp(1, pytz.utc)
Allow soft deletion of secrets
2019-04-18 11:58:50 +00:00
secret_details = conn.describe_secret(SecretId='test-secret')
assert secret_details['ARN']
assert secret_details['Name'] == 'test-secret'
Use pytz instead of timezone
2019-04-18 16:27:13 +00:00
assert secret_details['DeletedDate'] > datetime.fromtimestamp(1, pytz.utc)
Allow soft deletion of secrets
2019-04-18 11:58:50 +00:00
@mock_secretsmanager
def test_delete_secret_force():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn.create_secret(Name='test-secret',
SecretString='foosecret')
Feature: AWS Secrets Manager delete-secret
2019-04-05 14:00:11 +00:00
Allow soft deletion of secrets
2019-04-18 11:58:50 +00:00
result = conn.delete_secret(SecretId='test-secret', ForceDeleteWithoutRecovery=True)
Feature: AWS Secrets Manager delete-secret
2019-04-05 14:00:11 +00:00
Allow soft deletion of secrets
2019-04-18 11:58:50 +00:00
assert result['ARN']
Use pytz instead of timezone
2019-04-18 16:27:13 +00:00
assert result['DeletionDate'] > datetime.fromtimestamp(1, pytz.utc)
Feature: AWS Secrets Manager delete-secret
2019-04-05 14:00:11 +00:00
assert result['Name'] == 'test-secret'
with assert_raises(ClientError):
result = conn.get_secret_value(SecretId='test-secret')
@mock_secretsmanager
def test_delete_secret_that_does_not_exist():
conn = boto3.client('secretsmanager', region_name='us-west-2')
with assert_raises(ClientError):
result = conn.delete_secret(SecretId='i-dont-exist', ForceDeleteWithoutRecovery=True)
@mock_secretsmanager
Allow soft deletion of secrets
2019-04-18 11:58:50 +00:00
def test_delete_secret_fails_with_both_force_delete_flag_and_recovery_window_flag():
Feature: AWS Secrets Manager delete-secret
2019-04-05 14:00:11 +00:00
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn.create_secret(Name='test-secret',
SecretString='foosecret')
with assert_raises(ClientError):
Allow soft deletion of secrets
2019-04-18 11:58:50 +00:00
result = conn.delete_secret(SecretId='test-secret', RecoveryWindowInDays=1, ForceDeleteWithoutRecovery=True)
Feature: AWS Secrets Manager delete-secret
2019-04-05 14:00:11 +00:00
@mock_secretsmanager
Allow soft deletion of secrets
2019-04-18 11:58:50 +00:00
def test_delete_secret_recovery_window_too_short():
Feature: AWS Secrets Manager delete-secret
2019-04-05 14:00:11 +00:00
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn.create_secret(Name='test-secret',
SecretString='foosecret')
with assert_raises(ClientError):
Allow soft deletion of secrets
2019-04-18 11:58:50 +00:00
result = conn.delete_secret(SecretId='test-secret', RecoveryWindowInDays=6)
@mock_secretsmanager
def test_delete_secret_recovery_window_too_long():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn.create_secret(Name='test-secret',
SecretString='foosecret')
with assert_raises(ClientError):
result = conn.delete_secret(SecretId='test-secret', RecoveryWindowInDays=31)
@mock_secretsmanager
def test_delete_secret_that_is_marked_deleted():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn.create_secret(Name='test-secret',
SecretString='foosecret')
deleted_secret = conn.delete_secret(SecretId='test-secret')
with assert_raises(ClientError):
result = conn.delete_secret(SecretId='test-secret')
Feature: AWS Secrets Manager delete-secret
2019-04-05 14:00:11 +00:00
Added get_random_password mock with tests
2018-07-16 19:39:59 +00:00
@mock_secretsmanager
def test_get_random_password_default_length():
conn = boto3.client('secretsmanager', region_name='us-west-2')
random_password = conn.get_random_password()
assert len(random_password['RandomPassword']) == 32
@mock_secretsmanager
def test_get_random_password_default_requirements():
# When require_each_included_type, default true
conn = boto3.client('secretsmanager', region_name='us-west-2')
random_password = conn.get_random_password()
# Should contain lowercase, upppercase, digit, special character
assert any(c.islower() for c in random_password['RandomPassword'])
assert any(c.isupper() for c in random_password['RandomPassword'])
assert any(c.isdigit() for c in random_password['RandomPassword'])
assert any(c in string.punctuation
for c in random_password['RandomPassword'])
@mock_secretsmanager
def test_get_random_password_custom_length():
conn = boto3.client('secretsmanager', region_name='us-west-2')
random_password = conn.get_random_password(PasswordLength=50)
assert len(random_password['RandomPassword']) == 50
@mock_secretsmanager
def test_get_random_exclude_lowercase():
conn = boto3.client('secretsmanager', region_name='us-west-2')
random_password = conn.get_random_password(PasswordLength=55,
ExcludeLowercase=True)
assert any(c.islower() for c in random_password['RandomPassword']) == False
@mock_secretsmanager
def test_get_random_exclude_uppercase():
conn = boto3.client('secretsmanager', region_name='us-west-2')
random_password = conn.get_random_password(PasswordLength=55,
ExcludeUppercase=True)
assert any(c.isupper() for c in random_password['RandomPassword']) == False
@mock_secretsmanager
def test_get_random_exclude_characters_and_symbols():
conn = boto3.client('secretsmanager', region_name='us-west-2')
random_password = conn.get_random_password(PasswordLength=20,
ExcludeCharacters='xyzDje@?!.')
assert any(c in 'xyzDje@?!.' for c in random_password['RandomPassword']) == False
@mock_secretsmanager
def test_get_random_exclude_numbers():
conn = boto3.client('secretsmanager', region_name='us-west-2')
random_password = conn.get_random_password(PasswordLength=100,
ExcludeNumbers=True)
assert any(c.isdigit() for c in random_password['RandomPassword']) == False
@mock_secretsmanager
def test_get_random_exclude_punctuation():
conn = boto3.client('secretsmanager', region_name='us-west-2')
random_password = conn.get_random_password(PasswordLength=100,
ExcludePunctuation=True)
assert any(c in string.punctuation
for c in random_password['RandomPassword']) == False
@mock_secretsmanager
def test_get_random_include_space_false():
conn = boto3.client('secretsmanager', region_name='us-west-2')
random_password = conn.get_random_password(PasswordLength=300)
assert any(c.isspace() for c in random_password['RandomPassword']) == False
@mock_secretsmanager
def test_get_random_include_space_true():
conn = boto3.client('secretsmanager', region_name='us-west-2')
random_password = conn.get_random_password(PasswordLength=4,
IncludeSpace=True)
assert any(c.isspace() for c in random_password['RandomPassword']) == True
@mock_secretsmanager
def test_get_random_require_each_included_type():
conn = boto3.client('secretsmanager', region_name='us-west-2')
random_password = conn.get_random_password(PasswordLength=4,
RequireEachIncludedType=True)
assert any(c in string.punctuation for c in random_password['RandomPassword']) == True
assert any(c in string.ascii_lowercase for c in random_password['RandomPassword']) == True
assert any(c in string.ascii_uppercase for c in random_password['RandomPassword']) == True
assert any(c in string.digits for c in random_password['RandomPassword']) == True
@mock_secretsmanager
def test_get_random_too_short_password():
conn = boto3.client('secretsmanager', region_name='us-west-2')
with assert_raises(ClientError):
random_password = conn.get_random_password(PasswordLength=3)
@mock_secretsmanager
def test_get_random_too_long_password():
conn = boto3.client('secretsmanager', region_name='us-west-2')
with assert_raises(Exception):
random_password = conn.get_random_password(PasswordLength=5555)
Implement secretsmanager.DescribeSecret and tests.
2018-08-06 21:40:33 +00:00
@mock_secretsmanager
def test_describe_secret():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn.create_secret(Name='test-secret',
SecretString='foosecret')
refactor to store multiple scrects, use uuid
2018-10-24 21:06:23 +00:00
conn.create_secret(Name='test-secret-2',
SecretString='barsecret')
Implement secretsmanager.DescribeSecret and tests.
2018-08-06 21:40:33 +00:00
secret_description = conn.describe_secret(SecretId='test-secret')
refactor to store multiple scrects, use uuid
2018-10-24 21:06:23 +00:00
secret_description_2 = conn.describe_secret(SecretId='test-secret-2')
Implement secretsmanager.DescribeSecret and tests.
2018-08-06 21:40:33 +00:00
assert secret_description # Returned dict is not empty
refactor to store multiple scrects, use uuid
2018-10-24 21:06:23 +00:00
assert secret_description['Name'] == ('test-secret')
assert secret_description['ARN'] != '' # Test arn not empty
assert secret_description_2['Name'] == ('test-secret-2')
assert secret_description_2['ARN'] != '' # Test arn not empty
Implement secretsmanager.DescribeSecret and tests.
2018-08-06 21:40:33 +00:00
@mock_secretsmanager
def test_describe_secret_that_does_not_exist():
conn = boto3.client('secretsmanager', region_name='us-west-2')
with assert_raises(ClientError):
result = conn.get_secret_value(SecretId='i-dont-exist')
Issue 1753: add test for mismatched secret
2018-08-13 19:49:35 +00:00
@mock_secretsmanager
def test_describe_secret_that_does_not_match():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn.create_secret(Name='test-secret',
SecretString='foosecret')
with assert_raises(ClientError):
result = conn.get_secret_value(SecretId='i-dont-match')
Moto-1781: Create initial stub of rotate_secret and tests.
2018-08-15 17:52:30 +00:00
Implement ListSecrets
2019-04-05 12:33:28 +00:00
@mock_secretsmanager
def test_list_secrets_empty():
conn = boto3.client('secretsmanager', region_name='us-west-2')
secrets = conn.list_secrets()
assert secrets['SecretList'] == []
@mock_secretsmanager
def test_list_secrets():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn.create_secret(Name='test-secret',
SecretString='foosecret')
conn.create_secret(Name='test-secret-2',
SecretString='barsecret',
Tags=[{
'Key': 'a',
'Value': '1'
}])
secrets = conn.list_secrets()
assert secrets['SecretList'][0]['ARN'] is not None
assert secrets['SecretList'][0]['Name'] == 'test-secret'
assert secrets['SecretList'][1]['ARN'] is not None
assert secrets['SecretList'][1]['Name'] == 'test-secret-2'
assert secrets['SecretList'][1]['Tags'] == [{
'Key': 'a',
'Value': '1'
}]
Moto-1781: finish implementation of rotate_secret and add happy test. - Implement RotateSecret to support initial setup of secret rotation. Moto's implementation of secrets is currently flat and needs to gain some dimension before full rotation can be simulated. - Add the happy path unit test.
2018-08-15 18:04:44 +00:00
@mock_secretsmanager
def test_rotate_secret():
secret_name = 'test-secret'
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn.create_secret(Name=secret_name,
SecretString='foosecret')
rotated_secret = conn.rotate_secret(SecretId=secret_name)
assert rotated_secret
refactor to store multiple scrects, use uuid
2018-10-24 21:06:23 +00:00
assert rotated_secret['ARN'] != '' # Test arn not empty
Moto-1781: finish implementation of rotate_secret and add happy test. - Implement RotateSecret to support initial setup of secret rotation. Moto's implementation of secrets is currently flat and needs to gain some dimension before full rotation can be simulated. - Add the happy path unit test.
2018-08-15 18:04:44 +00:00
assert rotated_secret['Name'] == secret_name
assert rotated_secret['VersionId'] != ''
Moto-1781: Add unit tests to verify that rotation is enabled. - Add standalone unit test to verify that rotation is enabled and the rotation interval is correct. - Add server test to verify that rotation is enabled and the rotation interval is correct. Commented out until nested dict error is sorted. - Fix incorrectly asserted message strings.
2018-08-16 00:11:58 +00:00
@mock_secretsmanager
def test_rotate_secret_enable_rotation():
secret_name = 'test-secret'
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn.create_secret(Name=secret_name,
SecretString='foosecret')
initial_description = conn.describe_secret(SecretId=secret_name)
assert initial_description
assert initial_description['RotationEnabled'] is False
assert initial_description['RotationRules']['AutomaticallyAfterDays'] == 0
conn.rotate_secret(SecretId=secret_name,
RotationRules={'AutomaticallyAfterDays': 42})
rotated_description = conn.describe_secret(SecretId=secret_name)
assert rotated_description
assert rotated_description['RotationEnabled'] is True
assert rotated_description['RotationRules']['AutomaticallyAfterDays'] == 42
Also throw exception if client tries to RotateSecret on a soft-deleted secret
2019-04-18 15:47:15 +00:00
@mock_secretsmanager
def test_rotate_secret_that_is_marked_deleted():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn.create_secret(Name='test-secret',
SecretString='foosecret')
conn.delete_secret(SecretId='test-secret')
with assert_raises(ClientError):
result = conn.rotate_secret(SecretId='test-secret')
Moto-1781: Create initial stub of rotate_secret and tests.
2018-08-15 17:52:30 +00:00
@mock_secretsmanager
def test_rotate_secret_that_does_not_exist():
conn = boto3.client('secretsmanager', 'us-west-2')
with assert_raises(ClientError):
result = conn.rotate_secret(SecretId='i-dont-exist')
@mock_secretsmanager
def test_rotate_secret_that_does_not_match():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn.create_secret(Name='test-secret',
SecretString='foosecret')
with assert_raises(ClientError):
result = conn.rotate_secret(SecretId='i-dont-match')
Moto-1781: Implement standalone unit tests to cover bad parameters.
2018-08-15 18:20:29 +00:00
@mock_secretsmanager
def test_rotate_secret_client_request_token_too_short():
# Test is intentionally empty. Boto3 catches too short ClientRequestToken
# and raises ParamValidationError before Moto can see it.
# test_server actually handles this error.
assert True
@mock_secretsmanager
def test_rotate_secret_client_request_token_too_long():
secret_name = 'test-secret'
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn.create_secret(Name=secret_name,
SecretString='foosecret')
client_request_token = (
'ED9F8B6C-85B7-446A-B7E4-38F2A3BEB13C-'
'ED9F8B6C-85B7-446A-B7E4-38F2A3BEB13C'
)
with assert_raises(ClientError):
result = conn.rotate_secret(SecretId=secret_name,
ClientRequestToken=client_request_token)
@mock_secretsmanager
def test_rotate_secret_rotation_lambda_arn_too_long():
secret_name = 'test-secret'
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn.create_secret(Name=secret_name,
SecretString='foosecret')
rotation_lambda_arn = '85B7-446A-B7E4' * 147 # == 2058 characters
with assert_raises(ClientError):
result = conn.rotate_secret(SecretId=secret_name,
RotationLambdaARN=rotation_lambda_arn)
@mock_secretsmanager
def test_rotate_secret_rotation_period_zero():
# Test is intentionally empty. Boto3 catches zero day rotation period
# and raises ParamValidationError before Moto can see it.
# test_server actually handles this error.
assert True
@mock_secretsmanager
def test_rotate_secret_rotation_period_too_long():
secret_name = 'test-secret'
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn.create_secret(Name=secret_name,
SecretString='foosecret')
rotation_rules = {'AutomaticallyAfterDays': 1001}
with assert_raises(ClientError):
result = conn.rotate_secret(SecretId=secret_name,
RotationRules=rotation_rules)
Reference in New Issue Copy Permalink