moto/tests/test_secretsmanager/test_policy.py

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

79 lines
2.5 KiB
Python
Raw Normal View History

import json
import boto3
import pytest
from botocore.exceptions import ClientError
from moto import mock_secretsmanager
@mock_secretsmanager
def test_get_initial_policy():
client = boto3.client("secretsmanager", region_name="us-west-2")
client.create_secret(Name="test-secret")
resp = client.get_resource_policy(SecretId="test-secret")
assert resp.get("Name") == "test-secret"
assert "ARN" in resp
assert "ResourcePolicy" not in resp
@mock_secretsmanager
def test_put_resource_policy():
client = boto3.client("secretsmanager", region_name="us-west-2")
client.create_secret(Name="test-secret")
policy = {
"Statement": [
{
"Action": "secretsmanager:GetSecretValue",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789012:role/tf-acc-test-655046176950657276"
},
"Resource": "*",
"Sid": "EnableAllPermissions",
}
],
"Version": "2012-10-17",
}
resp = client.put_resource_policy(
SecretId="test-secret", ResourcePolicy=json.dumps(policy)
)
assert "ARN" in resp
assert "Name" in resp
resp = client.get_resource_policy(SecretId="test-secret")
assert "ResourcePolicy" in resp
assert json.loads(resp["ResourcePolicy"]) == policy
@mock_secretsmanager
def test_delete_resource_policy():
client = boto3.client("secretsmanager", region_name="us-west-2")
client.create_secret(Name="test-secret")
client.put_resource_policy(SecretId="test-secret", ResourcePolicy="some policy")
client.delete_resource_policy(SecretId="test-secret")
resp = client.get_resource_policy(SecretId="test-secret")
assert "ResourcePolicy" not in resp
@mock_secretsmanager
def test_policies_for_unknown_secrets():
client = boto3.client("secretsmanager", region_name="us-west-2")
with pytest.raises(ClientError) as exc:
client.put_resource_policy(SecretId="unknown secret", ResourcePolicy="p")
assert exc.value.response["Error"]["Code"] == "ResourceNotFoundException"
with pytest.raises(ClientError) as exc:
client.get_resource_policy(SecretId="unknown secret")
assert exc.value.response["Error"]["Code"] == "ResourceNotFoundException"
with pytest.raises(ClientError) as exc:
client.delete_resource_policy(SecretId="unknown secret")
assert exc.value.response["Error"]["Code"] == "ResourceNotFoundException"