From 2386d47fe3b0d69495963516cc484105699a2d28 Mon Sep 17 00:00:00 2001
From: A <maciag.artur@gmail.com>
Date: Tue, 28 May 2019 16:32:43 +0100
Subject: [PATCH] SecretsManager secret value binary support (#2222)

---
 moto/secretsmanager/models.py                 | 26 ++++++++++++++-----
 moto/secretsmanager/responses.py              |  2 ++
 .../test_secretsmanager.py                    | 10 +++++++
 3 files changed, 31 insertions(+), 7 deletions(-)

diff --git a/moto/secretsmanager/models.py b/moto/secretsmanager/models.py
index ec90c3e19..3e0424b6b 100644
--- a/moto/secretsmanager/models.py
+++ b/moto/secretsmanager/models.py
@@ -70,24 +70,31 @@ class SecretsManagerBackend(BaseBackend):
 
         secret_version = secret['versions'][version_id]
 
-        response = json.dumps({
+        response_data = {
             "ARN": secret_arn(self.region, secret['secret_id']),
             "Name": secret['name'],
             "VersionId": secret_version['version_id'],
-            "SecretString": secret_version['secret_string'],
             "VersionStages": secret_version['version_stages'],
             "CreatedDate": secret_version['createdate'],
-        })
+        }
+
+        if 'secret_string' in secret_version:
+            response_data["SecretString"] = secret_version['secret_string']
+
+        if 'secret_binary' in secret_version:
+            response_data["SecretBinary"] = secret_version['secret_binary']
+
+        response = json.dumps(response_data)
 
         return response
 
-    def create_secret(self, name, secret_string, tags, **kwargs):
+    def create_secret(self, name, secret_string=None, secret_binary=None, tags=[], **kwargs):
 
         # error if secret exists
         if name in self.secrets.keys():
             raise ResourceExistsException('A resource with the ID you requested already exists.')
 
-        version_id = self._add_secret(name, secret_string, tags=tags)
+        version_id = self._add_secret(name, secret_string=secret_string, secret_binary=secret_binary, tags=tags)
 
         response = json.dumps({
             "ARN": secret_arn(self.region, name),
@@ -97,7 +104,7 @@ class SecretsManagerBackend(BaseBackend):
 
         return response
 
-    def _add_secret(self, secret_id, secret_string, tags=[], version_id=None, version_stages=None):
+    def _add_secret(self, secret_id, secret_string=None, secret_binary=None, tags=[], version_id=None, version_stages=None):
 
         if version_stages is None:
             version_stages = ['AWSCURRENT']
@@ -106,12 +113,17 @@ class SecretsManagerBackend(BaseBackend):
             version_id = str(uuid.uuid4())
 
         secret_version = {
-            'secret_string': secret_string,
             'createdate': int(time.time()),
             'version_id': version_id,
             'version_stages': version_stages,
         }
 
+        if secret_string is not None:
+            secret_version['secret_string'] = secret_string
+
+        if secret_binary is not None:
+            secret_version['secret_binary'] = secret_binary
+
         if secret_id in self.secrets:
             # remove all old AWSPREVIOUS stages
             for secret_verion_to_look_at in self.secrets[secret_id]['versions'].values():
diff --git a/moto/secretsmanager/responses.py b/moto/secretsmanager/responses.py
index fe51d8c1b..090688351 100644
--- a/moto/secretsmanager/responses.py
+++ b/moto/secretsmanager/responses.py
@@ -21,10 +21,12 @@ class SecretsManagerResponse(BaseResponse):
     def create_secret(self):
         name = self._get_param('Name')
         secret_string = self._get_param('SecretString')
+        secret_binary = self._get_param('SecretBinary')
         tags = self._get_param('Tags', if_none=[])
         return secretsmanager_backends[self.region].create_secret(
             name=name,
             secret_string=secret_string,
+            secret_binary=secret_binary,
             tags=tags
         )
 
diff --git a/tests/test_secretsmanager/test_secretsmanager.py b/tests/test_secretsmanager/test_secretsmanager.py
index 6735924eb..78b95ee6a 100644
--- a/tests/test_secretsmanager/test_secretsmanager.py
+++ b/tests/test_secretsmanager/test_secretsmanager.py
@@ -9,6 +9,7 @@ import unittest
 import pytz
 from datetime import datetime
 from nose.tools import assert_raises
+from six import b
 
 DEFAULT_SECRET_NAME = 'test-secret'
 
@@ -22,6 +23,15 @@ def test_get_secret_value():
     result = conn.get_secret_value(SecretId='java-util-test-password')
     assert result['SecretString'] == 'foosecret'
 
+@mock_secretsmanager
+def test_get_secret_value_binary():
+    conn = boto3.client('secretsmanager', region_name='us-west-2')
+
+    create_secret = conn.create_secret(Name='java-util-test-password',
+                                       SecretBinary=b("foosecret"))
+    result = conn.get_secret_value(SecretId='java-util-test-password')
+    assert result['SecretBinary'] == b('foosecret')
+
 @mock_secretsmanager
 def test_get_secret_that_does_not_exist():
     conn = boto3.client('secretsmanager', region_name='us-west-2')