Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SecretsManager: delete_secret should throw an error for 0 day Recovery (#6469)

Browse Source
This commit is contained in:
Bert Blommers 2023-07-01 11:35:22 +00:00 committed by GitHub
parent 8e35eedc3d
commit 2d608ecd22
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 23 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
moto/secretsmanager/models.py
View File

@ -723,7 +723,7 @@ class SecretsManagerBackend(BaseBackend):
force_delete_without_recovery: bool, force_delete_without_recovery: bool,
) -> Tuple[str, str, float]: ) -> Tuple[str, str, float]:
if recovery_window_in_days and ( if recovery_window_in_days is not None and (
recovery_window_in_days < 7 or recovery_window_in_days > 30 recovery_window_in_days < 7 or recovery_window_in_days > 30
): ):
raise InvalidParameterException( raise InvalidParameterException(

40
tests/test_secretsmanager/test_secretsmanager.py
View File

@ -355,34 +355,38 @@ def test_delete_secret_fails_with_both_force_delete_flag_and_recovery_window_fla
@mock_secretsmanager @mock_secretsmanager
def test_delete_secret_recovery_window_too_short(): def test_delete_secret_recovery_window_invalid_values():
conn = boto3.client("secretsmanager", region_name="us-west-2") conn = boto3.client("secretsmanager", region_name="us-west-2")
conn.create_secret(Name="test-secret", SecretString="foosecret") conn.create_secret(Name="test-secret", SecretString="foosecret")
with pytest.raises(ClientError): for nr in [0, 2, 6, 31, 100]:
conn.delete_secret(SecretId="test-secret", RecoveryWindowInDays=6) with pytest.raises(ClientError) as exc:
conn.delete_secret(SecretId="test-secret", RecoveryWindowInDays=nr)
err = exc.value.response["Error"]
@mock_secretsmanager assert err["Code"] == "InvalidParameterException"
def test_delete_secret_recovery_window_too_long(): assert (
conn = boto3.client("secretsmanager", region_name="us-west-2") "RecoveryWindowInDays value must be between 7 and 30 days (inclusive)"
in err["Message"]
conn.create_secret(Name="test-secret", SecretString="foosecret") )
with pytest.raises(ClientError):
conn.delete_secret(SecretId="test-secret", RecoveryWindowInDays=31)
@mock_secretsmanager @mock_secretsmanager
def test_delete_secret_force_no_such_secret_with_invalid_recovery_window(): def test_delete_secret_force_no_such_secret_with_invalid_recovery_window():
conn = boto3.client("secretsmanager", region_name="us-west-2") conn = boto3.client("secretsmanager", region_name="us-west-2")
with pytest.raises(ClientError): for nr in [0, 2, 6, 31, 100]:
conn.delete_secret( with pytest.raises(ClientError) as exc:
SecretId=DEFAULT_SECRET_NAME, conn.delete_secret(
ForceDeleteWithoutRecovery=True, SecretId="test-secret",
RecoveryWindowInDays=4, RecoveryWindowInDays=nr,
ForceDeleteWithoutRecovery=True,
)
err = exc.value.response["Error"]
assert err["Code"] == "InvalidParameterException"
assert (
"RecoveryWindowInDays value must be between 7 and 30 days (inclusive)"
in err["Message"]
) )