Moto-1781: finish implementation of rotate_secret and add happy test.

- Implement RotateSecret to support initial setup of secret rotation. Moto's implementation of secrets is currently flat and needs to gain some dimension before full rotation can be simulated. - Add the happy path unit test.
2018-08-15 11:04:44 -07:00 · 2018-08-15 11:04:44 -07:00 · 43277a59b9
commit 43277a59b9
parent 69a78ba7c9
2 changed files with 52 additions and 0 deletions
--- a/moto/secretsmanager/models.py
+++ b/moto/secretsmanager/models.py
@ -109,9 +109,45 @@ class SecretsManagerBackend(BaseBackend):
    def rotate_secret(self, secret_id, client_request_token=None,
                      rotation_lambda_arn=None, rotation_rules=None):

+        rotation_days = 'AutomaticallyAfterDays'
+
        if not self._is_valid_identifier(secret_id):
            raise ResourceNotFoundException

+        if client_request_token:
+            token_length = len(client_request_token)
+            if token_length < 32 or token_length > 64:
+                msg = (
+                    'ClientRequestToken '
+                    'must be 32-64 characters long.'
+                )
+                raise InvalidParameterException(msg)
+
+        if rotation_lambda_arn:
+            if len(rotation_lambda_arn) > 2048:
+                msg = (
+                    'RotationLambdaARN '
+                    'must <= 2048 characters long.'
+                )
+                raise InvalidParameterException(msg)
+
+        if rotation_rules:
+            if rotation_days in rotation_rules:
+                rotation_period = rotation_rules[rotation_days]
+                if rotation_period < 1 or rotation_period > 1000:
+                    msg = (
+                        'RotationRules.AutomaticallyAfterDays '
+                        'must be within 1-1000.'
+                    )
+                    raise InvalidParameterException(msg)
+
+        self.version_id = client_request_token or ''
+        self.rotation_lambda_arn = rotation_lambda_arn or ''
+        if rotation_rules:
+            self.auto_rotate_after_days = rotation_rules.get(rotation_days, 0)
+        if self.auto_rotate_after_days > 0:
+            self.rotation_enabled = True
+
        response = json.dumps({
            "ARN": secret_arn(self.region, self.secret_id),
            "Name": self.name,
--- a/tests/test_secretsmanager/test_secretsmanager.py
+++ b/tests/test_secretsmanager/test_secretsmanager.py
@ -180,6 +180,22 @@ def test_describe_secret_that_does_not_match():
    with assert_raises(ClientError):
        result = conn.get_secret_value(SecretId='i-dont-match')

+@mock_secretsmanager
+def test_rotate_secret():
+    secret_name = 'test-secret'
+    conn = boto3.client('secretsmanager', region_name='us-west-2')
+    conn.create_secret(Name=secret_name,
+                       SecretString='foosecret')
+
+    rotated_secret = conn.rotate_secret(SecretId=secret_name)
+
+    assert rotated_secret
+    assert rotated_secret['ARN'] == (
+        'arn:aws:secretsmanager:us-west-2:1234567890:secret:test-secret-rIjad'
+    )
+    assert rotated_secret['Name'] == secret_name
+    assert rotated_secret['VersionId'] != ''
+
@mock_secretsmanager
 def test_rotate_secret_that_does_not_exist():
    conn = boto3.client('secretsmanager', 'us-west-2')