From 663cd7a5232e5a8787d64798b862523bf705d28c Mon Sep 17 00:00:00 2001 From: MarkBrook Date: Mon, 27 Sep 2021 22:59:13 +0300 Subject: [PATCH] ISSUE-4340: SecretsManager cannot find specified secret using ARN in some operations (#4353) --- moto/secretsmanager/models.py | 8 ++--- .../test_secretsmanager.py | 33 +++++++++++-------- tests/test_secretsmanager/test_server.py | 12 ++++--- 3 files changed, 30 insertions(+), 23 deletions(-) diff --git a/moto/secretsmanager/models.py b/moto/secretsmanager/models.py index ebb4340e4..f19fd776e 100644 --- a/moto/secretsmanager/models.py +++ b/moto/secretsmanager/models.py @@ -270,7 +270,7 @@ class SecretsManagerBackend(BaseBackend): ): # error if secret does not exist - if secret_id not in self.secrets.keys(): + if secret_id not in self.secrets: raise SecretNotFoundException() if self.secrets[secret_id].is_deleted(): @@ -701,7 +701,7 @@ class SecretsManagerBackend(BaseBackend): def tag_resource(self, secret_id, tags): - if secret_id not in self.secrets.keys(): + if secret_id not in self.secrets: raise SecretNotFoundException() secret = self.secrets[secret_id] @@ -714,7 +714,7 @@ class SecretsManagerBackend(BaseBackend): def untag_resource(self, secret_id, tag_keys): - if secret_id not in self.secrets.keys(): + if secret_id not in self.secrets: raise SecretNotFoundException() secret = self.secrets[secret_id] @@ -729,7 +729,7 @@ class SecretsManagerBackend(BaseBackend): def update_secret_version_stage( self, secret_id, version_stage, remove_from_version_id, move_to_version_id ): - if secret_id not in self.secrets.keys(): + if secret_id not in self.secrets: raise SecretNotFoundException() secret = self.secrets[secret_id] diff --git a/tests/test_secretsmanager/test_secretsmanager.py b/tests/test_secretsmanager/test_secretsmanager.py index 70264e25c..4d6b199df 100644 --- a/tests/test_secretsmanager/test_secretsmanager.py +++ b/tests/test_secretsmanager/test_secretsmanager.py @@ -954,7 +954,8 @@ def test_can_list_secret_version_ids(): @mock_secretsmanager -def test_update_secret(): +@pytest.mark.parametrize("pass_arn", [True, False]) +def test_update_secret(pass_arn): conn = boto3.client("secretsmanager", region_name="us-west-2") created_secret = conn.create_secret(Name="test-secret", SecretString="foosecret") @@ -963,18 +964,18 @@ def test_update_secret(): assert created_secret["Name"] == "test-secret" assert created_secret["VersionId"] != "" - secret = conn.get_secret_value(SecretId="test-secret") + secret_id = created_secret["ARN"] if pass_arn else "test-secret" + + secret = conn.get_secret_value(SecretId=secret_id) assert secret["SecretString"] == "foosecret" - updated_secret = conn.update_secret( - SecretId="test-secret", SecretString="barsecret" - ) + updated_secret = conn.update_secret(SecretId=secret_id, SecretString="barsecret") assert updated_secret["ARN"] assert updated_secret["Name"] == "test-secret" assert updated_secret["VersionId"] != "" - secret = conn.get_secret_value(SecretId="test-secret") + secret = conn.get_secret_value(SecretId=secret_id) assert secret["SecretString"] == "barsecret" assert created_secret["VersionId"] != updated_secret["VersionId"] @@ -1100,15 +1101,17 @@ def test_update_secret_marked_as_deleted_after_restoring(): @mock_secretsmanager -def test_tag_resource(): +@pytest.mark.parametrize("pass_arn", [True, False]) +def test_tag_resource(pass_arn): conn = boto3.client("secretsmanager", region_name="us-west-2") - conn.create_secret(Name="test-secret", SecretString="foosecret") + created_secret = conn.create_secret(Name="test-secret", SecretString="foosecret") + secret_id = created_secret["ARN"] if pass_arn else "test-secret" conn.tag_resource( - SecretId="test-secret", Tags=[{"Key": "FirstTag", "Value": "SomeValue"},], + SecretId=secret_id, Tags=[{"Key": "FirstTag", "Value": "SomeValue"},], ) conn.tag_resource( - SecretId="test-secret", Tags=[{"Key": "SecondTag", "Value": "AnotherValue"},], + SecretId=secret_id, Tags=[{"Key": "SecondTag", "Value": "AnotherValue"},], ) secrets = conn.list_secrets() @@ -1130,18 +1133,20 @@ def test_tag_resource(): @mock_secretsmanager -def test_untag_resource(): +@pytest.mark.parametrize("pass_arn", [True, False]) +def test_untag_resource(pass_arn): conn = boto3.client("secretsmanager", region_name="us-west-2") - conn.create_secret(Name="test-secret", SecretString="foosecret") + created_secret = conn.create_secret(Name="test-secret", SecretString="foosecret") + secret_id = created_secret["ARN"] if pass_arn else "test-secret" conn.tag_resource( - SecretId="test-secret", + SecretId=secret_id, Tags=[ {"Key": "FirstTag", "Value": "SomeValue"}, {"Key": "SecondTag", "Value": "SomeValue"}, ], ) - conn.untag_resource(SecretId="test-secret", TagKeys=["FirstTag"]) + conn.untag_resource(SecretId=secret_id, TagKeys=["FirstTag"]) secrets = conn.list_secrets() assert secrets["SecretList"][0].get("Tags") == [ {"Key": "SecondTag", "Value": "SomeValue"}, diff --git a/tests/test_secretsmanager/test_server.py b/tests/test_secretsmanager/test_server.py index d5d9223ed..a7c63e4b6 100644 --- a/tests/test_secretsmanager/test_server.py +++ b/tests/test_secretsmanager/test_server.py @@ -755,7 +755,8 @@ def test_get_resource_policy_secret(): @mock_secretsmanager -def test_update_secret_version_stage(): +@pytest.mark.parametrize("pass_arn", [True, False]) +def test_update_secret_version_stage(pass_arn): custom_stage = "CUSTOM_STAGE" backend = server.create_backend_app("secretsmanager") test_client = backend.test_client() @@ -765,13 +766,14 @@ def test_update_secret_version_stage(): headers={"X-Amz-Target": "secretsmanager.CreateSecret"}, ) create_secret = json.loads(create_secret.data.decode("utf-8")) + secret_id = create_secret["ARN"] if pass_arn else DEFAULT_SECRET_NAME initial_version = create_secret["VersionId"] # Create a new version put_secret = test_client.post( "/", data={ - "SecretId": DEFAULT_SECRET_NAME, + "SecretId": secret_id, "SecretString": "secret", "VersionStages": [custom_stage], }, @@ -782,7 +784,7 @@ def test_update_secret_version_stage(): describe_secret = test_client.post( "/", - data={"SecretId": "test-secret"}, + data={"SecretId": secret_id}, headers={"X-Amz-Target": "secretsmanager.DescribeSecret"}, ) @@ -795,7 +797,7 @@ def test_update_secret_version_stage(): test_client.post( "/", data={ - "SecretId": "test-secret", + "SecretId": secret_id, "VersionStage": custom_stage, "RemoveFromVersionId": new_version, "MoveToVersionId": initial_version, @@ -805,7 +807,7 @@ def test_update_secret_version_stage(): describe_secret = test_client.post( "/", - data={"SecretId": "test-secret"}, + data={"SecretId": secret_id}, headers={"X-Amz-Target": "secretsmanager.DescribeSecret"}, )