Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ISSUE-4340: SecretsManager cannot find specified secret using ARN in some operations (#4353)

Browse Source
This commit is contained in:
MarkBrook 2021-09-27 22:59:13 +03:00 committed by GitHub
parent 30c8c3de1f
commit 663cd7a523
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 30 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
moto/secretsmanager/models.py
View File

@ -270,7 +270,7 @@ class SecretsManagerBackend(BaseBackend):
): ):
# error if secret does not exist # error if secret does not exist
if secret_id not in self.secrets.keys(): if secret_id not in self.secrets:
raise SecretNotFoundException() raise SecretNotFoundException()
if self.secrets[secret_id].is_deleted(): if self.secrets[secret_id].is_deleted():
@ -701,7 +701,7 @@ class SecretsManagerBackend(BaseBackend):
def tag_resource(self, secret_id, tags): def tag_resource(self, secret_id, tags):
if secret_id not in self.secrets.keys(): if secret_id not in self.secrets:
raise SecretNotFoundException() raise SecretNotFoundException()
secret = self.secrets[secret_id] secret = self.secrets[secret_id]
@ -714,7 +714,7 @@ class SecretsManagerBackend(BaseBackend):
def untag_resource(self, secret_id, tag_keys): def untag_resource(self, secret_id, tag_keys):
if secret_id not in self.secrets.keys(): if secret_id not in self.secrets:
raise SecretNotFoundException() raise SecretNotFoundException()
secret = self.secrets[secret_id] secret = self.secrets[secret_id]
@ -729,7 +729,7 @@ class SecretsManagerBackend(BaseBackend):
def update_secret_version_stage( def update_secret_version_stage(
self, secret_id, version_stage, remove_from_version_id, move_to_version_id self, secret_id, version_stage, remove_from_version_id, move_to_version_id
): ):
if secret_id not in self.secrets.keys(): if secret_id not in self.secrets:
raise SecretNotFoundException() raise SecretNotFoundException()
secret = self.secrets[secret_id] secret = self.secrets[secret_id]

33
tests/test_secretsmanager/test_secretsmanager.py
View File

@ -954,7 +954,8 @@ def test_can_list_secret_version_ids():
@mock_secretsmanager @mock_secretsmanager
def test_update_secret(): @pytest.mark.parametrize("pass_arn", [True, False])
def test_update_secret(pass_arn):
conn = boto3.client("secretsmanager", region_name="us-west-2") conn = boto3.client("secretsmanager", region_name="us-west-2")
created_secret = conn.create_secret(Name="test-secret", SecretString="foosecret") created_secret = conn.create_secret(Name="test-secret", SecretString="foosecret")
@ -963,18 +964,18 @@ def test_update_secret():
assert created_secret["Name"] == "test-secret" assert created_secret["Name"] == "test-secret"
assert created_secret["VersionId"] != "" assert created_secret["VersionId"] != ""
secret = conn.get_secret_value(SecretId="test-secret") secret_id = created_secret["ARN"] if pass_arn else "test-secret"
secret = conn.get_secret_value(SecretId=secret_id)
assert secret["SecretString"] == "foosecret" assert secret["SecretString"] == "foosecret"
updated_secret = conn.update_secret( updated_secret = conn.update_secret(SecretId=secret_id, SecretString="barsecret")
SecretId="test-secret", SecretString="barsecret"
)
assert updated_secret["ARN"] assert updated_secret["ARN"]
assert updated_secret["Name"] == "test-secret" assert updated_secret["Name"] == "test-secret"
assert updated_secret["VersionId"] != "" assert updated_secret["VersionId"] != ""
secret = conn.get_secret_value(SecretId="test-secret") secret = conn.get_secret_value(SecretId=secret_id)
assert secret["SecretString"] == "barsecret" assert secret["SecretString"] == "barsecret"
assert created_secret["VersionId"] != updated_secret["VersionId"] assert created_secret["VersionId"] != updated_secret["VersionId"]
@ -1100,15 +1101,17 @@ def test_update_secret_marked_as_deleted_after_restoring():
@mock_secretsmanager @mock_secretsmanager
def test_tag_resource(): @pytest.mark.parametrize("pass_arn", [True, False])
def test_tag_resource(pass_arn):
conn = boto3.client("secretsmanager", region_name="us-west-2") conn = boto3.client("secretsmanager", region_name="us-west-2")
conn.create_secret(Name="test-secret", SecretString="foosecret") created_secret = conn.create_secret(Name="test-secret", SecretString="foosecret")
secret_id = created_secret["ARN"] if pass_arn else "test-secret"
conn.tag_resource( conn.tag_resource(
SecretId="test-secret", Tags=[{"Key": "FirstTag", "Value": "SomeValue"},], SecretId=secret_id, Tags=[{"Key": "FirstTag", "Value": "SomeValue"},],
) )
conn.tag_resource( conn.tag_resource(
SecretId="test-secret", Tags=[{"Key": "SecondTag", "Value": "AnotherValue"},], SecretId=secret_id, Tags=[{"Key": "SecondTag", "Value": "AnotherValue"},],
) )
secrets = conn.list_secrets() secrets = conn.list_secrets()
@ -1130,18 +1133,20 @@ def test_tag_resource():
@mock_secretsmanager @mock_secretsmanager
def test_untag_resource(): @pytest.mark.parametrize("pass_arn", [True, False])
def test_untag_resource(pass_arn):
conn = boto3.client("secretsmanager", region_name="us-west-2") conn = boto3.client("secretsmanager", region_name="us-west-2")
conn.create_secret(Name="test-secret", SecretString="foosecret") created_secret = conn.create_secret(Name="test-secret", SecretString="foosecret")
secret_id = created_secret["ARN"] if pass_arn else "test-secret"
conn.tag_resource( conn.tag_resource(
SecretId="test-secret", SecretId=secret_id,
Tags=[ Tags=[
{"Key": "FirstTag", "Value": "SomeValue"}, {"Key": "FirstTag", "Value": "SomeValue"},
{"Key": "SecondTag", "Value": "SomeValue"}, {"Key": "SecondTag", "Value": "SomeValue"},
], ],
) )
conn.untag_resource(SecretId="test-secret", TagKeys=["FirstTag"]) conn.untag_resource(SecretId=secret_id, TagKeys=["FirstTag"])
secrets = conn.list_secrets() secrets = conn.list_secrets()
assert secrets["SecretList"][0].get("Tags") == [ assert secrets["SecretList"][0].get("Tags") == [
{"Key": "SecondTag", "Value": "SomeValue"}, {"Key": "SecondTag", "Value": "SomeValue"},

12
tests/test_secretsmanager/test_server.py
View File

@ -755,7 +755,8 @@ def test_get_resource_policy_secret():
@mock_secretsmanager @mock_secretsmanager
def test_update_secret_version_stage(): @pytest.mark.parametrize("pass_arn", [True, False])
def test_update_secret_version_stage(pass_arn):
custom_stage = "CUSTOM_STAGE" custom_stage = "CUSTOM_STAGE"
backend = server.create_backend_app("secretsmanager") backend = server.create_backend_app("secretsmanager")
test_client = backend.test_client() test_client = backend.test_client()
@ -765,13 +766,14 @@ def test_update_secret_version_stage():
headers={"X-Amz-Target": "secretsmanager.CreateSecret"}, headers={"X-Amz-Target": "secretsmanager.CreateSecret"},
) )
create_secret = json.loads(create_secret.data.decode("utf-8")) create_secret = json.loads(create_secret.data.decode("utf-8"))
secret_id = create_secret["ARN"] if pass_arn else DEFAULT_SECRET_NAME
initial_version = create_secret["VersionId"] initial_version = create_secret["VersionId"]
# Create a new version # Create a new version
put_secret = test_client.post( put_secret = test_client.post(
"/", "/",
data={ data={
"SecretId": DEFAULT_SECRET_NAME, "SecretId": secret_id,
"SecretString": "secret", "SecretString": "secret",
"VersionStages": [custom_stage], "VersionStages": [custom_stage],
}, },
@ -782,7 +784,7 @@ def test_update_secret_version_stage():
describe_secret = test_client.post( describe_secret = test_client.post(
"/", "/",
data={"SecretId": "test-secret"}, data={"SecretId": secret_id},
headers={"X-Amz-Target": "secretsmanager.DescribeSecret"}, headers={"X-Amz-Target": "secretsmanager.DescribeSecret"},
) )
@ -795,7 +797,7 @@ def test_update_secret_version_stage():
test_client.post( test_client.post(
"/", "/",
data={ data={
"SecretId": "test-secret", "SecretId": secret_id,
"VersionStage": custom_stage, "VersionStage": custom_stage,
"RemoveFromVersionId": new_version, "RemoveFromVersionId": new_version,
"MoveToVersionId": initial_version, "MoveToVersionId": initial_version,
@ -805,7 +807,7 @@ def test_update_secret_version_stage():
describe_secret = test_client.post( describe_secret = test_client.post(
"/", "/",
data={"SecretId": "test-secret"}, data={"SecretId": secret_id},
headers={"X-Amz-Target": "secretsmanager.DescribeSecret"}, headers={"X-Amz-Target": "secretsmanager.DescribeSecret"},
) )