Fix: describe/list attribute discrepancy in Secrets Manager (#3432)

`secretsmanager:DescribeSecret` returns `VersionIdsToStages` `secretsmanager:ListSecrets` returns the same information in `SecretVersionsToStages` * Verified fix against real AWS backend. Fixes #3406
2020-11-03 06:18:56 -08:00 · 2020-11-03 06:18:56 -08:00 · 76265576ac
commit 76265576ac
parent f584e16ab9
3 changed files with 32 additions and 0 deletions
--- a/moto/secretsmanager/models.py
+++ b/moto/secretsmanager/models.py
@ -136,6 +136,7 @@ class FakeSecret:
            "DeletedDate": self.deleted_date,
            "Tags": self.tags,
            "VersionIdsToStages": version_id_to_stages,
+            "SecretVersionsToStages": version_id_to_stages,
        }

    def _form_version_ids_to_stages(self):
--- a/tests/test_secretsmanager/test_list_secrets.py
+++ b/tests/test_secretsmanager/test_list_secrets.py
@ -43,9 +43,11 @@ def test_list_secrets():

    assert secrets["SecretList"][0]["ARN"] is not None
    assert secrets["SecretList"][0]["Name"] == "test-secret"
+    assert secrets["SecretList"][0]["SecretVersionsToStages"] is not None
    assert secrets["SecretList"][1]["ARN"] is not None
    assert secrets["SecretList"][1]["Name"] == "test-secret-2"
    assert secrets["SecretList"][1]["Tags"] == [{"Key": "a", "Value": "1"}]
+    assert secrets["SecretList"][1]["SecretVersionsToStages"] is not None


@mock_secretsmanager
--- a/tests/test_secretsmanager/test_secretsmanager.py
+++ b/tests/test_secretsmanager/test_secretsmanager.py
@ -963,3 +963,32 @@ def test_tag_resource():
        "Secrets Manager can't find the specified secret.",
        cm.exception.response["Error"]["Message"],
    )
+
+
+@mock_secretsmanager
+def test_secret_versions_to_stages_attribute_discrepancy():
+    client = boto3.client("secretsmanager", region_name="us-west-2")
+
+    resp = client.create_secret(Name=DEFAULT_SECRET_NAME, SecretString="foosecret")
+    previous_version_id = resp["VersionId"]
+
+    resp = client.put_secret_value(
+        SecretId=DEFAULT_SECRET_NAME,
+        SecretString="dupe_secret",
+        VersionStages=["AWSCURRENT"],
+    )
+    current_version_id = resp["VersionId"]
+
+    secret = client.describe_secret(SecretId=DEFAULT_SECRET_NAME)
+    describe_vtos = secret["VersionIdsToStages"]
+    assert describe_vtos[current_version_id] == ["AWSCURRENT"]
+    assert describe_vtos[previous_version_id] == ["AWSPREVIOUS"]
+
+    secret = client.list_secrets(
+        Filters=[{"Key": "name", "Values": [DEFAULT_SECRET_NAME]}]
+    ).get("SecretList")[0]
+    list_vtos = secret["SecretVersionsToStages"]
+    assert list_vtos[current_version_id] == ["AWSCURRENT"]
+    assert list_vtos[previous_version_id] == ["AWSPREVIOUS"]
+
+    assert describe_vtos == list_vtos