From 76265576aca54dadf1cee7d39a67dec2e3d86370 Mon Sep 17 00:00:00 2001 From: Brian Pandola Date: Tue, 3 Nov 2020 06:18:56 -0800 Subject: [PATCH] Fix: describe/list attribute discrepancy in Secrets Manager (#3432) `secretsmanager:DescribeSecret` returns `VersionIdsToStages` `secretsmanager:ListSecrets` returns the same information in `SecretVersionsToStages` * Verified fix against real AWS backend. Fixes #3406 --- moto/secretsmanager/models.py | 1 + .../test_secretsmanager/test_list_secrets.py | 2 ++ .../test_secretsmanager.py | 29 +++++++++++++++++++ 3 files changed, 32 insertions(+) diff --git a/moto/secretsmanager/models.py b/moto/secretsmanager/models.py index 0782b6bd9..0aaa2027a 100644 --- a/moto/secretsmanager/models.py +++ b/moto/secretsmanager/models.py @@ -136,6 +136,7 @@ class FakeSecret: "DeletedDate": self.deleted_date, "Tags": self.tags, "VersionIdsToStages": version_id_to_stages, + "SecretVersionsToStages": version_id_to_stages, } def _form_version_ids_to_stages(self): diff --git a/tests/test_secretsmanager/test_list_secrets.py b/tests/test_secretsmanager/test_list_secrets.py index da3c4eb7e..5470e3e12 100644 --- a/tests/test_secretsmanager/test_list_secrets.py +++ b/tests/test_secretsmanager/test_list_secrets.py @@ -43,9 +43,11 @@ def test_list_secrets(): assert secrets["SecretList"][0]["ARN"] is not None assert secrets["SecretList"][0]["Name"] == "test-secret" + assert secrets["SecretList"][0]["SecretVersionsToStages"] is not None assert secrets["SecretList"][1]["ARN"] is not None assert secrets["SecretList"][1]["Name"] == "test-secret-2" assert secrets["SecretList"][1]["Tags"] == [{"Key": "a", "Value": "1"}] + assert secrets["SecretList"][1]["SecretVersionsToStages"] is not None @mock_secretsmanager diff --git a/tests/test_secretsmanager/test_secretsmanager.py b/tests/test_secretsmanager/test_secretsmanager.py index 92f1231e9..68a7e6742 100644 --- a/tests/test_secretsmanager/test_secretsmanager.py +++ b/tests/test_secretsmanager/test_secretsmanager.py @@ -963,3 +963,32 @@ def test_tag_resource(): "Secrets Manager can't find the specified secret.", cm.exception.response["Error"]["Message"], ) + + +@mock_secretsmanager +def test_secret_versions_to_stages_attribute_discrepancy(): + client = boto3.client("secretsmanager", region_name="us-west-2") + + resp = client.create_secret(Name=DEFAULT_SECRET_NAME, SecretString="foosecret") + previous_version_id = resp["VersionId"] + + resp = client.put_secret_value( + SecretId=DEFAULT_SECRET_NAME, + SecretString="dupe_secret", + VersionStages=["AWSCURRENT"], + ) + current_version_id = resp["VersionId"] + + secret = client.describe_secret(SecretId=DEFAULT_SECRET_NAME) + describe_vtos = secret["VersionIdsToStages"] + assert describe_vtos[current_version_id] == ["AWSCURRENT"] + assert describe_vtos[previous_version_id] == ["AWSPREVIOUS"] + + secret = client.list_secrets( + Filters=[{"Key": "name", "Values": [DEFAULT_SECRET_NAME]}] + ).get("SecretList")[0] + list_vtos = secret["SecretVersionsToStages"] + assert list_vtos[current_version_id] == ["AWSCURRENT"] + assert list_vtos[previous_version_id] == ["AWSPREVIOUS"] + + assert describe_vtos == list_vtos