Fix: describe/list attribute discrepancy in Secrets Manager (#3432)

`secretsmanager:DescribeSecret` returns `VersionIdsToStages`
`secretsmanager:ListSecrets` returns the same information in `SecretVersionsToStages`

* Verified fix against real AWS backend.

Fixes #3406
This commit is contained in:
Brian Pandola 2020-11-03 06:18:56 -08:00 committed by GitHub
parent f584e16ab9
commit 76265576ac
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 32 additions and 0 deletions

View File

@ -136,6 +136,7 @@ class FakeSecret:
"DeletedDate": self.deleted_date, "DeletedDate": self.deleted_date,
"Tags": self.tags, "Tags": self.tags,
"VersionIdsToStages": version_id_to_stages, "VersionIdsToStages": version_id_to_stages,
"SecretVersionsToStages": version_id_to_stages,
} }
def _form_version_ids_to_stages(self): def _form_version_ids_to_stages(self):

View File

@ -43,9 +43,11 @@ def test_list_secrets():
assert secrets["SecretList"][0]["ARN"] is not None assert secrets["SecretList"][0]["ARN"] is not None
assert secrets["SecretList"][0]["Name"] == "test-secret" assert secrets["SecretList"][0]["Name"] == "test-secret"
assert secrets["SecretList"][0]["SecretVersionsToStages"] is not None
assert secrets["SecretList"][1]["ARN"] is not None assert secrets["SecretList"][1]["ARN"] is not None
assert secrets["SecretList"][1]["Name"] == "test-secret-2" assert secrets["SecretList"][1]["Name"] == "test-secret-2"
assert secrets["SecretList"][1]["Tags"] == [{"Key": "a", "Value": "1"}] assert secrets["SecretList"][1]["Tags"] == [{"Key": "a", "Value": "1"}]
assert secrets["SecretList"][1]["SecretVersionsToStages"] is not None
@mock_secretsmanager @mock_secretsmanager

View File

@ -963,3 +963,32 @@ def test_tag_resource():
"Secrets Manager can't find the specified secret.", "Secrets Manager can't find the specified secret.",
cm.exception.response["Error"]["Message"], cm.exception.response["Error"]["Message"],
) )
@mock_secretsmanager
def test_secret_versions_to_stages_attribute_discrepancy():
client = boto3.client("secretsmanager", region_name="us-west-2")
resp = client.create_secret(Name=DEFAULT_SECRET_NAME, SecretString="foosecret")
previous_version_id = resp["VersionId"]
resp = client.put_secret_value(
SecretId=DEFAULT_SECRET_NAME,
SecretString="dupe_secret",
VersionStages=["AWSCURRENT"],
)
current_version_id = resp["VersionId"]
secret = client.describe_secret(SecretId=DEFAULT_SECRET_NAME)
describe_vtos = secret["VersionIdsToStages"]
assert describe_vtos[current_version_id] == ["AWSCURRENT"]
assert describe_vtos[previous_version_id] == ["AWSPREVIOUS"]
secret = client.list_secrets(
Filters=[{"Key": "name", "Values": [DEFAULT_SECRET_NAME]}]
).get("SecretList")[0]
list_vtos = secret["SecretVersionsToStages"]
assert list_vtos[current_version_id] == ["AWSCURRENT"]
assert list_vtos[previous_version_id] == ["AWSPREVIOUS"]
assert describe_vtos == list_vtos