Fix: describe/list attribute discrepancy in Secrets Manager (#3432)
`secretsmanager:DescribeSecret` returns `VersionIdsToStages` `secretsmanager:ListSecrets` returns the same information in `SecretVersionsToStages` * Verified fix against real AWS backend. Fixes #3406
This commit is contained in:
parent
f584e16ab9
commit
76265576ac
@ -136,6 +136,7 @@ class FakeSecret:
|
|||||||
"DeletedDate": self.deleted_date,
|
"DeletedDate": self.deleted_date,
|
||||||
"Tags": self.tags,
|
"Tags": self.tags,
|
||||||
"VersionIdsToStages": version_id_to_stages,
|
"VersionIdsToStages": version_id_to_stages,
|
||||||
|
"SecretVersionsToStages": version_id_to_stages,
|
||||||
}
|
}
|
||||||
|
|
||||||
def _form_version_ids_to_stages(self):
|
def _form_version_ids_to_stages(self):
|
||||||
|
@ -43,9 +43,11 @@ def test_list_secrets():
|
|||||||
|
|
||||||
assert secrets["SecretList"][0]["ARN"] is not None
|
assert secrets["SecretList"][0]["ARN"] is not None
|
||||||
assert secrets["SecretList"][0]["Name"] == "test-secret"
|
assert secrets["SecretList"][0]["Name"] == "test-secret"
|
||||||
|
assert secrets["SecretList"][0]["SecretVersionsToStages"] is not None
|
||||||
assert secrets["SecretList"][1]["ARN"] is not None
|
assert secrets["SecretList"][1]["ARN"] is not None
|
||||||
assert secrets["SecretList"][1]["Name"] == "test-secret-2"
|
assert secrets["SecretList"][1]["Name"] == "test-secret-2"
|
||||||
assert secrets["SecretList"][1]["Tags"] == [{"Key": "a", "Value": "1"}]
|
assert secrets["SecretList"][1]["Tags"] == [{"Key": "a", "Value": "1"}]
|
||||||
|
assert secrets["SecretList"][1]["SecretVersionsToStages"] is not None
|
||||||
|
|
||||||
|
|
||||||
@mock_secretsmanager
|
@mock_secretsmanager
|
||||||
|
@ -963,3 +963,32 @@ def test_tag_resource():
|
|||||||
"Secrets Manager can't find the specified secret.",
|
"Secrets Manager can't find the specified secret.",
|
||||||
cm.exception.response["Error"]["Message"],
|
cm.exception.response["Error"]["Message"],
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
@mock_secretsmanager
|
||||||
|
def test_secret_versions_to_stages_attribute_discrepancy():
|
||||||
|
client = boto3.client("secretsmanager", region_name="us-west-2")
|
||||||
|
|
||||||
|
resp = client.create_secret(Name=DEFAULT_SECRET_NAME, SecretString="foosecret")
|
||||||
|
previous_version_id = resp["VersionId"]
|
||||||
|
|
||||||
|
resp = client.put_secret_value(
|
||||||
|
SecretId=DEFAULT_SECRET_NAME,
|
||||||
|
SecretString="dupe_secret",
|
||||||
|
VersionStages=["AWSCURRENT"],
|
||||||
|
)
|
||||||
|
current_version_id = resp["VersionId"]
|
||||||
|
|
||||||
|
secret = client.describe_secret(SecretId=DEFAULT_SECRET_NAME)
|
||||||
|
describe_vtos = secret["VersionIdsToStages"]
|
||||||
|
assert describe_vtos[current_version_id] == ["AWSCURRENT"]
|
||||||
|
assert describe_vtos[previous_version_id] == ["AWSPREVIOUS"]
|
||||||
|
|
||||||
|
secret = client.list_secrets(
|
||||||
|
Filters=[{"Key": "name", "Values": [DEFAULT_SECRET_NAME]}]
|
||||||
|
).get("SecretList")[0]
|
||||||
|
list_vtos = secret["SecretVersionsToStages"]
|
||||||
|
assert list_vtos[current_version_id] == ["AWSCURRENT"]
|
||||||
|
assert list_vtos[previous_version_id] == ["AWSPREVIOUS"]
|
||||||
|
|
||||||
|
assert describe_vtos == list_vtos
|
||||||
|
Loading…
Reference in New Issue
Block a user