Merge pull request #2601 from mwaaas/fix/get_policy

adding get policy endpoint
2019-12-09 14:11:50 -08:00 · 2019-12-09 14:11:50 -08:00 · 7e68b93091
commit 7e68b93091
parent 1c5ea4b545 625f28c882
3 changed files with 53 additions and 0 deletions
--- a/moto/secretsmanager/models.py
+++ b/moto/secretsmanager/models.py
@ -466,6 +466,30 @@ class SecretsManagerBackend(BaseBackend):

        return arn, name

+    @staticmethod
+    def get_resource_policy(secret_id):
+        resource_policy = {
+            "Version": "2012-10-17",
+            "Statement": {
+                "Effect": "Allow",
+                "Principal": {
+                    "AWS": [
+                        "arn:aws:iam::111122223333:root",
+                        "arn:aws:iam::444455556666:root",
+                    ]
+                },
+                "Action": ["secretsmanager:GetSecretValue"],
+                "Resource": "*",
+            },
+        }
+        return json.dumps(
+            {
+                "ARN": secret_id,
+                "Name": secret_id,
+                "ResourcePolicy": json.dumps(resource_policy),
+            }
+        )
+

 available_regions = boto3.session.Session().get_available_regions("secretsmanager")
 secretsmanager_backends = {
--- a/moto/secretsmanager/responses.py
+++ b/moto/secretsmanager/responses.py
@ -114,3 +114,9 @@ class SecretsManagerResponse(BaseResponse):
            secret_id=secret_id
        )
        return json.dumps(dict(ARN=arn, Name=name))
+
+    def get_resource_policy(self):
+        secret_id = self._get_param("SecretId")
+        return secretsmanager_backends[self.region].get_resource_policy(
+            secret_id=secret_id
+        )
--- a/tests/test_secretsmanager/test_server.py
+++ b/tests/test_secretsmanager/test_server.py
@ -586,6 +586,29 @@ def test_can_list_secret_version_ids():
    ].sort() == returned_version_ids.sort()


+@mock_secretsmanager
+def test_get_resource_policy_secret():
+
+    backend = server.create_backend_app("secretsmanager")
+    test_client = backend.test_client()
+
+    create_secret = test_client.post(
+        "/",
+        data={"Name": "test-secret", "SecretString": "foosecret"},
+        headers={"X-Amz-Target": "secretsmanager.CreateSecret"},
+    )
+    describe_secret = test_client.post(
+        "/",
+        data={"SecretId": "test-secret"},
+        headers={"X-Amz-Target": "secretsmanager.GetResourcePolicy"},
+    )
+
+    json_data = json.loads(describe_secret.data.decode("utf-8"))
+    assert json_data  # Returned dict is not empty
+    assert json_data["ARN"] != ""
+    assert json_data["Name"] == "test-secret"
+
+
 #
 # The following tests should work, but fail on the embedded dict in
 # RotationRules. The error message suggests a problem deeper in the code, which