Merge pull request #2601 from mwaaas/fix/get_policy
adding get policy endpoint
This commit is contained in:
commit
7e68b93091
@ -466,6 +466,30 @@ class SecretsManagerBackend(BaseBackend):
|
|||||||
|
|
||||||
return arn, name
|
return arn, name
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def get_resource_policy(secret_id):
|
||||||
|
resource_policy = {
|
||||||
|
"Version": "2012-10-17",
|
||||||
|
"Statement": {
|
||||||
|
"Effect": "Allow",
|
||||||
|
"Principal": {
|
||||||
|
"AWS": [
|
||||||
|
"arn:aws:iam::111122223333:root",
|
||||||
|
"arn:aws:iam::444455556666:root",
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"Action": ["secretsmanager:GetSecretValue"],
|
||||||
|
"Resource": "*",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
return json.dumps(
|
||||||
|
{
|
||||||
|
"ARN": secret_id,
|
||||||
|
"Name": secret_id,
|
||||||
|
"ResourcePolicy": json.dumps(resource_policy),
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
available_regions = boto3.session.Session().get_available_regions("secretsmanager")
|
available_regions = boto3.session.Session().get_available_regions("secretsmanager")
|
||||||
secretsmanager_backends = {
|
secretsmanager_backends = {
|
||||||
|
@ -114,3 +114,9 @@ class SecretsManagerResponse(BaseResponse):
|
|||||||
secret_id=secret_id
|
secret_id=secret_id
|
||||||
)
|
)
|
||||||
return json.dumps(dict(ARN=arn, Name=name))
|
return json.dumps(dict(ARN=arn, Name=name))
|
||||||
|
|
||||||
|
def get_resource_policy(self):
|
||||||
|
secret_id = self._get_param("SecretId")
|
||||||
|
return secretsmanager_backends[self.region].get_resource_policy(
|
||||||
|
secret_id=secret_id
|
||||||
|
)
|
||||||
|
@ -586,6 +586,29 @@ def test_can_list_secret_version_ids():
|
|||||||
].sort() == returned_version_ids.sort()
|
].sort() == returned_version_ids.sort()
|
||||||
|
|
||||||
|
|
||||||
|
@mock_secretsmanager
|
||||||
|
def test_get_resource_policy_secret():
|
||||||
|
|
||||||
|
backend = server.create_backend_app("secretsmanager")
|
||||||
|
test_client = backend.test_client()
|
||||||
|
|
||||||
|
create_secret = test_client.post(
|
||||||
|
"/",
|
||||||
|
data={"Name": "test-secret", "SecretString": "foosecret"},
|
||||||
|
headers={"X-Amz-Target": "secretsmanager.CreateSecret"},
|
||||||
|
)
|
||||||
|
describe_secret = test_client.post(
|
||||||
|
"/",
|
||||||
|
data={"SecretId": "test-secret"},
|
||||||
|
headers={"X-Amz-Target": "secretsmanager.GetResourcePolicy"},
|
||||||
|
)
|
||||||
|
|
||||||
|
json_data = json.loads(describe_secret.data.decode("utf-8"))
|
||||||
|
assert json_data # Returned dict is not empty
|
||||||
|
assert json_data["ARN"] != ""
|
||||||
|
assert json_data["Name"] == "test-secret"
|
||||||
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# The following tests should work, but fail on the embedded dict in
|
# The following tests should work, but fail on the embedded dict in
|
||||||
# RotationRules. The error message suggests a problem deeper in the code, which
|
# RotationRules. The error message suggests a problem deeper in the code, which
|
||||||
|
Loading…
Reference in New Issue
Block a user