Merge pull request #1754 from NeilRoberts/add_describe_secret_to_secretsmanager

Issue# 1753 - implement secretsmanager.DescribeSecret

IMPLEMENTATION_COVERAGE.md

@@ -3645,11 +3645,11 @@
 - [ ] put_attributes
 - [ ] select
 
-## secretsmanager - 20% implemented
+## secretsmanager - 27% implemented
 - [ ] cancel_rotate_secret
 - [X] create_secret
 - [ ] delete_secret
-- [ ] describe_secret
+- [X] describe_secret
 - [X] get_random_password
 - [X] get_secret_value
 - [ ] list_secret_version_ids

moto/secretsmanager/models.py

@@ -33,15 +33,21 @@ class SecretsManagerBackend(BaseBackend):
         self.name = kwargs.get('name', '')
         self.createdate = int(time.time())
         self.secret_string = ''
+        self.rotation_enabled = False
+        self.rotation_lambda_arn = ''
+        self.auto_rotate_after_days = 0
 
     def reset(self):
         region_name = self.region
         self.__dict__ = {}
         self.__init__(region_name)
 
+    def _is_valid_identifier(self, identifier):
+        return identifier in (self.name, self.secret_id)
+
     def get_secret_value(self, secret_id, version_id, version_stage):
 
-        if secret_id not in (self.secret_id, self.name):
+        if not self._is_valid_identifier(secret_id):
             raise ResourceNotFoundException()
 
         response = json.dumps({
@@ -71,6 +77,34 @@ class SecretsManagerBackend(BaseBackend):
 
         return response
 
+    def describe_secret(self, secret_id):
+        if not self._is_valid_identifier(secret_id):
+            raise ResourceNotFoundException
+
+        response = json.dumps({
+            "ARN": secret_arn(self.region, self.secret_id),
+            "Name": self.name,
+            "Description": "",
+            "KmsKeyId": "",
+            "RotationEnabled": self.rotation_enabled,
+            "RotationLambdaARN": self.rotation_lambda_arn,
+            "RotationRules": {
+                "AutomaticallyAfterDays": self.auto_rotate_after_days
+            },
+            "LastRotatedDate": None,
+            "LastChangedDate": None,
+            "LastAccessedDate": None,
+            "DeletedDate": None,
+            "Tags": [
+                {
+                    "Key": "",
+                    "Value": ""
+                },
+            ]
+        })
+
+        return response
+
     def get_random_password(self, password_length,
                             exclude_characters, exclude_numbers,
                             exclude_punctuation, exclude_uppercase,

moto/secretsmanager/responses.py

@@ -44,3 +44,9 @@ class SecretsManagerResponse(BaseResponse):
             include_space=include_space,
             require_each_included_type=require_each_included_type
         )
+
+    def describe_secret(self):
+        secret_id = self._get_param('SecretId')
+        return secretsmanager_backends[self.region].describe_secret(
+            secret_id=secret_id
+        )

tests/test_secretsmanager/test_secretsmanager.py

@@ -152,3 +152,30 @@ def test_get_random_too_long_password():
 
     with assert_raises(Exception):
         random_password = conn.get_random_password(PasswordLength=5555)
+
+@mock_secretsmanager
+def test_describe_secret():
+    conn = boto3.client('secretsmanager', region_name='us-west-2')
+    conn.create_secret(Name='test-secret',
+                       SecretString='foosecret')
+    
+    secret_description = conn.describe_secret(SecretId='test-secret')
+    assert secret_description   # Returned dict is not empty
+    assert secret_description['ARN'] == (
+        'arn:aws:secretsmanager:us-west-2:1234567890:secret:test-secret-rIjad')
+
+@mock_secretsmanager
+def test_describe_secret_that_does_not_exist():
+    conn = boto3.client('secretsmanager', region_name='us-west-2')
+
+    with assert_raises(ClientError):
+        result = conn.get_secret_value(SecretId='i-dont-exist')
+
+@mock_secretsmanager
+def test_describe_secret_that_does_not_match():
+    conn = boto3.client('secretsmanager', region_name='us-west-2')
+    conn.create_secret(Name='test-secret',
+                       SecretString='foosecret')
+    
+    with assert_raises(ClientError):
+        result = conn.get_secret_value(SecretId='i-dont-match')

tests/test_secretsmanager/test_server.py

@@ -66,3 +66,70 @@ def test_create_secret():
     assert json_data['ARN'] == (
         'arn:aws:secretsmanager:us-east-1:1234567890:secret:test-secret-rIjad')
     assert json_data['Name'] == 'test-secret'
+
+@mock_secretsmanager
+def test_describe_secret():
+
+    backend = server.create_backend_app('secretsmanager')
+    test_client = backend.test_client()
+
+    create_secret = test_client.post('/',
+                        data={"Name": "test-secret",
+                              "SecretString": "foosecret"},
+                        headers={
+                            "X-Amz-Target": "secretsmanager.CreateSecret"
+                        },
+                    )
+    describe_secret = test_client.post('/',
+                        data={"SecretId": "test-secret"},
+                        headers={
+                            "X-Amz-Target": "secretsmanager.DescribeSecret"
+                        },
+                    )
+
+    json_data = json.loads(describe_secret.data.decode("utf-8"))
+    assert json_data   # Returned dict is not empty
+    assert json_data['ARN'] == (
+        'arn:aws:secretsmanager:us-east-1:1234567890:secret:test-secret-rIjad'
+    )
+
+@mock_secretsmanager
+def test_describe_secret_that_does_not_exist():
+
+    backend = server.create_backend_app('secretsmanager')
+    test_client = backend.test_client()
+
+    describe_secret = test_client.post('/',
+                        data={"SecretId": "i-dont-exist"},
+                        headers={
+                            "X-Amz-Target": "secretsmanager.DescribeSecret"
+                        },
+                    )
+
+    json_data = json.loads(describe_secret.data.decode("utf-8"))
+    assert json_data['message'] == "Secrets Manager can't find the specified secret"
+    assert json_data['__type'] == 'ResourceNotFoundException'
+
+@mock_secretsmanager
+def test_describe_secret_that_does_not_match():
+
+    backend = server.create_backend_app('secretsmanager')
+    test_client = backend.test_client()
+
+    create_secret = test_client.post('/',
+                        data={"Name": "test-secret",
+                              "SecretString": "foosecret"},
+                        headers={
+                            "X-Amz-Target": "secretsmanager.CreateSecret"
+                        },
+                    )
+    describe_secret = test_client.post('/',
+                        data={"SecretId": "i-dont-match"},
+                        headers={
+                            "X-Amz-Target": "secretsmanager.DescribeSecret"
+                        },
+                    )
+
+    json_data = json.loads(describe_secret.data.decode("utf-8"))
+    assert json_data['message'] == "Secrets Manager can't find the specified secret"
+    assert json_data['__type'] == 'ResourceNotFoundException'