Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Also throw exception if client tries to RotateSecret on a soft-deleted secret

Browse Source
This commit is contained in:
Chris Kilding 2019-04-18 16:47:15 +01:00
parent 749f4f63e6
commit bd8aa341f2
2 changed files with 22 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
moto/secretsmanager/models.py
View File

@ -49,7 +49,7 @@ class SecretsManagerBackend(BaseBackend):
if 'deleted_date' in self.secrets[secret_id]: if 'deleted_date' in self.secrets[secret_id]:
raise InvalidRequestException( raise InvalidRequestException(
"An error occurred (InvalidRequestException) when calling the DeleteSecret operation: You tried to \ "An error occurred (InvalidRequestException) when calling the GetSecretValue operation: You tried to \
perform the operation on a secret that's currently marked deleted." perform the operation on a secret that's currently marked deleted."
) )
@ -127,6 +127,12 @@ class SecretsManagerBackend(BaseBackend):
if not self._is_valid_identifier(secret_id): if not self._is_valid_identifier(secret_id):
raise ResourceNotFoundException raise ResourceNotFoundException
if 'deleted_date' in self.secrets[secret_id]:
raise InvalidRequestException(
"An error occurred (InvalidRequestException) when calling the RotateSecret operation: You tried to \
perform the operation on a secret that's currently marked deleted."
)
if client_request_token: if client_request_token:
token_length = len(client_request_token) token_length = len(client_request_token)
if token_length < 32 or token_length > 64: if token_length < 32 or token_length > 64:

16
tests/test_secretsmanager/test_secretsmanager.py
View File

@ -43,7 +43,7 @@ def test_get_secret_value_that_is_marked_deleted():
conn.create_secret(Name='test-secret', conn.create_secret(Name='test-secret',
SecretString='foosecret') SecretString='foosecret')
deleted_secret = conn.delete_secret(SecretId='test-secret') conn.delete_secret(SecretId='test-secret')
with assert_raises(ClientError): with assert_raises(ClientError):
result = conn.get_secret_value(SecretId='test-secret') result = conn.get_secret_value(SecretId='test-secret')
@ -380,6 +380,20 @@ def test_rotate_secret_enable_rotation():
assert rotated_description['RotationEnabled'] is True assert rotated_description['RotationEnabled'] is True
assert rotated_description['RotationRules']['AutomaticallyAfterDays'] == 42 assert rotated_description['RotationRules']['AutomaticallyAfterDays'] == 42
@mock_secretsmanager
def test_rotate_secret_that_is_marked_deleted():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn.create_secret(Name='test-secret',
SecretString='foosecret')
conn.delete_secret(SecretId='test-secret')
with assert_raises(ClientError):
result = conn.rotate_secret(SecretId='test-secret')
@mock_secretsmanager @mock_secretsmanager
def test_rotate_secret_that_does_not_exist(): def test_rotate_secret_that_does_not_exist():
conn = boto3.client('secretsmanager', 'us-west-2') conn = boto3.client('secretsmanager', 'us-west-2')