From cce3a678aa382ef29d06eefc10d4ddd01ec25f18 Mon Sep 17 00:00:00 2001
From: Neil Roberts <neil.roberts@cambiahealth.com>
Date: Mon, 6 Aug 2018 14:40:33 -0700
Subject: [PATCH] Implement secretsmanager.DescribeSecret and tests.

---
 moto/secretsmanager/models.py                 | 31 +++++++++++++
 moto/secretsmanager/responses.py              |  6 +++
 .../test_secretsmanager.py                    | 18 ++++++++
 tests/test_secretsmanager/test_server.py      | 43 +++++++++++++++++++
 4 files changed, 98 insertions(+)

diff --git a/moto/secretsmanager/models.py b/moto/secretsmanager/models.py
index 3923f90b0..da3f3e6fe 100644
--- a/moto/secretsmanager/models.py
+++ b/moto/secretsmanager/models.py
@@ -33,6 +33,9 @@ class SecretsManagerBackend(BaseBackend):
         self.name = kwargs.get('name', '')
         self.createdate = int(time.time())
         self.secret_string = ''
+        self.rotation_enabled = False
+        self.rotation_lambda_arn = ''
+        self.auto_rotate_after_days = 1
 
     def reset(self):
         region_name = self.region
@@ -70,6 +73,34 @@ class SecretsManagerBackend(BaseBackend):
 
         return response
 
+    def describe_secret(self, secret_id):
+        if self.secret_id == '':
+            raise ResourceNotFoundException
+        
+        response = json.dumps({
+            "ARN": secret_arn(self.region, self.secret_id),
+            "Name": self.secret_id,
+            "Description": "",
+            "KmsKeyId": "",
+            "RotationEnabled": self.rotation_enabled,
+            "RotationLambdaARN": self.rotation_lambda_arn,
+            "RotationRules": {
+                "AutomaticallyAfterDays": self.auto_rotate_after_days
+            },
+            "LastRotatedDate": None,
+            "LastChangedDate": None,
+            "LastAccessedDate": None,
+            "DeletedDate": None,
+            "Tags": [
+                {
+                    "Key": "",
+                    "Value": ""
+                },
+            ]
+        })
+
+        return response
+
     def get_random_password(self, password_length,
                             exclude_characters, exclude_numbers,
                             exclude_punctuation, exclude_uppercase,
diff --git a/moto/secretsmanager/responses.py b/moto/secretsmanager/responses.py
index 06387560a..c50c6a6e1 100644
--- a/moto/secretsmanager/responses.py
+++ b/moto/secretsmanager/responses.py
@@ -44,3 +44,9 @@ class SecretsManagerResponse(BaseResponse):
             include_space=include_space,
             require_each_included_type=require_each_included_type
         )
+
+    def describe_secret(self):
+        secret_id = self._get_param('SecretId')
+        return secretsmanager_backends[self.region].describe_secret(
+            secret_id=secret_id
+        )
diff --git a/tests/test_secretsmanager/test_secretsmanager.py b/tests/test_secretsmanager/test_secretsmanager.py
index 6fefeb56f..0ef54b45b 100644
--- a/tests/test_secretsmanager/test_secretsmanager.py
+++ b/tests/test_secretsmanager/test_secretsmanager.py
@@ -143,3 +143,21 @@ def test_get_random_too_long_password():
 
     with assert_raises(Exception):
         random_password = conn.get_random_password(PasswordLength=5555)
+
+@mock_secretsmanager
+def test_describe_secret():
+    conn = boto3.client('secretsmanager', region_name='us-west-2')
+    conn.create_secret(Name='test-secret',
+                       SecretString='foosecret')
+    
+    secret_description = conn.describe_secret(SecretId='test-secret')
+    assert secret_description   # Returned dict is not empty
+    assert secret_description['ARN'] == (
+        'arn:aws:secretsmanager:us-west-2:1234567890:secret:test-secret-rIjad')
+
+@mock_secretsmanager
+def test_describe_secret_that_does_not_exist():
+    conn = boto3.client('secretsmanager', region_name='us-west-2')
+
+    with assert_raises(ClientError):
+        result = conn.get_secret_value(SecretId='i-dont-exist')
diff --git a/tests/test_secretsmanager/test_server.py b/tests/test_secretsmanager/test_server.py
index 2f73ece07..370a483a8 100644
--- a/tests/test_secretsmanager/test_server.py
+++ b/tests/test_secretsmanager/test_server.py
@@ -66,3 +66,46 @@ def test_create_secret():
     assert json_data['ARN'] == (
         'arn:aws:secretsmanager:us-east-1:1234567890:secret:test-secret-rIjad')
     assert json_data['Name'] == 'test-secret'
+
+@mock_secretsmanager
+def test_describe_secret():
+
+    backend = server.create_backend_app('secretsmanager')
+    test_client = backend.test_client()
+
+    create_secret = test_client.post('/',
+                        data={"Name": "test-secret",
+                              "SecretString": "foosecret"},
+                        headers={
+                            "X-Amz-Target": "secretsmanager.CreateSecret"
+                        },
+                    )
+    describe_secret = test_client.post('/',
+                        data={"SecretId": "test-secret"},
+                        headers={
+                            "X-Amz-Target": "secretsmanager.DescribeSecret"
+                        },
+                    )
+
+    json_data = json.loads(describe_secret.data.decode("utf-8"))
+    assert json_data   # Returned dict is not empty
+    assert json_data['ARN'] == (
+        'arn:aws:secretsmanager:us-east-1:1234567890:secret:test-secret-rIjad'
+    )
+
+@mock_secretsmanager
+def test_describe_secret_that_does_not_exist():
+
+    backend = server.create_backend_app('secretsmanager')
+    test_client = backend.test_client()
+
+    describe_secret = test_client.post('/',
+                        data={"SecretId": "i-dont-exist"},
+                        headers={
+                            "X-Amz-Target": "secretsmanager.DescribeSecret"
+                        },
+                    )
+
+    json_data = json.loads(describe_secret.data.decode("utf-8"))
+    assert json_data['message'] == "Secrets Manager can't find the specified secret"
+    assert json_data['__type'] == 'ResourceNotFoundException'