Merge pull request #2594 from mwaaas/fix/fetch_secret_manage_via_arn

fixing fetch secret manager via arn

moto/secretsmanager/models.py

@@ -17,7 +17,7 @@ from .exceptions import (
     InvalidRequestException,
     ClientError,
 )
-from .utils import random_password, secret_arn
+from .utils import random_password, secret_arn, get_secret_name_from_arn
 
 
 class SecretsManager(BaseModel):
@@ -25,11 +25,25 @@ class SecretsManager(BaseModel):
         self.region = region_name
 
 
+class SecretsStore(dict):
+    def __setitem__(self, key, value):
+        new_key = get_secret_name_from_arn(key)
+        super(SecretsStore, self).__setitem__(new_key, value)
+
+    def __getitem__(self, key):
+        new_key = get_secret_name_from_arn(key)
+        return super(SecretsStore, self).__getitem__(new_key)
+
+    def __contains__(self, key):
+        new_key = get_secret_name_from_arn(key)
+        return dict.__contains__(self, new_key)
+
+
 class SecretsManagerBackend(BaseBackend):
     def __init__(self, region_name=None, **kwargs):
         super(SecretsManagerBackend, self).__init__()
         self.region = region_name
-        self.secrets = {}
+        self.secrets = SecretsStore()
 
     def reset(self):
         region_name = self.region
@@ -44,7 +58,6 @@ class SecretsManagerBackend(BaseBackend):
         return (dt - epoch).total_seconds()
 
     def get_secret_value(self, secret_id, version_id, version_stage):
-
         if not self._is_valid_identifier(secret_id):
             raise SecretNotFoundException()
 

moto/secretsmanager/utils.py

@@ -72,6 +72,19 @@ def secret_arn(region, secret_id):
     )
 
 
+def get_secret_name_from_arn(secret_id):
+    # can fetch by both arn and by name
+    # but we are storing via name
+    # so we need to change the arn to name
+    # if it starts with arn then the secret id is arn
+    if secret_id.startswith("arn:aws:secretsmanager:"):
+        # split the arn by colon
+        # then get the last value which is the name appended with a random string
+        # then remove the random string
+        secret_id = "-".join(secret_id.split(":")[-1].split("-")[:-1])
+    return secret_id
+
+
 def _exclude_characters(password, exclude_characters):
     for c in exclude_characters:
         if c in string.punctuation:

tests/test_secretsmanager/test_secretsmanager.py

@@ -26,6 +26,18 @@ def test_get_secret_value():
     assert result["SecretString"] == "foosecret"
 
 
+@mock_secretsmanager
+def test_get_secret_value_by_arn():
+    conn = boto3.client("secretsmanager", region_name="us-west-2")
+
+    secret_value = "test_get_secret_value_by_arn"
+    result = conn.create_secret(
+        Name="java-util-test-password", SecretString=secret_value
+    )
+    result = conn.get_secret_value(SecretId=result["ARN"])
+    assert result["SecretString"] == secret_value
+
+
 @mock_secretsmanager
 def test_get_secret_value_binary():
     conn = boto3.client("secretsmanager", region_name="us-west-2")
@@ -361,6 +373,18 @@ def test_describe_secret():
     assert secret_description_2["ARN"] != ""  # Test arn not empty
 
 
+@mock_secretsmanager
+def test_describe_secret_with_arn():
+    conn = boto3.client("secretsmanager", region_name="us-west-2")
+    results = conn.create_secret(Name="test-secret", SecretString="foosecret")
+
+    secret_description = conn.describe_secret(SecretId=results["ARN"])
+
+    assert secret_description  # Returned dict is not empty
+    assert secret_description["Name"] == ("test-secret")
+    assert secret_description["ARN"] != results["ARN"]
+
+
 @mock_secretsmanager
 def test_describe_secret_that_does_not_exist():
     conn = boto3.client("secretsmanager", region_name="us-west-2")