From fc8cf2d872e23c6b13f75ea30da752f5b322f592 Mon Sep 17 00:00:00 2001 From: Chris K Date: Fri, 5 Apr 2019 15:00:11 +0100 Subject: [PATCH] Feature: AWS Secrets Manager delete-secret --- IMPLEMENTATION_COVERAGE.md | 2 +- moto/secretsmanager/models.py | 29 +++++++++++ moto/secretsmanager/responses.py | 11 ++++ .../test_secretsmanager.py | 52 +++++++++++++++++++ 4 files changed, 93 insertions(+), 1 deletion(-) diff --git a/IMPLEMENTATION_COVERAGE.md b/IMPLEMENTATION_COVERAGE.md index 3cce40df9..2afd3f19c 100644 --- a/IMPLEMENTATION_COVERAGE.md +++ b/IMPLEMENTATION_COVERAGE.md @@ -3654,7 +3654,7 @@ ## secretsmanager - 33% implemented - [ ] cancel_rotate_secret - [X] create_secret -- [ ] delete_secret +- [X] delete_secret - [X] describe_secret - [X] get_random_password - [X] get_secret_value diff --git a/moto/secretsmanager/models.py b/moto/secretsmanager/models.py index 74cf89039..10b636359 100644 --- a/moto/secretsmanager/models.py +++ b/moto/secretsmanager/models.py @@ -213,6 +213,35 @@ class SecretsManagerBackend(BaseBackend): return secret_list, None + def delete_secret(self, secret_id, recovery_window_in_days, force_delete_without_recovery): + + if not self._is_valid_identifier(secret_id): + raise ResourceNotFoundException + + if not force_delete_without_recovery: + raise InvalidParameterException( + "An error occurred (InvalidParameterException) when calling the DeleteSecret operation: \ + ForceDeleteWithoutRecovery must be true (Moto cannot simulate soft deletion with a recovery window)" + ) + + if recovery_window_in_days and force_delete_without_recovery: + raise InvalidParameterException( + "An error occurred (InvalidParameterException) when calling the DeleteSecret operation: You can't \ + use ForceDeleteWithoutRecovery in conjunction with RecoveryWindowInDays." + ) + + secret = self.secrets.pop(secret_id, None) + + deletion_date = int(time.time()) + + if not secret: + raise ResourceNotFoundException + + arn = secret_arn(self.region, secret['secret_id']) + name = secret['name'] + + return arn, name, deletion_date + available_regions = ( boto3.session.Session().get_available_regions("secretsmanager") diff --git a/moto/secretsmanager/responses.py b/moto/secretsmanager/responses.py index f017ec0dc..a33890202 100644 --- a/moto/secretsmanager/responses.py +++ b/moto/secretsmanager/responses.py @@ -75,3 +75,14 @@ class SecretsManagerResponse(BaseResponse): next_token=next_token, ) return json.dumps(dict(SecretList=secret_list, NextToken=next_token)) + + def delete_secret(self): + secret_id = self._get_param("SecretId") + recovery_window_in_days = self._get_param("RecoveryWindowInDays") + force_delete_without_recovery = self._get_param("ForceDeleteWithoutRecovery") + arn, name, deletion_date = secretsmanager_backends[self.region].delete_secret( + secret_id=secret_id, + recovery_window_in_days=recovery_window_in_days, + force_delete_without_recovery=force_delete_without_recovery, + ) + return json.dumps(dict(ARN=arn, Name=name, DeletionDate=deletion_date)) diff --git a/tests/test_secretsmanager/test_secretsmanager.py b/tests/test_secretsmanager/test_secretsmanager.py index 6146698d9..f9a7d0d64 100644 --- a/tests/test_secretsmanager/test_secretsmanager.py +++ b/tests/test_secretsmanager/test_secretsmanager.py @@ -6,6 +6,7 @@ from moto import mock_secretsmanager from botocore.exceptions import ClientError import sure # noqa import string +from datetime import datetime import unittest from nose.tools import assert_raises @@ -61,6 +62,57 @@ def test_create_secret_with_tags(): secret_details = conn.describe_secret(SecretId=secret_name) assert secret_details['Tags'] == [{"Key": "Foo", "Value": "Bar"}, {"Key": "Mykey", "Value": "Myvalue"}] + +@mock_secretsmanager +def test_delete_secret(): + conn = boto3.client('secretsmanager', region_name='us-west-2') + + conn.create_secret(Name='test-secret', + SecretString='foosecret') + + result = conn.delete_secret(SecretId='test-secret', ForceDeleteWithoutRecovery=True) + deletion_date = result['DeletionDate'] + + assert result['ARN'] + + assert deletion_date > datetime.fromtimestamp(1, deletion_date.tzinfo) + + assert result['Name'] == 'test-secret' + + with assert_raises(ClientError): + result = conn.get_secret_value(SecretId='test-secret') + + +@mock_secretsmanager +def test_delete_secret_that_does_not_exist(): + conn = boto3.client('secretsmanager', region_name='us-west-2') + + with assert_raises(ClientError): + result = conn.delete_secret(SecretId='i-dont-exist', ForceDeleteWithoutRecovery=True) + + +@mock_secretsmanager +def test_delete_secret_requires_force_delete_flag(): + conn = boto3.client('secretsmanager', region_name='us-west-2') + + conn.create_secret(Name='test-secret', + SecretString='foosecret') + + with assert_raises(ClientError): + result = conn.delete_secret(SecretId='test-secret', ForceDeleteWithoutRecovery=False) + + +@mock_secretsmanager +def test_delete_secret_fails_with_both_force_delete_flag_and_recovery_window_flag(): + conn = boto3.client('secretsmanager', region_name='us-west-2') + + conn.create_secret(Name='test-secret', + SecretString='foosecret') + + with assert_raises(ClientError): + result = conn.delete_secret(SecretId='test-secret', RecoveryWindowInDays=1, ForceDeleteWithoutRecovery=True) + + @mock_secretsmanager def test_get_random_password_default_length(): conn = boto3.client('secretsmanager', region_name='us-west-2')