Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Feature: AWS Secrets Manager delete-secret

Browse Source
This commit is contained in:
Chris K 2019-04-05 15:00:11 +01:00 committed by Chris Kilding
parent 97408552a3
commit fc8cf2d872
4 changed files with 93 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
IMPLEMENTATION_COVERAGE.md
View File

@ -3654,7 +3654,7 @@
## secretsmanager - 33% implemented ## secretsmanager - 33% implemented
- [ ] cancel_rotate_secret - [ ] cancel_rotate_secret
- [X] create_secret - [X] create_secret
- [ ] delete_secret - [X] delete_secret
- [X] describe_secret - [X] describe_secret
- [X] get_random_password - [X] get_random_password
- [X] get_secret_value - [X] get_secret_value

29
moto/secretsmanager/models.py
View File

@ -213,6 +213,35 @@ class SecretsManagerBackend(BaseBackend):
return secret_list, None return secret_list, None
def delete_secret(self, secret_id, recovery_window_in_days, force_delete_without_recovery):
if not self._is_valid_identifier(secret_id):
raise ResourceNotFoundException
if not force_delete_without_recovery:
raise InvalidParameterException(
"An error occurred (InvalidParameterException) when calling the DeleteSecret operation: \
ForceDeleteWithoutRecovery must be true (Moto cannot simulate soft deletion with a recovery window)"
)
if recovery_window_in_days and force_delete_without_recovery:
raise InvalidParameterException(
"An error occurred (InvalidParameterException) when calling the DeleteSecret operation: You can't \
use ForceDeleteWithoutRecovery in conjunction with RecoveryWindowInDays."
)
secret = self.secrets.pop(secret_id, None)
deletion_date = int(time.time())
if not secret:
raise ResourceNotFoundException
arn = secret_arn(self.region, secret['secret_id'])
name = secret['name']
return arn, name, deletion_date
available_regions = ( available_regions = (
boto3.session.Session().get_available_regions("secretsmanager") boto3.session.Session().get_available_regions("secretsmanager")

11
moto/secretsmanager/responses.py
View File

@ -75,3 +75,14 @@ class SecretsManagerResponse(BaseResponse):
next_token=next_token, next_token=next_token,
) )
return json.dumps(dict(SecretList=secret_list, NextToken=next_token)) return json.dumps(dict(SecretList=secret_list, NextToken=next_token))
def delete_secret(self):
secret_id = self._get_param("SecretId")
recovery_window_in_days = self._get_param("RecoveryWindowInDays")
force_delete_without_recovery = self._get_param("ForceDeleteWithoutRecovery")
arn, name, deletion_date = secretsmanager_backends[self.region].delete_secret(
secret_id=secret_id,
recovery_window_in_days=recovery_window_in_days,
force_delete_without_recovery=force_delete_without_recovery,
)
return json.dumps(dict(ARN=arn, Name=name, DeletionDate=deletion_date))

52
tests/test_secretsmanager/test_secretsmanager.py
View File

@ -6,6 +6,7 @@ from moto import mock_secretsmanager
from botocore.exceptions import ClientError from botocore.exceptions import ClientError
import sure # noqa import sure # noqa
import string import string
from datetime import datetime
import unittest import unittest
from nose.tools import assert_raises from nose.tools import assert_raises
@ -61,6 +62,57 @@ def test_create_secret_with_tags():
secret_details = conn.describe_secret(SecretId=secret_name) secret_details = conn.describe_secret(SecretId=secret_name)
assert secret_details['Tags'] == [{"Key": "Foo", "Value": "Bar"}, {"Key": "Mykey", "Value": "Myvalue"}] assert secret_details['Tags'] == [{"Key": "Foo", "Value": "Bar"}, {"Key": "Mykey", "Value": "Myvalue"}]
@mock_secretsmanager
def test_delete_secret():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn.create_secret(Name='test-secret',
SecretString='foosecret')
result = conn.delete_secret(SecretId='test-secret', ForceDeleteWithoutRecovery=True)
deletion_date = result['DeletionDate']
assert result['ARN']
assert deletion_date > datetime.fromtimestamp(1, deletion_date.tzinfo)
assert result['Name'] == 'test-secret'
with assert_raises(ClientError):
result = conn.get_secret_value(SecretId='test-secret')
@mock_secretsmanager
def test_delete_secret_that_does_not_exist():
conn = boto3.client('secretsmanager', region_name='us-west-2')
with assert_raises(ClientError):
result = conn.delete_secret(SecretId='i-dont-exist', ForceDeleteWithoutRecovery=True)
@mock_secretsmanager
def test_delete_secret_requires_force_delete_flag():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn.create_secret(Name='test-secret',
SecretString='foosecret')
with assert_raises(ClientError):
result = conn.delete_secret(SecretId='test-secret', ForceDeleteWithoutRecovery=False)
@mock_secretsmanager
def test_delete_secret_fails_with_both_force_delete_flag_and_recovery_window_flag():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn.create_secret(Name='test-secret',
SecretString='foosecret')
with assert_raises(ClientError):
result = conn.delete_secret(SecretId='test-secret', RecoveryWindowInDays=1, ForceDeleteWithoutRecovery=True)
@mock_secretsmanager @mock_secretsmanager
def test_get_random_password_default_length(): def test_get_random_password_default_length():
conn = boto3.client('secretsmanager', region_name='us-west-2') conn = boto3.client('secretsmanager', region_name='us-west-2')