Commit Graph

60 Commits

Author SHA1 Message Date
MarkBrook
663cd7a523
ISSUE-4340: SecretsManager cannot find specified secret using ARN in some operations (#4353) 2021-09-27 19:59:13 +00:00
Miguel Gagliardo
c65d4ddc3b
Fix: Adding ClientRequestToken for SecretsManager update_secret method (#4314) 2021-09-21 16:43:31 +00:00
Bert Blommers
d08ed937f3
AWSLambda - clean up tests (#4317) 2021-09-21 15:19:49 +00:00
George Lungley
0ec99fae8b
#4118 Add KmsKeyId Support to secretsmanager (#4119) 2021-08-03 15:46:23 +01:00
Bert Blommers
7693d77333
Remove Py2 support (#3915) 2021-07-26 07:40:39 +01:00
Bert Blommers
5e4bccc22d
Use centralized ACCOUNT_ID (#4029) 2021-06-23 18:03:11 +01:00
Daniel Samuels
a4b1498665
Support rotating secrets using Lambda [#3905] (#3912)
* Support rotating secrets using Lambda

The Secrets manager rotation process uses an AWS Lambda function
to perform the rotation of a secret. [1]

In fact, it's not possible to trigger rotation of a Secret
without specifying a Lambda function at some point in the life
of the secret:

```
$ aws secretsmanager rotate-secret --secret-id /rotationTest

An error occurred (InvalidRequestException) when calling the RotateSecret operation: No Lambda rotation function ARN is associated with this secret.
```

`moto` can be a little more lenient in this regard and allow
`rotate_secret` to be called without a Lambda function being
present, if only to allow simulation of the `AWSCURRENT` and
`AWSPREVIOUS` labels moving across versions.

However, if a lambda function _has_ been specified when calling
`rotate_secret`, it should be invoked therefore providing the
developer with the full multi-stage process [3] which can be
used to test the Lambda function itself and ensuring that full
end-to-end testing is performed. Without this there's no easy
way to configure the Secret in the state needed to provide the
Lambda function with the data in the format it needs to be in
at each step of the invocation process.

[1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-lambda-function-overview.html
[2]: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/secretsmanager.html#SecretsManager.Client.rotate_secret
[3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-lambda-function-overview.html#rotation-explanation-of-steps

* Run `black` over `secretsmanager/models.py`

* Make `lambda_backends` import local to the condition

* Implement `update_secret_version_stage`

Allow a staging label to be moved across versions.

https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/secretsmanager.html#SecretsManager.Client.update_secret_version_stage

* Add an integration test for Secrets Manager & Lambda

* Support passing `ClientRequestToken` to `put_secret_value`

By passing `ClientRequestToken` to `put_secret_value` within
the lambda function  invoked by calling `rotate_secret`, one
can update the value associated with the existing (pending)
version, without causing a new secret version to be created.

* Add application logic for `AWSPENDING`

The rotation function must end with the versions of the secret
in one of two states:

 - The `AWSPENDING` and `AWSCURRENT` staging labels are
   attached to the same version of the secret, or
 - The `AWSPENDING` staging label is not attached to any
   version of the secret.

If the `AWSPENDING` staging label is present but not attached
to the same version as `AWSCURRENT` then any later invocation
of RotateSecret assumes that a previous rotation request is
still in progress and returns an error.

* Update `default_version_id` after Lambda rotation concludes

Call `set_default_version_id` directly, rather than going 
through `reset_default_version` as the Lambda function is 
responsible for moving the version labels around, not `rotate_secret`.

* Run `black` over changed files

* Fix Python 2.7 compatibility

* Add additional test coverage for Secrets Manager

* Fix bug found by tests

AWSPENDING + AWSCURRENT check wasn't using `version_stages`.
Also tidy up the AWSCURRENT moving in `update_secret_version_stage`
to remove AWSPREVIOUS it from the new stage.

* Run `black` over changed files

* Add additional `rotate_secret` tests

* Skip `test_rotate_secret_lambda_invocations` in test server mode

* Add test for invalid Lambda ARN
2021-05-11 12:08:01 +01:00
George Vince
4da11da2bf
Secrets manager untag resource (#3767)
* added: untag_resource + test

* formatting

* formatting

* formatting

* added: formatting fix
2021-03-12 10:35:38 +00:00
Bert Blommers
273ca63d59 Linting 2020-11-11 15:55:37 +00:00
Bert Blommers
cb6731f340 Convert fixtures/exceptions to Pytest 2020-11-11 15:54:01 +00:00
Matěj Cepl
6d364dc7aa Pytest model of exceptions uses 'value' attribute instead of 'exception'. 2020-11-11 12:21:04 +01:00
Matěj Cepl
5697ff87a8 Back to Black 2020-11-10 14:12:38 +01:00
Matěj Cepl
ea489bce6c Finish porting from nose to pytest. 2020-11-10 08:25:05 +01:00
Matěj Cepl
77dc60ea97 Port test suite from nose to pytest.
This just eliminates all errors on the tests collection. Elimination of
failures is left to the next commit.
2020-11-10 08:23:44 +01:00
Brian Pandola
76265576ac
Fix: describe/list attribute discrepancy in Secrets Manager (#3432)
`secretsmanager:DescribeSecret` returns `VersionIdsToStages`
`secretsmanager:ListSecrets` returns the same information in `SecretVersionsToStages`

* Verified fix against real AWS backend.

Fixes #3406
2020-11-03 14:18:56 +00:00
usmangani1
53c3eb6240
Fix:SecretsManager :Error on Invalid secretID (#3413)
* Fix:SecretsManager :Error on Invalid secretID

* Fixed tests

Co-authored-by: usmankb <usman@krazybee.com>
2020-11-02 10:15:40 +00:00
usmangani1
14980371d7
FIX:Add secrets Manager Tag resource Funtionality (#3392)
* FIX:Add secrets Manager Tag resoruce Funtionality

* Fixed review comments

Co-authored-by: usmankb <usman@krazybee.com>
2020-10-22 11:14:32 +01:00
Jon Michaelchuck
2391a4ab97
[SecretsManager] Handle missing secrets versions (#3349)
* SecretsManager - handle missing secrets versions

The get_secret_value method should raise ResourceNotFoundException
if a secret exists but the provided VersionId does not.

* Run black

* 2.x support

* black fix?

* secret is not a dict. Fix error msg output.
2020-10-05 12:22:54 +01:00
Roman Dmytrenko
c1a7f29c62
Fix issue with wrong parameter signed to secret_binary during secret rotation in Secrets Manager (#3348)
* fix issue with wrong parameter signed to secret_binary

* reformat test
2020-10-05 11:10:32 +01:00
Bert Blommers
369f6bbfc9 3302 - Make Secret ARN persistent 2020-09-28 14:51:30 +01:00
Ninh Khong
061c609a8f
Fix secretsmanager random password wrong length (#3213)
* Enhance function get_parameter by parameter name, version or labels

* Fix random password with exclude characters return wrong length
2020-08-03 13:42:42 +01:00
Chris Kilding
943ecb7ea7
Support --filters option in secretsmanager:ListSecrets (#3173)
* Feature: Support --filters opton in secretsmanager:ListSecrets

* Implement some of the secret filters

* Check listSecrets filters combine with an implicit AND operator

* Test all filter and multi-value filter and multi-word filter

* Fix matcher behavior, restructure code

* Implement remaining listSecrets filter cases

* Linter fixes

* Use contains-in-any-order assertions for test_list_secrets

* Linter fix again

* Attempt Python 2 fix for assert_items_equal

* Remove docstrings from test_list_secrets tests as they make the test reports weird

* Test and handle listSecrets filter with no values
2020-07-31 15:31:18 +01:00
Kristopher Chun
fbc5769b74
Fix: SecretsManager - Added missing pop() override to get_secret_name… (#3057)
* Fix: SecretsManager - Added missing pop() override to get_secret_name_from_arn (#3056)

* Added test case for delete_secret_force_with_arn (#3057)

* Fixed lint for test_delete_secret_force_with_arn (#3057)
2020-06-10 08:54:03 +01:00
usmangani1
2433d64fe2
Fix: SecretsManager Added VersionIdsToStages key in describe_secret function (#3029)
* Fix: SecretsManager Added VersionIdsToStages key in describe_secret function

* Added more assertions

* Linting

Co-authored-by: usmankb <usman@krazybee.com>
Co-authored-by: Bert Blommers <info@bertblommers.nl>
2020-05-29 12:31:41 +01:00
=
b63110be9e handle description in describe secret operation, add tests 2020-04-24 21:47:11 +02:00
Tim
92bbc3fbac Adds initial support for secretsmanager update_secret
The support in this patch is preliminary and may or may not be feature complete.
It provides the basic support for update_secret so that future work can build
on it as needed.
2020-04-16 08:20:43 -07:00
mwas
0e825a5048 lint 2019-11-23 13:02:00 +03:00
mwas
9decb8674d adding tests for describe secret with arn 2019-11-23 10:18:06 +03:00
mwas
b31f31d214 fixing fetch secret manager via arn 2019-11-23 09:29:30 +03:00
Alexander Campbell
7e468287a0 Match AWS's change from smart-quote to ASCII quote 2019-11-12 10:05:11 +11:00
Asher Foa
96e5b1993d Run black on moto & test directories. 2019-10-31 10:36:05 -07:00
Alexander Campbell
6120a60263 Use escape sequence to express non-ASCII character 2019-10-18 10:17:49 +11:00
Alexander Campbell
8eba88d1af Fix python2 unicode-in-exceptions issue for tests 2019-10-16 15:16:38 +11:00
Alexander Campbell
d74f9e47c8 Add coding hint for python2 compatibility 2019-10-16 12:44:30 +11:00
Alexander Campbell
9d6a1ca81d Fix slightly incorrect message for some errors 2019-10-16 10:58:59 +11:00
Alexander Campbell
381e7b165f Raise appropriate error when secret exists but has no value 2019-10-16 10:55:03 +11:00
Bert Blommers
e8d60435fe #2366 - SecretsManager - put_secret_value should support binary values 2019-08-23 10:57:15 +01:00
A
2386d47fe3 SecretsManager secret value binary support (#2222) 2019-05-28 16:32:43 +01:00
Justin Kieber-King
bbd7fefb37 Feature: Secrets Manager put_secret_value and list_secret_version_ids (#2116)
* initial work

- adding put_secret_value and list_secret_versions

* Added support for versions in all functions except rotate_secret

* more work

- refactor rotate_secret method
  - now, adds a new version of the secret and points default version id to it
- updated implementation coverage readme
- element in list check to fix unit test
- fixed linting errors
- added tests, fixed exception, failing tests still
- secrets_manager/test_server fails when running whole suite,
  but not when running that individual test file

* fixed failing test_get_secret_value

* Removed test.py. Fixed condition statement.

* fixed default stages + adding AWSPREVIOUS

* remove old AWSPREVIOUS stages
2019-05-22 10:45:22 +01:00
Christopher Kilding
55fe629112 Feature: Secrets Manager restore-secret 2019-04-24 10:03:04 +01:00
Chris Kilding
8f21272e57 Use pytz instead of timezone 2019-04-18 17:27:13 +01:00
Chris Kilding
bd8aa341f2 Also throw exception if client tries to RotateSecret on a soft-deleted secret 2019-04-18 16:47:15 +01:00
Chris Kilding
749f4f63e6 Allow soft deletion of secrets 2019-04-18 15:44:48 +01:00
Chris K
fc8cf2d872 Feature: AWS Secrets Manager delete-secret 2019-04-18 10:30:18 +01:00
Chris K
89e4ab93ee Implement ListSecrets 2019-04-05 13:33:28 +01:00
zane
08d17a7a13 adding Tags support 2018-12-21 14:04:52 -08:00
zane
b485122ec6 refactor to store multiple scrects, use uuid 2018-10-25 15:16:40 -07:00
Neil Roberts
6985f27167 Moto-1781: Add unit tests to verify that rotation is enabled.
- Add standalone unit test to verify that rotation is enabled and the
rotation interval is correct.
- Add server test to verify that rotation is enabled and the rotation
interval is correct. Commented out until nested dict error is sorted.
- Fix incorrectly asserted message strings.
2018-08-15 17:11:58 -07:00
Neil Roberts
b2997304b4 Moto-1781: Implement standalone unit tests to cover bad parameters. 2018-08-15 11:20:29 -07:00
Neil Roberts
43277a59b9 Moto-1781: finish implementation of rotate_secret and add happy test.
- Implement RotateSecret to support initial setup of secret rotation.
Moto's implementation of secrets is currently flat and needs to gain
some dimension before full rotation can be simulated.
- Add the happy path unit test.
2018-08-15 11:04:44 -07:00