Merge pull request #1782 from NeilRoberts/Moto-1781_add_rotate_secret_to_secretsmanager

Issue# 1781 implement secretsmanager.RotateSecret
2018-09-22 16:21:31 -04:00 · 2018-09-22 16:21:31 -04:00 · 2d978aa1c9
commit 2d978aa1c9
parent d3b5cea22a 6985f27167
5 changed files with 458 additions and 4 deletions
--- a/moto/secretsmanager/models.py
+++ b/moto/secretsmanager/models.py
@ -36,6 +36,7 @@ class SecretsManagerBackend(BaseBackend):
        self.rotation_enabled = False
        self.rotation_lambda_arn = ''
        self.auto_rotate_after_days = 0
+        self.version_id = ''

    def reset(self):
        region_name = self.region
@ -105,6 +106,56 @@ class SecretsManagerBackend(BaseBackend):

        return response

+    def rotate_secret(self, secret_id, client_request_token=None,
+                      rotation_lambda_arn=None, rotation_rules=None):
+
+        rotation_days = 'AutomaticallyAfterDays'
+
+        if not self._is_valid_identifier(secret_id):
+            raise ResourceNotFoundException
+
+        if client_request_token:
+            token_length = len(client_request_token)
+            if token_length < 32 or token_length > 64:
+                msg = (
+                    'ClientRequestToken '
+                    'must be 32-64 characters long.'
+                )
+                raise InvalidParameterException(msg)
+
+        if rotation_lambda_arn:
+            if len(rotation_lambda_arn) > 2048:
+                msg = (
+                    'RotationLambdaARN '
+                    'must <= 2048 characters long.'
+                )
+                raise InvalidParameterException(msg)
+
+        if rotation_rules:
+            if rotation_days in rotation_rules:
+                rotation_period = rotation_rules[rotation_days]
+                if rotation_period < 1 or rotation_period > 1000:
+                    msg = (
+                        'RotationRules.AutomaticallyAfterDays '
+                        'must be within 1-1000.'
+                    )
+                    raise InvalidParameterException(msg)
+
+        self.version_id = client_request_token or ''
+        self.rotation_lambda_arn = rotation_lambda_arn or ''
+        if rotation_rules:
+            self.auto_rotate_after_days = rotation_rules.get(rotation_days, 0)
+        if self.auto_rotate_after_days > 0:
+            self.rotation_enabled = True
+
+        response = json.dumps({
+            "ARN": secret_arn(self.region, self.secret_id),
+            "Name": self.name,
+            "VersionId": self.version_id
+        })
+
+        return response
+
    def get_random_password(self, password_length,
                            exclude_characters, exclude_numbers,
                            exclude_punctuation, exclude_uppercase,
--- a/moto/secretsmanager/responses.py
+++ b/moto/secretsmanager/responses.py
@ -50,3 +50,15 @@ class SecretsManagerResponse(BaseResponse):
        return secretsmanager_backends[self.region].describe_secret(
            secret_id=secret_id
        )
+
+    def rotate_secret(self):
+        client_request_token = self._get_param('ClientRequestToken')
+        rotation_lambda_arn = self._get_param('RotationLambdaARN')
+        rotation_rules = self._get_param('RotationRules')
+        secret_id = self._get_param('SecretId')
+        return secretsmanager_backends[self.region].rotate_secret(
+            secret_id=secret_id,
+            client_request_token=client_request_token,
+            rotation_lambda_arn=rotation_lambda_arn,
+            rotation_rules=rotation_rules
+        )