Allow soft deletion of secrets
This commit is contained in:
Chris Kilding
parent
fc8cf2d872
commit
749f4f63e6
3 changed files with 103 additions and 18 deletions
|
|
@ -6,7 +6,7 @@ from moto import mock_secretsmanager
|
|||
from botocore.exceptions import ClientError
|
||||
import sure # noqa
|
||||
import string
|
||||
from datetime import datetime
|
||||
from datetime import datetime, timezone
|
||||
import unittest
|
||||
from nose.tools import assert_raises
|
||||
|
||||
|
|
@ -35,6 +35,20 @@ def test_get_secret_that_does_not_match():
|
|||
with assert_raises(ClientError):
|
||||
result = conn.get_secret_value(SecretId='i-dont-match')
|
||||
|
||||
|
||||
@mock_secretsmanager
|
||||
def test_get_secret_value_that_is_marked_deleted():
|
||||
conn = boto3.client('secretsmanager', region_name='us-west-2')
|
||||
|
||||
conn.create_secret(Name='test-secret',
|
||||
SecretString='foosecret')
|
||||
|
||||
deleted_secret = conn.delete_secret(SecretId='test-secret')
|
||||
|
||||
with assert_raises(ClientError):
|
||||
result = conn.get_secret_value(SecretId='test-secret')
|
||||
|
||||
|
||||
@mock_secretsmanager
|
||||
def test_create_secret():
|
||||
conn = boto3.client('secretsmanager', region_name='us-east-1')
|
||||
|
|
@ -67,16 +81,33 @@ def test_create_secret_with_tags():
|
|||
def test_delete_secret():
|
||||
conn = boto3.client('secretsmanager', region_name='us-west-2')
|
||||
|
||||
conn.create_secret(Name='test-secret',
|
||||
SecretString='foosecret')
|
||||
|
||||
deleted_secret = conn.delete_secret(SecretId='test-secret')
|
||||
|
||||
assert deleted_secret['ARN']
|
||||
assert deleted_secret['Name'] == 'test-secret'
|
||||
assert deleted_secret['DeletionDate'] > datetime.fromtimestamp(1, timezone.utc)
|
||||
|
||||
secret_details = conn.describe_secret(SecretId='test-secret')
|
||||
|
||||
assert secret_details['ARN']
|
||||
assert secret_details['Name'] == 'test-secret'
|
||||
assert secret_details['DeletedDate'] > datetime.fromtimestamp(1, timezone.utc)
|
||||
|
||||
|
||||
@mock_secretsmanager
|
||||
def test_delete_secret_force():
|
||||
conn = boto3.client('secretsmanager', region_name='us-west-2')
|
||||
|
||||
conn.create_secret(Name='test-secret',
|
||||
SecretString='foosecret')
|
||||
|
||||
result = conn.delete_secret(SecretId='test-secret', ForceDeleteWithoutRecovery=True)
|
||||
deletion_date = result['DeletionDate']
|
||||
|
||||
assert result['ARN']
|
||||
|
||||
assert deletion_date > datetime.fromtimestamp(1, deletion_date.tzinfo)
|
||||
|
||||
assert result['DeletionDate'] > datetime.fromtimestamp(1, timezone.utc)
|
||||
assert result['Name'] == 'test-secret'
|
||||
|
||||
with assert_raises(ClientError):
|
||||
|
|
@ -91,17 +122,6 @@ def test_delete_secret_that_does_not_exist():
|
|||
result = conn.delete_secret(SecretId='i-dont-exist', ForceDeleteWithoutRecovery=True)
|
||||
|
||||
|
||||
@mock_secretsmanager
|
||||
def test_delete_secret_requires_force_delete_flag():
|
||||
conn = boto3.client('secretsmanager', region_name='us-west-2')
|
||||
|
||||
conn.create_secret(Name='test-secret',
|
||||
SecretString='foosecret')
|
||||
|
||||
with assert_raises(ClientError):
|
||||
result = conn.delete_secret(SecretId='test-secret', ForceDeleteWithoutRecovery=False)
|
||||
|
||||
|
||||
@mock_secretsmanager
|
||||
def test_delete_secret_fails_with_both_force_delete_flag_and_recovery_window_flag():
|
||||
conn = boto3.client('secretsmanager', region_name='us-west-2')
|
||||
|
|
@ -113,6 +133,41 @@ def test_delete_secret_fails_with_both_force_delete_flag_and_recovery_window_fla
|
|||
result = conn.delete_secret(SecretId='test-secret', RecoveryWindowInDays=1, ForceDeleteWithoutRecovery=True)
|
||||
|
||||
|
||||
@mock_secretsmanager
|
||||
def test_delete_secret_recovery_window_too_short():
|
||||
conn = boto3.client('secretsmanager', region_name='us-west-2')
|
||||
|
||||
conn.create_secret(Name='test-secret',
|
||||
SecretString='foosecret')
|
||||
|
||||
with assert_raises(ClientError):
|
||||
result = conn.delete_secret(SecretId='test-secret', RecoveryWindowInDays=6)
|
||||
|
||||
|
||||
@mock_secretsmanager
|
||||
def test_delete_secret_recovery_window_too_long():
|
||||
conn = boto3.client('secretsmanager', region_name='us-west-2')
|
||||
|
||||
conn.create_secret(Name='test-secret',
|
||||
SecretString='foosecret')
|
||||
|
||||
with assert_raises(ClientError):
|
||||
result = conn.delete_secret(SecretId='test-secret', RecoveryWindowInDays=31)
|
||||
|
||||
|
||||
@mock_secretsmanager
|
||||
def test_delete_secret_that_is_marked_deleted():
|
||||
conn = boto3.client('secretsmanager', region_name='us-west-2')
|
||||
|
||||
conn.create_secret(Name='test-secret',
|
||||
SecretString='foosecret')
|
||||
|
||||
deleted_secret = conn.delete_secret(SecretId='test-secret')
|
||||
|
||||
with assert_raises(ClientError):
|
||||
result = conn.delete_secret(SecretId='test-secret')
|
||||
|
||||
|
||||
@mock_secretsmanager
|
||||
def test_get_random_password_default_length():
|
||||
conn = boto3.client('secretsmanager', region_name='us-west-2')
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue