catalin/moto
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Run black on moto & test directories.

Browse source
This commit is contained in:
Asher Foa 2019-10-31 08:44:26 -07:00
commit 96e5b1993d
507 changed files with 52541 additions and 47814 deletions
Download patch file Download diff file Expand all files Collapse all files

601
tests/test_secretsmanager/test_secretsmanager.py
View file

@ -12,310 +12,325 @@ import sure # noqa
from nose.tools import assert_raises, assert_equal
from six import b
DEFAULT_SECRET_NAME = 'test-secret'
DEFAULT_SECRET_NAME = "test-secret"
@mock_secretsmanager
def test_get_secret_value():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn = boto3.client("secretsmanager", region_name="us-west-2")
create_secret = conn.create_secret(Name='java-util-test-password',
SecretString="foosecret")
result = conn.get_secret_value(SecretId='java-util-test-password')
assert result['SecretString'] == 'foosecret'
create_secret = conn.create_secret(
Name="java-util-test-password", SecretString="foosecret"
)
result = conn.get_secret_value(SecretId="java-util-test-password")
assert result["SecretString"] == "foosecret"
@mock_secretsmanager
def test_get_secret_value_binary():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn = boto3.client("secretsmanager", region_name="us-west-2")
create_secret = conn.create_secret(Name='java-util-test-password',
SecretBinary=b("foosecret"))
result = conn.get_secret_value(SecretId='java-util-test-password')
assert result['SecretBinary'] == b('foosecret')
create_secret = conn.create_secret(
Name="java-util-test-password", SecretBinary=b("foosecret")
)
result = conn.get_secret_value(SecretId="java-util-test-password")
assert result["SecretBinary"] == b("foosecret")
@mock_secretsmanager
def test_get_secret_that_does_not_exist():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn = boto3.client("secretsmanager", region_name="us-west-2")
with assert_raises(ClientError) as cm:
result = conn.get_secret_value(SecretId='i-dont-exist')
result = conn.get_secret_value(SecretId="i-dont-exist")
assert_equal(
u"Secrets Manager can\u2019t find the specified secret.",
cm.exception.response['Error']['Message']
"Secrets Manager can\u2019t find the specified secret.",
cm.exception.response["Error"]["Message"],
)
@mock_secretsmanager
def test_get_secret_that_does_not_match():
conn = boto3.client('secretsmanager', region_name='us-west-2')
create_secret = conn.create_secret(Name='java-util-test-password',
SecretString="foosecret")
conn = boto3.client("secretsmanager", region_name="us-west-2")
create_secret = conn.create_secret(
Name="java-util-test-password", SecretString="foosecret"
)
with assert_raises(ClientError) as cm:
result = conn.get_secret_value(SecretId='i-dont-match')
result = conn.get_secret_value(SecretId="i-dont-match")
assert_equal(
u"Secrets Manager can\u2019t find the specified secret.",
cm.exception.response['Error']['Message']
"Secrets Manager can\u2019t find the specified secret.",
cm.exception.response["Error"]["Message"],
)
@mock_secretsmanager
def test_get_secret_value_that_is_marked_deleted():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn = boto3.client("secretsmanager", region_name="us-west-2")
conn.create_secret(Name='test-secret',
SecretString='foosecret')
conn.create_secret(Name="test-secret", SecretString="foosecret")
conn.delete_secret(SecretId='test-secret')
conn.delete_secret(SecretId="test-secret")
with assert_raises(ClientError):
result = conn.get_secret_value(SecretId='test-secret')
result = conn.get_secret_value(SecretId="test-secret")
@mock_secretsmanager
def test_get_secret_that_has_no_value():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn = boto3.client("secretsmanager", region_name="us-west-2")
create_secret = conn.create_secret(Name="java-util-test-password")
with assert_raises(ClientError) as cm:
result = conn.get_secret_value(SecretId='java-util-test-password')
result = conn.get_secret_value(SecretId="java-util-test-password")
assert_equal(
u"Secrets Manager can\u2019t find the specified secret value for staging label: AWSCURRENT",
cm.exception.response['Error']['Message']
"Secrets Manager can\u2019t find the specified secret value for staging label: AWSCURRENT",
cm.exception.response["Error"]["Message"],
)
@mock_secretsmanager
def test_create_secret():
conn = boto3.client('secretsmanager', region_name='us-east-1')
conn = boto3.client("secretsmanager", region_name="us-east-1")
result = conn.create_secret(Name='test-secret', SecretString="foosecret")
assert result['ARN']
assert result['Name'] == 'test-secret'
secret = conn.get_secret_value(SecretId='test-secret')
assert secret['SecretString'] == 'foosecret'
result = conn.create_secret(Name="test-secret", SecretString="foosecret")
assert result["ARN"]
assert result["Name"] == "test-secret"
secret = conn.get_secret_value(SecretId="test-secret")
assert secret["SecretString"] == "foosecret"
@mock_secretsmanager
def test_create_secret_with_tags():
conn = boto3.client('secretsmanager', region_name='us-east-1')
secret_name = 'test-secret-with-tags'
conn = boto3.client("secretsmanager", region_name="us-east-1")
secret_name = "test-secret-with-tags"
result = conn.create_secret(
Name=secret_name,
SecretString="foosecret",
Tags=[{"Key": "Foo", "Value": "Bar"}, {"Key": "Mykey", "Value": "Myvalue"}]
Tags=[{"Key": "Foo", "Value": "Bar"}, {"Key": "Mykey", "Value": "Myvalue"}],
)
assert result['ARN']
assert result['Name'] == secret_name
assert result["ARN"]
assert result["Name"] == secret_name
secret_value = conn.get_secret_value(SecretId=secret_name)
assert secret_value['SecretString'] == 'foosecret'
assert secret_value["SecretString"] == "foosecret"
secret_details = conn.describe_secret(SecretId=secret_name)
assert secret_details['Tags'] == [{"Key": "Foo", "Value": "Bar"}, {"Key": "Mykey", "Value": "Myvalue"}]
assert secret_details["Tags"] == [
{"Key": "Foo", "Value": "Bar"},
{"Key": "Mykey", "Value": "Myvalue"},
]
@mock_secretsmanager
def test_delete_secret():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn = boto3.client("secretsmanager", region_name="us-west-2")
conn.create_secret(Name='test-secret',
SecretString='foosecret')
conn.create_secret(Name="test-secret", SecretString="foosecret")
deleted_secret = conn.delete_secret(SecretId='test-secret')
deleted_secret = conn.delete_secret(SecretId="test-secret")
assert deleted_secret['ARN']
assert deleted_secret['Name'] == 'test-secret'
assert deleted_secret['DeletionDate'] > datetime.fromtimestamp(1, pytz.utc)
assert deleted_secret["ARN"]
assert deleted_secret["Name"] == "test-secret"
assert deleted_secret["DeletionDate"] > datetime.fromtimestamp(1, pytz.utc)
secret_details = conn.describe_secret(SecretId='test-secret')
secret_details = conn.describe_secret(SecretId="test-secret")
assert secret_details['ARN']
assert secret_details['Name'] == 'test-secret'
assert secret_details['DeletedDate'] > datetime.fromtimestamp(1, pytz.utc)
assert secret_details["ARN"]
assert secret_details["Name"] == "test-secret"
assert secret_details["DeletedDate"] > datetime.fromtimestamp(1, pytz.utc)
@mock_secretsmanager
def test_delete_secret_force():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn = boto3.client("secretsmanager", region_name="us-west-2")
conn.create_secret(Name='test-secret',
SecretString='foosecret')
conn.create_secret(Name="test-secret", SecretString="foosecret")
result = conn.delete_secret(SecretId='test-secret', ForceDeleteWithoutRecovery=True)
result = conn.delete_secret(SecretId="test-secret", ForceDeleteWithoutRecovery=True)
assert result['ARN']
assert result['DeletionDate'] > datetime.fromtimestamp(1, pytz.utc)
assert result['Name'] == 'test-secret'
assert result["ARN"]
assert result["DeletionDate"] > datetime.fromtimestamp(1, pytz.utc)
assert result["Name"] == "test-secret"
with assert_raises(ClientError):
result = conn.get_secret_value(SecretId='test-secret')
result = conn.get_secret_value(SecretId="test-secret")
@mock_secretsmanager
def test_delete_secret_that_does_not_exist():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn = boto3.client("secretsmanager", region_name="us-west-2")
with assert_raises(ClientError):
result = conn.delete_secret(SecretId='i-dont-exist', ForceDeleteWithoutRecovery=True)
result = conn.delete_secret(
SecretId="i-dont-exist", ForceDeleteWithoutRecovery=True
)
@mock_secretsmanager
def test_delete_secret_fails_with_both_force_delete_flag_and_recovery_window_flag():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn = boto3.client("secretsmanager", region_name="us-west-2")
conn.create_secret(Name='test-secret',
SecretString='foosecret')
conn.create_secret(Name="test-secret", SecretString="foosecret")
with assert_raises(ClientError):
result = conn.delete_secret(SecretId='test-secret', RecoveryWindowInDays=1, ForceDeleteWithoutRecovery=True)
result = conn.delete_secret(
SecretId="test-secret",
RecoveryWindowInDays=1,
ForceDeleteWithoutRecovery=True,
)
@mock_secretsmanager
def test_delete_secret_recovery_window_too_short():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn = boto3.client("secretsmanager", region_name="us-west-2")
conn.create_secret(Name='test-secret',
SecretString='foosecret')
conn.create_secret(Name="test-secret", SecretString="foosecret")
with assert_raises(ClientError):
result = conn.delete_secret(SecretId='test-secret', RecoveryWindowInDays=6)
result = conn.delete_secret(SecretId="test-secret", RecoveryWindowInDays=6)
@mock_secretsmanager
def test_delete_secret_recovery_window_too_long():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn = boto3.client("secretsmanager", region_name="us-west-2")
conn.create_secret(Name='test-secret',
SecretString='foosecret')
conn.create_secret(Name="test-secret", SecretString="foosecret")
with assert_raises(ClientError):
result = conn.delete_secret(SecretId='test-secret', RecoveryWindowInDays=31)
result = conn.delete_secret(SecretId="test-secret", RecoveryWindowInDays=31)
@mock_secretsmanager
def test_delete_secret_that_is_marked_deleted():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn = boto3.client("secretsmanager", region_name="us-west-2")
conn.create_secret(Name='test-secret',
SecretString='foosecret')
conn.create_secret(Name="test-secret", SecretString="foosecret")
deleted_secret = conn.delete_secret(SecretId='test-secret')
deleted_secret = conn.delete_secret(SecretId="test-secret")
with assert_raises(ClientError):
result = conn.delete_secret(SecretId='test-secret')
result = conn.delete_secret(SecretId="test-secret")
@mock_secretsmanager
def test_get_random_password_default_length():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn = boto3.client("secretsmanager", region_name="us-west-2")
random_password = conn.get_random_password()
assert len(random_password['RandomPassword']) == 32
assert len(random_password["RandomPassword"]) == 32
@mock_secretsmanager
def test_get_random_password_default_requirements():
# When require_each_included_type, default true
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn = boto3.client("secretsmanager", region_name="us-west-2")
random_password = conn.get_random_password()
# Should contain lowercase, upppercase, digit, special character
assert any(c.islower() for c in random_password['RandomPassword'])
assert any(c.isupper() for c in random_password['RandomPassword'])
assert any(c.isdigit() for c in random_password['RandomPassword'])
assert any(c in string.punctuation
for c in random_password['RandomPassword'])
assert any(c.islower() for c in random_password["RandomPassword"])
assert any(c.isupper() for c in random_password["RandomPassword"])
assert any(c.isdigit() for c in random_password["RandomPassword"])
assert any(c in string.punctuation for c in random_password["RandomPassword"])
@mock_secretsmanager
def test_get_random_password_custom_length():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn = boto3.client("secretsmanager", region_name="us-west-2")
random_password = conn.get_random_password(PasswordLength=50)
assert len(random_password['RandomPassword']) == 50
assert len(random_password["RandomPassword"]) == 50
@mock_secretsmanager
def test_get_random_exclude_lowercase():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn = boto3.client("secretsmanager", region_name="us-west-2")
random_password = conn.get_random_password(PasswordLength=55,
ExcludeLowercase=True)
assert any(c.islower() for c in random_password['RandomPassword']) == False
random_password = conn.get_random_password(PasswordLength=55, ExcludeLowercase=True)
assert any(c.islower() for c in random_password["RandomPassword"]) == False
@mock_secretsmanager
def test_get_random_exclude_uppercase():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn = boto3.client("secretsmanager", region_name="us-west-2")
random_password = conn.get_random_password(PasswordLength=55,
ExcludeUppercase=True)
assert any(c.isupper() for c in random_password['RandomPassword']) == False
random_password = conn.get_random_password(PasswordLength=55, ExcludeUppercase=True)
assert any(c.isupper() for c in random_password["RandomPassword"]) == False
@mock_secretsmanager
def test_get_random_exclude_characters_and_symbols():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn = boto3.client("secretsmanager", region_name="us-west-2")
random_password = conn.get_random_password(PasswordLength=20,
ExcludeCharacters='xyzDje@?!.')
assert any(c in 'xyzDje@?!.' for c in random_password['RandomPassword']) == False
random_password = conn.get_random_password(
PasswordLength=20, ExcludeCharacters="xyzDje@?!."
)
assert any(c in "xyzDje@?!." for c in random_password["RandomPassword"]) == False
@mock_secretsmanager
def test_get_random_exclude_numbers():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn = boto3.client("secretsmanager", region_name="us-west-2")
random_password = conn.get_random_password(PasswordLength=100,
ExcludeNumbers=True)
assert any(c.isdigit() for c in random_password['RandomPassword']) == False
random_password = conn.get_random_password(PasswordLength=100, ExcludeNumbers=True)
assert any(c.isdigit() for c in random_password["RandomPassword"]) == False
@mock_secretsmanager
def test_get_random_exclude_punctuation():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn = boto3.client("secretsmanager", region_name="us-west-2")
random_password = conn.get_random_password(PasswordLength=100,
ExcludePunctuation=True)
assert any(c in string.punctuation
for c in random_password['RandomPassword']) == False
random_password = conn.get_random_password(
PasswordLength=100, ExcludePunctuation=True
)
assert (
any(c in string.punctuation for c in random_password["RandomPassword"]) == False
)
@mock_secretsmanager
def test_get_random_include_space_false():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn = boto3.client("secretsmanager", region_name="us-west-2")
random_password = conn.get_random_password(PasswordLength=300)
assert any(c.isspace() for c in random_password['RandomPassword']) == False
assert any(c.isspace() for c in random_password["RandomPassword"]) == False
@mock_secretsmanager
def test_get_random_include_space_true():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn = boto3.client("secretsmanager", region_name="us-west-2")
random_password = conn.get_random_password(PasswordLength=4,
IncludeSpace=True)
assert any(c.isspace() for c in random_password['RandomPassword']) == True
random_password = conn.get_random_password(PasswordLength=4, IncludeSpace=True)
assert any(c.isspace() for c in random_password["RandomPassword"]) == True
@mock_secretsmanager
def test_get_random_require_each_included_type():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn = boto3.client("secretsmanager", region_name="us-west-2")
random_password = conn.get_random_password(PasswordLength=4,
RequireEachIncludedType=True)
assert any(c in string.punctuation for c in random_password['RandomPassword']) == True
assert any(c in string.ascii_lowercase for c in random_password['RandomPassword']) == True
assert any(c in string.ascii_uppercase for c in random_password['RandomPassword']) == True
assert any(c in string.digits for c in random_password['RandomPassword']) == True
random_password = conn.get_random_password(
PasswordLength=4, RequireEachIncludedType=True
)
assert (
any(c in string.punctuation for c in random_password["RandomPassword"]) == True
)
assert (
any(c in string.ascii_lowercase for c in random_password["RandomPassword"])
== True
)
assert (
any(c in string.ascii_uppercase for c in random_password["RandomPassword"])
== True
)
assert any(c in string.digits for c in random_password["RandomPassword"]) == True
@mock_secretsmanager
def test_get_random_too_short_password():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn = boto3.client("secretsmanager", region_name="us-west-2")
with assert_raises(ClientError):
random_password = conn.get_random_password(PasswordLength=3)
@ -323,7 +338,7 @@ def test_get_random_too_short_password():
@mock_secretsmanager
def test_get_random_too_long_password():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn = boto3.client("secretsmanager", region_name="us-west-2")
with assert_raises(Exception):
random_password = conn.get_random_password(PasswordLength=5555)
@ -331,177 +346,167 @@ def test_get_random_too_long_password():
@mock_secretsmanager
def test_describe_secret():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn.create_secret(Name='test-secret',
SecretString='foosecret')
conn.create_secret(Name='test-secret-2',
SecretString='barsecret')
secret_description = conn.describe_secret(SecretId='test-secret')
secret_description_2 = conn.describe_secret(SecretId='test-secret-2')
conn = boto3.client("secretsmanager", region_name="us-west-2")
conn.create_secret(Name="test-secret", SecretString="foosecret")
assert secret_description # Returned dict is not empty
assert secret_description['Name'] == ('test-secret')
assert secret_description['ARN'] != '' # Test arn not empty
assert secret_description_2['Name'] == ('test-secret-2')
assert secret_description_2['ARN'] != '' # Test arn not empty
conn.create_secret(Name="test-secret-2", SecretString="barsecret")
secret_description = conn.describe_secret(SecretId="test-secret")
secret_description_2 = conn.describe_secret(SecretId="test-secret-2")
assert secret_description # Returned dict is not empty
assert secret_description["Name"] == ("test-secret")
assert secret_description["ARN"] != "" # Test arn not empty
assert secret_description_2["Name"] == ("test-secret-2")
assert secret_description_2["ARN"] != "" # Test arn not empty
@mock_secretsmanager
def test_describe_secret_that_does_not_exist():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn = boto3.client("secretsmanager", region_name="us-west-2")
with assert_raises(ClientError):
result = conn.get_secret_value(SecretId='i-dont-exist')
result = conn.get_secret_value(SecretId="i-dont-exist")
@mock_secretsmanager
def test_describe_secret_that_does_not_match():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn.create_secret(Name='test-secret',
SecretString='foosecret')
conn = boto3.client("secretsmanager", region_name="us-west-2")
conn.create_secret(Name="test-secret", SecretString="foosecret")
with assert_raises(ClientError):
result = conn.get_secret_value(SecretId='i-dont-match')
result = conn.get_secret_value(SecretId="i-dont-match")
@mock_secretsmanager
def test_list_secrets_empty():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn = boto3.client("secretsmanager", region_name="us-west-2")
secrets = conn.list_secrets()
assert secrets['SecretList'] == []
assert secrets["SecretList"] == []
@mock_secretsmanager
def test_list_secrets():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn = boto3.client("secretsmanager", region_name="us-west-2")
conn.create_secret(Name='test-secret',
SecretString='foosecret')
conn.create_secret(Name="test-secret", SecretString="foosecret")
conn.create_secret(Name='test-secret-2',
SecretString='barsecret',
Tags=[{
'Key': 'a',
'Value': '1'
}])
conn.create_secret(
Name="test-secret-2",
SecretString="barsecret",
Tags=[{"Key": "a", "Value": "1"}],
)
secrets = conn.list_secrets()
assert secrets['SecretList'][0]['ARN'] is not None
assert secrets['SecretList'][0]['Name'] == 'test-secret'
assert secrets['SecretList'][1]['ARN'] is not None
assert secrets['SecretList'][1]['Name'] == 'test-secret-2'
assert secrets['SecretList'][1]['Tags'] == [{
'Key': 'a',
'Value': '1'
}]
assert secrets["SecretList"][0]["ARN"] is not None
assert secrets["SecretList"][0]["Name"] == "test-secret"
assert secrets["SecretList"][1]["ARN"] is not None
assert secrets["SecretList"][1]["Name"] == "test-secret-2"
assert secrets["SecretList"][1]["Tags"] == [{"Key": "a", "Value": "1"}]
@mock_secretsmanager
def test_restore_secret():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn = boto3.client("secretsmanager", region_name="us-west-2")
conn.create_secret(Name='test-secret',
SecretString='foosecret')
conn.create_secret(Name="test-secret", SecretString="foosecret")
conn.delete_secret(SecretId='test-secret')
conn.delete_secret(SecretId="test-secret")
described_secret_before = conn.describe_secret(SecretId='test-secret')
assert described_secret_before['DeletedDate'] > datetime.fromtimestamp(1, pytz.utc)
described_secret_before = conn.describe_secret(SecretId="test-secret")
assert described_secret_before["DeletedDate"] > datetime.fromtimestamp(1, pytz.utc)
restored_secret = conn.restore_secret(SecretId='test-secret')
assert restored_secret['ARN']
assert restored_secret['Name'] == 'test-secret'
restored_secret = conn.restore_secret(SecretId="test-secret")
assert restored_secret["ARN"]
assert restored_secret["Name"] == "test-secret"
described_secret_after = conn.describe_secret(SecretId='test-secret')
assert 'DeletedDate' not in described_secret_after
described_secret_after = conn.describe_secret(SecretId="test-secret")
assert "DeletedDate" not in described_secret_after
@mock_secretsmanager
def test_restore_secret_that_is_not_deleted():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn = boto3.client("secretsmanager", region_name="us-west-2")
conn.create_secret(Name='test-secret',
SecretString='foosecret')
conn.create_secret(Name="test-secret", SecretString="foosecret")
restored_secret = conn.restore_secret(SecretId='test-secret')
assert restored_secret['ARN']
assert restored_secret['Name'] == 'test-secret'
restored_secret = conn.restore_secret(SecretId="test-secret")
assert restored_secret["ARN"]
assert restored_secret["Name"] == "test-secret"
@mock_secretsmanager
def test_restore_secret_that_does_not_exist():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn = boto3.client("secretsmanager", region_name="us-west-2")
with assert_raises(ClientError):
result = conn.restore_secret(SecretId='i-dont-exist')
result = conn.restore_secret(SecretId="i-dont-exist")
@mock_secretsmanager
def test_rotate_secret():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn.create_secret(Name=DEFAULT_SECRET_NAME,
SecretString='foosecret')
conn = boto3.client("secretsmanager", region_name="us-west-2")
conn.create_secret(Name=DEFAULT_SECRET_NAME, SecretString="foosecret")
rotated_secret = conn.rotate_secret(SecretId=DEFAULT_SECRET_NAME)
assert rotated_secret
assert rotated_secret['ARN'] != '' # Test arn not empty
assert rotated_secret['Name'] == DEFAULT_SECRET_NAME
assert rotated_secret['VersionId'] != ''
assert rotated_secret["ARN"] != "" # Test arn not empty
assert rotated_secret["Name"] == DEFAULT_SECRET_NAME
assert rotated_secret["VersionId"] != ""
@mock_secretsmanager
def test_rotate_secret_enable_rotation():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn.create_secret(Name=DEFAULT_SECRET_NAME,
SecretString='foosecret')
conn = boto3.client("secretsmanager", region_name="us-west-2")
conn.create_secret(Name=DEFAULT_SECRET_NAME, SecretString="foosecret")
initial_description = conn.describe_secret(SecretId=DEFAULT_SECRET_NAME)
assert initial_description
assert initial_description['RotationEnabled'] is False
assert initial_description['RotationRules']['AutomaticallyAfterDays'] == 0
assert initial_description["RotationEnabled"] is False
assert initial_description["RotationRules"]["AutomaticallyAfterDays"] == 0
conn.rotate_secret(SecretId=DEFAULT_SECRET_NAME,
RotationRules={'AutomaticallyAfterDays': 42})
conn.rotate_secret(
SecretId=DEFAULT_SECRET_NAME, RotationRules={"AutomaticallyAfterDays": 42}
)
rotated_description = conn.describe_secret(SecretId=DEFAULT_SECRET_NAME)
assert rotated_description
assert rotated_description['RotationEnabled'] is True
assert rotated_description['RotationRules']['AutomaticallyAfterDays'] == 42
assert rotated_description["RotationEnabled"] is True
assert rotated_description["RotationRules"]["AutomaticallyAfterDays"] == 42
@mock_secretsmanager
def test_rotate_secret_that_is_marked_deleted():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn = boto3.client("secretsmanager", region_name="us-west-2")
conn.create_secret(Name='test-secret',
SecretString='foosecret')
conn.create_secret(Name="test-secret", SecretString="foosecret")
conn.delete_secret(SecretId='test-secret')
conn.delete_secret(SecretId="test-secret")
with assert_raises(ClientError):
result = conn.rotate_secret(SecretId='test-secret')
result = conn.rotate_secret(SecretId="test-secret")
@mock_secretsmanager
def test_rotate_secret_that_does_not_exist():
conn = boto3.client('secretsmanager', 'us-west-2')
conn = boto3.client("secretsmanager", "us-west-2")
with assert_raises(ClientError):
result = conn.rotate_secret(SecretId='i-dont-exist')
result = conn.rotate_secret(SecretId="i-dont-exist")
@mock_secretsmanager
def test_rotate_secret_that_does_not_match():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn.create_secret(Name='test-secret',
SecretString='foosecret')
conn = boto3.client("secretsmanager", region_name="us-west-2")
conn.create_secret(Name="test-secret", SecretString="foosecret")
with assert_raises(ClientError):
result = conn.rotate_secret(SecretId='i-dont-match')
result = conn.rotate_secret(SecretId="i-dont-match")
@mock_secretsmanager
def test_rotate_secret_client_request_token_too_short():
@ -510,30 +515,32 @@ def test_rotate_secret_client_request_token_too_short():
# test_server actually handles this error.
assert True
@mock_secretsmanager
def test_rotate_secret_client_request_token_too_long():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn.create_secret(Name=DEFAULT_SECRET_NAME,
SecretString='foosecret')
conn = boto3.client("secretsmanager", region_name="us-west-2")
conn.create_secret(Name=DEFAULT_SECRET_NAME, SecretString="foosecret")
client_request_token = (
'ED9F8B6C-85B7-446A-B7E4-38F2A3BEB13C-'
'ED9F8B6C-85B7-446A-B7E4-38F2A3BEB13C'
"ED9F8B6C-85B7-446A-B7E4-38F2A3BEB13C-" "ED9F8B6C-85B7-446A-B7E4-38F2A3BEB13C"
)
with assert_raises(ClientError):
result = conn.rotate_secret(SecretId=DEFAULT_SECRET_NAME,
ClientRequestToken=client_request_token)
result = conn.rotate_secret(
SecretId=DEFAULT_SECRET_NAME, ClientRequestToken=client_request_token
)
@mock_secretsmanager
def test_rotate_secret_rotation_lambda_arn_too_long():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn.create_secret(Name=DEFAULT_SECRET_NAME,
SecretString='foosecret')
conn = boto3.client("secretsmanager", region_name="us-west-2")
conn.create_secret(Name=DEFAULT_SECRET_NAME, SecretString="foosecret")
rotation_lambda_arn = '85B7-446A-B7E4' * 147 # == 2058 characters
rotation_lambda_arn = "85B7-446A-B7E4" * 147 # == 2058 characters
with assert_raises(ClientError):
result = conn.rotate_secret(SecretId=DEFAULT_SECRET_NAME,
RotationLambdaARN=rotation_lambda_arn)
result = conn.rotate_secret(
SecretId=DEFAULT_SECRET_NAME, RotationLambdaARN=rotation_lambda_arn
)
@mock_secretsmanager
def test_rotate_secret_rotation_period_zero():
@ -545,118 +552,138 @@ def test_rotate_secret_rotation_period_zero():
@mock_secretsmanager
def test_rotate_secret_rotation_period_too_long():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn.create_secret(Name=DEFAULT_SECRET_NAME,
SecretString='foosecret')
conn = boto3.client("secretsmanager", region_name="us-west-2")
conn.create_secret(Name=DEFAULT_SECRET_NAME, SecretString="foosecret")
rotation_rules = {'AutomaticallyAfterDays': 1001}
rotation_rules = {"AutomaticallyAfterDays": 1001}
with assert_raises(ClientError):
result = conn.rotate_secret(SecretId=DEFAULT_SECRET_NAME,
RotationRules=rotation_rules)
result = conn.rotate_secret(
SecretId=DEFAULT_SECRET_NAME, RotationRules=rotation_rules
)
@mock_secretsmanager
def test_put_secret_value_puts_new_secret():
conn = boto3.client('secretsmanager', region_name='us-west-2')
put_secret_value_dict = conn.put_secret_value(SecretId=DEFAULT_SECRET_NAME,
SecretString='foosecret',
VersionStages=['AWSCURRENT'])
version_id = put_secret_value_dict['VersionId']
conn = boto3.client("secretsmanager", region_name="us-west-2")
put_secret_value_dict = conn.put_secret_value(
SecretId=DEFAULT_SECRET_NAME,
SecretString="foosecret",
VersionStages=["AWSCURRENT"],
)
version_id = put_secret_value_dict["VersionId"]
get_secret_value_dict = conn.get_secret_value(SecretId=DEFAULT_SECRET_NAME,
VersionId=version_id,
VersionStage='AWSCURRENT')
get_secret_value_dict = conn.get_secret_value(
SecretId=DEFAULT_SECRET_NAME, VersionId=version_id, VersionStage="AWSCURRENT"
)
assert get_secret_value_dict
assert get_secret_value_dict['SecretString'] == 'foosecret'
assert get_secret_value_dict["SecretString"] == "foosecret"
@mock_secretsmanager
def test_put_secret_binary_value_puts_new_secret():
conn = boto3.client('secretsmanager', region_name='us-west-2')
put_secret_value_dict = conn.put_secret_value(SecretId=DEFAULT_SECRET_NAME,
SecretBinary=b('foosecret'),
VersionStages=['AWSCURRENT'])
version_id = put_secret_value_dict['VersionId']
conn = boto3.client("secretsmanager", region_name="us-west-2")
put_secret_value_dict = conn.put_secret_value(
SecretId=DEFAULT_SECRET_NAME,
SecretBinary=b("foosecret"),
VersionStages=["AWSCURRENT"],
)
version_id = put_secret_value_dict["VersionId"]
get_secret_value_dict = conn.get_secret_value(SecretId=DEFAULT_SECRET_NAME,
VersionId=version_id,
VersionStage='AWSCURRENT')
get_secret_value_dict = conn.get_secret_value(
SecretId=DEFAULT_SECRET_NAME, VersionId=version_id, VersionStage="AWSCURRENT"
)
assert get_secret_value_dict
assert get_secret_value_dict['SecretBinary'] == b('foosecret')
assert get_secret_value_dict["SecretBinary"] == b("foosecret")
@mock_secretsmanager
def test_create_and_put_secret_binary_value_puts_new_secret():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn = boto3.client("secretsmanager", region_name="us-west-2")
conn.create_secret(Name=DEFAULT_SECRET_NAME, SecretBinary=b("foosecret"))
conn.put_secret_value(SecretId=DEFAULT_SECRET_NAME, SecretBinary=b('foosecret_update'))
conn.put_secret_value(
SecretId=DEFAULT_SECRET_NAME, SecretBinary=b("foosecret_update")
)
latest_secret = conn.get_secret_value(SecretId=DEFAULT_SECRET_NAME)
assert latest_secret
assert latest_secret['SecretBinary'] == b('foosecret_update')
assert latest_secret["SecretBinary"] == b("foosecret_update")
@mock_secretsmanager
def test_put_secret_binary_requires_either_string_or_binary():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn = boto3.client("secretsmanager", region_name="us-west-2")
with assert_raises(ClientError) as ire:
conn.put_secret_value(SecretId=DEFAULT_SECRET_NAME)
ire.exception.response['Error']['Code'].should.equal('InvalidRequestException')
ire.exception.response['Error']['Message'].should.equal('You must provide either SecretString or SecretBinary.')
ire.exception.response["Error"]["Code"].should.equal("InvalidRequestException")
ire.exception.response["Error"]["Message"].should.equal(
"You must provide either SecretString or SecretBinary."
)
@mock_secretsmanager
def test_put_secret_value_can_get_first_version_if_put_twice():
conn = boto3.client('secretsmanager', region_name='us-west-2')
put_secret_value_dict = conn.put_secret_value(SecretId=DEFAULT_SECRET_NAME,
SecretString='first_secret',
VersionStages=['AWSCURRENT'])
first_version_id = put_secret_value_dict['VersionId']
conn.put_secret_value(SecretId=DEFAULT_SECRET_NAME,
SecretString='second_secret',
VersionStages=['AWSCURRENT'])
conn = boto3.client("secretsmanager", region_name="us-west-2")
put_secret_value_dict = conn.put_secret_value(
SecretId=DEFAULT_SECRET_NAME,
SecretString="first_secret",
VersionStages=["AWSCURRENT"],
)
first_version_id = put_secret_value_dict["VersionId"]
conn.put_secret_value(
SecretId=DEFAULT_SECRET_NAME,
SecretString="second_secret",
VersionStages=["AWSCURRENT"],
)
first_secret_value_dict = conn.get_secret_value(SecretId=DEFAULT_SECRET_NAME,
VersionId=first_version_id)
first_secret_value = first_secret_value_dict['SecretString']
first_secret_value_dict = conn.get_secret_value(
SecretId=DEFAULT_SECRET_NAME, VersionId=first_version_id
)
first_secret_value = first_secret_value_dict["SecretString"]
assert first_secret_value == 'first_secret'
assert first_secret_value == "first_secret"
@mock_secretsmanager
def test_put_secret_value_versions_differ_if_same_secret_put_twice():
conn = boto3.client('secretsmanager', region_name='us-west-2')
put_secret_value_dict = conn.put_secret_value(SecretId=DEFAULT_SECRET_NAME,
SecretString='dupe_secret',
VersionStages=['AWSCURRENT'])
first_version_id = put_secret_value_dict['VersionId']
put_secret_value_dict = conn.put_secret_value(SecretId=DEFAULT_SECRET_NAME,
SecretString='dupe_secret',
VersionStages=['AWSCURRENT'])
second_version_id = put_secret_value_dict['VersionId']
conn = boto3.client("secretsmanager", region_name="us-west-2")
put_secret_value_dict = conn.put_secret_value(
SecretId=DEFAULT_SECRET_NAME,
SecretString="dupe_secret",
VersionStages=["AWSCURRENT"],
)
first_version_id = put_secret_value_dict["VersionId"]
put_secret_value_dict = conn.put_secret_value(
SecretId=DEFAULT_SECRET_NAME,
SecretString="dupe_secret",
VersionStages=["AWSCURRENT"],
)
second_version_id = put_secret_value_dict["VersionId"]
assert first_version_id != second_version_id
@mock_secretsmanager
def test_can_list_secret_version_ids():
conn = boto3.client('secretsmanager', region_name='us-west-2')
put_secret_value_dict = conn.put_secret_value(SecretId=DEFAULT_SECRET_NAME,
SecretString='dupe_secret',
VersionStages=['AWSCURRENT'])
first_version_id = put_secret_value_dict['VersionId']
put_secret_value_dict = conn.put_secret_value(SecretId=DEFAULT_SECRET_NAME,
SecretString='dupe_secret',
VersionStages=['AWSCURRENT'])
second_version_id = put_secret_value_dict['VersionId']
conn = boto3.client("secretsmanager", region_name="us-west-2")
put_secret_value_dict = conn.put_secret_value(
SecretId=DEFAULT_SECRET_NAME,
SecretString="dupe_secret",
VersionStages=["AWSCURRENT"],
)
first_version_id = put_secret_value_dict["VersionId"]
put_secret_value_dict = conn.put_secret_value(
SecretId=DEFAULT_SECRET_NAME,
SecretString="dupe_secret",
VersionStages=["AWSCURRENT"],
)
second_version_id = put_secret_value_dict["VersionId"]
versions_list = conn.list_secret_version_ids(SecretId=DEFAULT_SECRET_NAME)
returned_version_ids = [v['VersionId'] for v in versions_list['Versions']]
returned_version_ids = [v["VersionId"] for v in versions_list["Versions"]]
assert [first_version_id, second_version_id].sort() == returned_version_ids.sort()