refactor(secretsmanager): extract version idempotency check#338
Merged
vieiralucas merged 1 commit intomainfrom Apr 13, 2026
Merged
refactor(secretsmanager): extract version idempotency check#338vieiralucas merged 1 commit intomainfrom
vieiralucas merged 1 commit intomainfrom
Conversation
create_secret, put_secret_value, and update_secret each had the same inline ClientRequestToken idempotency check: look up an existing version with the same id and either return it as a no-op (if the payload matches) or fail with ResourceExistsException (if the payload differs). Move that into check_secret_version_idempotency, which returns a three-variant enum (NotFound / Match / Conflict). Each caller still owns its success-response shape since they emit slightly different JSON (create_secret conditionally omits VersionId, put_secret_value includes VersionStages, update_secret returns just ARN/Name/ VersionId), but the lookup+compare logic is now a single pure function instead of three inline copies. No behavior change. Same error wording.
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
vieiralucas
added a commit
that referenced
this pull request
Apr 13, 2026
…Input The two longest functions in the SSM sub-modules were create_patch_baseline (~150 lines) and create_association_inner (~162 lines). Both were dominated by body parsing, field validation, and field extraction — with the actual state mutation only in the last 30-40 lines. This extracts dedicated *Input structs with from_body() constructors, leaving each function focused on idempotency, ID generation, and struct assembly. Same pattern as PRs #324/#328/#338/#355/#356.
2 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
`create_secret`, `put_secret_value`, and `update_secret` each had the same inline `ClientRequestToken` idempotency check: look up an existing version with the same id and either return it as a no-op (if the payload matches) or fail with `ResourceExistsException` (if the payload differs).
Move that into `check_secret_version_idempotency`, which returns a three-variant enum (`NotFound` / `Match` / `Conflict`). Each caller still owns its success-response shape since they emit slightly different JSON (`create_secret` conditionally omits `VersionId`, `put_secret_value` includes `VersionStages`, `update_secret` returns just `ARN`/`Name`/`VersionId`), but the lookup+compare logic is now a single pure function instead of three inline copies.
No behavior change. Same error wording.
Test plan
Summary by cubic
Extracted a shared ClientRequestToken version idempotency check in
fakecloud-secretsmanagerto remove duplicated logic across write operations. No behavior change; same success payloads and error wording.check_secret_version_idempotency(NotFound/Match/Conflict) to compare payloads by version id.Written for commit b65a021. Summary will update on new commits.