Skip to content

Commit

Permalink
fix lastRotatedDate updation on secret rotation (#10564)
Browse files Browse the repository at this point in the history
  • Loading branch information
@macnev2013
macnev2013 committed Apr 2, 2024
1 parent 6fe023a commit 3964973
Show file tree
Hide file tree
Showing 4 changed files with 73 additions and 11 deletions.
2 changes: 1 addition & 1 deletion localstack/services/secretsmanager/provider.py
View file
Expand Up @@ -792,7 +792,7 @@ def backend_rotate_secret(
raise pending_version.pop()
# Fall through if there is no previously pending version so we'll "stuck" with a new
# secret version in AWSPENDING state.

secret.last_rotation_date = int(time.time())
return secret.to_short_dict(version_id=new_version_id)


Expand Down
12 changes: 9 additions & 3 deletions tests/aws/services/secretsmanager/test_secretsmanager.py
View file
Expand Up @@ -9,7 +9,6 @@
import pytest
import requests
from botocore.auth import SigV4Auth
from localstack_snapshot.snapshots.transformer import SortingTransformer

from localstack.aws.api.lambda_ import Runtime
from localstack.aws.api.secretsmanager import (
Expand Down Expand Up @@ -367,7 +366,9 @@ def test_resource_policy(self, secret_name, aws_client, sm_snapshot, cleanups):
assert rs["ResponseMetadata"]["HTTPStatusCode"] == 200

@pytest.mark.parametrize("rotate_immediately", [True, None])
@markers.snapshot.skip_snapshot_verify(paths=["$..Versions..KmsKeyIds"])
@markers.snapshot.skip_snapshot_verify(
paths=["$..VersionIdsToStages", "$..Versions", "$..VersionId"]
)
@markers.aws.validated
def test_rotate_secret_with_lambda_success(
self,
Expand All @@ -388,7 +389,9 @@ def test_rotate_secret_with_lambda_success(
Description="testing rotation of secrets",
)

sm_snapshot.add_transformer(SortingTransformer("Versions", lambda x: x["CreatedDate"]))
sm_snapshot.add_transformer(
sm_snapshot.transform.key_value("RotationLambdaARN", "lambda-arn")
)
sm_snapshot.add_transformers_list(
sm_snapshot.transform.secretsmanager_secret_id_arn(cre_res, 0)
)
Expand Down Expand Up @@ -423,6 +426,9 @@ def test_rotate_secret_with_lambda_success(

self._wait_rotation(aws_client.secretsmanager, secret_name, rot_res["VersionId"])

response = aws_client.secretsmanager.describe_secret(SecretId=secret_name)
sm_snapshot.match("describe_secret_rotated", response)

list_secret_versions_1 = aws_client.secretsmanager.list_secret_version_ids(
SecretId=secret_name
)
Expand Down
66 changes: 61 additions & 5 deletions tests/aws/services/secretsmanager/test_secretsmanager.snapshot.json
View file
Expand Up @@ -3687,7 +3687,7 @@
}
},
"tests/aws/services/secretsmanager/test_secretsmanager.py::TestSecretsManager::test_rotate_secret_with_lambda_success[True]": {
"recorded-date": "14-03-2024, 21:02:51",
"recorded-date": "28-03-2024, 06:58:46",
"recorded-content": {
"rotate_secret_immediately": {
"ARN": "arn:aws:secretsmanager:<region>:111111111111:secret:<SecretId-0idx><ArnPart-0idx>",
Expand All @@ -3698,6 +3698,34 @@
"HTTPStatusCode": 200
}
},
"describe_secret_rotated": {
"ARN": "arn:aws:secretsmanager:<region>:111111111111:secret:<SecretId-0idx><ArnPart-0idx>",
"CreatedDate": "datetime",
"Description": "testing rotation of secrets",
"LastAccessedDate": "datetime",
"LastChangedDate": "datetime",
"LastRotatedDate": "datetime",
"Name": "<SecretId-0idx>",
"NextRotationDate": "datetime",
"RotationEnabled": true,
"RotationLambdaARN": "<lambda-arn:1>",
"RotationRules": {
"AutomaticallyAfterDays": 1
},
"VersionIdsToStages": {
"<version_uuid:1>": [
"AWSCURRENT",
"AWSPENDING"
],
"<version_uuid:2>": [
"AWSPREVIOUS"
]
},
"ResponseMetadata": {
"HTTPHeaders": {},
"HTTPStatusCode": 200
}
},
"list_secret_versions_rotated_1": {
"ARN": "arn:aws:secretsmanager:<region>:111111111111:secret:<SecretId-0idx><ArnPart-0idx>",
"Name": "<SecretId-0idx>",
Expand Down Expand Up @@ -3733,12 +3761,40 @@
}
},
"tests/aws/services/secretsmanager/test_secretsmanager.py::TestSecretsManager::test_rotate_secret_with_lambda_success[None]": {
"recorded-date": "14-03-2024, 21:03:01",
"recorded-date": "28-03-2024, 06:58:58",
"recorded-content": {
"rotate_secret_immediately": {
"ARN": "arn:aws:secretsmanager:<region>:111111111111:secret:<SecretId-0idx><ArnPart-0idx>",
"Name": "<SecretId-0idx>",
"VersionId": "<version_uuid:1>",
"VersionId": "<version_uuid:2>",
"ResponseMetadata": {
"HTTPHeaders": {},
"HTTPStatusCode": 200
}
},
"describe_secret_rotated": {
"ARN": "arn:aws:secretsmanager:<region>:111111111111:secret:<SecretId-0idx><ArnPart-0idx>",
"CreatedDate": "datetime",
"Description": "testing rotation of secrets",
"LastAccessedDate": "datetime",
"LastChangedDate": "datetime",
"LastRotatedDate": "datetime",
"Name": "<SecretId-0idx>",
"NextRotationDate": "datetime",
"RotationEnabled": true,
"RotationLambdaARN": "<lambda-arn:1>",
"RotationRules": {
"AutomaticallyAfterDays": 1
},
"VersionIdsToStages": {
"<version_uuid:1>": [
"AWSPREVIOUS"
],
"<version_uuid:2>": [
"AWSCURRENT",
"AWSPENDING"
]
},
"ResponseMetadata": {
"HTTPHeaders": {},
"HTTPStatusCode": 200
Expand All @@ -3754,7 +3810,7 @@
"DefaultEncryptionKey"
],
"LastAccessedDate": "datetime",
"VersionId": "<version_uuid:2>",
"VersionId": "<version_uuid:1>",
"VersionStages": [
"AWSPREVIOUS"
]
Expand All @@ -3764,7 +3820,7 @@
"KmsKeyIds": [
"DefaultEncryptionKey"
],
"VersionId": "<version_uuid:1>",
"VersionId": "<version_uuid:2>",
"VersionStages": [
"AWSCURRENT",
"AWSPENDING"
Expand Down
4 changes: 2 additions & 2 deletions tests/aws/services/secretsmanager/test_secretsmanager.validation.json
View file
Expand Up @@ -87,10 +87,10 @@
"last_validated_date": "2024-03-15T08:12:22+00:00"
},
"tests/aws/services/secretsmanager/test_secretsmanager.py::TestSecretsManager::test_rotate_secret_with_lambda_success[None]": {
"last_validated_date": "2024-03-14T21:03:56+00:00"
"last_validated_date": "2024-03-28T06:58:56+00:00"
},
"tests/aws/services/secretsmanager/test_secretsmanager.py::TestSecretsManager::test_rotate_secret_with_lambda_success[True]": {
"last_validated_date": "2024-03-14T21:03:47+00:00"
"last_validated_date": "2024-03-28T06:58:44+00:00"
},
"tests/aws/services/secretsmanager/test_secretsmanager.py::TestSecretsManager::test_secret_exists": {
"last_validated_date": "2024-03-15T08:14:33+00:00"
Expand Down

0 comments on commit 3964973

Please sign in to comment.