You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Issue:
When the rotation is iniated by moto, the version with stage AWSPENDING does not behave exactly the same as the real Secrets Manager secret.
I noticed that when the real Secrets Manager is called with rotate_secret, it will create a new version with stage AWSPENDING just like moto before it invokes the lambda for the createSecret step. However, this version does not have a secret value attached to it in the real Secrets Manager.
If you call moto with get_secret_value(VersionId=<the new versionid>, VersionStage="AWSPENDING") moto will return a value (copied from AWSCURRENT).
The real Secrets Manager will fail with ResourceNotFoundException regardless if you request either VersionId or VersionStage, or both. It seems like the version does not have a secret value attached to it at all.:
Add env variable SECRETS_MANAGER_ENDPOINT or replace the code in the handler with the correct endpoint/remove it
Replace the NotImplementedError statements in the lambda with pass or similar to make the function not throw
Run the test with logging enabled
Expected result:
You should not see "createSecret: Successfully retrieved secret for..." as this message indicates that the get_secret_value call succeeded on the first step as this is not how Secrets Manager behave.
Actual result:
You see the message (the version/stage AWSPENDING has a secret_value)
The text was updated successfully, but these errors were encountered:
Issue:
When the rotation is iniated by moto, the version with stage AWSPENDING does not behave exactly the same as the real Secrets Manager secret.
I noticed that when the real Secrets Manager is called with rotate_secret, it will create a new version with stage AWSPENDING just like moto before it invokes the lambda for the
createSecret
step. However, this version does not have a secret value attached to it in the real Secrets Manager.If you call moto with
get_secret_value(VersionId=<the new versionid>, VersionStage="AWSPENDING")
moto will return a value (copied from AWSCURRENT).The real Secrets Manager will fail with
ResourceNotFoundException
regardless if you request either VersionId or VersionStage, or both. It seems like the version does not have a secret value attached to it at all.:Steps to reproduce:
SECRETS_MANAGER_ENDPOINT
or replace the code in the handler with the correct endpoint/remove itNotImplementedError
statements in the lambda with pass or similar to make the function not throwExpected result:
You should not see
"createSecret: Successfully retrieved secret for..."
as this message indicates that the get_secret_value call succeeded on the first step as this is not how Secrets Manager behave.Actual result:
You see the message (the version/stage AWSPENDING has a secret_value)
The text was updated successfully, but these errors were encountered: