Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ResourceGroupsTaggingAPI: Add support for Secrets Manager for get_resources #8336

Merged
merged 2 commits into from
Nov 24, 2024
Merged

ResourceGroupsTaggingAPI: Add support for Secrets Manager for get_resources #8336

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
afa9b88
Add support for Secrets Manager for get_resources
dev022022 Nov 19, 2024
66c7c8a
Fix resourcegrouptaggingapi tests for python 3.8
dev022022 Nov 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions moto/resourcegroupstaggingapi/models.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@
from moto.redshift.models import RedshiftBackend, redshift_backends
from moto.s3.models import S3Backend, s3_backends
from moto.sagemaker.models import SageMakerModelBackend, sagemaker_backends
from moto.secretsmanager import secretsmanager_backends
from moto.secretsmanager.models import ReplicaSecret, SecretsManagerBackend
from moto.sns.models import SNSBackend, sns_backends
from moto.sqs.models import SQSBackend, sqs_backends
from moto.ssm.models import SimpleSystemManagerBackend, ssm_backends
Expand Down Expand Up @@ -110,6 +112,10 @@
def acm_backend(self) -> AWSCertificateManagerBackend:
return acm_backends[self.account_id][self.region_name]

@property
def secretsmanager_backend(self) -> SecretsManagerBackend:
return secretsmanager_backends[self.account_id][self.region_name]

@property
def sns_backend(self) -> SNSBackend:
return sns_backends[self.account_id][self.region_name]
Expand Down Expand Up @@ -496,6 +502,24 @@
# RedShift Snapshot
# RedShift Subnet group

# Secrets Manager
if (
not resource_type_filters
or "secretsmanager" in resource_type_filters
or "secretsmanager:secret" in resource_type_filters
):
for secret in self.secretsmanager_backend.secrets.values():
if isinstance(secret, ReplicaSecret):
secret_tags = secret.source.tags
else:
secret_tags = secret.tags

if secret_tags:
formated_tags = format_tag_keys(secret_tags, ["Key", "Value"])
if not formated_tags or not tag_filter(formated_tags):
continue

Check warning on line 520 in moto/resourcegroupstaggingapi/models.py

View check run for this annotation

Codecov / codecov/patch

moto/resourcegroupstaggingapi/models.py#L520 

Added line #L520 was not covered by tests
yield {"ResourceARN": f"{secret.arn}", "Tags": formated_tags}

# SQS
if not resource_type_filters or "sqs" in resource_type_filters:
for queue in self.sqs_backend.queues.values():
Expand Down
56 changes: 56 additions & 0 deletions tests/test_resourcegroupstaggingapi/test_resourcegroupstaggingapi.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import json
import typing

import boto3
import pytest
Expand Down Expand Up @@ -1240,3 +1241,58 @@ def test_get_resources_workspacesweb():
TagFilters=[{"Key": "TestKey3", "Values": ["TestValue3"]}],
)
assert len(resp["ResourceTagMappingList"]) == 1


@pytest.mark.parametrize("resource_type", ["secretsmanager", "secretsmanager:secret"])
@mock_aws
def test_get_resources_secretsmanager(resource_type):
def assert_tagging_works(region_name: str, regional_response_keys: typing.Set[str]):
rtapi = boto3.client("resourcegroupstaggingapi", region_name=region_name)
resp = rtapi.get_resources(
ResourcesPerPage=2, ResourceTypeFilters=[resource_type]
)
for resource in resp["ResourceTagMappingList"]:
regional_response_keys.remove(resource["Tags"][0]["Key"])

assert len(regional_response_keys) == 2

resp = rtapi.get_resources(
ResourcesPerPage=2,
PaginationToken=resp["PaginationToken"],
ResourceTypeFilters=[resource_type],
)
for resource in resp["ResourceTagMappingList"]:
regional_response_keys.remove(resource["Tags"][0]["Key"])

assert len(regional_response_keys) == 0

# Tests pagination
secretsmanager_client = boto3.client("secretsmanager", region_name="eu-central-1")

# Will end up having key1,key2,key3,key4
response_keys = set()

# Create 4 tagged secrets
for i in range(1, 5):
i_str = str(i)
secretsmanager_client.create_secret(
Name="test_secret" + i_str,
SecretString="very_secret",
AddReplicaRegions=[{"Region": "eu-west-1"}],
)
secretsmanager_client.tag_resource(
SecretId="test_secret" + i_str,
Tags=[{"Key": "key" + i_str, "Value": "value" + i_str}],
)
response_keys.add("key" + i_str)

# add an untagged secret to cover this case as well
secretsmanager_client: secretsmanager_client.create_secret(
Name="untagged_secret",
SecretString="very_secret",
AddReplicaRegions=[{"Region": "eu-west-1"}],
)

# Make sure it works for normal and replicated secrets
assert_tagging_works("eu-central-1", set(response_keys))
assert_tagging_works("eu-west-1", set(response_keys))
Loading