def check_secret_versions()

in src/credentials_rotators/npm/lambda_functions/secret_rotator.py [0:0]

• 15 lines of code
• 5 McCabe index (conditional complexity)

    def check_secret_versions(self):
        """Make sure the version is staged correctly
        Raises:
            ValueError: If the secret with the specified token is incorrectly versioned
        """
        metadata = self.service_client.describe_secret(SecretId=self.arn)
        if not metadata['RotationEnabled']:
            self.logger.error("Secret is not enabled for rotation")
            raise ValueError("Secret is not enabled for rotation")
        versions = metadata['VersionIdsToStages']
        if self.token not in versions:
            self.logger.error("Secret has no stage for rotation of secret.")
            raise ValueError("Secret has no stage for rotation of secret.")
        if "AWSCURRENT" in versions[self.token]:
            self.logger.info("Secret version already set as AWSCURRENT.")
            return
        elif "AWSPENDING" not in versions[self.token]:
            self.logger.error("Secret version not set as AWSPENDING.")
            raise ValueError("Secret version not set as AWSPENDING")