def test_secret()

in functions/source/rotate_sealer_key_secret/lambda_function.py [0:0]

• 6 lines of code
• 2 McCabe index (conditional complexity)

def test_secret(service_client, arn, token):
    """Test the secret

    This method should validate that the AWSPENDING secret works in the service that the secret belongs to. For example, if the secret
    is a database credential, this method should validate that the user can login with the password in AWSPENDING and that the user has
    all of the expected permissions against the database.

    Args:
        service_client (client): The secrets manager service client

        arn (string): The secret ARN or other identifier

        token (string): The ClientRequestToken associated with the secret version

    """
    # This is where the secret should be tested against the service
    current = service_client.get_secret_value(SecretId=arn, VersionStage="AWSPENDING")
    if len(current['SecretBinary']) == 16:
      logger.info("testSecret: Tested succesfully with version %s for secret %s." % (token, arn))
    else:
      raise ValueError("Rotation test failed")