From 7b04a77e184d881b2fa39dd380c3f3676471a4a0 Mon Sep 17 00:00:00 2001 From: Daniel Fangl Date: Fri, 11 Oct 2024 16:43:30 +0200 Subject: [PATCH] Allow force deletion of already marked-for-delete secret --- moto/secretsmanager/models.py | 2 +- tests/test_secretsmanager/test_secretsmanager.py | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/moto/secretsmanager/models.py b/moto/secretsmanager/models.py index 5a3cf7f05832..bbebebb58099 100644 --- a/moto/secretsmanager/models.py +++ b/moto/secretsmanager/models.py @@ -948,7 +948,7 @@ def delete_secret( msg = f"You can't delete secret {secret_id} that still has replica regions [{replica_regions}]" raise InvalidParameterException(msg) - if secret.is_deleted(): + if secret.is_deleted() and not force_delete_without_recovery: raise InvalidRequestException( "An error occurred (InvalidRequestException) when calling the DeleteSecret operation: You tried to \ perform the operation on a secret that's currently marked deleted." diff --git a/tests/test_secretsmanager/test_secretsmanager.py b/tests/test_secretsmanager/test_secretsmanager.py index e386aff25405..8879b64f00b3 100644 --- a/tests/test_secretsmanager/test_secretsmanager.py +++ b/tests/test_secretsmanager/test_secretsmanager.py @@ -628,6 +628,17 @@ def test_delete_secret_that_is_marked_deleted(): conn.delete_secret(SecretId="test-secret") +@mock_aws +def test_force_delete_secret_that_is_marked_deleted(): + conn = boto3.client("secretsmanager", region_name="us-west-2") + + conn.create_secret(Name="test-secret", SecretString="foosecret") + + conn.delete_secret(SecretId="test-secret") + + conn.delete_secret(SecretId="test-secret", ForceDeleteWithoutRecovery=True) + + @mock_aws def test_get_random_password_default_length(): conn = boto3.client("secretsmanager", region_name="us-west-2")