Generic rotation template bug in finish_secret step

aws-samples / aws-secrets-manager-rotation-lambdas

Contains Lambda functions to be used for automatic rotation of secrets stored in AWS Secrets Manager

MIT No Attribution

330 stars 282 forks source link

Generic rotation template bug in finish_secret step #92

Closed ryancausey closed 2 years ago

ryancausey commented 2 years ago

The finish_secret function has a bug in it if there is not a version found that is labeled as "AWSCURRENT".

If there is not a version found that is labeled as "AWSCURRENT", the code will set current_version as None. This will lead to update_secret_version_stage being called with RemoveFromVersionId as None. This results in a ParamValidationError being raised from the boto3 client.

goyalya commented 2 years ago

@ryancausey : As per the design, every secret will have a "AWSCURRENT" label.