fix(parameters): get_secret correctly return SecretBinary value (#1717)

mangyau · heitorlessa · web-flow · commit f9752dfe925a · 2022-11-15T09:31:40.000+01:00
Co-authored-by: heitorlessa &lt;lessa@amazon.co.uk&gt;
diff --git a/aws_lambda_powertools/utilities/parameters/secrets.py b/aws_lambda_powertools/utilities/parameters/secrets.py
@@ -96,7 +96,12 @@ def _get(self, name: str, **sdk_options) -> str:
         # Explicit arguments will take precedence over keyword arguments
         sdk_options["SecretId"] = name
 
-        return self.client.get_secret_value(**sdk_options)["SecretString"]
+        secret_value = self.client.get_secret_value(**sdk_options)
+
+        if "SecretString" in secret_value:
+            return secret_value["SecretString"]
+
+        return secret_value["SecretBinary"]
 
     def _get_multiple(self, path: str, **sdk_options) -> Dict[str, str]:
         """
diff --git a/tests/functional/test_utilities_parameters.py b/tests/functional/test_utilities_parameters.py
@@ -46,6 +46,11 @@ def config():
     return Config(region_name="us-east-1")
 
 
+@pytest.fixture
+def mock_binary_value() -> str:
+    return "ZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5SnpkV0lpT2lJeE1qTTBOVFkzT0Rrd0lpd2libUZ0WlNJNklrcHZhRzRnUkc5bElpd2lhV0YwSWpveE5URTJNak01TURJeWZRLlNmbEt4d1JKU01lS0tGMlFUNGZ3cE1lSmYzNlBPazZ5SlZfYWRRc3N3NWMK"  # noqa: E501
+
+
 def build_get_parameters_stub(params: Dict[str, Any], invalid_parameters: List[str] | None = None) -> Dict[str, List]:
     invalid_parameters = invalid_parameters or []
     version = random.randrange(1, 1000)
@@ -1186,6 +1191,31 @@ def test_secrets_provider_get(mock_name, mock_value, config):
         stubber.deactivate()
 
 
+def test_secrets_provider_get_binary_secret(mock_name, mock_binary_value, config):
+    # GIVEN a new provider
+    provider = parameters.SecretsProvider(config=config)
+    expected_params = {"SecretId": mock_name}
+    expected_response = {
+        "ARN": f"arn:aws:secretsmanager:us-east-1:132456789012:secret/{mock_name}",
+        "Name": mock_name,
+        "VersionId": "edc66e31-3d5f-4276-aaa1-95ed44cfed72",
+        "SecretBinary": mock_binary_value,
+        "CreatedDate": datetime(2015, 1, 1),
+    }
+
+    stubber = stub.Stubber(provider.client)
+    stubber.add_response("get_secret_value", expected_response, expected_params)
+    stubber.activate()
+
+    try:
+        value = provider.get(mock_name)
+        stubber.assert_no_pending_responses()
+    finally:
+        stubber.deactivate()
+
+    assert value == mock_binary_value
+
+
 def test_secrets_provider_get_with_custom_client(mock_name, mock_value, config):
     """
     Test SecretsProvider.get() with a non-cached value
