Fix secrets_manager validation tests

tests/test_secretsmanager/test_secretsmanager.py

@@ -1063,10 +1063,22 @@ def test_rotate_secret_that_does_not_match():
 
 @mock_aws
 def test_rotate_secret_client_request_token_too_short():
-    # Test is intentionally empty. Boto3 catches too short ClientRequestToken
-    # and raises ParamValidationError before Moto can see it.
-    # test_server actually handles this error.
-    assert True
+    from botocore.config import Config
+
+    conn = boto3.client(
+        "secretsmanager",
+        region_name="us-west-2",
+        config=Config(parameter_validation=False),
+    )
+    conn.create_secret(Name=DEFAULT_SECRET_NAME, SecretString="foosecret")
+    client_request_token = "TOO-SHORT"
+    with pytest.raises(ClientError) as exc_info:
+        conn.rotate_secret(
+            SecretId=DEFAULT_SECRET_NAME, ClientRequestToken=client_request_token
+        )
+    error = exc_info.value.response["Error"]
+    assert error["Message"] == "ClientRequestToken must be 32-64 characters long."
+    assert error["Code"] == "InvalidParameterException"
 
 
 @mock_aws
@@ -1096,11 +1108,32 @@ def test_rotate_secret_rotation_lambda_arn_too_long():
 
 
 @mock_aws
-def test_rotate_secret_rotation_period_zero():
-    # Test is intentionally empty. Boto3 catches zero day rotation period
-    # and raises ParamValidationError before Moto can see it.
-    # test_server actually handles this error.
-    assert True
+@pytest.mark.parametrize(
+    "days",
+    [
+        pytest.param(0, id="below min"),
+        pytest.param(1001, id="above max"),
+    ],
+)
+def test_rotate_secret_rotation_period_validation(days):
+    from botocore.config import Config
+
+    conn = boto3.client(
+        "secretsmanager",
+        region_name="us-west-2",
+        config=Config(parameter_validation=False),
+    )
+    conn.create_secret(Name=DEFAULT_SECRET_NAME, SecretString="foosecret")
+    with pytest.raises(ClientError) as exc_info:
+        conn.rotate_secret(
+            SecretId=DEFAULT_SECRET_NAME, RotationRules={"AutomaticallyAfterDays": days}
+        )
+    error = exc_info.value.response["Error"]
+    assert (
+        error["Message"]
+        == "RotationRules.AutomaticallyAfterDays must be within 1-1000."
+    )
+    assert error["Code"] == "InvalidParameterException"
 
 
 @mock_aws

tests/test_secretsmanager/test_server.py

@@ -1024,60 +1024,3 @@ def test_batch_get_secret_value_with_filters():
 
     json_data = json.loads(batch_get_secret_values.data.decode("utf-8"))
     assert len(json_data["SecretValues"]) == len(matched) == 2
-
-
-#
-# The following tests should work, but fail on the embedded dict in
-# RotationRules. The error message suggests a problem deeper in the code, which
-# needs further investigation.
-#
-
-# @mock_aws
-# def test_rotate_secret_rotation_period_zero():
-#     backend = server.create_backend_app('secretsmanager')
-#     test_client = backend.test_client()
-
-#     create_secret = test_client.post('/',
-#                         data={"Name": "test-secret",
-#                               "SecretString": "foosecret"},
-#                         headers={
-#                             "X-Amz-Target": "secretsmanager.CreateSecret"
-#                         },
-#                     )
-
-#     rotate_secret = test_client.post('/',
-#                         data={"SecretId": "test-secret",
-#                               "RotationRules": {"AutomaticallyAfterDays": 0}},
-#                         headers={
-#                             "X-Amz-Target": "secretsmanager.RotateSecret"
-#                         },
-#                     )
-
-#     json_data = json.loads(rotate_secret.data.decode("utf-8"))
-#     assert json_data['message'] == "RotationRules.AutomaticallyAfterDays must be within 1-1000."
-#     assert json_data['__type'] == 'InvalidParameterException'
-
-# @mock_aws
-# def test_rotate_secret_rotation_period_too_long():
-#     backend = server.create_backend_app('secretsmanager')
-#     test_client = backend.test_client()
-
-#     create_secret = test_client.post('/',
-#                         data={"Name": "test-secret",
-#                               "SecretString": "foosecret"},
-#                         headers={
-#                             "X-Amz-Target": "secretsmanager.CreateSecret"
-#                         },
-#                     )
-
-#     rotate_secret = test_client.post('/',
-#                         data={"SecretId": "test-secret",
-#                               "RotationRules": {"AutomaticallyAfterDays": 1001}},
-#                         headers={
-#                             "X-Amz-Target": "secretsmanager.RotateSecret"
-#                         },
-#                     )
-
-#     json_data = json.loads(rotate_secret.data.decode("utf-8"))
-#     assert json_data['message'] == "RotationRules.AutomaticallyAfterDays must be within 1-1000."
-#     assert json_data['__type'] == 'InvalidParameterException'