CCC.SecMgmt Test: finos-ccc-integration-secret-main

Test Parameters

ServiceType	secrets
ProviderServiceType	secretsmanager:secret
CatalogTypes	CCC.SecMgmt
TagFilter	@Behavioural, @secrets, @Behavioural
UID	finos-ccc-integration-secret-main
ResourceName	finos-ccc-integration-secret-main
Config	{}
authorized-region	us-east-1
catalog-versions	{ "CCC.Core": "v2025.10", "CCC.SecMgmt": "DEV" }
permitted-regions	[ "us-east-1" ]
provider	aws
region	us-east-1
resource	finos-ccc-integration-secret-main
service	secrets
service-type	secrets
tags	@Behavioural @secrets
unauthorized-region	eu-west-1

Summary

Generated: 2026-06-16 16:32:03

Total Run Time: 494ms

Features: 2

Scenarios: 4 (✅ 3 | ❌ 1)

Steps: 26 (✅ 25 | ❌ 1 | ⏭️ 0 | ❓ 0)

Feature: CCC.SecMgmt.CN01.AR01 - Deny Outdated Secret Version After Rotation

Scenario: Current secret version is readable @CCC.SecMgmt @CCC.SecMgmt.CN01 @PerService @tlp-amber @tlp-red @Behavioural @secrets @SANITY @OPT_IN

Given a cloud api for "{config}" in "api"224µs

And I call "{api}" with "GetServiceAPI" using argument "secrets"162µs

And I refer to "{result}" as "svc"60µs

When I call "{svc}" with "RetrieveSecretVersion" using arguments "{uid}" and "latest"94ms

Then "{result}" is not an error33µs

And I refer to "{result}" as "currentSecret"31µs

And I attach "{currentSecret}" to the test output as "Current Secret Version"76µs

Then "{currentSecret.Denied}" is "false"53µs

📎 Attachments:

Current Secret Version

View JSON (119 bytes)

{"Plaintext":"ccc-integration-secret-v2","VersionID":"terraform-20260604120812174400000003","Denied":false,"Reason":""}

Scenario: Stale secret version retrieve is denied @CCC.SecMgmt @CCC.SecMgmt.CN01 @PerService @tlp-amber @tlp-red @Behavioural @secrets @MAIN

Given a cloud api for "{config}" in "api"63µs

And I call "{api}" with "GetServiceAPI" using argument "secrets"40µs

And I refer to "{result}" as "svc"15µs

When I call "{svc}" with "RetrieveSecretVersion" using arguments "{uid}" and "{stale-version-id}"23ms

Then "{result}" is an error54µs

expected {result} to be an error, got *secrets.SecretValue

Feature: CCC.SecMgmt.CN02.AR01 - Deny Retrieve From Unauthorized Region

Scenario: Authorized region read succeeds @CCC.SecMgmt @CCC.SecMgmt.CN02 @PerService @tlp-amber @tlp-red @Behavioural @secrets @SANITY @OPT_IN

Given a cloud api for "{config}" in "api"32µs

And I call "{api}" with "GetServiceAPI" using argument "secrets"39µs

And I refer to "{result}" as "svc"28µs

When I call "{svc}" with "RetrieveSecretInRegion" using arguments "{uid}" and "{authorized-region}"68ms

Then "{result}" is not an error26µs

And I refer to "{result}" as "authorizedRead"169µs

And I attach "{authorizedRead}" to the test output as "Authorized Region Read"380µs

Then "{authorizedRead.Denied}" is "false"110µs

📎 Attachments:

Authorized Region Read

View JSON (58 bytes)

{"Plaintext":"","VersionID":"","Denied":false,"Reason":""}

Scenario: Unauthorized region read is denied @CCC.SecMgmt @CCC.SecMgmt.CN02 @PerService @tlp-amber @tlp-red @Behavioural @secrets @MAIN

Given a cloud api for "{config}" in "api"42µs

And I call "{api}" with "GetServiceAPI" using argument "secrets"37µs

And I refer to "{result}" as "svc"24µs

When I call "{svc}" with "RetrieveSecretInRegion" using arguments "{uid}" and "{unauthorized-region}"302ms

Then "{result}" is an error31µs

🥒 CCC.SecMgmt Test: finos-ccc-integration-secret-main

Test Parameters

Summary