CCC.SecMgmt Test: finos-ccc-integration-secret-main

Test Parameters

ServiceType	secrets
ProviderServiceType	secretsmanager:secret
CatalogTypes	CCC.SecMgmt
TagFilter	@Behavioural, @secrets, @Behavioural
UID	finos-ccc-integration-secret-main
ResourceName	finos-ccc-integration-secret-main
Config	{}
authorized-region	us-east-1
catalog-versions	{ "CCC.Core": "v2025.10", "CCC.SecMgmt": "DEV" }
permitted-regions	[ "us-east-1" ]
provider	aws
region	us-east-1
resource	finos-ccc-integration-secret-main
service	secrets
service-type	secrets
tags	@Behavioural @secrets
unauthorized-region	eu-west-1

Summary

Generated: 2026-06-16 15:47:02

Total Run Time: 793ms

Features: 2

Scenarios: 4 (✅ 3 | ❌ 1)

Steps: 26 (✅ 25 | ❌ 1 | ⏭️ 0 | ❓ 0)

Feature: CCC.SecMgmt.CN01.AR01 - Deny Outdated Secret Version After Rotation

Scenario: Current secret version is readable @CCC.SecMgmt @CCC.SecMgmt.CN01 @PerService @tlp-amber @tlp-red @Behavioural @secrets @SANITY @OPT_IN

Given a cloud api for "{config}" in "api"70µs

And I call "{api}" with "GetServiceAPI" using argument "secrets"108µs

And I refer to "{result}" as "svc"13µs

When I call "{svc}" with "RetrieveSecretVersion" using arguments "{uid}" and "latest"189ms

Then "{result}" is not an error29µs

And I refer to "{result}" as "currentSecret"16µs

And I attach "{currentSecret}" to the test output as "Current Secret Version"59µs

Then "{currentSecret.Denied}" is "false"32µs

📎 Attachments:

Current Secret Version

View JSON (119 bytes)

{"Plaintext":"ccc-integration-secret-v2","VersionID":"terraform-20260604120812174400000003","Denied":false,"Reason":""}

Scenario: Stale secret version retrieve is denied @CCC.SecMgmt @CCC.SecMgmt.CN01 @PerService @tlp-amber @tlp-red @Behavioural @secrets @MAIN

Given a cloud api for "{config}" in "api"44µs

And I call "{api}" with "GetServiceAPI" using argument "secrets"32µs

And I refer to "{result}" as "svc"20µs

When I call "{svc}" with "RetrieveSecretVersion" using arguments "{uid}" and "{stale-version-id}"57ms

Then "{result}" is an error30µs

expected {result} to be an error, got *secrets.SecretValue

Feature: CCC.SecMgmt.CN02.AR01 - Deny Retrieve From Unauthorized Region

Scenario: Authorized region read succeeds @CCC.SecMgmt @CCC.SecMgmt.CN02 @PerService @tlp-amber @tlp-red @Behavioural @secrets @SANITY @OPT_IN

Given a cloud api for "{config}" in "api"32µs

And I call "{api}" with "GetServiceAPI" using argument "secrets"41µs

And I refer to "{result}" as "svc"20µs

When I call "{svc}" with "RetrieveSecretInRegion" using arguments "{uid}" and "{authorized-region}"161ms

Then "{result}" is not an error27µs

And I refer to "{result}" as "authorizedRead"24µs

And I attach "{authorizedRead}" to the test output as "Authorized Region Read"36µs

Then "{authorizedRead.Denied}" is "false"24µs

📎 Attachments:

Authorized Region Read

View JSON (58 bytes)

{"Plaintext":"","VersionID":"","Denied":false,"Reason":""}

Scenario: Unauthorized region read is denied @CCC.SecMgmt @CCC.SecMgmt.CN02 @PerService @tlp-amber @tlp-red @Behavioural @secrets @MAIN

Given a cloud api for "{config}" in "api"38µs

And I call "{api}" with "GetServiceAPI" using argument "secrets"39µs

And I refer to "{result}" as "svc"20µs

When I call "{svc}" with "RetrieveSecretInRegion" using arguments "{uid}" and "{unauthorized-region}"380ms

Then "{result}" is an error23µs

🥒 CCC.SecMgmt Test: finos-ccc-integration-secret-main

Test Parameters

Summary