Skip to content
This repository was archived by the owner on Mar 23, 2026. It is now read-only.

SecretsManager: add tag/untag resource handling for deleted secrets#13662

Merged
macnev2013 merged 1 commit into
localstack:mainfrom
shubhiscoding:fix/deleted-secret-tag-untag
Feb 5, 2026
Merged

SecretsManager: add tag/untag resource handling for deleted secrets#13662
macnev2013 merged 1 commit into
localstack:mainfrom
shubhiscoding:fix/deleted-secret-tag-untag

Conversation

@shubhiscoding
Copy link
Copy Markdown
Contributor

@shubhiscoding shubhiscoding commented Jan 29, 2026

Motivation

Fixes #13648

LocalStack incorrectly allows tagging and untagging operations on secrets that have been marked for deletion. AWS Secrets Manager rejects these operations with an InvalidRequestException.

Changes

  • Added @patch for SecretsManagerBackend.tag_resource to check if the secret is marked for deletion before allowing tagging
  • Added @patch for SecretsManagerBackend.untag_resource to check if the secret is marked for deletion before allowing untagging
  • Both patches raise InvalidRequestException with the same error message as AWS

Tests

  • Added test_tag_untag_resource_on_deleted_secret - an AWS-validated snapshot test that verifies both tag_resource and untag_resource operations fail with InvalidRequestException when the secret is marked for deletion

Related

@shubhiscoding
Copy link
Copy Markdown
Contributor Author

shubhiscoding commented Jan 29, 2026

Hi @ryan-berke @macnev2013 attempted a fix for the issue #13648 let me know if any changes required!

macnev2013
macnev2013 reviewed Feb 2, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@macnev2013 macnev2013 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution! 🚀

Before we can proceed, could you please sign the CLA? You can do so by posting the following comment on this PR:

I have read the CLA Document and I hereby sign the CLA

@macnev2013 macnev2013 added semver: patch Non-breaking changes which can be included in patch releases docs: skip Pull request does not require documentation changes notes: skip Pull request does not have to be mentioned in the release notes labels Feb 2, 2026
@shubhiscoding
Copy link
Copy Markdown
Contributor Author

shubhiscoding commented Feb 2, 2026

I have read the CLA Document and I hereby sign the CLA

@shubhiscoding
Copy link
Copy Markdown
Contributor Author

shubhiscoding commented Feb 2, 2026

btw, I already did it on one of my previous PR(#13554)
do we need to comment this on every pr?

@alexrashed alexrashed assigned giograno and macnev2013 and unassigned giograno Feb 4, 2026
@alexrashed
Copy link
Copy Markdown
Member

alexrashed commented Feb 4, 2026

Hey @shubhiscoding! Thanks for your contribution!
That's just a misunderstanding, there is no need to sign the SLA another time. :)
@macnev2013 I think this one is ready for a review 🤩

macnev2013
macnev2013 approved these changes Feb 5, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@macnev2013 macnev2013 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution! LGTM 🚀

@macnev2013 macnev2013 merged commit 13ed487 into localstack:main Feb 5, 2026
50 of 53 checks passed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@macnev2013 macnev2013 macnev2013 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@macnev2013 macnev2013

Labels

docs: skip Pull request does not require documentation changes notes: skip Pull request does not have to be mentioned in the release notes semver: patch Non-breaking changes which can be included in patch releases

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Localstack AWS Secrets manager allows secrets to be tagged after they are marked for deletion

4 participants

@shubhiscoding @alexrashed @macnev2013 @giograno