CCC.SecMgmt Test: finos-ccc-integration-secret-main

Test Parameters

ServiceType	secrets
ProviderServiceType	secretsmanager:secret
CatalogTypes	CCC.SecMgmt
TagFilter	@Behavioural, @secrets, @Behavioural
UID	finos-ccc-integration-secret-main
ResourceName	finos-ccc-integration-secret-main
Config	{}
authorized-region	us-east-1
catalog-versions	{ "CCC.Core": "v2025.10", "CCC.SecMgmt": "DEV" }
permitted-regions	[ "us-east-1" ]
provider	aws
region	us-east-1
resource	finos-ccc-integration-secret-main
service	secrets
service-type	secrets
stale-version-id	terraform-20260604120811448400000002
tags	@Behavioural @secrets
unauthorized-region	eu-west-1

Summary

Generated: 2026-06-22 17:40:36

Total Run Time: 708ms

Features: 2

Scenarios: 4 (✅ 4 | ❌ 0)

Steps: 26 (✅ 26 | ❌ 0 | ⏭️ 0 | ❓ 0)

Feature: CCC.SecMgmt.CN01.AR01 - Deny Outdated Secret Version After Rotation

Scenario: Current secret version is readable @CCC.SecMgmt @CCC.SecMgmt.CN01 @PerService @tlp-amber @tlp-red @Behavioural @secrets @SANITY @OPT_IN

Given a cloud api for "{config}" in "api"47µs

And I call "{api}" with "GetServiceAPI" using argument "secrets"83µs

And I refer to "{result}" as "svc"12µs

When I call "{svc}" with "RetrieveSecretVersion" using arguments "{uid}" and "latest"196ms

Then "{result}" is not an error27µs

And I refer to "{result}" as "currentSecret"16µs

And I attach "{currentSecret}" to the test output as "Current Secret Version"46µs

Then "{currentSecret.Denied}" is "false"20µs

📎 Attachments:

Current Secret Version

View JSON (119 bytes)

{"Plaintext":"ccc-integration-secret-v2","VersionID":"terraform-20260604120812174400000003","Denied":false,"Reason":""}

Scenario: Stale secret version retrieve is denied @CCC.SecMgmt @CCC.SecMgmt.CN01 @PerService @tlp-amber @tlp-red @Behavioural @secrets @MAIN

Given a cloud api for "{config}" in "api"59µs

And I call "{api}" with "GetServiceAPI" using argument "secrets"36µs

And I refer to "{result}" as "svc"34µs

When I call "{svc}" with "RetrieveSecretVersion" using arguments "{uid}" and "{stale-version-id}"26ms

Then "{result}" is an error19µs

Feature: CCC.SecMgmt.CN02.AR01 - Deny Retrieve From Unauthorized Region

Scenario: Authorized region read succeeds @CCC.SecMgmt @CCC.SecMgmt.CN02 @PerService @tlp-amber @tlp-red @Behavioural @secrets @SANITY @OPT_IN

Given a cloud api for "{config}" in "api"35µs

And I call "{api}" with "GetServiceAPI" using argument "secrets"28µs

And I refer to "{result}" as "svc"19µs

When I call "{svc}" with "RetrieveSecretInRegion" using arguments "{uid}" and "{authorized-region}"129ms

Then "{result}" is not an error28µs

And I refer to "{result}" as "authorizedRead"18µs

And I attach "{authorizedRead}" to the test output as "Authorized Region Read"31µs

Then "{authorizedRead.Denied}" is "false"20µs

📎 Attachments:

Authorized Region Read

View JSON (58 bytes)

{"Plaintext":"","VersionID":"","Denied":false,"Reason":""}

Scenario: Unauthorized region read is denied @CCC.SecMgmt @CCC.SecMgmt.CN02 @PerService @tlp-amber @tlp-red @Behavioural @secrets @MAIN

Given a cloud api for "{config}" in "api"37µs

And I call "{api}" with "GetServiceAPI" using argument "secrets"33µs

And I refer to "{result}" as "svc"17µs

When I call "{svc}" with "RetrieveSecretInRegion" using arguments "{uid}" and "{unauthorized-region}"352ms

Then "{result}" is an error22µs

🥒 CCC.SecMgmt Test: finos-ccc-integration-secret-main

Test Parameters

Summary