CCC.SecMgmt Test: finos-ccc-integration-secret-main

Test Parameters

ServiceType	secrets
ProviderServiceType	secretmanager.googleapis.com/Secret
CatalogTypes	CCC.SecMgmt
TagFilter	@Behavioural, @secrets, @Behavioural
UID	finos-ccc-integration-secret-main
ResourceName	finos-ccc-integration-secret-main
Config	{}
authorized-region	us-central1
catalog-versions	{ "CCC.Core": "v2025.10", "CCC.SecMgmt": "DEV" }
gcp-project-id	nodal-time-474015-p5
gcp-secret-id	finos-ccc-integration-secret-main
permitted-regions	[ "us-central1" ]
provider	gcp
region	us-central1
resource	finos-ccc-integration-secret-main
service	secrets
service-type	secrets
stale-version-id	1
tags	@Behavioural @secrets
unauthorized-region	europe-west1

Summary

Generated: 2026-06-22 17:50:14

Total Run Time: 3s

Features: 2

Scenarios: 4 (✅ 4 | ❌ 0)

Steps: 26 (✅ 26 | ❌ 0 | ⏭️ 0 | ❓ 0)

Feature: CCC.SecMgmt.CN01.AR01 - Deny Outdated Secret Version After Rotation

Scenario: Current secret version is readable @CCC.SecMgmt @CCC.SecMgmt.CN01 @PerService @tlp-amber @tlp-red @Behavioural @secrets @SANITY @OPT_IN

Given a cloud api for "{config}" in "api"52µs

And I call "{api}" with "GetServiceAPI" using argument "secrets"110µs

And I refer to "{result}" as "svc"15µs

When I call "{svc}" with "RetrieveSecretVersion" using arguments "{uid}" and "latest"564ms

Then "{result}" is not an error28µs

And I refer to "{result}" as "currentSecret"14µs

And I attach "{currentSecret}" to the test output as "Current Secret Version"46µs

Then "{currentSecret.Denied}" is "false"21µs

📎 Attachments:

Current Secret Version

View JSON (89 bytes)

{"Plaintext":"ccc-integration-secret-v2","VersionID":"latest","Denied":false,"Reason":""}

Scenario: Stale secret version retrieve is denied @CCC.SecMgmt @CCC.SecMgmt.CN01 @PerService @tlp-amber @tlp-red @Behavioural @secrets @MAIN

Given a cloud api for "{config}" in "api"29µs

And I call "{api}" with "GetServiceAPI" using argument "secrets"37µs

And I refer to "{result}" as "svc"18µs

When I call "{svc}" with "RetrieveSecretVersion" using arguments "{uid}" and "{stale-version-id}"535ms

Then "{result}" is an error28µs

Feature: CCC.SecMgmt.CN02.AR01 - Deny Retrieve From Unauthorized Region

Scenario: Authorized region read succeeds @CCC.SecMgmt @CCC.SecMgmt.CN02 @PerService @tlp-amber @tlp-red @Behavioural @secrets @SANITY @OPT_IN

Given a cloud api for "{config}" in "api"41µs

And I call "{api}" with "GetServiceAPI" using argument "secrets"29µs

And I refer to "{result}" as "svc"23µs

When I call "{svc}" with "RetrieveSecretInRegion" using arguments "{uid}" and "{authorized-region}"494ms

Then "{result}" is not an error25µs

And I refer to "{result}" as "authorizedRead"14µs

And I attach "{authorizedRead}" to the test output as "Authorized Region Read"37µs

Then "{authorizedRead.Denied}" is "false"30µs

📎 Attachments:

Authorized Region Read

View JSON (58 bytes)

{"Plaintext":"","VersionID":"","Denied":false,"Reason":""}

Scenario: Unauthorized region read is denied @CCC.SecMgmt @CCC.SecMgmt.CN02 @PerService @tlp-amber @tlp-red @Behavioural @secrets @MAIN

Given a cloud api for "{config}" in "api"43µs

And I call "{api}" with "GetServiceAPI" using argument "secrets"42µs

And I refer to "{result}" as "svc"41µs

When I call "{svc}" with "RetrieveSecretInRegion" using arguments "{uid}" and "{unauthorized-region}"1s

Then "{result}" is an error25µs

🥒 CCC.SecMgmt Test: finos-ccc-integration-secret-main

Test Parameters

Summary