From 91a16edc76ef9bb74d587abeb4777e7adc006262 Mon Sep 17 00:00:00 2001
From: Andrew Hammond <andrew.hammond@helix.com>
Date: Fri, 29 May 2020 21:22:02 -0700
Subject: [PATCH] missing engine is not a cause for panic

If engine is missing, assume that the user still wants to rotate the secret.
If the user deliberatly tries to connect to a non-postgres database,
the right place to fail is in the db.connect() call.
---
 SecretsManagerRDSMySQLRotationMultiUser/lambda_function.py    | 4 +++-
 SecretsManagerRDSMySQLRotationSingleUser/lambda_function.py   | 4 +++-
 .../lambda_function.py                                        | 4 +++-
 .../lambda_function.py                                        | 4 +++-
 4 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/SecretsManagerRDSMySQLRotationMultiUser/lambda_function.py b/SecretsManagerRDSMySQLRotationMultiUser/lambda_function.py
index 8f360533..7a41a7a3 100644
--- a/SecretsManagerRDSMySQLRotationMultiUser/lambda_function.py
+++ b/SecretsManagerRDSMySQLRotationMultiUser/lambda_function.py
@@ -340,7 +340,9 @@ def get_secret_dict(service_client, arn, stage, token=None):
     secret_dict = json.loads(plaintext)
 
     # Run validations against the secret
-    if 'engine' not in secret_dict or secret_dict['engine'] != 'mysql':
+    if 'engine' not in secret_dict:
+        secret_dict['engine'] = 'mysql'
+    if secret_dict['engine'] != 'mysql':
         raise KeyError("Database engine must be set to 'mysql' in order to use this rotation lambda")
     for field in required_fields:
         if field not in secret_dict:
diff --git a/SecretsManagerRDSMySQLRotationSingleUser/lambda_function.py b/SecretsManagerRDSMySQLRotationSingleUser/lambda_function.py
index a549c6d4..74b8f072 100644
--- a/SecretsManagerRDSMySQLRotationSingleUser/lambda_function.py
+++ b/SecretsManagerRDSMySQLRotationSingleUser/lambda_function.py
@@ -310,7 +310,9 @@ def get_secret_dict(service_client, arn, stage, token=None):
     secret_dict = json.loads(plaintext)
 
     # Run validations against the secret
-    if 'engine' not in secret_dict or secret_dict['engine'] != 'mysql':
+    if 'engine' not in secret_dict:
+        secret_dict['engine'] = 'mysql'
+    if secret_dict['engine'] != 'mysql':
         raise KeyError("Database engine must be set to 'mysql' in order to use this rotation lambda")
     for field in required_fields:
         if field not in secret_dict:
diff --git a/SecretsManagerRDSPostgreSQLRotationMultiUser/lambda_function.py b/SecretsManagerRDSPostgreSQLRotationMultiUser/lambda_function.py
index 9cdb9cab..529a645e 100644
--- a/SecretsManagerRDSPostgreSQLRotationMultiUser/lambda_function.py
+++ b/SecretsManagerRDSPostgreSQLRotationMultiUser/lambda_function.py
@@ -337,7 +337,9 @@ def get_secret_dict(service_client, arn, stage, token=None):
     secret_dict = json.loads(plaintext)
 
     # Run validations against the secret
-    if 'engine' not in secret_dict or secret_dict['engine'] != 'postgres':
+    if 'engine' not in secret_dict:
+        secret_dict['engine'] = 'postgres'
+    if secret_dict['engine'] != 'postgres':
         raise KeyError("Database engine must be set to 'postgres' in order to use this rotation lambda")
     for field in required_fields:
         if field not in secret_dict:
diff --git a/SecretsManagerRDSPostgreSQLRotationSingleUser/lambda_function.py b/SecretsManagerRDSPostgreSQLRotationSingleUser/lambda_function.py
index 8c0bcfe2..d80f804a 100644
--- a/SecretsManagerRDSPostgreSQLRotationSingleUser/lambda_function.py
+++ b/SecretsManagerRDSPostgreSQLRotationSingleUser/lambda_function.py
@@ -309,7 +309,9 @@ def get_secret_dict(service_client, arn, stage, token=None):
     secret_dict = json.loads(plaintext)
 
     # Run validations against the secret
-    if 'engine' not in secret_dict or secret_dict['engine'] != 'postgres':
+    if 'engine' not in secret_dict:
+        secret_dict['engine'] = 'postgres'
+    if secret_dict['engine'] != 'postgres':
         raise KeyError("Database engine must be set to 'postgres' in order to use this rotation lambda")
     for field in required_fields:
         if field not in secret_dict: