From cf0d4e3cff9478496fe1e63f9d4113c3dc81abe9 Mon Sep 17 00:00:00 2001
From: Isman Firmansyah <iromli@users.noreply.github.com>
Date: Sat, 11 Feb 2023 01:15:19 +0700
Subject: [PATCH] fix(jans-pycloudlib): avoid overwritten data by using merge
 strategy for AWS wrappers (#3832)

---
 .../jans/pycloudlib/config/aws_config.py            | 13 +++++++++----
 .../jans/pycloudlib/secret/aws_secret.py            | 13 +++++++++----
 2 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/jans-pycloudlib/jans/pycloudlib/config/aws_config.py b/jans-pycloudlib/jans/pycloudlib/config/aws_config.py
index 4dd4c12be59..b9abfa89065 100644
--- a/jans-pycloudlib/jans/pycloudlib/config/aws_config.py
+++ b/jans-pycloudlib/jans/pycloudlib/config/aws_config.py
@@ -178,12 +178,17 @@ def set_all(self, data: dict[str, _t.Any]) -> bool:
         """
         self._prepare_secret()
 
+        # fetch existing data (if any) as we will merge them;
+        # note that existing value will be overwritten
+        payload = self.get_all()
+
+        for k, v in data.items():
+            # ensure value that has bytes is converted to text
+            payload[k] = safe_value(v)
+
         resp = self.client.update_secret(
             SecretId=self.basepath,
-            SecretString=_dump_value(
-                # ensure key-value that has bytes is converted to text
-                {k: safe_value(v) for k, v in data.items()}
-            ),
+            SecretString=_dump_value(payload),
         )
         return bool(resp)
 
diff --git a/jans-pycloudlib/jans/pycloudlib/secret/aws_secret.py b/jans-pycloudlib/jans/pycloudlib/secret/aws_secret.py
index 95beda31e04..30665d928f8 100644
--- a/jans-pycloudlib/jans/pycloudlib/secret/aws_secret.py
+++ b/jans-pycloudlib/jans/pycloudlib/secret/aws_secret.py
@@ -179,12 +179,17 @@ def set_all(self, data: dict[str, _t.Any]) -> bool:
         """
         self._prepare_secret()
 
+        # fetch existing data (if any) as we will merge them;
+        # note that existing value will be overwritten
+        payload = self.get_all()
+
+        for k, v in data.items():
+            # ensure value that has bytes is converted to text
+            payload[k] = safe_value(v)
+
         resp = self.client.update_secret(
             SecretId=self.basepath,
-            SecretBinary=_dump_value(
-                # ensure key-value that has bytes is converted to text
-                {k: safe_value(v) for k, v in data.items()}
-            ),
+            SecretBinary=_dump_value(payload),
         )
         return bool(resp)