arazzo: 1.0.1
info:
  title: Amazon Secrets Manager Restore Deleted Secret
  summary: Cancel the scheduled deletion of a secret with RestoreSecret, then describe it to confirm the DeletedDate was cleared.
  description: >-
    The recovery pattern. When a secret was scheduled for deletion in error,
    this workflow calls RestoreSecret to remove the DeletedDate timestamp and
    bring the secret back into service, then calls DescribeSecret to confirm the
    secret is active again and no deletion is pending. Every step inlines the
    AWS JSON 1.1 X-Amz-Target header and request payload so the flow is
    self-describing.
  version: 1.0.0
sourceDescriptions:
- name: secretsManagerApi
  url: ../openapi/amazon-secrets-manager-openapi.yml
  type: openapi
workflows:
- workflowId: restore-deleted-secret
  summary: Restore a secret scheduled for deletion and confirm it is active again.
  description: >-
    Calls RestoreSecret to cancel the scheduled deletion of a secret, then calls
    DescribeSecret to verify the secret is recoverable and active.
  inputs:
    type: object
    required:
    - SecretId
    properties:
      SecretId:
        type: string
        description: The ARN or name of the secret to restore.
  steps:
  - stepId: restoreSecret
    description: >-
      Cancel the scheduled deletion of the secret by removing its DeletedDate
      timestamp.
    operationId: RestoreSecret
    parameters:
    - name: X-Amz-Target
      in: header
      value: secretsmanager.RestoreSecret
    requestBody:
      contentType: application/x-amz-json-1.1
      payload:
        SecretId: $inputs.SecretId
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      secretArn: $response.body#/ARN
      secretName: $response.body#/Name
  - stepId: describeSecret
    description: >-
      Read the restored secret's metadata to confirm it is active and no
      deletion is pending.
    operationId: DescribeSecret
    parameters:
    - name: X-Amz-Target
      in: header
      value: secretsmanager.DescribeSecret
    requestBody:
      contentType: application/x-amz-json-1.1
      payload:
        SecretId: $steps.restoreSecret.outputs.secretArn
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      restoredArn: $response.body#/ARN
      deletedDate: $response.body#/DeletedDate
      lastChangedDate: $response.body#/LastChangedDate
  outputs:
    restoredArn: $steps.describeSecret.outputs.restoredArn
    secretName: $steps.restoreSecret.outputs.secretName
    deletedDate: $steps.describeSecret.outputs.deletedDate