def CreateOrReplaceSourcesSecret(self, namespace_ref, product_type):
"""Create or replace the namespaces' sources secret.
Retrieves default sources secret 'google-cloud-sources-key' from
cloud-run-events and copies into secret 'google-cloud-key' into target
namespace.
Args:
namespace_ref: googlecloudsdk.core.resources.Resource, namespace resource
product_type: Enum, specifies which namespace to target.
Returns:
None
"""
control_plane_namespace = (
events_constants.ControlPlaneNamespaceFromProductType(product_type)
)
messages = self._core_client.MESSAGES_MODULE
default_secret_full_name = 'namespaces/{}/secrets/{}'.format(
control_plane_namespace, _DEFAULT_SOURCES_KEY)
secret_ref = resources.REGISTRY.Parse(
SOURCES_KEY,
params={'namespacesId': namespace_ref.Name()},
collection=_SECRET_COLLECTION,
api_version='v1')
# Retrieve default sources secret.
try:
request = messages.AnthoseventsApiV1NamespacesSecretsGetRequest(
name=default_secret_full_name)
response = self._core_client.api_v1_namespaces_secrets.Get(request)
except api_exceptions.HttpNotFoundError:
raise exceptions.SecretNotFound(
'Secret [{}] not found in namespace [{}].'.format(
_DEFAULT_SOURCES_KEY, control_plane_namespace))
existing_secret_obj = secret.Secret(response, messages)
secret_obj = secret.Secret.New(self._core_client,
secret_ref.Parent().Name())
secret_obj.name = secret_ref.Name()
secret_obj.data['key.json'] = existing_secret_obj.data['key.json']
try:
# Create secret or replace if already exists.
request = messages.AnthoseventsApiV1NamespacesSecretsCreateRequest(
secret=secret_obj.Message(),
parent=secret_ref.Parent().RelativeName())
self._core_client.api_v1_namespaces_secrets.Create(request)
except api_exceptions.HttpConflictError:
request = messages.AnthoseventsApiV1NamespacesSecretsReplaceSecretRequest(
secret=secret_obj.Message(), name=secret_ref.RelativeName())
response = self._core_client.api_v1_namespaces_secrets.ReplaceSecret(
request)
def CreateOrReplaceServiceAccountSecret(self, secret_ref,
service_account_ref):
"""Create a new secret or replace an existing one.
Secret data contains the key of the given service account.
Args:
secret_ref: googlecloudsdk.core.resources.Resource, secret resource.
service_account_ref: googlecloudsdk.core.resources.Resource, service
account whose key will be used to create/replace the secret.
Returns:
(secret.Secret, googlecloudsdk.core.resources.Resource): tuple of the
wrapped Secret resource and a ref to the created service account key.
"""
secret_obj = secret.Secret.New(self._core_client,
secret_ref.Parent().Name())
secret_obj.name = secret_ref.Name()
key = iam_util.CreateServiceAccountKey(service_account_ref)
secret_obj.data['key.json'] = key.privateKeyData
key_ref = resources.REGISTRY.ParseResourceId(
_SERVICE_ACCOUNT_KEY_COLLECTION, key.name, {})
messages = self._core_client.MESSAGES_MODULE
with metrics.RecordDuration(metric_names.CREATE_OR_REPLACE_SECRET):
# Create secret or replace if already exists.
try:
request = messages.AnthoseventsApiV1NamespacesSecretsCreateRequest(
secret=secret_obj.Message(),
parent=secret_ref.Parent().RelativeName())
response = self._core_client.api_v1_namespaces_secrets.Create(
request)
except api_exceptions.HttpConflictError:
request = messages.AnthoseventsApiV1NamespacesSecretsReplaceSecretRequest(
secret=secret_obj.Message(),
name=secret_ref.RelativeName())
response = self._core_client.api_v1_namespaces_secrets.ReplaceSecret(
request)
return secret.Secret(response, messages), key_ref
