def Run(self, args): replication_policy_contents = secrets_util.ReadFileOrStdin( args.replication_policy_file, is_binary=False) secret_ref = args.CONCEPTS.secret.Parse() if not replication_policy_contents: raise exceptions.InvalidArgumentException( 'replication-policy', self.REPLICATION_POLICY_FILE_EMPTY_MESSAGE) policy, locations, kms_keys = secrets_util.ParseReplicationFileContents( replication_policy_contents) # Attempt to get the secret secret = secrets_api.Secrets().GetOrNone(secret_ref) # Secret does not exist if secret is None: raise exceptions.InvalidArgumentException( 'secret', self.SECRET_MISSING_MESSAGE.format(secret=secret_ref.Name())) secret = secrets_api.Secrets().SetReplication(secret_ref, policy, locations, kms_keys) secrets_log.Secrets().UpdatedReplication(secret_ref) return secret
def _SetKmsKey(self, secret_ref, secret, kms_key, location): if secret.replication.automatic: if location: raise exceptions.BadArgumentException( 'location', self.LOCATION_AND_AUTOMATIC_MESSAGE) updated_secret = secrets_api.Secrets().SetReplication( secret_ref, 'automatic', [], [kms_key]) secrets_log.Secrets().UpdatedReplication(secret_ref) return updated_secret if secret.replication.userManaged and secret.replication.userManaged.replicas: if not location: raise exceptions.RequiredArgumentException( 'location', self.LOCATION_REQUIRED_MESSAGE) locations = [] keys = [] found_location = False for replica in secret.replication.userManaged.replicas: if not replica.location: raise exceptions.ToolException(self.MISCONFIGURED_REPLICATION_MESSAGE) locations.append(replica.location) if location == replica.location: found_location = True keys.append(kms_key) elif replica.customerManagedEncryption and replica.customerManagedEncryption.kmsKeyName: keys.append(replica.customerManagedEncryption.kmsKeyName) if not found_location: raise exceptions.InvalidArgumentException( 'location', self.LOCATION_NOT_IN_POLICY_MESSAGE) if len(locations) != len(keys): raise exceptions.ToolException(self.PARTIALLY_CMEK_MESSAGE) updated_secret = secrets_api.Secrets().SetReplication( secret_ref, 'user-managed', locations, keys) secrets_log.Secrets().UpdatedReplication(secret_ref) return updated_secret raise exceptions.ToolException(self.MISCONFIGURED_REPLICATION_MESSAGE)
def _RunUpdate(self, original, args): messages = secrets_api.GetMessages() secret_ref = args.CONCEPTS.secret.Parse() # Collect the list of update masks update_mask = [] labels_diff = labels_util.Diff.FromUpdateArgs(args) if labels_diff.MayHaveUpdates(): update_mask.append('labels') # Validations if not update_mask: raise exceptions.InvalidArgumentException( 'labels', self.NO_CHANGES_MESSAGE.format(secret=secret_ref.Name())) labels_update = labels_diff.Apply(messages.Secret.LabelsValue, original.labels) labels = original.labels if labels_update.needs_update: labels = labels_update.labels secret = secrets_api.Secrets().Update(secret_ref=secret_ref, labels=labels, update_mask=update_mask) secrets_log.Secrets().Updated(secret_ref) return secret
def Run(self, args): messages = secrets_api.GetMessages() secret_ref = args.CONCEPTS.secret.Parse() # List all secret versions and parse their refs versions = secrets_api.Versions().ListWithPager(secret_ref=secret_ref, limit=9999) version_refs = [] for version in versions: if version.state != messages.SecretVersion.StateValueValuesEnum.DESTROYED: version_ref = secrets_args.ParseVersionRef(version.name) version_refs.append(version_ref) msg = self.CONFIRM_DELETE_MESSAGE.format( secret=secret_ref.Name(), num_versions=len(version_refs)) console_io.PromptContinue(msg, throw_if_unattended=True, cancel_on_no=True) for version_ref in version_refs: secrets_api.Versions().Destroy(version_ref) secrets_log.Versions().Destroyed(version_ref) result = secrets_api.Secrets().Delete(secret_ref) secrets_log.Secrets().Deleted(secret_ref) return result
def Run(self, args): messages = secrets_api.GetMessages( version=secrets_util.GetVersionFromReleasePath( self.ReleaseTrack())) secret_ref = args.CONCEPTS.secret.Parse() # List all secret versions and parse their refs versions = secrets_api.Versions( version=secrets_util.GetVersionFromReleasePath( self.ReleaseTrack())).ListWithPager(secret_ref=secret_ref, limit=9999) active_version_count = 0 for version in versions: if version.state != messages.SecretVersion.StateValueValuesEnum.DESTROYED: active_version_count += 1 msg = self.CONFIRM_DELETE_MESSAGE.format( secret=secret_ref.Name(), num_versions=active_version_count) console_io.PromptContinue(msg, throw_if_unattended=True, cancel_on_no=True) result = secrets_api.Secrets( version=secrets_util.GetVersionFromReleasePath( self.ReleaseTrack())).Delete(secret_ref) secrets_log.Secrets().Deleted(secret_ref) return result
def Run(self, args): secret_ref = args.CONCEPTS.secret.Parse() if not args.remove_cmek and not args.set_kms_key: raise calliope_exceptions.MinimumArgumentException( ['--remove-cmek', '--set-kms-key']) if args.remove_cmek and args.set_kms_key: raise calliope_exceptions.ConflictingArgumentsException( self.REMOVE_AND_SET_CMEK_MESSAGE) if args.remove_cmek and args.location: raise calliope_exceptions.ConflictingArgumentsException( self.REMOVE_CMEK_AND_LOCATION_MESSAGE) # args.set_kms_key without args.location is allowed only if the secret has # a single replica. # Attempt to get the secret secret = secrets_api.Secrets().GetOrNone(secret_ref) # Secret does not exist if secret is None: raise calliope_exceptions.InvalidArgumentException( 'secret', self.SECRET_MISSING_MESSAGE.format(secret=secret_ref.Name())) if args.remove_cmek: return self._RemoveCmek(secret_ref, secret) return self._SetKmsKey(secret_ref, secret, args.set_kms_key, args.location)
def _RemoveCmek(self, secret_ref, secret): if secret.replication.automatic: updated_secret = secrets_api.Secrets().SetReplication( secret_ref, 'automatic', [], []) secrets_log.Secrets().UpdatedReplication(secret_ref) return updated_secret if secret.replication.userManaged and secret.replication.userManaged.replicas: locations = [] for replica in secret.replication.userManaged.replicas: if not replica.location: raise exceptions.ToolException(self.MISCONFIGURED_REPLICATION_MESSAGE) locations.append(replica.location) updated_secret = secrets_api.Secrets().SetReplication( secret_ref, 'user-managed', locations, []) secrets_log.Secrets().UpdatedReplication(secret_ref) return updated_secret raise exceptions.ToolException(self.MISCONFIGURED_REPLICATION_MESSAGE)
def Run(self, args): project_ref = args.CONCEPTS.project.Parse() if not project_ref: raise exceptions.RequiredArgumentException( 'project', 'Please set a project with "--project" flag or "gcloud config set project <project_id>".' ) return secrets_api.Secrets().ListWithPager(project_ref=project_ref, limit=args.limit)
def Run(self, args): messages = secrets_api.GetMessages() secret_ref = args.CONCEPTS.secret.Parse() data = secrets_util.ReadFileOrStdin(args.data_file) labels = labels_util.ParseCreateArgs(args, messages.Secret.LabelsValue) # Create the secret response = secrets_api.Secrets().Create( secret_ref, labels=labels, locations=args.locations) # Create the version if data was given if data: version = secrets_api.Secrets().SetData(secret_ref, data) version_ref = secrets_args.ParseVersionRef(version.name) secrets_log.Versions().Created(version_ref) else: secrets_log.Secrets().Created(secret_ref) return response
def Run(self, args): secret_ref = args.CONCEPTS.secret.Parse() secret = secrets_api.Secrets().GetOrNone(secret_ref) # Secret does not exist if secret is None: raise exceptions.InvalidArgumentException( 'secret', self.SECRET_MISSING_MESSAGE.format(secret=secret_ref.Name())) return secret.replication
def _RunUpdate(self, original, args): messages = secrets_api.GetMessages() secret_ref = args.CONCEPTS.secret.Parse() data = secrets_util.ReadFileOrStdin(args.data_file) # Collect the list of update masks update_mask = [] labels_diff = labels_util.Diff.FromUpdateArgs(args) if labels_diff.MayHaveUpdates(): update_mask.append('labels') locations = args.locations if locations: update_mask.append('policy.replicaLocations') update_mask.sort() # Validations if not update_mask and not data: raise exceptions.ToolException( self.NO_CHANGES_MESSAGE.format(secret=secret_ref.Name())) if update_mask: labels = labels_diff.Apply(messages.Secret.LabelsValue, original.labels).GetOrNone() secret = secrets_api.Secrets().Update(secret_ref=secret_ref, locations=args.locations, labels=labels, update_mask=update_mask) secrets_log.Secrets().Updated(secret_ref) if not data: return secret version = secrets_api.Secrets().SetData(secret_ref, data) version_ref = secrets_args.ParseVersionRef(version.name) secrets_log.Versions().Created(version_ref) return version
def Run(self, args): secret_ref = args.CONCEPTS.secret.Parse() # Attempt to get the secret secret = secrets_api.Secrets().GetOrNone(secret_ref) # Secret does not exist if secret is None: raise exceptions.InvalidArgumentException( 'secret', self.SECRET_MISSING_MESSAGE.format(secret=secret_ref.Name())) # The secret exists, update it return self._RunUpdate(secret, args)
def Run(self, args): secret_ref = args.CONCEPTS.secret.Parse() data = secrets_util.ReadFileOrStdin(args.data_file) # Differentiate between the flag being provided with an empty value and the # flag being omitted. See b/138796299 for info. if args.data_file == '': # pylint: disable=g-explicit-bool-comparison raise exceptions.BadFileException(self.EMPTY_DATA_FILE_MESSAGE) version = secrets_api.Secrets().AddVersion(secret_ref, data) version_ref = secrets_args.ParseVersionRef(version.name) secrets_log.Versions().Created(version_ref) return version
def _RunCreate(self, args): messages = secrets_api.GetMessages() secret_ref = args.CONCEPTS.secret.Parse() data = secrets_util.ReadFileOrStdin(args.data_file) locations = args.locations if not locations: raise parser_errors.RequiredError(argument='--locations') labels = labels_util.Diff.FromUpdateArgs(args).Apply( messages.Secret.LabelsValue).GetOrNone() secret = secrets_api.Secrets().Create(secret_ref=secret_ref, labels=labels, locations=locations) secrets_log.Secrets().Created(secret_ref) if not data: return secret version = secrets_api.Secrets().SetData(secret_ref, data) version_ref = secrets_args.ParseVersionRef(version.name) secrets_log.Versions().Created(version_ref) return version
def Run(self, args): messages = secrets_api.GetMessages() secret_ref = args.CONCEPTS.secret.Parse() data = secrets_util.ReadFileOrStdin(args.data_file) labels = labels_util.ParseCreateArgs(args, messages.Secret.LabelsValue) # Differentiate between the flag being provided with an empty value and the # flag being omitted. See b/138796299 for info. if args.data_file == '': # pylint: disable=g-explicit-bool-comparison raise exceptions.ToolException(self.EMPTY_DATA_FILE_MESSAGE) # Create the secret response = secrets_api.Secrets().Create( secret_ref, labels=labels, locations=args.locations) # Create the version if data was given if data: version = secrets_api.Secrets().SetData(secret_ref, data) version_ref = secrets_args.ParseVersionRef(version.name) secrets_log.Versions().Created(version_ref) else: secrets_log.Secrets().Created(secret_ref) return response
def Run(self, args): secret_ref = args.CONCEPTS.secret.Parse() # Attempt to get the secret secret = secrets_api.Secrets().GetOrNone(secret_ref) # Secret does not exist if secret is None: if args.create_if_missing: return self._RunCreate(args) raise exceptions.ToolException( self.CREATE_IF_MISSING_MESSAGE.format( secret=secret_ref.Name())) # The secret exists, update it return self._RunUpdate(secret, args)
def Run(self, args): project_ref = args.CONCEPTS.project.Parse() if not project_ref: raise exceptions.RequiredArgumentException( 'project', 'Please set a project with "--project" flag or "gcloud config set project <project_id>".' ) server_filter = None if args.filter: rewriter = resource_expr_rewrite.Backend() display_info = args.GetDisplayInfo() defaults = resource_projection_spec.ProjectionSpec( symbols=display_info.transforms, aliases=display_info.aliases) _, server_filter = rewriter.Rewrite(args.filter, defaults=defaults) return secrets_api.Secrets().ListWithPager( project_ref=project_ref, limit=args.limit, request_filter=server_filter)
def Run(self, args): secret_ref = args.CONCEPTS.secret.Parse() data = secrets_util.ReadFileOrStdin(args.data_file) # Differentiate between the flag being provided with an empty value and the # flag being omitted. See b/138796299 for info. if args.data_file == '': # pylint: disable=g-explicit-bool-comparison raise exceptions.BadFileException(self.EMPTY_DATA_FILE_MESSAGE) data_crc32c = crc32c.get_crc32c(data) version = secrets_api.Secrets().AddVersion( secret_ref, data, crc32c.get_checksum(data_crc32c)) version_ref = secrets_args.ParseVersionRef(version.name) secrets_log.Versions().Created(version_ref) if not version.clientSpecifiedPayloadChecksum: raise exceptions.HttpException( 'Version created but payload data corruption may have occurred, ' 'please destroy the created version, and retry. See also ' 'https://cloud.google.com/secret-manager/docs/data-integrity.') return version
def Run(self, args): secret_ref = args.CONCEPTS.secret.Parse() # Differentiate between the flag being provided with an empty value and the # flag being omitted. See b/138796299 for info. if args.data_file == '': # pylint: disable=g-explicit-bool-comparison raise exceptions.ToolException(self.EMPTY_DATA_FILE_MESSAGE) # Attempt to get the secret secret = secrets_api.Secrets().GetOrNone(secret_ref) # Secret does not exist if secret is None: if args.create_if_missing: return self._RunCreate(args) raise exceptions.ToolException( self.CREATE_IF_MISSING_MESSAGE.format( secret=secret_ref.Name())) # The secret exists, update it return self._RunUpdate(secret, args)
def Run(self, args): secret_ref = args.CONCEPTS.secret.Parse() secret = secrets_api.Secrets().Get(secret_ref) return secret
def Run(self, args): messages = secrets_api.GetMessages() secret_ref = args.CONCEPTS.secret.Parse() data = secrets_util.ReadFileOrStdin(args.data_file) labels = labels_util.ParseCreateArgs(args, messages.Secret.LabelsValue) replication_policy = args.replication_policy if not replication_policy: replication_policy = properties.VALUES.secrets.replication_policy.Get( ) if not replication_policy: raise exceptions.RequiredArgumentException( 'replication-policy', self.MISSING_POLICY_MESSAGE) if replication_policy not in {'user-managed', 'automatic'}: if args.replication_policy: raise exceptions.InvalidArgumentException( 'replication-policy', self.INVALID_POLICY_MESSAGE) raise exceptions.InvalidArgumentException( 'replication-policy', self.INVALID_POLICY_PROP_MESSAGE) locations = args.locations if not locations: # if locations weren't given, try to get them from properties locations = properties.VALUES.secrets.locations.Get() if locations: locations = locations.split(',') if replication_policy == 'user-managed' and not locations: raise exceptions.RequiredArgumentException( 'locations', self.MANAGED_BUT_NO_LOCATIONS_MESSAGE) if replication_policy == 'automatic': if args.locations: # check args.locations separately from locations because we have # different error messages depending on whether the user used the # --locations flag or the secrets/locations property if args.replication_policy: raise exceptions.InvalidArgumentException( 'locations', self.AUTOMATIC_AND_LOCATIONS_MESSAGE) raise exceptions.InvalidArgumentException( 'locations', self.AUTOMATIC_PROP_AND_LOCATIONS_MESSAGE) if locations: raise exceptions.InvalidArgumentException( 'replication-policy', self.AUTOMATIC_AND_LOCATIONS_PROP_MESSAGE) locations = [] # Differentiate between the flag being provided with an empty value and the # flag being omitted. See b/138796299 for info. if args.data_file == '': # pylint: disable=g-explicit-bool-comparison raise exceptions.BadFileException(self.EMPTY_DATA_FILE_MESSAGE) # Create the secret response = secrets_api.Secrets().Create(secret_ref, labels=labels, locations=locations, policy=replication_policy) if data: version = secrets_api.Secrets().AddVersion(secret_ref, data) version_ref = secrets_args.ParseVersionRef(version.name) secrets_log.Versions().Created(version_ref) else: secrets_log.Secrets().Created(secret_ref) return response
def _RunUpdate(self, original, args): messages = secrets_api.GetMessages() secret_ref = args.CONCEPTS.secret.Parse() # Collect the list of update masks update_mask = [] labels_diff = labels_util.Diff.FromUpdateArgs(args) if labels_diff.MayHaveUpdates(): update_mask.append('labels') if args.IsSpecified('ttl'): update_mask.append('ttl') if args.IsSpecified('expire_time') or args.IsSpecified('remove_expiration'): update_mask.append('expire_time') if args.IsSpecified('add_topics') or args.IsSpecified( 'remove_topics') or args.IsSpecified('clear_topics'): update_mask.append('topics') # Validations if not update_mask: raise exceptions.MinimumArgumentException([ '--clear-labels', '--remove-labels', '--update-labels', '--ttl', '--expire-time', '--remove-expiration', '--clear-topics', '--remove-topics', '--add-topics' ], self.NO_CHANGES_MESSAGE.format(secret=secret_ref.Name())) labels_update = labels_diff.Apply(messages.Secret.LabelsValue, original.labels) labels = original.labels if labels_update.needs_update: labels = labels_update.labels if 'topics' in update_mask: topics = secrets_util.ApplyTopicsUpdate(args, original.topics) else: topics = [] if args.expire_time: msg = self.CONFIRM_EXPIRE_TIME_MESSAGE.format( expire_time=args.expire_time) console_io.PromptContinue( msg, throw_if_unattended=True, cancel_on_no=True) if args.ttl: msg = self.CONFIRM_TTL_MESSAGE.format(ttl=args.ttl) console_io.PromptContinue( msg, throw_if_unattended=True, cancel_on_no=True) secret = secrets_api.Secrets().Update( secret_ref=secret_ref, labels=labels, update_mask=update_mask, expire_time=args.expire_time, ttl=args.ttl, topics=topics) secrets_log.Secrets().Updated(secret_ref) return secret
def Run(self, args): project_ref = args.CONCEPTS.project.Parse() return secrets_api.Secrets().ListWithPager( project_ref=project_ref, limit=args.limit)
def Run(self, args): secret_ref = args.CONCEPTS.secret.Parse() secret = secrets_api.Secrets( version=secrets_util.GetVersionFromReleasePath( self.ReleaseTrack())).Get(secret_ref) return secret
def Run(self, args): messages = secrets_api.GetMessages() secret_ref = args.CONCEPTS.secret.Parse() data = secrets_util.ReadFileOrStdin(args.data_file) replication_policy_contents = secrets_util.ReadFileOrStdin( args.replication_policy_file, is_binary=False) labels = labels_util.ParseCreateArgs(args, messages.Secret.LabelsValue) replication_policy = args.replication_policy locations = args.locations kms_keys = [] if args.replication_policy_file and args.replication_policy: raise exceptions.ConflictingArgumentsException( self.POLICY_AND_POLICY_FILE_MESSAGE) if args.replication_policy_file and args.locations: raise exceptions.ConflictingArgumentsException( self.LOCATIONS_AND_POLICY_FILE_MESSAGE) if args.replication_policy_file and args.kms_key_name: raise exceptions.ConflictingArgumentsException( self.KMS_KEY_AND_POLICY_FILE_MESSAGE) if args.kms_key_name: kms_keys.append(args.kms_key_name) if args.replication_policy_file: if not replication_policy_contents: raise exceptions.InvalidArgumentException( 'replication-policy', self.REPLICATION_POLICY_FILE_EMPTY_MESSAGE) replication_policy, locations, kms_keys = secrets_util.ParseReplicationFileContents( replication_policy_contents) else: if not replication_policy: replication_policy = properties.VALUES.secrets.replication_policy.Get( ) default_to_automatic = replication_policy is None if default_to_automatic: replication_policy = 'automatic' if replication_policy not in {'user-managed', 'automatic'}: if args.replication_policy: raise exceptions.InvalidArgumentException( 'replication-policy', self.INVALID_POLICY_MESSAGE) raise exceptions.InvalidArgumentException( 'replication-policy', self.INVALID_POLICY_PROP_MESSAGE) if replication_policy == 'user-managed' and kms_keys: raise exceptions.InvalidArgumentException( 'kms-key-name', self.KMS_KEY_AND_USER_MANAGED_MESSAGE) if not locations: # if locations weren't given, try to get them from properties locations = properties.VALUES.secrets.locations.Get() if locations: locations = locations.split(',') if replication_policy == 'user-managed' and not locations: raise exceptions.RequiredArgumentException( 'locations', self.MANAGED_BUT_NO_LOCATIONS_MESSAGE) if replication_policy == 'automatic': if args.locations: # check args.locations separately from locations because we have # different error messages depending on whether the user used the # --locations flag or the secrets/locations property if args.replication_policy: raise exceptions.InvalidArgumentException( 'locations', self.AUTOMATIC_AND_LOCATIONS_MESSAGE) if default_to_automatic: raise exceptions.InvalidArgumentException( 'locations', self.NO_POLICY_AND_LOCATIONS_MESSAGE) raise exceptions.InvalidArgumentException( 'locations', self.AUTOMATIC_PROP_AND_LOCATIONS_MESSAGE) if locations: raise exceptions.InvalidArgumentException( 'replication-policy', self.AUTOMATIC_AND_LOCATIONS_PROP_MESSAGE) locations = [] # Differentiate between the flag being provided with an empty value and the # flag being omitted. See b/138796299 for info. if args.data_file == '': # pylint: disable=g-explicit-bool-comparison raise exceptions.BadFileException(self.EMPTY_DATA_FILE_MESSAGE) if args.expire_time: msg = self.CONFIRM_EXPIRE_TIME_MESSAGE.format( expire_time=args.expire_time) console_io.PromptContinue(msg, throw_if_unattended=True, cancel_on_no=True) if args.ttl: msg = self.CONFIRM_TTL_MESSAGE.format(ttl=args.ttl) console_io.PromptContinue(msg, throw_if_unattended=True, cancel_on_no=True) # Create the secret response = secrets_api.Secrets().Create( secret_ref, labels=labels, locations=locations, policy=replication_policy, expire_time=args.expire_time, ttl=args.ttl, keys=kms_keys, next_rotation_time=args.next_rotation_time, rotation_period=args.rotation_period, topics=args.topics) if data: data_crc32c = crc32c.get_crc32c(data) version = secrets_api.Secrets().AddVersion( secret_ref, data, crc32c.get_checksum(data_crc32c)) version_ref = secrets_args.ParseVersionRef(version.name) secrets_log.Versions().Created(version_ref) else: secrets_log.Secrets().Created(secret_ref) return response
def _RunUpdate(self, original, args): messages = secrets_api.GetMessages() secret_ref = args.CONCEPTS.secret.Parse() # Collect the list of update masks update_mask = [] labels_diff = labels_util.Diff.FromUpdateArgs(args) if labels_diff.MayHaveUpdates(): update_mask.append('labels') if args.IsSpecified('ttl'): update_mask.append('ttl') if args.IsSpecified('expire_time') or args.IsSpecified( 'remove_expiration'): update_mask.append('expire_time') if ((args.IsSpecified('next_rotation_time') or args.IsSpecified('remove_next_rotation_time')) or args.IsSpecified('remove_rotation_schedule')): update_mask.append('rotation.next_rotation_time') if ((args.IsSpecified('rotation_period') or args.IsSpecified('remove_rotation_period')) or args.IsSpecified('remove_rotation_schedule')): update_mask.append('rotation.rotation_period') if args.IsSpecified('add_topics') or args.IsSpecified( 'remove_topics') or args.IsSpecified('clear_topics'): update_mask.append('topics') if args.IsSpecified('update_version_aliases') or args.IsSpecified( 'remove_version_aliases') or args.IsSpecified( 'clear_version_aliases'): update_mask.append('version_aliases') # Validations if not update_mask: raise exceptions.MinimumArgumentException([ '--clear-labels', '--remove-labels', '--update-labels', '--ttl', '--expire-time', '--remove-expiration', '--clear-topics', '--remove-topics', '--add-topics', '--update-version-aliases', '--remove-version-aliases', '--clear-version-aliases', '--next-rotation-time', '--remove-next-rotation-time', '--rotation-period', '--remove-rotation-period', '--remove-rotation-schedule' ], self.NO_CHANGES_MESSAGE.format(secret=secret_ref.Name())) labels_update = labels_diff.Apply(messages.Secret.LabelsValue, original.labels) labels = original.labels if labels_update.needs_update: labels = labels_update.labels if args.expire_time: msg = self.CONFIRM_EXPIRE_TIME_MESSAGE.format( expire_time=args.expire_time) console_io.PromptContinue(msg, throw_if_unattended=True, cancel_on_no=True) if args.ttl: msg = self.CONFIRM_TTL_MESSAGE.format(ttl=args.ttl) console_io.PromptContinue(msg, throw_if_unattended=True, cancel_on_no=True) if 'topics' in update_mask: topics = secrets_util.ApplyTopicsUpdate(args, original.topics) else: topics = [] version_aliases = [] if 'version_aliases' in update_mask: version_aliases = [] if original.versionAliases is None: original.versionAliases = messages.Secret.VersionAliasesValue( additionalProperties=[]) version_aliases_dict = secrets_util.ApplyAliasUpdate( args, original.versionAliases.additionalProperties) for alias, version in version_aliases_dict.items(): version_aliases.append( messages.Secret.VersionAliasesValue.AdditionalProperty( key=alias, value=version)) secret = secrets_api.Secrets().Update( secret_ref=secret_ref, labels=labels, version_aliases=version_aliases, update_mask=update_mask, etag=args.etag, expire_time=args.expire_time, ttl=args.ttl, topics=topics, next_rotation_time=args.next_rotation_time, rotation_period=args.rotation_period) secrets_log.Secrets().Updated(secret_ref) return secret