def Run(self, args):
secret_ref = args.CONCEPTS.secret.Parse()
data = secrets_util.ReadFileOrStdin(args.data_file)
# Differentiate between the flag being provided with an empty value and the
# flag being omitted. See b/138796299 for info.
if args.data_file == '': # pylint: disable=g-explicit-bool-comparison
raise exceptions.BadFileException(self.EMPTY_DATA_FILE_MESSAGE)
data_crc32c = crc32c.get_crc32c(data)
version = secrets_api.Secrets().AddVersion(
secret_ref, data, crc32c.get_checksum(data_crc32c))
version_ref = secrets_args.ParseVersionRef(version.name)
secrets_log.Versions().Created(version_ref)
return version
def Run(self, args):
secret_ref = args.CONCEPTS.secret.Parse()
data = secrets_util.ReadFileOrStdin(args.data_file)
# Differentiate between the flag being provided with an empty value and the
# flag being omitted. See b/138796299 for info.
if args.data_file == '': # pylint: disable=g-explicit-bool-comparison
raise exceptions.BadFileException(self.EMPTY_DATA_FILE_MESSAGE)
data_crc32c = crc32c.get_crc32c(data)
version = secrets_api.Secrets().AddVersion(
secret_ref, data, crc32c.get_checksum(data_crc32c))
version_ref = secrets_args.ParseVersionRef(version.name)
secrets_log.Versions().Created(version_ref)
if not version.clientSpecifiedPayloadChecksum:
raise exceptions.HttpException(
'Version created but payload data corruption may have occurred, '
'please destroy the created version, and retry. See also '
'https://cloud.google.com/secret-manager/docs/data-integrity.')
return version
def _get_output(self, digesters, api_download_result):
"""Generates task.Output from download execution results.
Args:
digesters (dict): Contains hash objects for download checksums.
api_download_result (cloud_api.DownloadApiClientReturnValue|None): Generic
information from API client about the download results.
Returns:
task.Output: Data the parent download or finalize download class would
like to have.
"""
messages = []
if hash_util.HashAlgorithm.MD5 in digesters:
md5_digest = hash_util.get_base64_hash_digest_string(
digesters[hash_util.HashAlgorithm.MD5])
messages.append(
task.Message(topic=task.Topic.MD5, payload=md5_digest))
if hash_util.HashAlgorithm.CRC32C in digesters:
crc32c_checksum = crc32c.get_checksum(
digesters[hash_util.HashAlgorithm.CRC32C])
messages.append(
task.Message(topic=task.Topic.CRC32C,
payload={
'component_number': self._component_number,
'crc32c_checksum': crc32c_checksum,
'length': self._length,
}))
if (api_download_result and self._user_request_args
and self._user_request_args.system_posix_data):
messages.append(
task.Message(topic=task.Topic.API_DOWNLOAD_RESULT,
payload=api_download_result))
return task.Output(additional_task_iterators=None, messages=messages)
def Run(self, args):
messages = secrets_api.GetMessages()
secret_ref = args.CONCEPTS.secret.Parse()
data = secrets_util.ReadFileOrStdin(args.data_file)
replication_policy_contents = secrets_util.ReadFileOrStdin(
args.replication_policy_file, is_binary=False)
labels = labels_util.ParseCreateArgs(args, messages.Secret.LabelsValue)
replication_policy = args.replication_policy
locations = args.locations
kms_keys = []
if args.replication_policy_file and args.replication_policy:
raise exceptions.ConflictingArgumentsException(
self.POLICY_AND_POLICY_FILE_MESSAGE)
if args.replication_policy_file and args.locations:
raise exceptions.ConflictingArgumentsException(
self.LOCATIONS_AND_POLICY_FILE_MESSAGE)
if args.replication_policy_file and args.kms_key_name:
raise exceptions.ConflictingArgumentsException(
self.KMS_KEY_AND_POLICY_FILE_MESSAGE)
if args.kms_key_name:
kms_keys.append(args.kms_key_name)
if args.replication_policy_file:
if not replication_policy_contents:
raise exceptions.InvalidArgumentException(
'replication-policy',
self.REPLICATION_POLICY_FILE_EMPTY_MESSAGE)
replication_policy, locations, kms_keys = secrets_util.ParseReplicationFileContents(
replication_policy_contents)
else:
if not replication_policy:
replication_policy = properties.VALUES.secrets.replication_policy.Get(
)
default_to_automatic = replication_policy is None
if default_to_automatic:
replication_policy = 'automatic'
if replication_policy not in {'user-managed', 'automatic'}:
if args.replication_policy:
raise exceptions.InvalidArgumentException(
'replication-policy', self.INVALID_POLICY_MESSAGE)
raise exceptions.InvalidArgumentException(
'replication-policy', self.INVALID_POLICY_PROP_MESSAGE)
if replication_policy == 'user-managed' and kms_keys:
raise exceptions.InvalidArgumentException(
'kms-key-name', self.KMS_KEY_AND_USER_MANAGED_MESSAGE)
if not locations:
# if locations weren't given, try to get them from properties
locations = properties.VALUES.secrets.locations.Get()
if locations:
locations = locations.split(',')
if replication_policy == 'user-managed' and not locations:
raise exceptions.RequiredArgumentException(
'locations', self.MANAGED_BUT_NO_LOCATIONS_MESSAGE)
if replication_policy == 'automatic':
if args.locations:
# check args.locations separately from locations because we have
# different error messages depending on whether the user used the
# --locations flag or the secrets/locations property
if args.replication_policy:
raise exceptions.InvalidArgumentException(
'locations', self.AUTOMATIC_AND_LOCATIONS_MESSAGE)
if default_to_automatic:
raise exceptions.InvalidArgumentException(
'locations', self.NO_POLICY_AND_LOCATIONS_MESSAGE)
raise exceptions.InvalidArgumentException(
'locations', self.AUTOMATIC_PROP_AND_LOCATIONS_MESSAGE)
if locations:
raise exceptions.InvalidArgumentException(
'replication-policy',
self.AUTOMATIC_AND_LOCATIONS_PROP_MESSAGE)
locations = []
# Differentiate between the flag being provided with an empty value and the
# flag being omitted. See b/138796299 for info.
if args.data_file == '': # pylint: disable=g-explicit-bool-comparison
raise exceptions.BadFileException(self.EMPTY_DATA_FILE_MESSAGE)
if args.expire_time:
msg = self.CONFIRM_EXPIRE_TIME_MESSAGE.format(
expire_time=args.expire_time)
console_io.PromptContinue(msg,
throw_if_unattended=True,
cancel_on_no=True)
if args.ttl:
msg = self.CONFIRM_TTL_MESSAGE.format(ttl=args.ttl)
console_io.PromptContinue(msg,
throw_if_unattended=True,
cancel_on_no=True)
# Create the secret
response = secrets_api.Secrets().Create(
secret_ref,
labels=labels,
locations=locations,
policy=replication_policy,
expire_time=args.expire_time,
ttl=args.ttl,
keys=kms_keys,
next_rotation_time=args.next_rotation_time,
rotation_period=args.rotation_period,
topics=args.topics)
if data:
data_crc32c = crc32c.get_crc32c(data)
version = secrets_api.Secrets().AddVersion(
secret_ref, data, crc32c.get_checksum(data_crc32c))
version_ref = secrets_args.ParseVersionRef(version.name)
secrets_log.Versions().Created(version_ref)
else:
secrets_log.Secrets().Created(secret_ref)
return response