def _step_delete_secret_and_build_delta(
workflow: Workflow, step: Step, param: str
) -> Optional[clientside.Update]:
"""Write a new secret (or `None`) to `step`, or raise.
Return a `clientside.Update`, or `None` if the database is not modified.
Raise Workflow.DoesNotExist if the Workflow was deleted.
"""
with workflow.cooperative_lock(): # raises Workflow.DoesNotExist
try:
step.refresh_from_db()
except Step.DoesNotExist:
return None # no-op
if step.secrets.get(param) is None:
return None # no-op
step.secrets = dict(step.secrets) # shallow copy
del step.secrets[param]
step.save(update_fields=["secrets"])
return clientside.Update(
steps={step.id: clientside.StepUpdate(secrets=step.secret_metadata)}
)
def _step_set_secret_and_build_delta(
workflow: Workflow, step: Step, param: str,
secret: str) -> Optional[clientside.Update]:
"""Write a new secret to `step`, or raise.
Return a `clientside.Update`, or `None` if the database is not modified.
Raise Workflow.DoesNotExist if the Workflow was deleted.
"""
with workflow.cooperative_lock(): # raises Workflow.DoesNotExist
try:
step.refresh_from_db()
except Step.DoesNotExist:
return None # no-op
if step.secrets.get(param, {}).get("secret") == secret:
return None # no-op
try:
module_zipfile = MODULE_REGISTRY.latest(step.module_id_name)
except KeyError:
raise HandlerError(
f"BadRequest: ModuleZipfile {step.module_id_name} does not exist"
)
module_spec = module_zipfile.get_spec()
if not any(p.type == "secret" and p.secret_logic.provider == "string"
for p in module_spec.param_fields):
raise HandlerError(
"BadRequest: param is not a secret string parameter")
created_at = datetime.datetime.now()
created_at_str = (
created_at.strftime("%Y-%m-%dT%H:%M:%S") + "." +
created_at.strftime("%f")[0:3] # milliseconds
+ "Z")
step.secrets = {
**step.secrets,
param: {
"name": created_at_str,
"secret": secret
},
}
step.save(update_fields=["secrets"])
return clientside.Update(
steps={
step.id: clientside.StepUpdate(secrets=step.secret_metadata)
})
