def update_secret(self, __trigger_value_change: bool,
old_secret: GCPSecret, new_secret: GCPSecret):
'''
Process the update of an gcpsecrets resource
'''
if old_secret.get_path() != new_secret.get_path():
self.delete_secret(old_secret)
self.create_secret(new_secret)
elif __trigger_value_change:
self.__add_secret_version(new_secret)
def delete_secret(self, secret: GCPSecret):
'''
Process the deletion of an gcpsecrets resource
'''
path = self.__client.secret_path(self.__project_id, secret.get_path())
self.__client.delete_secret(request={"name": path})
def __add_secret_version(self, secret: GCPSecret):
'''
Create a new version for the secret using the new values
'''
response = self.__client.add_secret_version(
request={
"parent":
self.__client.secret_path(self.__project_id,
secret.get_path()),
"payload": {
"data":
json.dumps(secret.get_creation_values()).encode('utf-8')
}
})
# Print the new secret version name.
print(f'Added secret version: {response.name}')
def create_secret(self, secret: GCPSecret):
'''
Process the creation of an gcpsecrets resource
'''
# Build a dict of settings for the secret
secret_metadata = {'replication': secret.get_replication()}
# Create the secret
try:
self.__client.create_secret(
secret_id=secret.get_path(),
parent=f"projects/{ self.__project_id }",
secret=secret_metadata)
except api_core.exceptions.AlreadyExists as e:
raise ESKException(409, "Path already exists")
self.__add_secret_version(secret)
def get_secret(self, secret: GCPSecret) -> dict:
'''
Get the secret from the backend and return as json
'''
path = self.__client.secret_path(self.__project_id, secret.get_path())
response = self.__client.access_secret_version(
request={"name": f"{ path }/versions/latest"})
return json.loads(response.payload.data.decode("UTF-8"))
def create_secret(self, secret: GCPSecret):
'''
Process the creation of an gcpsecrets resource
'''
# Build a dict of settings for the secret
secret = {'replication': {'automatic': {}}}
# Create the secret
self.__client.create_secret(secret_id=secret.get_path(),
parent=f"projects/{ self.__project_id }",
secret=secret)
self.__add_secret_version(secret)
def get_object(self, name, namespace, path, values, config):
return GCPSecret(name, namespace, path, values, **config)