def CreateOrReplaceSourcesSecret(self, namespace_ref, product_type): """Create or replace the namespaces' sources secret. Retrieves default sources secret 'google-cloud-sources-key' from cloud-run-events and copies into secret 'google-cloud-key' into target namespace. Args: namespace_ref: googlecloudsdk.core.resources.Resource, namespace resource product_type: Enum, specifies which namespace to target. Returns: None """ control_plane_namespace = ( events_constants.ControlPlaneNamespaceFromProductType(product_type) ) messages = self._core_client.MESSAGES_MODULE default_secret_full_name = 'namespaces/{}/secrets/{}'.format( control_plane_namespace, _DEFAULT_SOURCES_KEY) secret_ref = resources.REGISTRY.Parse( SOURCES_KEY, params={'namespacesId': namespace_ref.Name()}, collection=_SECRET_COLLECTION, api_version='v1') # Retrieve default sources secret. try: request = messages.AnthoseventsApiV1NamespacesSecretsGetRequest( name=default_secret_full_name) response = self._core_client.api_v1_namespaces_secrets.Get(request) except api_exceptions.HttpNotFoundError: raise exceptions.SecretNotFound( 'Secret [{}] not found in namespace [{}].'.format( _DEFAULT_SOURCES_KEY, control_plane_namespace)) existing_secret_obj = secret.Secret(response, messages) secret_obj = secret.Secret.New(self._core_client, secret_ref.Parent().Name()) secret_obj.name = secret_ref.Name() secret_obj.data['key.json'] = existing_secret_obj.data['key.json'] try: # Create secret or replace if already exists. request = messages.AnthoseventsApiV1NamespacesSecretsCreateRequest( secret=secret_obj.Message(), parent=secret_ref.Parent().RelativeName()) self._core_client.api_v1_namespaces_secrets.Create(request) except api_exceptions.HttpConflictError: request = messages.AnthoseventsApiV1NamespacesSecretsReplaceSecretRequest( secret=secret_obj.Message(), name=secret_ref.RelativeName()) response = self._core_client.api_v1_namespaces_secrets.ReplaceSecret( request)
def CreateOrReplaceServiceAccountSecret(self, secret_ref, service_account_ref): """Create a new secret or replace an existing one. Secret data contains the key of the given service account. Args: secret_ref: googlecloudsdk.core.resources.Resource, secret resource. service_account_ref: googlecloudsdk.core.resources.Resource, service account whose key will be used to create/replace the secret. Returns: (secret.Secret, googlecloudsdk.core.resources.Resource): tuple of the wrapped Secret resource and a ref to the created service account key. """ secret_obj = secret.Secret.New(self._core_client, secret_ref.Parent().Name()) secret_obj.name = secret_ref.Name() key = iam_util.CreateServiceAccountKey(service_account_ref) secret_obj.data['key.json'] = key.privateKeyData key_ref = resources.REGISTRY.ParseResourceId( _SERVICE_ACCOUNT_KEY_COLLECTION, key.name, {}) messages = self._core_client.MESSAGES_MODULE with metrics.RecordDuration(metric_names.CREATE_OR_REPLACE_SECRET): # Create secret or replace if already exists. try: request = messages.AnthoseventsApiV1NamespacesSecretsCreateRequest( secret=secret_obj.Message(), parent=secret_ref.Parent().RelativeName()) response = self._core_client.api_v1_namespaces_secrets.Create( request) except api_exceptions.HttpConflictError: request = messages.AnthoseventsApiV1NamespacesSecretsReplaceSecretRequest( secret=secret_obj.Message(), name=secret_ref.RelativeName()) response = self._core_client.api_v1_namespaces_secrets.ReplaceSecret( request) return secret.Secret(response, messages), key_ref