def Run(self, args):
replication_policy_contents = secrets_util.ReadFileOrStdin(
args.replication_policy_file, is_binary=False)
secret_ref = args.CONCEPTS.secret.Parse()
if not replication_policy_contents:
raise exceptions.InvalidArgumentException(
'replication-policy',
self.REPLICATION_POLICY_FILE_EMPTY_MESSAGE)
policy, locations, kms_keys = secrets_util.ParseReplicationFileContents(
replication_policy_contents)
# Attempt to get the secret
secret = secrets_api.Secrets().GetOrNone(secret_ref)
# Secret does not exist
if secret is None:
raise exceptions.InvalidArgumentException(
'secret',
self.SECRET_MISSING_MESSAGE.format(secret=secret_ref.Name()))
secret = secrets_api.Secrets().SetReplication(secret_ref, policy,
locations, kms_keys)
secrets_log.Secrets().UpdatedReplication(secret_ref)
return secret
def _SetKmsKey(self, secret_ref, secret, kms_key, location):
if secret.replication.automatic:
if location:
raise exceptions.BadArgumentException(
'location', self.LOCATION_AND_AUTOMATIC_MESSAGE)
updated_secret = secrets_api.Secrets().SetReplication(
secret_ref, 'automatic', [], [kms_key])
secrets_log.Secrets().UpdatedReplication(secret_ref)
return updated_secret
if secret.replication.userManaged and secret.replication.userManaged.replicas:
if not location:
raise exceptions.RequiredArgumentException(
'location', self.LOCATION_REQUIRED_MESSAGE)
locations = []
keys = []
found_location = False
for replica in secret.replication.userManaged.replicas:
if not replica.location:
raise exceptions.ToolException(self.MISCONFIGURED_REPLICATION_MESSAGE)
locations.append(replica.location)
if location == replica.location:
found_location = True
keys.append(kms_key)
elif replica.customerManagedEncryption and replica.customerManagedEncryption.kmsKeyName:
keys.append(replica.customerManagedEncryption.kmsKeyName)
if not found_location:
raise exceptions.InvalidArgumentException(
'location', self.LOCATION_NOT_IN_POLICY_MESSAGE)
if len(locations) != len(keys):
raise exceptions.ToolException(self.PARTIALLY_CMEK_MESSAGE)
updated_secret = secrets_api.Secrets().SetReplication(
secret_ref, 'user-managed', locations, keys)
secrets_log.Secrets().UpdatedReplication(secret_ref)
return updated_secret
raise exceptions.ToolException(self.MISCONFIGURED_REPLICATION_MESSAGE)
def _RunUpdate(self, original, args):
messages = secrets_api.GetMessages()
secret_ref = args.CONCEPTS.secret.Parse()
# Collect the list of update masks
update_mask = []
labels_diff = labels_util.Diff.FromUpdateArgs(args)
if labels_diff.MayHaveUpdates():
update_mask.append('labels')
# Validations
if not update_mask:
raise exceptions.InvalidArgumentException(
'labels',
self.NO_CHANGES_MESSAGE.format(secret=secret_ref.Name()))
labels_update = labels_diff.Apply(messages.Secret.LabelsValue,
original.labels)
labels = original.labels
if labels_update.needs_update:
labels = labels_update.labels
secret = secrets_api.Secrets().Update(secret_ref=secret_ref,
labels=labels,
update_mask=update_mask)
secrets_log.Secrets().Updated(secret_ref)
return secret
def Run(self, args):
messages = secrets_api.GetMessages()
secret_ref = args.CONCEPTS.secret.Parse()
# List all secret versions and parse their refs
versions = secrets_api.Versions().ListWithPager(secret_ref=secret_ref,
limit=9999)
version_refs = []
for version in versions:
if version.state != messages.SecretVersion.StateValueValuesEnum.DESTROYED:
version_ref = secrets_args.ParseVersionRef(version.name)
version_refs.append(version_ref)
msg = self.CONFIRM_DELETE_MESSAGE.format(
secret=secret_ref.Name(), num_versions=len(version_refs))
console_io.PromptContinue(msg,
throw_if_unattended=True,
cancel_on_no=True)
for version_ref in version_refs:
secrets_api.Versions().Destroy(version_ref)
secrets_log.Versions().Destroyed(version_ref)
result = secrets_api.Secrets().Delete(secret_ref)
secrets_log.Secrets().Deleted(secret_ref)
return result
def Run(self, args):
messages = secrets_api.GetMessages(
version=secrets_util.GetVersionFromReleasePath(
self.ReleaseTrack()))
secret_ref = args.CONCEPTS.secret.Parse()
# List all secret versions and parse their refs
versions = secrets_api.Versions(
version=secrets_util.GetVersionFromReleasePath(
self.ReleaseTrack())).ListWithPager(secret_ref=secret_ref,
limit=9999)
active_version_count = 0
for version in versions:
if version.state != messages.SecretVersion.StateValueValuesEnum.DESTROYED:
active_version_count += 1
msg = self.CONFIRM_DELETE_MESSAGE.format(
secret=secret_ref.Name(), num_versions=active_version_count)
console_io.PromptContinue(msg,
throw_if_unattended=True,
cancel_on_no=True)
result = secrets_api.Secrets(
version=secrets_util.GetVersionFromReleasePath(
self.ReleaseTrack())).Delete(secret_ref)
secrets_log.Secrets().Deleted(secret_ref)
return result
def Run(self, args):
secret_ref = args.CONCEPTS.secret.Parse()
if not args.remove_cmek and not args.set_kms_key:
raise calliope_exceptions.MinimumArgumentException(
['--remove-cmek', '--set-kms-key'])
if args.remove_cmek and args.set_kms_key:
raise calliope_exceptions.ConflictingArgumentsException(
self.REMOVE_AND_SET_CMEK_MESSAGE)
if args.remove_cmek and args.location:
raise calliope_exceptions.ConflictingArgumentsException(
self.REMOVE_CMEK_AND_LOCATION_MESSAGE)
# args.set_kms_key without args.location is allowed only if the secret has
# a single replica.
# Attempt to get the secret
secret = secrets_api.Secrets().GetOrNone(secret_ref)
# Secret does not exist
if secret is None:
raise calliope_exceptions.InvalidArgumentException(
'secret',
self.SECRET_MISSING_MESSAGE.format(secret=secret_ref.Name()))
if args.remove_cmek:
return self._RemoveCmek(secret_ref, secret)
return self._SetKmsKey(secret_ref, secret, args.set_kms_key,
args.location)
def _RemoveCmek(self, secret_ref, secret):
if secret.replication.automatic:
updated_secret = secrets_api.Secrets().SetReplication(
secret_ref, 'automatic', [], [])
secrets_log.Secrets().UpdatedReplication(secret_ref)
return updated_secret
if secret.replication.userManaged and secret.replication.userManaged.replicas:
locations = []
for replica in secret.replication.userManaged.replicas:
if not replica.location:
raise exceptions.ToolException(self.MISCONFIGURED_REPLICATION_MESSAGE)
locations.append(replica.location)
updated_secret = secrets_api.Secrets().SetReplication(
secret_ref, 'user-managed', locations, [])
secrets_log.Secrets().UpdatedReplication(secret_ref)
return updated_secret
raise exceptions.ToolException(self.MISCONFIGURED_REPLICATION_MESSAGE)
def Run(self, args):
project_ref = args.CONCEPTS.project.Parse()
if not project_ref:
raise exceptions.RequiredArgumentException(
'project',
'Please set a project with "--project" flag or "gcloud config set project <project_id>".'
)
return secrets_api.Secrets().ListWithPager(project_ref=project_ref,
limit=args.limit)
def Run(self, args):
messages = secrets_api.GetMessages()
secret_ref = args.CONCEPTS.secret.Parse()
data = secrets_util.ReadFileOrStdin(args.data_file)
labels = labels_util.ParseCreateArgs(args, messages.Secret.LabelsValue)
# Create the secret
response = secrets_api.Secrets().Create(
secret_ref, labels=labels, locations=args.locations)
# Create the version if data was given
if data:
version = secrets_api.Secrets().SetData(secret_ref, data)
version_ref = secrets_args.ParseVersionRef(version.name)
secrets_log.Versions().Created(version_ref)
else:
secrets_log.Secrets().Created(secret_ref)
return response
def Run(self, args):
secret_ref = args.CONCEPTS.secret.Parse()
secret = secrets_api.Secrets().GetOrNone(secret_ref)
# Secret does not exist
if secret is None:
raise exceptions.InvalidArgumentException(
'secret',
self.SECRET_MISSING_MESSAGE.format(secret=secret_ref.Name()))
return secret.replication
def _RunUpdate(self, original, args):
messages = secrets_api.GetMessages()
secret_ref = args.CONCEPTS.secret.Parse()
data = secrets_util.ReadFileOrStdin(args.data_file)
# Collect the list of update masks
update_mask = []
labels_diff = labels_util.Diff.FromUpdateArgs(args)
if labels_diff.MayHaveUpdates():
update_mask.append('labels')
locations = args.locations
if locations:
update_mask.append('policy.replicaLocations')
update_mask.sort()
# Validations
if not update_mask and not data:
raise exceptions.ToolException(
self.NO_CHANGES_MESSAGE.format(secret=secret_ref.Name()))
if update_mask:
labels = labels_diff.Apply(messages.Secret.LabelsValue,
original.labels).GetOrNone()
secret = secrets_api.Secrets().Update(secret_ref=secret_ref,
locations=args.locations,
labels=labels,
update_mask=update_mask)
secrets_log.Secrets().Updated(secret_ref)
if not data:
return secret
version = secrets_api.Secrets().SetData(secret_ref, data)
version_ref = secrets_args.ParseVersionRef(version.name)
secrets_log.Versions().Created(version_ref)
return version
def Run(self, args):
secret_ref = args.CONCEPTS.secret.Parse()
# Attempt to get the secret
secret = secrets_api.Secrets().GetOrNone(secret_ref)
# Secret does not exist
if secret is None:
raise exceptions.InvalidArgumentException(
'secret',
self.SECRET_MISSING_MESSAGE.format(secret=secret_ref.Name()))
# The secret exists, update it
return self._RunUpdate(secret, args)
def Run(self, args):
secret_ref = args.CONCEPTS.secret.Parse()
data = secrets_util.ReadFileOrStdin(args.data_file)
# Differentiate between the flag being provided with an empty value and the
# flag being omitted. See b/138796299 for info.
if args.data_file == '': # pylint: disable=g-explicit-bool-comparison
raise exceptions.BadFileException(self.EMPTY_DATA_FILE_MESSAGE)
version = secrets_api.Secrets().AddVersion(secret_ref, data)
version_ref = secrets_args.ParseVersionRef(version.name)
secrets_log.Versions().Created(version_ref)
return version
def _RunCreate(self, args):
messages = secrets_api.GetMessages()
secret_ref = args.CONCEPTS.secret.Parse()
data = secrets_util.ReadFileOrStdin(args.data_file)
locations = args.locations
if not locations:
raise parser_errors.RequiredError(argument='--locations')
labels = labels_util.Diff.FromUpdateArgs(args).Apply(
messages.Secret.LabelsValue).GetOrNone()
secret = secrets_api.Secrets().Create(secret_ref=secret_ref,
labels=labels,
locations=locations)
secrets_log.Secrets().Created(secret_ref)
if not data:
return secret
version = secrets_api.Secrets().SetData(secret_ref, data)
version_ref = secrets_args.ParseVersionRef(version.name)
secrets_log.Versions().Created(version_ref)
return version
def Run(self, args):
messages = secrets_api.GetMessages()
secret_ref = args.CONCEPTS.secret.Parse()
data = secrets_util.ReadFileOrStdin(args.data_file)
labels = labels_util.ParseCreateArgs(args, messages.Secret.LabelsValue)
# Differentiate between the flag being provided with an empty value and the
# flag being omitted. See b/138796299 for info.
if args.data_file == '': # pylint: disable=g-explicit-bool-comparison
raise exceptions.ToolException(self.EMPTY_DATA_FILE_MESSAGE)
# Create the secret
response = secrets_api.Secrets().Create(
secret_ref, labels=labels, locations=args.locations)
# Create the version if data was given
if data:
version = secrets_api.Secrets().SetData(secret_ref, data)
version_ref = secrets_args.ParseVersionRef(version.name)
secrets_log.Versions().Created(version_ref)
else:
secrets_log.Secrets().Created(secret_ref)
return response
def Run(self, args):
secret_ref = args.CONCEPTS.secret.Parse()
# Attempt to get the secret
secret = secrets_api.Secrets().GetOrNone(secret_ref)
# Secret does not exist
if secret is None:
if args.create_if_missing:
return self._RunCreate(args)
raise exceptions.ToolException(
self.CREATE_IF_MISSING_MESSAGE.format(
secret=secret_ref.Name()))
# The secret exists, update it
return self._RunUpdate(secret, args)
def Run(self, args):
project_ref = args.CONCEPTS.project.Parse()
if not project_ref:
raise exceptions.RequiredArgumentException(
'project',
'Please set a project with "--project" flag or "gcloud config set project <project_id>".'
)
server_filter = None
if args.filter:
rewriter = resource_expr_rewrite.Backend()
display_info = args.GetDisplayInfo()
defaults = resource_projection_spec.ProjectionSpec(
symbols=display_info.transforms, aliases=display_info.aliases)
_, server_filter = rewriter.Rewrite(args.filter, defaults=defaults)
return secrets_api.Secrets().ListWithPager(
project_ref=project_ref, limit=args.limit, request_filter=server_filter)
def Run(self, args):
secret_ref = args.CONCEPTS.secret.Parse()
data = secrets_util.ReadFileOrStdin(args.data_file)
# Differentiate between the flag being provided with an empty value and the
# flag being omitted. See b/138796299 for info.
if args.data_file == '': # pylint: disable=g-explicit-bool-comparison
raise exceptions.BadFileException(self.EMPTY_DATA_FILE_MESSAGE)
data_crc32c = crc32c.get_crc32c(data)
version = secrets_api.Secrets().AddVersion(
secret_ref, data, crc32c.get_checksum(data_crc32c))
version_ref = secrets_args.ParseVersionRef(version.name)
secrets_log.Versions().Created(version_ref)
if not version.clientSpecifiedPayloadChecksum:
raise exceptions.HttpException(
'Version created but payload data corruption may have occurred, '
'please destroy the created version, and retry. See also '
'https://cloud.google.com/secret-manager/docs/data-integrity.')
return version
def Run(self, args):
secret_ref = args.CONCEPTS.secret.Parse()
# Differentiate between the flag being provided with an empty value and the
# flag being omitted. See b/138796299 for info.
if args.data_file == '': # pylint: disable=g-explicit-bool-comparison
raise exceptions.ToolException(self.EMPTY_DATA_FILE_MESSAGE)
# Attempt to get the secret
secret = secrets_api.Secrets().GetOrNone(secret_ref)
# Secret does not exist
if secret is None:
if args.create_if_missing:
return self._RunCreate(args)
raise exceptions.ToolException(
self.CREATE_IF_MISSING_MESSAGE.format(
secret=secret_ref.Name()))
# The secret exists, update it
return self._RunUpdate(secret, args)
def Run(self, args):
secret_ref = args.CONCEPTS.secret.Parse()
secret = secrets_api.Secrets().Get(secret_ref)
return secret
def Run(self, args):
messages = secrets_api.GetMessages()
secret_ref = args.CONCEPTS.secret.Parse()
data = secrets_util.ReadFileOrStdin(args.data_file)
labels = labels_util.ParseCreateArgs(args, messages.Secret.LabelsValue)
replication_policy = args.replication_policy
if not replication_policy:
replication_policy = properties.VALUES.secrets.replication_policy.Get(
)
if not replication_policy:
raise exceptions.RequiredArgumentException(
'replication-policy', self.MISSING_POLICY_MESSAGE)
if replication_policy not in {'user-managed', 'automatic'}:
if args.replication_policy:
raise exceptions.InvalidArgumentException(
'replication-policy', self.INVALID_POLICY_MESSAGE)
raise exceptions.InvalidArgumentException(
'replication-policy', self.INVALID_POLICY_PROP_MESSAGE)
locations = args.locations
if not locations:
# if locations weren't given, try to get them from properties
locations = properties.VALUES.secrets.locations.Get()
if locations:
locations = locations.split(',')
if replication_policy == 'user-managed' and not locations:
raise exceptions.RequiredArgumentException(
'locations', self.MANAGED_BUT_NO_LOCATIONS_MESSAGE)
if replication_policy == 'automatic':
if args.locations:
# check args.locations separately from locations because we have
# different error messages depending on whether the user used the
# --locations flag or the secrets/locations property
if args.replication_policy:
raise exceptions.InvalidArgumentException(
'locations', self.AUTOMATIC_AND_LOCATIONS_MESSAGE)
raise exceptions.InvalidArgumentException(
'locations', self.AUTOMATIC_PROP_AND_LOCATIONS_MESSAGE)
if locations:
raise exceptions.InvalidArgumentException(
'replication-policy',
self.AUTOMATIC_AND_LOCATIONS_PROP_MESSAGE)
locations = []
# Differentiate between the flag being provided with an empty value and the
# flag being omitted. See b/138796299 for info.
if args.data_file == '': # pylint: disable=g-explicit-bool-comparison
raise exceptions.BadFileException(self.EMPTY_DATA_FILE_MESSAGE)
# Create the secret
response = secrets_api.Secrets().Create(secret_ref,
labels=labels,
locations=locations,
policy=replication_policy)
if data:
version = secrets_api.Secrets().AddVersion(secret_ref, data)
version_ref = secrets_args.ParseVersionRef(version.name)
secrets_log.Versions().Created(version_ref)
else:
secrets_log.Secrets().Created(secret_ref)
return response
def _RunUpdate(self, original, args):
messages = secrets_api.GetMessages()
secret_ref = args.CONCEPTS.secret.Parse()
# Collect the list of update masks
update_mask = []
labels_diff = labels_util.Diff.FromUpdateArgs(args)
if labels_diff.MayHaveUpdates():
update_mask.append('labels')
if args.IsSpecified('ttl'):
update_mask.append('ttl')
if args.IsSpecified('expire_time') or args.IsSpecified('remove_expiration'):
update_mask.append('expire_time')
if args.IsSpecified('add_topics') or args.IsSpecified(
'remove_topics') or args.IsSpecified('clear_topics'):
update_mask.append('topics')
# Validations
if not update_mask:
raise exceptions.MinimumArgumentException([
'--clear-labels', '--remove-labels', '--update-labels', '--ttl',
'--expire-time', '--remove-expiration', '--clear-topics',
'--remove-topics', '--add-topics'
], self.NO_CHANGES_MESSAGE.format(secret=secret_ref.Name()))
labels_update = labels_diff.Apply(messages.Secret.LabelsValue,
original.labels)
labels = original.labels
if labels_update.needs_update:
labels = labels_update.labels
if 'topics' in update_mask:
topics = secrets_util.ApplyTopicsUpdate(args, original.topics)
else:
topics = []
if args.expire_time:
msg = self.CONFIRM_EXPIRE_TIME_MESSAGE.format(
expire_time=args.expire_time)
console_io.PromptContinue(
msg, throw_if_unattended=True, cancel_on_no=True)
if args.ttl:
msg = self.CONFIRM_TTL_MESSAGE.format(ttl=args.ttl)
console_io.PromptContinue(
msg, throw_if_unattended=True, cancel_on_no=True)
secret = secrets_api.Secrets().Update(
secret_ref=secret_ref,
labels=labels,
update_mask=update_mask,
expire_time=args.expire_time,
ttl=args.ttl,
topics=topics)
secrets_log.Secrets().Updated(secret_ref)
return secret
def Run(self, args):
project_ref = args.CONCEPTS.project.Parse()
return secrets_api.Secrets().ListWithPager(
project_ref=project_ref, limit=args.limit)
def Run(self, args):
secret_ref = args.CONCEPTS.secret.Parse()
secret = secrets_api.Secrets(
version=secrets_util.GetVersionFromReleasePath(
self.ReleaseTrack())).Get(secret_ref)
return secret
def Run(self, args):
messages = secrets_api.GetMessages()
secret_ref = args.CONCEPTS.secret.Parse()
data = secrets_util.ReadFileOrStdin(args.data_file)
replication_policy_contents = secrets_util.ReadFileOrStdin(
args.replication_policy_file, is_binary=False)
labels = labels_util.ParseCreateArgs(args, messages.Secret.LabelsValue)
replication_policy = args.replication_policy
locations = args.locations
kms_keys = []
if args.replication_policy_file and args.replication_policy:
raise exceptions.ConflictingArgumentsException(
self.POLICY_AND_POLICY_FILE_MESSAGE)
if args.replication_policy_file and args.locations:
raise exceptions.ConflictingArgumentsException(
self.LOCATIONS_AND_POLICY_FILE_MESSAGE)
if args.replication_policy_file and args.kms_key_name:
raise exceptions.ConflictingArgumentsException(
self.KMS_KEY_AND_POLICY_FILE_MESSAGE)
if args.kms_key_name:
kms_keys.append(args.kms_key_name)
if args.replication_policy_file:
if not replication_policy_contents:
raise exceptions.InvalidArgumentException(
'replication-policy',
self.REPLICATION_POLICY_FILE_EMPTY_MESSAGE)
replication_policy, locations, kms_keys = secrets_util.ParseReplicationFileContents(
replication_policy_contents)
else:
if not replication_policy:
replication_policy = properties.VALUES.secrets.replication_policy.Get(
)
default_to_automatic = replication_policy is None
if default_to_automatic:
replication_policy = 'automatic'
if replication_policy not in {'user-managed', 'automatic'}:
if args.replication_policy:
raise exceptions.InvalidArgumentException(
'replication-policy', self.INVALID_POLICY_MESSAGE)
raise exceptions.InvalidArgumentException(
'replication-policy', self.INVALID_POLICY_PROP_MESSAGE)
if replication_policy == 'user-managed' and kms_keys:
raise exceptions.InvalidArgumentException(
'kms-key-name', self.KMS_KEY_AND_USER_MANAGED_MESSAGE)
if not locations:
# if locations weren't given, try to get them from properties
locations = properties.VALUES.secrets.locations.Get()
if locations:
locations = locations.split(',')
if replication_policy == 'user-managed' and not locations:
raise exceptions.RequiredArgumentException(
'locations', self.MANAGED_BUT_NO_LOCATIONS_MESSAGE)
if replication_policy == 'automatic':
if args.locations:
# check args.locations separately from locations because we have
# different error messages depending on whether the user used the
# --locations flag or the secrets/locations property
if args.replication_policy:
raise exceptions.InvalidArgumentException(
'locations', self.AUTOMATIC_AND_LOCATIONS_MESSAGE)
if default_to_automatic:
raise exceptions.InvalidArgumentException(
'locations', self.NO_POLICY_AND_LOCATIONS_MESSAGE)
raise exceptions.InvalidArgumentException(
'locations', self.AUTOMATIC_PROP_AND_LOCATIONS_MESSAGE)
if locations:
raise exceptions.InvalidArgumentException(
'replication-policy',
self.AUTOMATIC_AND_LOCATIONS_PROP_MESSAGE)
locations = []
# Differentiate between the flag being provided with an empty value and the
# flag being omitted. See b/138796299 for info.
if args.data_file == '': # pylint: disable=g-explicit-bool-comparison
raise exceptions.BadFileException(self.EMPTY_DATA_FILE_MESSAGE)
if args.expire_time:
msg = self.CONFIRM_EXPIRE_TIME_MESSAGE.format(
expire_time=args.expire_time)
console_io.PromptContinue(msg,
throw_if_unattended=True,
cancel_on_no=True)
if args.ttl:
msg = self.CONFIRM_TTL_MESSAGE.format(ttl=args.ttl)
console_io.PromptContinue(msg,
throw_if_unattended=True,
cancel_on_no=True)
# Create the secret
response = secrets_api.Secrets().Create(
secret_ref,
labels=labels,
locations=locations,
policy=replication_policy,
expire_time=args.expire_time,
ttl=args.ttl,
keys=kms_keys,
next_rotation_time=args.next_rotation_time,
rotation_period=args.rotation_period,
topics=args.topics)
if data:
data_crc32c = crc32c.get_crc32c(data)
version = secrets_api.Secrets().AddVersion(
secret_ref, data, crc32c.get_checksum(data_crc32c))
version_ref = secrets_args.ParseVersionRef(version.name)
secrets_log.Versions().Created(version_ref)
else:
secrets_log.Secrets().Created(secret_ref)
return response
def _RunUpdate(self, original, args):
messages = secrets_api.GetMessages()
secret_ref = args.CONCEPTS.secret.Parse()
# Collect the list of update masks
update_mask = []
labels_diff = labels_util.Diff.FromUpdateArgs(args)
if labels_diff.MayHaveUpdates():
update_mask.append('labels')
if args.IsSpecified('ttl'):
update_mask.append('ttl')
if args.IsSpecified('expire_time') or args.IsSpecified(
'remove_expiration'):
update_mask.append('expire_time')
if ((args.IsSpecified('next_rotation_time')
or args.IsSpecified('remove_next_rotation_time'))
or args.IsSpecified('remove_rotation_schedule')):
update_mask.append('rotation.next_rotation_time')
if ((args.IsSpecified('rotation_period')
or args.IsSpecified('remove_rotation_period'))
or args.IsSpecified('remove_rotation_schedule')):
update_mask.append('rotation.rotation_period')
if args.IsSpecified('add_topics') or args.IsSpecified(
'remove_topics') or args.IsSpecified('clear_topics'):
update_mask.append('topics')
if args.IsSpecified('update_version_aliases') or args.IsSpecified(
'remove_version_aliases') or args.IsSpecified(
'clear_version_aliases'):
update_mask.append('version_aliases')
# Validations
if not update_mask:
raise exceptions.MinimumArgumentException([
'--clear-labels', '--remove-labels', '--update-labels',
'--ttl', '--expire-time', '--remove-expiration',
'--clear-topics', '--remove-topics', '--add-topics',
'--update-version-aliases', '--remove-version-aliases',
'--clear-version-aliases', '--next-rotation-time',
'--remove-next-rotation-time', '--rotation-period',
'--remove-rotation-period', '--remove-rotation-schedule'
], self.NO_CHANGES_MESSAGE.format(secret=secret_ref.Name()))
labels_update = labels_diff.Apply(messages.Secret.LabelsValue,
original.labels)
labels = original.labels
if labels_update.needs_update:
labels = labels_update.labels
if args.expire_time:
msg = self.CONFIRM_EXPIRE_TIME_MESSAGE.format(
expire_time=args.expire_time)
console_io.PromptContinue(msg,
throw_if_unattended=True,
cancel_on_no=True)
if args.ttl:
msg = self.CONFIRM_TTL_MESSAGE.format(ttl=args.ttl)
console_io.PromptContinue(msg,
throw_if_unattended=True,
cancel_on_no=True)
if 'topics' in update_mask:
topics = secrets_util.ApplyTopicsUpdate(args, original.topics)
else:
topics = []
version_aliases = []
if 'version_aliases' in update_mask:
version_aliases = []
if original.versionAliases is None:
original.versionAliases = messages.Secret.VersionAliasesValue(
additionalProperties=[])
version_aliases_dict = secrets_util.ApplyAliasUpdate(
args, original.versionAliases.additionalProperties)
for alias, version in version_aliases_dict.items():
version_aliases.append(
messages.Secret.VersionAliasesValue.AdditionalProperty(
key=alias, value=version))
secret = secrets_api.Secrets().Update(
secret_ref=secret_ref,
labels=labels,
version_aliases=version_aliases,
update_mask=update_mask,
etag=args.etag,
expire_time=args.expire_time,
ttl=args.ttl,
topics=topics,
next_rotation_time=args.next_rotation_time,
rotation_period=args.rotation_period)
secrets_log.Secrets().Updated(secret_ref)
return secret
