def Run(self, args):
messages = secrets_api.GetMessages()
secret_ref = args.CONCEPTS.secret.Parse()
# List all secret versions and parse their refs
versions = secrets_api.Versions().ListWithPager(secret_ref=secret_ref,
limit=9999)
version_refs = []
for version in versions:
if version.state != messages.SecretVersion.StateValueValuesEnum.DESTROYED:
version_ref = secrets_args.ParseVersionRef(version.name)
version_refs.append(version_ref)
msg = self.CONFIRM_DELETE_MESSAGE.format(
secret=secret_ref.Name(), num_versions=len(version_refs))
console_io.PromptContinue(msg,
throw_if_unattended=True,
cancel_on_no=True)
for version_ref in version_refs:
secrets_api.Versions().Destroy(version_ref)
secrets_log.Versions().Destroyed(version_ref)
result = secrets_api.Secrets().Delete(secret_ref)
secrets_log.Secrets().Deleted(secret_ref)
return result
def Run(self, args):
version_ref = args.CONCEPTS.version.Parse()
result = secrets_api.Versions(
version=secrets_util.GetVersionFromReleasePath(
self.ReleaseTrack())).Enable(version_ref)
secrets_log.Versions().Enabled(version_ref)
return result
def Run(self, args):
version_ref = args.CONCEPTS.version.Parse()
# Destructive action, prompt to continue
console_io.PromptContinue(self.CONFIRM_DESTROY_MESSAGE.format(
version=version_ref.Name(), secret=version_ref.Parent().Name()),
throw_if_unattended=True,
cancel_on_no=True)
result = secrets_api.Versions().Destroy(version_ref)
secrets_log.Versions().Destroyed(version_ref)
return result
def Run(self, args):
secret_ref = args.CONCEPTS.secret.Parse()
data = secrets_util.ReadFileOrStdin(args.data_file)
# Differentiate between the flag being provided with an empty value and the
# flag being omitted. See b/138796299 for info.
if args.data_file == '': # pylint: disable=g-explicit-bool-comparison
raise exceptions.BadFileException(self.EMPTY_DATA_FILE_MESSAGE)
version = secrets_api.Secrets().AddVersion(secret_ref, data)
version_ref = secrets_args.ParseVersionRef(version.name)
secrets_log.Versions().Created(version_ref)
return version
def Run(self, args):
messages = secrets_api.GetMessages()
secret_ref = args.CONCEPTS.secret.Parse()
data = secrets_util.ReadFileOrStdin(args.data_file)
labels = labels_util.ParseCreateArgs(args, messages.Secret.LabelsValue)
# Create the secret
response = secrets_api.Secrets().Create(
secret_ref, labels=labels, locations=args.locations)
# Create the version if data was given
if data:
version = secrets_api.Secrets().SetData(secret_ref, data)
version_ref = secrets_args.ParseVersionRef(version.name)
secrets_log.Versions().Created(version_ref)
else:
secrets_log.Secrets().Created(secret_ref)
return response
def Run(self, args):
secret_ref = args.CONCEPTS.secret.Parse()
data = secrets_util.ReadFileOrStdin(args.data_file)
# Differentiate between the flag being provided with an empty value and the
# flag being omitted. See b/138796299 for info.
if args.data_file == '': # pylint: disable=g-explicit-bool-comparison
raise exceptions.BadFileException(self.EMPTY_DATA_FILE_MESSAGE)
data_crc32c = crc32c.get_crc32c(data)
version = secrets_api.Secrets().AddVersion(
secret_ref, data, crc32c.get_checksum(data_crc32c))
version_ref = secrets_args.ParseVersionRef(version.name)
secrets_log.Versions().Created(version_ref)
if not version.clientSpecifiedPayloadChecksum:
raise exceptions.HttpException(
'Version created but payload data corruption may have occurred, '
'please destroy the created version, and retry. See also '
'https://cloud.google.com/secret-manager/docs/data-integrity.')
return version
def _RunUpdate(self, original, args):
messages = secrets_api.GetMessages()
secret_ref = args.CONCEPTS.secret.Parse()
data = secrets_util.ReadFileOrStdin(args.data_file)
# Collect the list of update masks
update_mask = []
labels_diff = labels_util.Diff.FromUpdateArgs(args)
if labels_diff.MayHaveUpdates():
update_mask.append('labels')
locations = args.locations
if locations:
update_mask.append('policy.replicaLocations')
update_mask.sort()
# Validations
if not update_mask and not data:
raise exceptions.ToolException(
self.NO_CHANGES_MESSAGE.format(secret=secret_ref.Name()))
if update_mask:
labels = labels_diff.Apply(messages.Secret.LabelsValue,
original.labels).GetOrNone()
secret = secrets_api.Secrets().Update(secret_ref=secret_ref,
locations=args.locations,
labels=labels,
update_mask=update_mask)
secrets_log.Secrets().Updated(secret_ref)
if not data:
return secret
version = secrets_api.Secrets().SetData(secret_ref, data)
version_ref = secrets_args.ParseVersionRef(version.name)
secrets_log.Versions().Created(version_ref)
return version
def Run(self, args):
messages = secrets_api.GetMessages()
secret_ref = args.CONCEPTS.secret.Parse()
data = secrets_util.ReadFileOrStdin(args.data_file)
labels = labels_util.ParseCreateArgs(args, messages.Secret.LabelsValue)
# Differentiate between the flag being provided with an empty value and the
# flag being omitted. See b/138796299 for info.
if args.data_file == '': # pylint: disable=g-explicit-bool-comparison
raise exceptions.ToolException(self.EMPTY_DATA_FILE_MESSAGE)
# Create the secret
response = secrets_api.Secrets().Create(
secret_ref, labels=labels, locations=args.locations)
# Create the version if data was given
if data:
version = secrets_api.Secrets().SetData(secret_ref, data)
version_ref = secrets_args.ParseVersionRef(version.name)
secrets_log.Versions().Created(version_ref)
else:
secrets_log.Secrets().Created(secret_ref)
return response
def _RunCreate(self, args):
messages = secrets_api.GetMessages()
secret_ref = args.CONCEPTS.secret.Parse()
data = secrets_util.ReadFileOrStdin(args.data_file)
locations = args.locations
if not locations:
raise parser_errors.RequiredError(argument='--locations')
labels = labels_util.Diff.FromUpdateArgs(args).Apply(
messages.Secret.LabelsValue).GetOrNone()
secret = secrets_api.Secrets().Create(secret_ref=secret_ref,
labels=labels,
locations=locations)
secrets_log.Secrets().Created(secret_ref)
if not data:
return secret
version = secrets_api.Secrets().SetData(secret_ref, data)
version_ref = secrets_args.ParseVersionRef(version.name)
secrets_log.Versions().Created(version_ref)
return version
def Run(self, args):
messages = secrets_api.GetMessages()
secret_ref = args.CONCEPTS.secret.Parse()
data = secrets_util.ReadFileOrStdin(args.data_file)
replication_policy_contents = secrets_util.ReadFileOrStdin(
args.replication_policy_file, is_binary=False)
labels = labels_util.ParseCreateArgs(args, messages.Secret.LabelsValue)
replication_policy = args.replication_policy
locations = args.locations
kms_keys = []
if args.replication_policy_file and args.replication_policy:
raise exceptions.ConflictingArgumentsException(
self.POLICY_AND_POLICY_FILE_MESSAGE)
if args.replication_policy_file and args.locations:
raise exceptions.ConflictingArgumentsException(
self.LOCATIONS_AND_POLICY_FILE_MESSAGE)
if args.replication_policy_file and args.kms_key_name:
raise exceptions.ConflictingArgumentsException(
self.KMS_KEY_AND_POLICY_FILE_MESSAGE)
if args.kms_key_name:
kms_keys.append(args.kms_key_name)
if args.replication_policy_file:
if not replication_policy_contents:
raise exceptions.InvalidArgumentException(
'replication-policy',
self.REPLICATION_POLICY_FILE_EMPTY_MESSAGE)
replication_policy, locations, kms_keys = secrets_util.ParseReplicationFileContents(
replication_policy_contents)
else:
if not replication_policy:
replication_policy = properties.VALUES.secrets.replication_policy.Get(
)
default_to_automatic = replication_policy is None
if default_to_automatic:
replication_policy = 'automatic'
if replication_policy not in {'user-managed', 'automatic'}:
if args.replication_policy:
raise exceptions.InvalidArgumentException(
'replication-policy', self.INVALID_POLICY_MESSAGE)
raise exceptions.InvalidArgumentException(
'replication-policy', self.INVALID_POLICY_PROP_MESSAGE)
if replication_policy == 'user-managed' and kms_keys:
raise exceptions.InvalidArgumentException(
'kms-key-name', self.KMS_KEY_AND_USER_MANAGED_MESSAGE)
if not locations:
# if locations weren't given, try to get them from properties
locations = properties.VALUES.secrets.locations.Get()
if locations:
locations = locations.split(',')
if replication_policy == 'user-managed' and not locations:
raise exceptions.RequiredArgumentException(
'locations', self.MANAGED_BUT_NO_LOCATIONS_MESSAGE)
if replication_policy == 'automatic':
if args.locations:
# check args.locations separately from locations because we have
# different error messages depending on whether the user used the
# --locations flag or the secrets/locations property
if args.replication_policy:
raise exceptions.InvalidArgumentException(
'locations', self.AUTOMATIC_AND_LOCATIONS_MESSAGE)
if default_to_automatic:
raise exceptions.InvalidArgumentException(
'locations', self.NO_POLICY_AND_LOCATIONS_MESSAGE)
raise exceptions.InvalidArgumentException(
'locations', self.AUTOMATIC_PROP_AND_LOCATIONS_MESSAGE)
if locations:
raise exceptions.InvalidArgumentException(
'replication-policy',
self.AUTOMATIC_AND_LOCATIONS_PROP_MESSAGE)
locations = []
# Differentiate between the flag being provided with an empty value and the
# flag being omitted. See b/138796299 for info.
if args.data_file == '': # pylint: disable=g-explicit-bool-comparison
raise exceptions.BadFileException(self.EMPTY_DATA_FILE_MESSAGE)
if args.expire_time:
msg = self.CONFIRM_EXPIRE_TIME_MESSAGE.format(
expire_time=args.expire_time)
console_io.PromptContinue(msg,
throw_if_unattended=True,
cancel_on_no=True)
if args.ttl:
msg = self.CONFIRM_TTL_MESSAGE.format(ttl=args.ttl)
console_io.PromptContinue(msg,
throw_if_unattended=True,
cancel_on_no=True)
# Create the secret
response = secrets_api.Secrets().Create(
secret_ref,
labels=labels,
locations=locations,
policy=replication_policy,
expire_time=args.expire_time,
ttl=args.ttl,
keys=kms_keys,
next_rotation_time=args.next_rotation_time,
rotation_period=args.rotation_period,
topics=args.topics)
if data:
data_crc32c = crc32c.get_crc32c(data)
version = secrets_api.Secrets().AddVersion(
secret_ref, data, crc32c.get_checksum(data_crc32c))
version_ref = secrets_args.ParseVersionRef(version.name)
secrets_log.Versions().Created(version_ref)
else:
secrets_log.Secrets().Created(secret_ref)
return response
def Run(self, args):
version_ref = args.CONCEPTS.version.Parse()
result = secrets_api.Versions().Disable(version_ref)
secrets_log.Versions().Disabled(version_ref)
return result
def Run(self, args):
messages = secrets_api.GetMessages()
secret_ref = args.CONCEPTS.secret.Parse()
data = secrets_util.ReadFileOrStdin(args.data_file)
labels = labels_util.ParseCreateArgs(args, messages.Secret.LabelsValue)
replication_policy = args.replication_policy
if not replication_policy:
replication_policy = properties.VALUES.secrets.replication_policy.Get(
)
if not replication_policy:
raise exceptions.RequiredArgumentException(
'replication-policy', self.MISSING_POLICY_MESSAGE)
if replication_policy not in {'user-managed', 'automatic'}:
if args.replication_policy:
raise exceptions.InvalidArgumentException(
'replication-policy', self.INVALID_POLICY_MESSAGE)
raise exceptions.InvalidArgumentException(
'replication-policy', self.INVALID_POLICY_PROP_MESSAGE)
locations = args.locations
if not locations:
# if locations weren't given, try to get them from properties
locations = properties.VALUES.secrets.locations.Get()
if locations:
locations = locations.split(',')
if replication_policy == 'user-managed' and not locations:
raise exceptions.RequiredArgumentException(
'locations', self.MANAGED_BUT_NO_LOCATIONS_MESSAGE)
if replication_policy == 'automatic':
if args.locations:
# check args.locations separately from locations because we have
# different error messages depending on whether the user used the
# --locations flag or the secrets/locations property
if args.replication_policy:
raise exceptions.InvalidArgumentException(
'locations', self.AUTOMATIC_AND_LOCATIONS_MESSAGE)
raise exceptions.InvalidArgumentException(
'locations', self.AUTOMATIC_PROP_AND_LOCATIONS_MESSAGE)
if locations:
raise exceptions.InvalidArgumentException(
'replication-policy',
self.AUTOMATIC_AND_LOCATIONS_PROP_MESSAGE)
locations = []
# Differentiate between the flag being provided with an empty value and the
# flag being omitted. See b/138796299 for info.
if args.data_file == '': # pylint: disable=g-explicit-bool-comparison
raise exceptions.BadFileException(self.EMPTY_DATA_FILE_MESSAGE)
# Create the secret
response = secrets_api.Secrets().Create(secret_ref,
labels=labels,
locations=locations,
policy=replication_policy)
if data:
version = secrets_api.Secrets().AddVersion(secret_ref, data)
version_ref = secrets_args.ParseVersionRef(version.name)
secrets_log.Versions().Created(version_ref)
else:
secrets_log.Secrets().Created(secret_ref)
return response
