def test_delete_unknown_secret(corev1_api_client_with_user_secrets, test_user):
"""Test delete a non existing secret."""
with patch('reana_commons.k8s.secrets.'
'current_k8s_corev1_api_client',
corev1_api_client_with_user_secrets):
secrets_store = REANAUserSecretsStore(test_user)
secret_name = 'unknown-secret'
with pytest.raises(REANASecretDoesNotExist):
secrets_store.delete_secrets([secret_name])
corev1_api_client_with_user_secrets. \
replace_namespaced_secret.assert_not_called()
def test_delete_unknown_secret(corev1_api_client_with_user_secrets,
user_secrets, no_db_user):
"""Test delete a non existing secret."""
with patch(
"reana_commons.k8s.secrets."
"current_k8s_corev1_api_client",
corev1_api_client_with_user_secrets(user_secrets),
) as api_client:
secrets_store = REANAUserSecretsStore(no_db_user.id_)
secret_name = "unknown-secret"
with pytest.raises(REANASecretDoesNotExist):
secrets_store.delete_secrets([secret_name])
api_client.replace_namespaced_secret.assert_not_called()
def test_delete_secrets(corev1_api_client_with_user_secrets, user_secrets,
no_db_user):
"""Test deletion of user secrets."""
with patch('reana_commons.k8s.secrets.'
'current_k8s_corev1_api_client',
corev1_api_client_with_user_secrets(user_secrets)):
secrets_store = REANAUserSecretsStore(no_db_user.id_)
secret_names_list = user_secrets.keys()
deleted_secrets = set(secrets_store.delete_secrets(secret_names_list))
assert bool(deleted_secrets.intersection(secret_names_list)) \
and not bool(deleted_secrets.difference(secret_names_list))
def delete_secrets(): # noqa
r"""Endpoint to delete user secrets.
---
delete:
summary: Deletes the specified secret(s).
description: >-
This resource deletes the requested secrets.
operationId: delete_secrets
produces:
- application/json
parameters:
- name: access_token
in: query
description: API key of the admin.
required: false
type: string
- name: secrets
in: body
description: >-
Optional. List of secrets to be deleted.
required: true
schema:
type: array
description: List of secret names to be deleted.
items:
type: string
description: Secret name to be deleted.
responses:
200:
description: >-
Secrets successfully deleted.
schema:
type: array
description: List of secret names that have been deleted.
items:
type: string
description: Name of the secret that have been deleted.
examples:
application/json:
[
".keytab",
"username",
]
403:
description: >-
Request failed. Token is not valid.
examples:
application/json:
{
"message": "Token is not valid"
}
404:
description: >-
Request failed. Secrets do not exist.
schema:
type: array
description: List of secret names that could not be deleted.
items:
type: string
description: Name of the secret which does not exist.
examples:
application/json:
[
"certificate.pem",
"PASSWORD",
]
500:
description: >-
Request failed. Internal server error.
examples:
application/json:
{
"message": "Internal server error."
}
"""
try:
if current_user.is_authenticated:
user = _get_user_from_invenio_user(current_user.email)
else:
user = get_user_from_token(request.args.get('access_token'))
secrets_store = REANAUserSecretsStore(str(user.id_))
deleted_secrets_list = secrets_store.delete_secrets(request.json)
return jsonify(deleted_secrets_list), 200
except REANASecretDoesNotExist as e:
return jsonify(e.missing_secrets_list), 404
except ValueError:
return jsonify({"message": "Token is not valid."}), 403
except Exception as e:
logging.error(traceback.format_exc())
return jsonify({"message": str(e)}), 500