def Run(self, args): messages = secrets_api.GetMessages() secret_ref = args.CONCEPTS.secret.Parse() # List all secret versions and parse their refs versions = secrets_api.Versions().ListWithPager(secret_ref=secret_ref, limit=9999) version_refs = [] for version in versions: if version.state != messages.SecretVersion.StateValueValuesEnum.DESTROYED: version_ref = secrets_args.ParseVersionRef(version.name) version_refs.append(version_ref) msg = self.CONFIRM_DELETE_MESSAGE.format( secret=secret_ref.Name(), num_versions=len(version_refs)) console_io.PromptContinue(msg, throw_if_unattended=True, cancel_on_no=True) for version_ref in version_refs: secrets_api.Versions().Destroy(version_ref) secrets_log.Versions().Destroyed(version_ref) result = secrets_api.Secrets().Delete(secret_ref) secrets_log.Secrets().Deleted(secret_ref) return result
def Run(self, args): secret_ref = args.CONCEPTS.secret.Parse() data = secrets_util.ReadFileOrStdin(args.data_file) # Differentiate between the flag being provided with an empty value and the # flag being omitted. See b/138796299 for info. if args.data_file == '': # pylint: disable=g-explicit-bool-comparison raise exceptions.BadFileException(self.EMPTY_DATA_FILE_MESSAGE) version = secrets_api.Secrets().AddVersion(secret_ref, data) version_ref = secrets_args.ParseVersionRef(version.name) secrets_log.Versions().Created(version_ref) return version
def Run(self, args): messages = secrets_api.GetMessages() secret_ref = args.CONCEPTS.secret.Parse() data = secrets_util.ReadFileOrStdin(args.data_file) labels = labels_util.ParseCreateArgs(args, messages.Secret.LabelsValue) # Create the secret response = secrets_api.Secrets().Create( secret_ref, labels=labels, locations=args.locations) # Create the version if data was given if data: version = secrets_api.Secrets().SetData(secret_ref, data) version_ref = secrets_args.ParseVersionRef(version.name) secrets_log.Versions().Created(version_ref) else: secrets_log.Secrets().Created(secret_ref) return response
def Run(self, args): secret_ref = args.CONCEPTS.secret.Parse() data = secrets_util.ReadFileOrStdin(args.data_file) # Differentiate between the flag being provided with an empty value and the # flag being omitted. See b/138796299 for info. if args.data_file == '': # pylint: disable=g-explicit-bool-comparison raise exceptions.BadFileException(self.EMPTY_DATA_FILE_MESSAGE) data_crc32c = crc32c.get_crc32c(data) version = secrets_api.Secrets().AddVersion( secret_ref, data, crc32c.get_checksum(data_crc32c)) version_ref = secrets_args.ParseVersionRef(version.name) secrets_log.Versions().Created(version_ref) if not version.clientSpecifiedPayloadChecksum: raise exceptions.HttpException( 'Version created but payload data corruption may have occurred, ' 'please destroy the created version, and retry. See also ' 'https://cloud.google.com/secret-manager/docs/data-integrity.') return version
def _RunUpdate(self, original, args): messages = secrets_api.GetMessages() secret_ref = args.CONCEPTS.secret.Parse() data = secrets_util.ReadFileOrStdin(args.data_file) # Collect the list of update masks update_mask = [] labels_diff = labels_util.Diff.FromUpdateArgs(args) if labels_diff.MayHaveUpdates(): update_mask.append('labels') locations = args.locations if locations: update_mask.append('policy.replicaLocations') update_mask.sort() # Validations if not update_mask and not data: raise exceptions.ToolException( self.NO_CHANGES_MESSAGE.format(secret=secret_ref.Name())) if update_mask: labels = labels_diff.Apply(messages.Secret.LabelsValue, original.labels).GetOrNone() secret = secrets_api.Secrets().Update(secret_ref=secret_ref, locations=args.locations, labels=labels, update_mask=update_mask) secrets_log.Secrets().Updated(secret_ref) if not data: return secret version = secrets_api.Secrets().SetData(secret_ref, data) version_ref = secrets_args.ParseVersionRef(version.name) secrets_log.Versions().Created(version_ref) return version
def Run(self, args): messages = secrets_api.GetMessages() secret_ref = args.CONCEPTS.secret.Parse() data = secrets_util.ReadFileOrStdin(args.data_file) labels = labels_util.ParseCreateArgs(args, messages.Secret.LabelsValue) # Differentiate between the flag being provided with an empty value and the # flag being omitted. See b/138796299 for info. if args.data_file == '': # pylint: disable=g-explicit-bool-comparison raise exceptions.ToolException(self.EMPTY_DATA_FILE_MESSAGE) # Create the secret response = secrets_api.Secrets().Create( secret_ref, labels=labels, locations=args.locations) # Create the version if data was given if data: version = secrets_api.Secrets().SetData(secret_ref, data) version_ref = secrets_args.ParseVersionRef(version.name) secrets_log.Versions().Created(version_ref) else: secrets_log.Secrets().Created(secret_ref) return response
def _RunCreate(self, args): messages = secrets_api.GetMessages() secret_ref = args.CONCEPTS.secret.Parse() data = secrets_util.ReadFileOrStdin(args.data_file) locations = args.locations if not locations: raise parser_errors.RequiredError(argument='--locations') labels = labels_util.Diff.FromUpdateArgs(args).Apply( messages.Secret.LabelsValue).GetOrNone() secret = secrets_api.Secrets().Create(secret_ref=secret_ref, labels=labels, locations=locations) secrets_log.Secrets().Created(secret_ref) if not data: return secret version = secrets_api.Secrets().SetData(secret_ref, data) version_ref = secrets_args.ParseVersionRef(version.name) secrets_log.Versions().Created(version_ref) return version
def UseVersionTable(parser, api_version): parser.display_info.AddFormat(_VERSION_TABLE) parser.display_info.AddTransforms(_VERSION_STATE_TRANSFORMS) parser.display_info.AddUriFunc( lambda r: secrets_args.ParseVersionRef(r.name, api_version).SelfLink())
def Run(self, args): messages = secrets_api.GetMessages() secret_ref = args.CONCEPTS.secret.Parse() data = secrets_util.ReadFileOrStdin(args.data_file) replication_policy_contents = secrets_util.ReadFileOrStdin( args.replication_policy_file, is_binary=False) labels = labels_util.ParseCreateArgs(args, messages.Secret.LabelsValue) replication_policy = args.replication_policy locations = args.locations kms_keys = [] if args.replication_policy_file and args.replication_policy: raise exceptions.ConflictingArgumentsException( self.POLICY_AND_POLICY_FILE_MESSAGE) if args.replication_policy_file and args.locations: raise exceptions.ConflictingArgumentsException( self.LOCATIONS_AND_POLICY_FILE_MESSAGE) if args.replication_policy_file and args.kms_key_name: raise exceptions.ConflictingArgumentsException( self.KMS_KEY_AND_POLICY_FILE_MESSAGE) if args.kms_key_name: kms_keys.append(args.kms_key_name) if args.replication_policy_file: if not replication_policy_contents: raise exceptions.InvalidArgumentException( 'replication-policy', self.REPLICATION_POLICY_FILE_EMPTY_MESSAGE) replication_policy, locations, kms_keys = secrets_util.ParseReplicationFileContents( replication_policy_contents) else: if not replication_policy: replication_policy = properties.VALUES.secrets.replication_policy.Get( ) default_to_automatic = replication_policy is None if default_to_automatic: replication_policy = 'automatic' if replication_policy not in {'user-managed', 'automatic'}: if args.replication_policy: raise exceptions.InvalidArgumentException( 'replication-policy', self.INVALID_POLICY_MESSAGE) raise exceptions.InvalidArgumentException( 'replication-policy', self.INVALID_POLICY_PROP_MESSAGE) if replication_policy == 'user-managed' and kms_keys: raise exceptions.InvalidArgumentException( 'kms-key-name', self.KMS_KEY_AND_USER_MANAGED_MESSAGE) if not locations: # if locations weren't given, try to get them from properties locations = properties.VALUES.secrets.locations.Get() if locations: locations = locations.split(',') if replication_policy == 'user-managed' and not locations: raise exceptions.RequiredArgumentException( 'locations', self.MANAGED_BUT_NO_LOCATIONS_MESSAGE) if replication_policy == 'automatic': if args.locations: # check args.locations separately from locations because we have # different error messages depending on whether the user used the # --locations flag or the secrets/locations property if args.replication_policy: raise exceptions.InvalidArgumentException( 'locations', self.AUTOMATIC_AND_LOCATIONS_MESSAGE) if default_to_automatic: raise exceptions.InvalidArgumentException( 'locations', self.NO_POLICY_AND_LOCATIONS_MESSAGE) raise exceptions.InvalidArgumentException( 'locations', self.AUTOMATIC_PROP_AND_LOCATIONS_MESSAGE) if locations: raise exceptions.InvalidArgumentException( 'replication-policy', self.AUTOMATIC_AND_LOCATIONS_PROP_MESSAGE) locations = [] # Differentiate between the flag being provided with an empty value and the # flag being omitted. See b/138796299 for info. if args.data_file == '': # pylint: disable=g-explicit-bool-comparison raise exceptions.BadFileException(self.EMPTY_DATA_FILE_MESSAGE) if args.expire_time: msg = self.CONFIRM_EXPIRE_TIME_MESSAGE.format( expire_time=args.expire_time) console_io.PromptContinue(msg, throw_if_unattended=True, cancel_on_no=True) if args.ttl: msg = self.CONFIRM_TTL_MESSAGE.format(ttl=args.ttl) console_io.PromptContinue(msg, throw_if_unattended=True, cancel_on_no=True) # Create the secret response = secrets_api.Secrets().Create( secret_ref, labels=labels, locations=locations, policy=replication_policy, expire_time=args.expire_time, ttl=args.ttl, keys=kms_keys, next_rotation_time=args.next_rotation_time, rotation_period=args.rotation_period, topics=args.topics) if data: data_crc32c = crc32c.get_crc32c(data) version = secrets_api.Secrets().AddVersion( secret_ref, data, crc32c.get_checksum(data_crc32c)) version_ref = secrets_args.ParseVersionRef(version.name) secrets_log.Versions().Created(version_ref) else: secrets_log.Secrets().Created(secret_ref) return response
def Run(self, args): messages = secrets_api.GetMessages() secret_ref = args.CONCEPTS.secret.Parse() data = secrets_util.ReadFileOrStdin(args.data_file) labels = labels_util.ParseCreateArgs(args, messages.Secret.LabelsValue) replication_policy = args.replication_policy if not replication_policy: replication_policy = properties.VALUES.secrets.replication_policy.Get( ) if not replication_policy: raise exceptions.RequiredArgumentException( 'replication-policy', self.MISSING_POLICY_MESSAGE) if replication_policy not in {'user-managed', 'automatic'}: if args.replication_policy: raise exceptions.InvalidArgumentException( 'replication-policy', self.INVALID_POLICY_MESSAGE) raise exceptions.InvalidArgumentException( 'replication-policy', self.INVALID_POLICY_PROP_MESSAGE) locations = args.locations if not locations: # if locations weren't given, try to get them from properties locations = properties.VALUES.secrets.locations.Get() if locations: locations = locations.split(',') if replication_policy == 'user-managed' and not locations: raise exceptions.RequiredArgumentException( 'locations', self.MANAGED_BUT_NO_LOCATIONS_MESSAGE) if replication_policy == 'automatic': if args.locations: # check args.locations separately from locations because we have # different error messages depending on whether the user used the # --locations flag or the secrets/locations property if args.replication_policy: raise exceptions.InvalidArgumentException( 'locations', self.AUTOMATIC_AND_LOCATIONS_MESSAGE) raise exceptions.InvalidArgumentException( 'locations', self.AUTOMATIC_PROP_AND_LOCATIONS_MESSAGE) if locations: raise exceptions.InvalidArgumentException( 'replication-policy', self.AUTOMATIC_AND_LOCATIONS_PROP_MESSAGE) locations = [] # Differentiate between the flag being provided with an empty value and the # flag being omitted. See b/138796299 for info. if args.data_file == '': # pylint: disable=g-explicit-bool-comparison raise exceptions.BadFileException(self.EMPTY_DATA_FILE_MESSAGE) # Create the secret response = secrets_api.Secrets().Create(secret_ref, labels=labels, locations=locations, policy=replication_policy) if data: version = secrets_api.Secrets().AddVersion(secret_ref, data) version_ref = secrets_args.ParseVersionRef(version.name) secrets_log.Versions().Created(version_ref) else: secrets_log.Secrets().Created(secret_ref) return response
if 'automatic' in r['replication']: return '-' if 'userManaged' in r['replication'] and 'replicas' in r['replication'][ 'userManaged']: locations = [] for replica in r['replication']['userManaged']['replicas']: locations.append(replica['location']) return ','.join(locations) return 'ERROR' _SECRET_TRANSFORMS = { 'policy_transform': _TransformReplicationPolicy, 'locations_transform': _TransformLocations } _VERSION_URI_FUNC = lambda r: secrets_args.ParseVersionRef(r.name).SelfLink() def UseLocationTable(parser): parser.display_info.AddFormat(_LOCATION_TABLE) parser.display_info.AddUriFunc(_LOCATION_URI_FUNC) def UseSecretTable(parser): parser.display_info.AddFormat(_SECRET_TABLE) parser.display_info.AddTransforms(_SECRET_TRANSFORMS) parser.display_info.AddUriFunc(_SECRET_URI_FUNC) def UseSecretData(parser): parser.display_info.AddFormat(_SECRET_DATA)