diff options
| author | Mauricio Harley <mharley@redhat.com> | 2022-11-24 10:50:27 +0100 |
|---|---|---|
| committer | Andre Aranha <afariasa@redhat.com> | 2023-02-07 13:50:51 +0100 |
| commit | 7f6b3cf790e7d37e85fb38d300fb43573f31184c (patch) | |
| tree | a89292f06044ac6a5368d8261e015900b0864536 /barbicanclient/v1/secrets.py | |
| parent | 3ffa1600af21620d7f141faee9389c7e7e9079e3 (diff) | |
| download | python-barbicanclient-7f6b3cf790e7d37e85fb38d300fb43573f31184c.tar.gz | |
Added the force parameter to consumer removal and the corresponding CLI commands
When deleting a secret that has consumers, the
--force parameter must be specified in the CLI.
Change-Id: I49d19ac843d5c805fd7f533d07a3a719ce9a1104
Diffstat (limited to 'barbicanclient/v1/secrets.py')
| -rw-r--r-- | barbicanclient/v1/secrets.py | 29 |
1 files changed, 19 insertions, 10 deletions
diff --git a/barbicanclient/v1/secrets.py b/barbicanclient/v1/secrets.py index 02bfa55..9f3ab8f 100644 --- a/barbicanclient/v1/secrets.py +++ b/barbicanclient/v1/secrets.py @@ -536,10 +536,11 @@ class SecretManager(base.BaseEntityManager): algorithm=algorithm, bit_length=bit_length, mode=mode, secret_type=secret_type, expiration=expiration) - def delete(self, secret_ref): + def delete(self, secret_ref, force=False): """Delete a Secret from Barbican :param secret_ref: Full HATEOAS reference to a Secret, or a UUID + :param force: When true, forces the deletion of secrets with consumers :raises barbicanclient.exceptions.HTTPAuthError: 401 Responses :raises barbicanclient.exceptions.HTTPClientError: 4xx Responses :raises barbicanclient.exceptions.HTTPServerError: 5xx Responses @@ -547,8 +548,16 @@ class SecretManager(base.BaseEntityManager): base.validate_ref_and_return_uuid(secret_ref, 'Secret') if not secret_ref: raise ValueError('secret_ref is required.') + secret_object = self.get(secret_ref=secret_ref) uuid_ref = base.calculate_uuid_ref(secret_ref, self._entity) - self._api.delete(uuid_ref) + # If secret has no consumers OR + # if secret has consumers but force==True, then delete it. + if not secret_object.consumers or force: + self._api.delete(uuid_ref) + else: + raise ValueError( + "Secret has consumers! Remove them first or use the force " + "parameter to delete it.") def list(self, limit=10, offset=0, name=None, algorithm=None, mode=None, bits=0, secret_type=None, created=None, updated=None, @@ -617,6 +626,12 @@ class SecretManager(base.BaseEntityManager): for s in response.get('secrets', []) ] + def _enforce_microversion(self): + if self._api.microversion == "1.0": + raise NotImplementedError( + "Server does not support secret consumers. Minimum " + "key-manager microversion required: 1.1") + def register_consumer(self, secret_ref, service, resource_type, resource_id): """Add a consumer to the secret @@ -635,10 +650,7 @@ class SecretManager(base.BaseEntityManager): '{0} of service {1} for resource type {2}' 'with resource id {3}'.format(secret_ref, service, resource_type, resource_id)) - if self._api.microversion == (1, 0): - raise NotImplementedError( - "Server does not support secret consumers. Minimum " - "key-manager microversion required: 1.1") + self._enforce_microversion() secret_uuid = base.validate_ref_and_return_uuid( secret_ref, 'Secret') href = '{0}/{1}/consumers'.format(self._entity, secret_uuid) @@ -666,10 +678,7 @@ class SecretManager(base.BaseEntityManager): '{0} of service {1} for resource type {2}' 'with resource id {3}'.format(secret_ref, service, resource_type, resource_id)) - if self._api.microversion == (1, 0): - raise NotImplementedError( - "Server does not support secret consumers. Minimum " - "key-manager microversion required: 1.1") + self._enforce_microversion() secret_uuid = base.validate_ref_and_return_uuid( secret_ref, 'secret') href = '{0}/{1}/consumers'.format(self._entity, secret_uuid) |