diff --git a/docs/stackit_secrets-manager_instance.md b/docs/stackit_secrets-manager_instance.md index 37c116261..6fe9357c2 100644 --- a/docs/stackit_secrets-manager_instance.md +++ b/docs/stackit_secrets-manager_instance.md @@ -32,4 +32,5 @@ stackit secrets-manager instance [flags] * [stackit secrets-manager instance delete](./stackit_secrets-manager_instance_delete.md) - Deletes a Secrets Manager instance * [stackit secrets-manager instance describe](./stackit_secrets-manager_instance_describe.md) - Shows details of a Secrets Manager instance * [stackit secrets-manager instance list](./stackit_secrets-manager_instance_list.md) - Lists all Secrets Manager instances +* [stackit secrets-manager instance update](./stackit_secrets-manager_instance_update.md) - Updates a Secrets Manager instance diff --git a/docs/stackit_secrets-manager_instance_update.md b/docs/stackit_secrets-manager_instance_update.md new file mode 100644 index 000000000..c755bb294 --- /dev/null +++ b/docs/stackit_secrets-manager_instance_update.md @@ -0,0 +1,39 @@ +## stackit secrets-manager instance update + +Updates a Secrets Manager instance + +### Synopsis + +Updates a Secrets Manager instance. + +``` +stackit secrets-manager instance update INSTANCE_ID [flags] +``` + +### Examples + +``` + Update the range of IPs allowed to access a Secrets Manager instance with ID "xxx" + $ stackit secrets-manager instance update xxx --acl 1.2.3.0/24 +``` + +### Options + +``` + --acl strings List of IP networks in CIDR notation which are allowed to access this instance (default []) + -h, --help Help for "stackit secrets-manager instance update" +``` + +### Options inherited from parent commands + +``` + -y, --assume-yes If set, skips all confirmation prompts + --async If set, runs the command asynchronously + -o, --output-format string Output format, one of ["json" "pretty"] + -p, --project-id string Project ID +``` + +### SEE ALSO + +* [stackit secrets-manager instance](./stackit_secrets-manager_instance.md) - Provides functionality for Secrets Manager instances + diff --git a/internal/cmd/secrets-manager/instance/instance.go b/internal/cmd/secrets-manager/instance/instance.go index fbcb44e10..9a3283638 100644 --- a/internal/cmd/secrets-manager/instance/instance.go +++ b/internal/cmd/secrets-manager/instance/instance.go @@ -5,6 +5,7 @@ import ( "github.com/stackitcloud/stackit-cli/internal/cmd/secrets-manager/instance/delete" "github.com/stackitcloud/stackit-cli/internal/cmd/secrets-manager/instance/describe" "github.com/stackitcloud/stackit-cli/internal/cmd/secrets-manager/instance/list" + "github.com/stackitcloud/stackit-cli/internal/cmd/secrets-manager/instance/update" "github.com/stackitcloud/stackit-cli/internal/pkg/args" "github.com/stackitcloud/stackit-cli/internal/pkg/utils" @@ -28,4 +29,5 @@ func addSubcommands(cmd *cobra.Command) { cmd.AddCommand(create.NewCmd()) cmd.AddCommand(delete.NewCmd()) cmd.AddCommand(describe.NewCmd()) + cmd.AddCommand(update.NewCmd()) } diff --git a/internal/cmd/secrets-manager/instance/update/update.go b/internal/cmd/secrets-manager/instance/update/update.go new file mode 100644 index 000000000..cb38c6d71 --- /dev/null +++ b/internal/cmd/secrets-manager/instance/update/update.go @@ -0,0 +1,124 @@ +package update + +import ( + "context" + "fmt" + + "github.com/stackitcloud/stackit-cli/internal/pkg/args" + "github.com/stackitcloud/stackit-cli/internal/pkg/confirm" + cliErr "github.com/stackitcloud/stackit-cli/internal/pkg/errors" + "github.com/stackitcloud/stackit-cli/internal/pkg/examples" + "github.com/stackitcloud/stackit-cli/internal/pkg/flags" + + "github.com/stackitcloud/stackit-cli/internal/pkg/globalflags" + "github.com/stackitcloud/stackit-cli/internal/pkg/services/secrets-manager/client" + secretsManagerUtils "github.com/stackitcloud/stackit-cli/internal/pkg/services/secrets-manager/utils" + "github.com/stackitcloud/stackit-cli/internal/pkg/utils" + + "github.com/spf13/cobra" + "github.com/stackitcloud/stackit-sdk-go/services/secretsmanager" +) + +const ( + instanceIdArg = "INSTANCE_ID" + + aclFlag = "acl" +) + +type inputModel struct { + *globalflags.GlobalFlagModel + InstanceId string + + Acls *[]string +} + +func NewCmd() *cobra.Command { + cmd := &cobra.Command{ + Use: fmt.Sprintf("update %s", instanceIdArg), + Short: "Updates a Secrets Manager instance", + Long: "Updates a Secrets Manager instance.", + Args: args.SingleArg(instanceIdArg, utils.ValidateUUID), + Example: examples.Build( + examples.NewExample( + `Update the range of IPs allowed to access a Secrets Manager instance with ID "xxx"`, + "$ stackit secrets-manager instance update xxx --acl 1.2.3.0/24"), + ), + RunE: func(cmd *cobra.Command, args []string) error { + ctx := context.Background() + model, err := parseInput(cmd, args) + if err != nil { + return err + } + + // Configure API client + apiClient, err := client.ConfigureClient(cmd) + if err != nil { + return err + } + + instanceLabel, err := secretsManagerUtils.GetInstanceName(ctx, apiClient, model.ProjectId, model.InstanceId) + if err != nil { + instanceLabel = model.InstanceId + } + + if !model.AssumeYes { + prompt := fmt.Sprintf("Are you sure you want to update instance %q?", instanceLabel) + err = confirm.PromptForConfirmation(cmd, prompt) + if err != nil { + return err + } + } + + // Call API + req := buildRequest(ctx, model, apiClient) + err = req.Execute() + if err != nil { + return fmt.Errorf("update Secrets Manager instance: %w", err) + } + + cmd.Printf("Updated instance %q\n", instanceLabel) + return nil + }, + } + configureFlags(cmd) + return cmd +} + +func configureFlags(cmd *cobra.Command) { + cmd.Flags().Var(flags.CIDRSliceFlag(), aclFlag, "List of IP networks in CIDR notation which are allowed to access this instance") +} + +func parseInput(cmd *cobra.Command, inputArgs []string) (*inputModel, error) { + instanceId := inputArgs[0] + + globalFlags := globalflags.Parse(cmd) + if globalFlags.ProjectId == "" { + return nil, &cliErr.ProjectIdError{} + } + + acls := flags.FlagToStringSlicePointer(cmd, aclFlag) + + if acls == nil { + return nil, &cliErr.EmptyUpdateError{} + } + + return &inputModel{ + GlobalFlagModel: globalFlags, + InstanceId: instanceId, + Acls: acls, + }, nil +} + +func buildRequest(ctx context.Context, model *inputModel, apiClient *secretsmanager.APIClient) secretsmanager.ApiUpdateACLsRequest { + req := apiClient.UpdateACLs(ctx, model.ProjectId, model.InstanceId) + + cidrs := []secretsmanager.AclUpdate{} + + for _, acl := range *model.Acls { + cidrs = append(cidrs, secretsmanager.AclUpdate{Cidr: utils.Ptr(acl)}) + } + + req = req.UpdateACLsPayload(secretsmanager.UpdateACLsPayload{Cidrs: &cidrs}) + + return req +} diff --git a/internal/cmd/secrets-manager/instance/update/update_test.go b/internal/cmd/secrets-manager/instance/update/update_test.go new file mode 100644 index 000000000..fdaf807c5 --- /dev/null +++ b/internal/cmd/secrets-manager/instance/update/update_test.go @@ -0,0 +1,292 @@ +package update + +import ( + "context" + "testing" + + "github.com/stackitcloud/stackit-cli/internal/pkg/globalflags" + "github.com/stackitcloud/stackit-cli/internal/pkg/utils" + + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" + "github.com/google/uuid" + "github.com/stackitcloud/stackit-sdk-go/services/secretsmanager" +) + +const ( + testACL1 = "1.2.3.4/24" + testACL2 = "4.3.2.1/12" +) + +var projectIdFlag = globalflags.ProjectIdFlag + +type testCtxKey struct{} + +var testCtx = context.WithValue(context.Background(), testCtxKey{}, "foo") +var testClient = &secretsmanager.APIClient{} + +var ( + testProjectId = uuid.NewString() + testInstanceId = uuid.NewString() +) + +func fixtureArgValues(mods ...func(argValues []string)) []string { + argValues := []string{ + testInstanceId, + } + for _, mod := range mods { + mod(argValues) + } + return argValues +} + +func fixtureFlagValues(mods ...func(flagValues map[string]string)) map[string]string { + flagValues := map[string]string{ + projectIdFlag: testProjectId, + aclFlag: testACL1, + } + for _, mod := range mods { + mod(flagValues) + } + return flagValues +} + +func fixtureInputModel(mods ...func(model *inputModel)) *inputModel { + model := &inputModel{ + GlobalFlagModel: &globalflags.GlobalFlagModel{ + ProjectId: testProjectId, + }, + InstanceId: testInstanceId, + Acls: utils.Ptr([]string{testACL1}), + } + for _, mod := range mods { + mod(model) + } + return model +} + +func fixtureRequest(mods ...func(request *secretsmanager.ApiUpdateACLsRequest)) secretsmanager.ApiUpdateACLsRequest { + request := testClient.UpdateACLs(testCtx, testProjectId, testInstanceId) + request = request.UpdateACLsPayload(secretsmanager.UpdateACLsPayload{ + Cidrs: utils.Ptr([]secretsmanager.AclUpdate{ + {Cidr: utils.Ptr(testACL1)}, + })}) + + for _, mod := range mods { + mod(&request) + } + return request +} + +func TestParseInput(t *testing.T) { + tests := []struct { + description string + argValues []string + flagValues map[string]string + aclValues []string + isValid bool + expectedModel *inputModel + }{ + { + description: "base", + argValues: fixtureArgValues(), + flagValues: fixtureFlagValues(), + isValid: true, + expectedModel: fixtureInputModel(), + }, + { + description: "no values", + argValues: []string{}, + flagValues: map[string]string{}, + isValid: false, + }, + { + description: "no arg values", + argValues: []string{}, + flagValues: fixtureFlagValues(), + isValid: false, + }, + { + description: "no flag values", + argValues: fixtureArgValues(), + flagValues: map[string]string{}, + isValid: false, + }, + { + description: "required flags only (no values to update)", + argValues: fixtureArgValues(), + flagValues: map[string]string{ + projectIdFlag: testProjectId, + }, + isValid: false, + }, + { + description: "zero values", + argValues: fixtureArgValues(), + flagValues: map[string]string{ + projectIdFlag: testProjectId, + aclFlag: "", + }, + isValid: false, + }, + { + description: "project id missing", + argValues: fixtureArgValues(), + flagValues: fixtureFlagValues(func(flagValues map[string]string) { + delete(flagValues, projectIdFlag) + }), + isValid: false, + }, + { + description: "project id invalid 1", + argValues: fixtureArgValues(), + flagValues: fixtureFlagValues(func(flagValues map[string]string) { + flagValues[projectIdFlag] = "" + }), + isValid: false, + }, + { + description: "project id invalid 2", + argValues: fixtureArgValues(), + flagValues: fixtureFlagValues(func(flagValues map[string]string) { + flagValues[projectIdFlag] = "invalid-uuid" + }), + isValid: false, + }, + { + description: "instance id invalid 1", + argValues: []string{""}, + flagValues: fixtureFlagValues(), + isValid: false, + }, + { + description: "instance id invalid 2", + argValues: []string{"invalid-uuid"}, + flagValues: fixtureFlagValues(), + isValid: false, + }, + { + description: "repeated acl flags", + argValues: fixtureArgValues(), + flagValues: fixtureFlagValues(), + aclValues: []string{testACL1, testACL1}, + isValid: true, + expectedModel: fixtureInputModel(func(model *inputModel) { + model.Acls = utils.Ptr( + append(*model.Acls, testACL1, testACL1)) + }), + }, + { + description: "repeated acl flag with list value", + argValues: fixtureArgValues(), + flagValues: fixtureFlagValues(), + aclValues: []string{"198.51.100.14/24,198.51.100.14/32"}, + isValid: true, + expectedModel: fixtureInputModel(func(model *inputModel) { + model.Acls = utils.Ptr( + append(*model.Acls, "198.51.100.14/24", "198.51.100.14/32"), + ) + }), + }, + } + + for _, tt := range tests { + t.Run(tt.description, func(t *testing.T) { + cmd := NewCmd() + err := globalflags.Configure(cmd.Flags()) + if err != nil { + t.Fatalf("configure global flags: %v", err) + } + + for flag, value := range tt.flagValues { + err := cmd.Flags().Set(flag, value) + if err != nil { + if !tt.isValid { + return + } + t.Fatalf("setting flag --%s=%s: %v", flag, value, err) + } + } + + for _, value := range tt.aclValues { + err := cmd.Flags().Set(aclFlag, value) + if err != nil { + if !tt.isValid { + return + } + t.Fatalf("setting flag --%s=%s: %v", aclFlag, value, err) + } + } + + err = cmd.ValidateArgs(tt.argValues) + if err != nil { + if !tt.isValid { + return + } + t.Fatalf("error validating args: %v", err) + } + + err = cmd.ValidateRequiredFlags() + if err != nil { + if !tt.isValid { + return + } + t.Fatalf("error validating flags: %v", err) + } + + model, err := parseInput(cmd, tt.argValues) + if err != nil { + if !tt.isValid { + return + } + t.Fatalf("error parsing flags: %v", err) + } + + if !tt.isValid { + t.Fatalf("did not fail on invalid input") + } + diff := cmp.Diff(model, tt.expectedModel) + if diff != "" { + t.Fatalf("Data does not match: %s", diff) + } + }) + } +} +func TestBuildRequest(t *testing.T) { + tests := []struct { + description string + model *inputModel + expectedRequest secretsmanager.ApiUpdateACLsRequest + }{ + { + description: "base", + model: fixtureInputModel(), + expectedRequest: fixtureRequest(), + }, + { + description: "multiple ACLs", + model: fixtureInputModel(func(model *inputModel) { + *model.Acls = append(*model.Acls, testACL2) + }), + expectedRequest: fixtureRequest().UpdateACLsPayload(secretsmanager.UpdateACLsPayload{ + Cidrs: utils.Ptr([]secretsmanager.AclUpdate{ + {Cidr: utils.Ptr(testACL1)}, + {Cidr: utils.Ptr(testACL2)}, + })}), + }, + } + + for _, tt := range tests { + t.Run(tt.description, func(t *testing.T) { + request := buildRequest(testCtx, tt.model, testClient) + + diff := cmp.Diff(request, tt.expectedRequest, + cmp.AllowUnexported(tt.expectedRequest), + cmpopts.EquateComparable(testCtx), + ) + if diff != "" { + t.Fatalf("Data does not match: %s", diff) + } + }) + } +}