stackitcloud · DiogoFerrao · Mar 19, 2024 · Mar 19, 2024 · Mar 19, 2024 · Mar 19, 2024
diff --git a/docs/stackit_secrets-manager_instance.md b/docs/stackit_secrets-manager_instance.md
@@ -32,4 +32,5 @@ stackit secrets-manager instance [flags]
 * [stackit secrets-manager instance delete](./stackit_secrets-manager_instance_delete.md)	 - Deletes a Secrets Manager instance
 * [stackit secrets-manager instance describe](./stackit_secrets-manager_instance_describe.md)	 - Shows details of a Secrets Manager instance
 * [stackit secrets-manager instance list](./stackit_secrets-manager_instance_list.md)	 - Lists all Secrets Manager instances
+* [stackit secrets-manager instance update](./stackit_secrets-manager_instance_update.md)	 - Updates a Secrets Manager instance
 
diff --git a/docs/stackit_secrets-manager_instance_update.md b/docs/stackit_secrets-manager_instance_update.md
@@ -0,0 +1,39 @@
+## stackit secrets-manager instance update
+
+Updates a Secrets Manager instance
+
+### Synopsis
+
+Updates a Secrets Manager instance.
+
+```
+stackit secrets-manager instance update INSTANCE_ID [flags]
+```
+
+### Examples
+
+```
+  Update the range of IPs allowed to access a Secrets Manager instance with ID "xxx"
+  $ stackit secrets-manager instance update xxx --acl 1.2.3.0/24
+```
+
+### Options
+
+```
+      --acl strings   List of IP networks in CIDR notation which are allowed to access this instance (default [])
+  -h, --help          Help for "stackit secrets-manager instance update"
+```
+
+### Options inherited from parent commands
+
+```
+  -y, --assume-yes             If set, skips all confirmation prompts
+      --async                  If set, runs the command asynchronously
+  -o, --output-format string   Output format, one of ["json" "pretty"]
+  -p, --project-id string      Project ID
+```
+
+### SEE ALSO
+
+* [stackit secrets-manager instance](./stackit_secrets-manager_instance.md)	 - Provides functionality for Secrets Manager instances
+
diff --git a/internal/cmd/secrets-manager/instance/instance.go b/internal/cmd/secrets-manager/instance/instance.go
@@ -5,6 +5,7 @@ import (
 	"github.com/stackitcloud/stackit-cli/internal/cmd/secrets-manager/instance/delete"
 	"github.com/stackitcloud/stackit-cli/internal/cmd/secrets-manager/instance/describe"
 	"github.com/stackitcloud/stackit-cli/internal/cmd/secrets-manager/instance/list"
+	"github.com/stackitcloud/stackit-cli/internal/cmd/secrets-manager/instance/update"
 	"github.com/stackitcloud/stackit-cli/internal/pkg/args"
 	"github.com/stackitcloud/stackit-cli/internal/pkg/utils"
 
@@ -28,4 +29,5 @@ func addSubcommands(cmd *cobra.Command) {
 	cmd.AddCommand(create.NewCmd())
 	cmd.AddCommand(delete.NewCmd())
 	cmd.AddCommand(describe.NewCmd())
+	cmd.AddCommand(update.NewCmd())
 }
diff --git a/internal/cmd/secrets-manager/instance/update/update.go b/internal/cmd/secrets-manager/instance/update/update.go
@@ -0,0 +1,124 @@
+package update
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/stackitcloud/stackit-cli/internal/pkg/args"
+	"github.com/stackitcloud/stackit-cli/internal/pkg/confirm"
+	cliErr "github.com/stackitcloud/stackit-cli/internal/pkg/errors"
+	"github.com/stackitcloud/stackit-cli/internal/pkg/examples"
+	"github.com/stackitcloud/stackit-cli/internal/pkg/flags"
+
+	"github.com/stackitcloud/stackit-cli/internal/pkg/globalflags"
+	"github.com/stackitcloud/stackit-cli/internal/pkg/services/secrets-manager/client"
+	secretsManagerUtils "github.com/stackitcloud/stackit-cli/internal/pkg/services/secrets-manager/utils"
+	"github.com/stackitcloud/stackit-cli/internal/pkg/utils"
+
+	"github.com/spf13/cobra"
+	"github.com/stackitcloud/stackit-sdk-go/services/secretsmanager"
+)
+
+const (
+	instanceIdArg = "INSTANCE_ID"
+
+	aclFlag = "acl"
+)
+
+type inputModel struct {
+	*globalflags.GlobalFlagModel
+	InstanceId string
+
+	Acls *[]string
+}
+
+func NewCmd() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   fmt.Sprintf("update %s", instanceIdArg),
+		Short: "Updates a Secrets Manager instance",
+		Long:  "Updates a Secrets Manager instance.",
+		Args:  args.SingleArg(instanceIdArg, utils.ValidateUUID),
+		Example: examples.Build(
+			examples.NewExample(
+				`Update the range of IPs allowed to access a Secrets Manager instance with ID "xxx"`,
+				"$ stackit secrets-manager instance update xxx --acl 1.2.3.0/24"),
+		),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			ctx := context.Background()
+			model, err := parseInput(cmd, args)
+			if err != nil {
+				return err
+			}
+
+			// Configure API client
+			apiClient, err := client.ConfigureClient(cmd)
+			if err != nil {
+				return err
+			}
+
+			instanceLabel, err := secretsManagerUtils.GetInstanceName(ctx, apiClient, model.ProjectId, model.InstanceId)
+			if err != nil {
+				instanceLabel = model.InstanceId
+			}
+
+			if !model.AssumeYes {
+				prompt := fmt.Sprintf("Are you sure you want to update instance %q?", instanceLabel)
+				err = confirm.PromptForConfirmation(cmd, prompt)
+				if err != nil {
+					return err
+				}
+			}
+
+			// Call API
+			req := buildRequest(ctx, model, apiClient)
+			err = req.Execute()
+			if err != nil {
+				return fmt.Errorf("update Secrets Manager instance: %w", err)
+			}
+
+			cmd.Printf("Updated instance %q\n", instanceLabel)
+			return nil
+		},
+	}
+	configureFlags(cmd)
+	return cmd
+}
+
+func configureFlags(cmd *cobra.Command) {
+	cmd.Flags().Var(flags.CIDRSliceFlag(), aclFlag, "List of IP networks in CIDR notation which are allowed to access this instance")
+}
+
+func parseInput(cmd *cobra.Command, inputArgs []string) (*inputModel, error) {
+	instanceId := inputArgs[0]
+
+	globalFlags := globalflags.Parse(cmd)
+	if globalFlags.ProjectId == "" {
+		return nil, &cliErr.ProjectIdError{}
+	}
+
+	acls := flags.FlagToStringSlicePointer(cmd, aclFlag)
+
+	if acls == nil {
+		return nil, &cliErr.EmptyUpdateError{}
+	}
+
+	return &inputModel{
+		GlobalFlagModel: globalFlags,
+		InstanceId:      instanceId,
+		Acls:            acls,
+	}, nil
+}
+
+func buildRequest(ctx context.Context, model *inputModel, apiClient *secretsmanager.APIClient) secretsmanager.ApiUpdateACLsRequest {
+	req := apiClient.UpdateACLs(ctx, model.ProjectId, model.InstanceId)
+
+	cidrs := []secretsmanager.AclUpdate{}
+
+	for _, acl := range *model.Acls {
+		cidrs = append(cidrs, secretsmanager.AclUpdate{Cidr: utils.Ptr(acl)})
+	}
+
+	req = req.UpdateACLsPayload(secretsmanager.UpdateACLsPayload{Cidrs: &cidrs})
+
+	return req
+}