feat(secret_manager): add protection in secret creation (#424)

scaleway-bot · web-flow · commit efe78edcd293 · 2024-01-29T09:52:09.000Z
diff --git a/scaleway-async/scaleway_async/secret/v1alpha1/api.py b/scaleway-async/scaleway_async/secret/v1alpha1/api.py
@@ -68,6 +68,7 @@ async def create_secret(
         *,
         name: str,
         type_: SecretType,
+        is_protected: bool,
         region: Optional[Region] = None,
         project_id: Optional[str] = None,
         tags: Optional[List[str]] = None,
@@ -89,6 +90,8 @@ async def create_secret(
         (Optional.) Location of the secret in the directory structure. If not specified, the path is `/`.
         :param ephemeral_policy: Ephemeral policy of the secret.
         (Optional.) Policy that defines whether/when a secret's versions expire. By default, the policy is applied to all the secret's versions.
+        :param is_protected: Returns `true` if secret protection is enabled on a given secret.
+        A protected secret cannot be deleted.
         :return: :class:`Secret <Secret>`
 
         Usage:
@@ -97,6 +100,7 @@ async def create_secret(
             result = await api.create_secret(
                 name="example",
                 type_=unknown_secret_type,
+                is_protected=True,
             )
         """
 
@@ -111,6 +115,7 @@ async def create_secret(
                 CreateSecretRequest(
                     name=name,
                     type_=type_,
+                    is_protected=is_protected,
                     region=region,
                     project_id=project_id,
                     tags=tags,
diff --git a/scaleway-async/scaleway_async/secret/v1alpha1/marshalling.py b/scaleway-async/scaleway_async/secret/v1alpha1/marshalling.py
@@ -402,6 +402,9 @@ def marshal_CreateSecretRequest(
             request.ephemeral_policy, defaults
         )
 
+    if request.is_protected is not None:
+        output["is_protected"] = request.is_protected
+
     if request.name is not None:
         output["name"] = request.name
 
diff --git a/scaleway-async/scaleway_async/secret/v1alpha1/types.py b/scaleway-async/scaleway_async/secret/v1alpha1/types.py
@@ -482,6 +482,12 @@ class CreateSecretRequest:
     (Optional.) Policy that defines whether/when a secret's versions expire. By default, the policy is applied to all the secret's versions.
     """
 
+    is_protected: bool
+    """
+    Returns `true` if secret protection is enabled on a given secret.
+    A protected secret cannot be deleted.
+    """
+
 
 @dataclass
 class CreateFolderRequest:
diff --git a/scaleway/scaleway/secret/v1alpha1/api.py b/scaleway/scaleway/secret/v1alpha1/api.py
@@ -68,6 +68,7 @@ def create_secret(
         *,
         name: str,
         type_: SecretType,
+        is_protected: bool,
         region: Optional[Region] = None,
         project_id: Optional[str] = None,
         tags: Optional[List[str]] = None,
@@ -89,6 +90,8 @@ def create_secret(
         (Optional.) Location of the secret in the directory structure. If not specified, the path is `/`.
         :param ephemeral_policy: Ephemeral policy of the secret.
         (Optional.) Policy that defines whether/when a secret's versions expire. By default, the policy is applied to all the secret's versions.
+        :param is_protected: Returns `true` if secret protection is enabled on a given secret.
+        A protected secret cannot be deleted.
         :return: :class:`Secret <Secret>`
 
         Usage:
@@ -97,6 +100,7 @@ def create_secret(
             result = api.create_secret(
                 name="example",
                 type_=unknown_secret_type,
+                is_protected=True,
             )
         """
 
@@ -111,6 +115,7 @@ def create_secret(
                 CreateSecretRequest(
                     name=name,
                     type_=type_,
+                    is_protected=is_protected,
                     region=region,
                     project_id=project_id,
                     tags=tags,
diff --git a/scaleway/scaleway/secret/v1alpha1/marshalling.py b/scaleway/scaleway/secret/v1alpha1/marshalling.py
@@ -402,6 +402,9 @@ def marshal_CreateSecretRequest(
             request.ephemeral_policy, defaults
         )
 
+    if request.is_protected is not None:
+        output["is_protected"] = request.is_protected
+
     if request.name is not None:
         output["name"] = request.name
 
diff --git a/scaleway/scaleway/secret/v1alpha1/types.py b/scaleway/scaleway/secret/v1alpha1/types.py
@@ -482,6 +482,12 @@ class CreateSecretRequest:
     (Optional.) Policy that defines whether/when a secret's versions expire. By default, the policy is applied to all the secret's versions.
     """
 
+    is_protected: bool
+    """
+    Returns `true` if secret protection is enabled on a given secret.
+    A protected secret cannot be deleted.
+    """
+
 
 @dataclass
 class CreateFolderRequest:

Original file line number	Diff line number	Diff line change
`@@ -402,6 +402,9 @@ def marshal_CreateSecretRequest(`
`402`	`402`	`request.ephemeral_policy, defaults`
`403`	`403`	`)`
`404`	`404`
	`405`	`+ if request.is_protected is not None:`
	`406`	`+ output["is_protected"] = request.is_protected`
	`407`	`+`
`405`	`408`	`if request.name is not None:`
`406`	`409`	`output["name"] = request.name`
`407`	`410`