feat(secrets-manager): implement request building with KMS key

s-inter · rubenhoenle · commit 317e9cb18579 · 2026-03-27T11:14:10.000+01:00
diff --git a/internal/cmd/secrets-manager/instance/create/create.go b/internal/cmd/secrets-manager/instance/create/create.go
@@ -147,10 +147,20 @@ func parseInput(p *print.Printer, cmd *cobra.Command, _ []string) (*inputModel,
 func buildCreateInstanceRequest(ctx context.Context, model *inputModel, apiClient *secretsmanager.APIClient) secretsmanager.ApiCreateInstanceRequest {
 	req := apiClient.CreateInstance(ctx, model.ProjectId)
 
-	req = req.CreateInstancePayload(secretsmanager.CreateInstancePayload{
+	payload := secretsmanager.CreateInstancePayload{
 		Name: model.InstanceName,
-		// TODO: Add KMS config here when implementing API integration
-	})
+	}
+
+	if model.KmsKeyId != nil {
+		payload.KmsKey = &secretsmanager.KmsKeyPayload{
+			KeyId:               model.KmsKeyId,
+			KeyRingId:           model.KmsKeyringId,
+			KeyVersion:          model.KmsKeyVersion,
+			ServiceAccountEmail: model.KmsServiceAccountEmail,
+		}
+	}
+
+	req = req.CreateInstancePayload(payload)
 
 	return req
 }
diff --git a/internal/cmd/secrets-manager/instance/update/update.go b/internal/cmd/secrets-manager/instance/update/update.go
@@ -82,7 +82,14 @@ func NewCmd(params *types.CmdParams) *cobra.Command {
 
 			// Call API
 			req := buildRequest(ctx, model, apiClient)
-			err = req.Execute()
+			switch request := req.(type) {
+			case secretsmanager.ApiUpdateInstanceRequest:
+				err = request.Execute()
+			case secretsmanager.ApiUpdateACLsRequest:
+				err = request.Execute()
+			default:
+				err = fmt.Errorf("unknown request type")
+			}
 			if err != nil {
 				return fmt.Errorf("update Secrets Manager instance: %w", err)
 			}
@@ -135,9 +142,32 @@ func parseInput(p *print.Printer, cmd *cobra.Command, inputArgs []string) (*inpu
 	return &model, nil
 }
 
-func buildRequest(ctx context.Context, model *inputModel, apiClient *secretsmanager.APIClient) secretsmanager.ApiUpdateACLsRequest {
-	// TODO: implement API integration for KMS key updates.
+func buildRequest(ctx context.Context, model *inputModel, apiClient *secretsmanager.APIClient) interface{ Execute() error } {
+	if model.KmsKeyId != nil {
+		return buildUpdateInstanceRequest(ctx, model, apiClient)
+	}
+
+	return buildUpdateACLsRequest(ctx, model, apiClient)
+}
+
+func buildUpdateInstanceRequest(ctx context.Context, model *inputModel, apiClient *secretsmanager.APIClient) secretsmanager.ApiUpdateInstanceRequest {
+	req := apiClient.UpdateInstance(ctx, model.ProjectId, model.InstanceId)
+
+	payload := secretsmanager.UpdateInstancePayload{
+		KmsKey: &secretsmanager.KmsKeyPayload{
+			KeyId:               model.KmsKeyId,
+			KeyRingId:           model.KmsKeyringId,
+			KeyVersion:          model.KmsKeyVersion,
+			ServiceAccountEmail: model.KmsServiceAccountEmail,
+		},
+	}
+
+	req = req.UpdateInstancePayload(payload)
+
+	return req
+}
 
+func buildUpdateACLsRequest(ctx context.Context, model *inputModel, apiClient *secretsmanager.APIClient) secretsmanager.ApiUpdateACLsRequest {
 	req := apiClient.UpdateACLs(ctx, model.ProjectId, model.InstanceId)
 
 	cidrs := []secretsmanager.UpdateACLPayload{}
