Skip to content

Commit a8dcff8

Browse files
s-interrubenhoenle
s-inter
authored and
rubenhoenle
committed
feat(secrets-manager): add KMS flags to create and update instance commands
1 parent a1729da commit a8dcff8

File tree

2 files changed

+53
-7
lines changed

2 files changed

+53
-7
lines changed

internal/cmd/secrets-manager/instance/create/create.go

Lines changed: 25 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -23,13 +23,23 @@ import (
2323
const (
2424
instanceNameFlag = "name"
2525
aclFlag = "acl"
26+
27+
kmsKeyIdFlag = "kms-key-id"
28+
kmsKeyringIdFlag = "kms-keyring-id"
29+
kmsKeyVersionFlag = "kms-key-version"
30+
kmsServiceAccountEmailFlag = "kms-service-account-email"
2631
)
2732

2833
type inputModel struct {
2934
*globalflags.GlobalFlagModel
3035

3136
InstanceName *string
3237
Acls *[]string
38+
39+
KmsKeyId *string
40+
KmsKeyringId *string
41+
KmsKeyVersion *int64
42+
KmsServiceAccountEmail *string
3343
}
3444

3545
func NewCmd(params *types.CmdParams) *cobra.Command {
@@ -103,8 +113,15 @@ func configureFlags(cmd *cobra.Command) {
103113
cmd.Flags().StringP(instanceNameFlag, "n", "", "Instance name")
104114
cmd.Flags().Var(flags.CIDRSliceFlag(), aclFlag, "List of IP networks in CIDR notation which are allowed to access this instance")
105115

116+
cmd.Flags().String(kmsKeyIdFlag, "", "ID of the KMS key to use for encryption")
117+
cmd.Flags().String(kmsKeyringIdFlag, "", "ID of the KMS key ring")
118+
cmd.Flags().Int64(kmsKeyVersionFlag, 0, "Version of the KMS key")
119+
cmd.Flags().String(kmsServiceAccountEmailFlag, "", "Service account email for KMS access")
120+
106121
err := flags.MarkFlagsRequired(cmd, instanceNameFlag)
107122
cobra.CheckErr(err)
123+
124+
cmd.MarkFlagsRequiredTogether(kmsKeyIdFlag, kmsKeyringIdFlag, kmsKeyVersionFlag, kmsServiceAccountEmailFlag)
108125
}
109126

110127
func parseInput(p *print.Printer, cmd *cobra.Command, _ []string) (*inputModel, error) {
@@ -114,9 +131,13 @@ func parseInput(p *print.Printer, cmd *cobra.Command, _ []string) (*inputModel,
114131
}
115132

116133
model := inputModel{
117-
GlobalFlagModel: globalFlags,
118-
InstanceName: flags.FlagToStringPointer(p, cmd, instanceNameFlag),
119-
Acls: flags.FlagToStringSlicePointer(p, cmd, aclFlag),
134+
GlobalFlagModel: globalFlags,
135+
InstanceName: flags.FlagToStringPointer(p, cmd, instanceNameFlag),
136+
Acls: flags.FlagToStringSlicePointer(p, cmd, aclFlag),
137+
KmsKeyId: flags.FlagToStringPointer(p, cmd, kmsKeyIdFlag),
138+
KmsKeyringId: flags.FlagToStringPointer(p, cmd, kmsKeyringIdFlag),
139+
KmsKeyVersion: flags.FlagToInt64Pointer(p, cmd, kmsKeyVersionFlag),
140+
KmsServiceAccountEmail: flags.FlagToStringPointer(p, cmd, kmsServiceAccountEmailFlag),
120141
}
121142

122143
p.DebugInputModel(model)
@@ -128,6 +149,7 @@ func buildCreateInstanceRequest(ctx context.Context, model *inputModel, apiClien
128149

129150
req = req.CreateInstancePayload(secretsmanager.CreateInstancePayload{
130151
Name: model.InstanceName,
152+
// TODO: Add KMS config here when implementing API integration
131153
})
132154

133155
return req

internal/cmd/secrets-manager/instance/update/update.go

Lines changed: 28 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -25,13 +25,23 @@ const (
2525
instanceIdArg = "INSTANCE_ID"
2626

2727
aclFlag = "acl"
28+
29+
kmsKeyIdFlag = "kms-key-id"
30+
kmsKeyringIdFlag = "kms-keyring-id"
31+
kmsKeyVersionFlag = "kms-key-version"
32+
kmsServiceAccountEmailFlag = "kms-service-account-email"
2833
)
2934

3035
type inputModel struct {
3136
*globalflags.GlobalFlagModel
3237
InstanceId string
3338

3439
Acls *[]string
40+
41+
KmsKeyId *string
42+
KmsKeyringId *string
43+
KmsKeyVersion *int64
44+
KmsServiceAccountEmail *string
3545
}
3646

3747
func NewCmd(params *types.CmdParams) *cobra.Command {
@@ -87,6 +97,13 @@ func NewCmd(params *types.CmdParams) *cobra.Command {
8797

8898
func configureFlags(cmd *cobra.Command) {
8999
cmd.Flags().Var(flags.CIDRSliceFlag(), aclFlag, "List of IP networks in CIDR notation which are allowed to access this instance")
100+
101+
cmd.Flags().String(kmsKeyIdFlag, "", "ID of the KMS key to use for encryption")
102+
cmd.Flags().String(kmsKeyringIdFlag, "", "ID of the KMS key ring")
103+
cmd.Flags().Int64(kmsKeyVersionFlag, 0, "Version of the KMS key")
104+
cmd.Flags().String(kmsServiceAccountEmailFlag, "", "Service account email for KMS access")
105+
106+
cmd.MarkFlagsRequiredTogether(kmsKeyIdFlag, kmsKeyringIdFlag, kmsKeyVersionFlag, kmsServiceAccountEmailFlag)
90107
}
91108

92109
func parseInput(p *print.Printer, cmd *cobra.Command, inputArgs []string) (*inputModel, error) {
@@ -98,22 +115,29 @@ func parseInput(p *print.Printer, cmd *cobra.Command, inputArgs []string) (*inpu
98115
}
99116

100117
acls := flags.FlagToStringSlicePointer(p, cmd, aclFlag)
118+
kmsKeyId := flags.FlagToStringPointer(p, cmd, kmsKeyIdFlag)
101119

102-
if acls == nil {
120+
if acls == nil && kmsKeyId == nil {
103121
return nil, &cliErr.EmptyUpdateError{}
104122
}
105123

106124
model := inputModel{
107-
GlobalFlagModel: globalFlags,
108-
InstanceId: instanceId,
109-
Acls: acls,
125+
GlobalFlagModel: globalFlags,
126+
InstanceId: instanceId,
127+
Acls: acls,
128+
KmsKeyId: flags.FlagToStringPointer(p, cmd, kmsKeyIdFlag),
129+
KmsKeyringId: flags.FlagToStringPointer(p, cmd, kmsKeyringIdFlag),
130+
KmsKeyVersion: flags.FlagToInt64Pointer(p, cmd, kmsKeyVersionFlag),
131+
KmsServiceAccountEmail: flags.FlagToStringPointer(p, cmd, kmsServiceAccountEmailFlag),
110132
}
111133

112134
p.DebugInputModel(model)
113135
return &model, nil
114136
}
115137

116138
func buildRequest(ctx context.Context, model *inputModel, apiClient *secretsmanager.APIClient) secretsmanager.ApiUpdateACLsRequest {
139+
// TODO: implement API integration for KMS key updates.
140+
117141
req := apiClient.UpdateACLs(ctx, model.ProjectId, model.InstanceId)
118142

119143
cidrs := []secretsmanager.UpdateACLPayload{}

0 commit comments

Comments
 (0)