feat(secrets-manager): Support multiple API calls for instance update and ACL updates to align with create command

s-inter · rubenhoenle · commit c010c408e4d3 · 2026-03-27T11:14:10.000+01:00
diff --git a/docs/stackit_secrets-manager_instance_update.md b/docs/stackit_secrets-manager_instance_update.md
@@ -13,11 +13,17 @@ stackit secrets-manager instance update INSTANCE_ID [flags]
 ### Examples
 
 ```
+  Update the name of a Secrets Manager instance with ID "xxx"
+  $ stackit secrets-manager instance update xxx --name my-new-name
+
   Update the range of IPs allowed to access a Secrets Manager instance with ID "xxx"
   $ stackit secrets-manager instance update xxx --acl 1.2.3.0/24
 
+  Update the name and ACLs of a Secrets Manager instance with ID "xxx"
+  $ stackit secrets-manager instance update xxx --name my-new-name --acl 1.2.3.0/24
+
   Update the KMS key settings of a Secrets Manager instance with ID "xxx"
-  $ stackit secrets-manager instance update xxx --kms-key-id key-id --kms-keyring-id keyring-id --kms-key-version 1 --kms-service-account-email my-service-account-1234567@sa.stackit.cloud
+  $ stackit secrets-manager instance update xxx --name my-instance --kms-key-id key-id --kms-keyring-id keyring-id --kms-key-version 1 --kms-service-account-email my-service-account-1234567@sa.stackit.cloud
 ```
 
 ### Options
@@ -29,6 +35,7 @@ stackit secrets-manager instance update INSTANCE_ID [flags]
       --kms-key-version int                Version of the KMS key
       --kms-keyring-id string              ID of the KMS key ring
       --kms-service-account-email string   Service account email for KMS access
+  -n, --name string                        Instance name
 ```
 
 ### Options inherited from parent commands
diff --git a/internal/cmd/secrets-manager/instance/update/update.go b/internal/cmd/secrets-manager/instance/update/update.go
@@ -24,7 +24,8 @@ import (
 const (
 	instanceIdArg = "INSTANCE_ID"
 
-	aclFlag = "acl"
+	instanceNameFlag = "name"
+	aclFlag          = "acl"
 
 	kmsKeyIdFlag               = "kms-key-id"
 	kmsKeyringIdFlag           = "kms-keyring-id"
@@ -36,7 +37,8 @@ type inputModel struct {
 	*globalflags.GlobalFlagModel
 	InstanceId string
 
-	Acls *[]string
+	InstanceName *string
+	Acls         *[]string
 
 	KmsKeyId               *string
 	KmsKeyringId           *string
@@ -51,12 +53,18 @@ func NewCmd(params *types.CmdParams) *cobra.Command {
 		Long:  "Updates a Secrets Manager instance.",
 		Args:  args.SingleArg(instanceIdArg, utils.ValidateUUID),
 		Example: examples.Build(
+			examples.NewExample(
+				`Update the name of a Secrets Manager instance with ID "xxx"`,
+				"$ stackit secrets-manager instance update xxx --name my-new-name"),
 			examples.NewExample(
 				`Update the range of IPs allowed to access a Secrets Manager instance with ID "xxx"`,
 				"$ stackit secrets-manager instance update xxx --acl 1.2.3.0/24"),
+			examples.NewExample(
+				`Update the name and ACLs of a Secrets Manager instance with ID "xxx"`,
+				"$ stackit secrets-manager instance update xxx --name my-new-name --acl 1.2.3.0/24"),
 			examples.NewExample(
 				`Update the KMS key settings of a Secrets Manager instance with ID "xxx"`,
-				"$ stackit secrets-manager instance update xxx --kms-key-id key-id --kms-keyring-id keyring-id --kms-key-version 1 --kms-service-account-email my-service-account-1234567@sa.stackit.cloud"),
+				"$ stackit secrets-manager instance update xxx --name my-instance --kms-key-id key-id --kms-keyring-id keyring-id --kms-key-version 1 --kms-service-account-email my-service-account-1234567@sa.stackit.cloud"),
 		),
 		RunE: func(cmd *cobra.Command, args []string) error {
 			ctx := context.Background()
@@ -71,36 +79,42 @@ func NewCmd(params *types.CmdParams) *cobra.Command {
 				return err
 			}
 
-			instanceLabel, err := secretsManagerUtils.GetInstanceName(ctx, apiClient, model.ProjectId, model.InstanceId)
+			existingInstanceName, err := secretsManagerUtils.GetInstanceName(ctx, apiClient, model.ProjectId, model.InstanceId)
 			if err != nil {
 				params.Printer.Debug(print.ErrorLevel, "get instance name: %v", err)
-				instanceLabel = model.InstanceId
-				if model.KmsKeyId != nil {
-					return fmt.Errorf("get instance name: %w", err)
-				}
+				existingInstanceName = model.InstanceId
 			}
 
-			prompt := fmt.Sprintf("Are you sure you want to update instance %q?", instanceLabel)
+			prompt := fmt.Sprintf("Are you sure you want to update instance %q?", existingInstanceName)
 			err = params.Printer.PromptForConfirmation(prompt)
 			if err != nil {
 				return err
 			}
 
-			// Call API
-			req := buildRequest(ctx, model, instanceLabel, apiClient)
-			switch request := req.(type) {
-			case secretsmanager.ApiUpdateInstanceRequest:
-				err = request.Execute()
-			case secretsmanager.ApiUpdateACLsRequest:
-				err = request.Execute()
-			default:
-				err = fmt.Errorf("unknown request type")
+			// Call API - execute UpdateInstance and/or UpdateACLs based on flags
+			if model.InstanceName != nil {
+				req := buildUpdateInstanceRequest(ctx, model, apiClient)
+				err = req.Execute()
+				if err != nil {
+					return fmt.Errorf("update Secrets Manager instance: %w", err)
+				}
 			}
-			if err != nil {
-				return fmt.Errorf("update Secrets Manager instance: %w", err)
+
+			if model.Acls != nil {
+				req := buildUpdateACLsRequest(ctx, model, apiClient)
+				err = req.Execute()
+				if err != nil {
+					if model.InstanceName != nil {
+						return fmt.Errorf(`the Secrets Manager instance was successfully updated, but the configuration of the ACLs failed.
+
+If you want to retry configuring the ACLs, you can do it via: 
+  $ stackit secrets-manager instance update %s --acl %s`, model.InstanceId, *model.Acls)
+					}
+					return fmt.Errorf("update Secrets Manager instance ACLs: %w", err)
+				}
 			}
 
-			params.Printer.Info("Updated instance %q\n", instanceLabel)
+			params.Printer.Info("Updated instance %q\n", existingInstanceName)
 			return nil
 		},
 	}
@@ -109,6 +123,7 @@ func NewCmd(params *types.CmdParams) *cobra.Command {
 }
 
 func configureFlags(cmd *cobra.Command) {
+	cmd.Flags().StringP(instanceNameFlag, "n", "", "Instance name")
 	cmd.Flags().Var(flags.CIDRSliceFlag(), aclFlag, "List of IP networks in CIDR notation which are allowed to access this instance")
 
 	cmd.Flags().String(kmsKeyIdFlag, "", "ID of the KMS key to use for encryption")
@@ -117,8 +132,7 @@ func configureFlags(cmd *cobra.Command) {
 	cmd.Flags().String(kmsServiceAccountEmailFlag, "", "Service account email for KMS access")
 
 	cmd.MarkFlagsRequiredTogether(kmsKeyIdFlag, kmsKeyringIdFlag, kmsKeyVersionFlag, kmsServiceAccountEmailFlag)
-	cmd.MarkFlagsMutuallyExclusive(aclFlag, kmsKeyIdFlag)
-	cmd.MarkFlagsOneRequired(aclFlag, kmsKeyIdFlag)
+	cmd.MarkFlagsOneRequired(aclFlag, instanceNameFlag)
 }
 
 func parseInput(p *print.Printer, cmd *cobra.Command, inputArgs []string) (*inputModel, error) {
@@ -129,41 +143,39 @@ func parseInput(p *print.Printer, cmd *cobra.Command, inputArgs []string) (*inpu
 		return nil, &cliErr.ProjectIdError{}
 	}
 
-	acls := flags.FlagToStringSlicePointer(p, cmd, aclFlag)
-
 	model := inputModel{
 		GlobalFlagModel:        globalFlags,
 		InstanceId:             instanceId,
-		Acls:                   acls,
+		InstanceName:           flags.FlagToStringPointer(p, cmd, instanceNameFlag),
+		Acls:                   flags.FlagToStringSlicePointer(p, cmd, aclFlag),
 		KmsKeyId:               flags.FlagToStringPointer(p, cmd, kmsKeyIdFlag),
 		KmsKeyringId:           flags.FlagToStringPointer(p, cmd, kmsKeyringIdFlag),
 		KmsKeyVersion:          flags.FlagToInt64Pointer(p, cmd, kmsKeyVersionFlag),
 		KmsServiceAccountEmail: flags.FlagToStringPointer(p, cmd, kmsServiceAccountEmailFlag),
 	}
 
-	p.DebugInputModel(model)
-	return &model, nil
-}
-
-func buildRequest(ctx context.Context, model *inputModel, instanceName string, apiClient *secretsmanager.APIClient) interface{ Execute() error } {
-	if model.KmsKeyId != nil {
-		return buildUpdateInstanceRequest(ctx, model, instanceName, apiClient)
+	if model.KmsKeyId != nil && model.InstanceName == nil {
+		return nil, fmt.Errorf("--name is required when using KMS flags")
 	}
 
-	return buildUpdateACLsRequest(ctx, model, apiClient)
+	p.DebugInputModel(model)
+	return &model, nil
 }
 
-func buildUpdateInstanceRequest(ctx context.Context, model *inputModel, instanceName string, apiClient *secretsmanager.APIClient) secretsmanager.ApiUpdateInstanceRequest {
+func buildUpdateInstanceRequest(ctx context.Context, model *inputModel, apiClient *secretsmanager.APIClient) secretsmanager.ApiUpdateInstanceRequest {
 	req := apiClient.UpdateInstance(ctx, model.ProjectId, model.InstanceId)
 
 	payload := secretsmanager.UpdateInstancePayload{
-		Name: &instanceName,
-		KmsKey: &secretsmanager.KmsKeyPayload{
+		Name: model.InstanceName,
+	}
+
+	if model.KmsKeyId != nil {
+		payload.KmsKey = &secretsmanager.KmsKeyPayload{
 			KeyId:               model.KmsKeyId,
 			KeyRingId:           model.KmsKeyringId,
 			KeyVersion:          model.KmsKeyVersion,
 			ServiceAccountEmail: model.KmsServiceAccountEmail,
-		},
+		}
 	}
 
 	req = req.UpdateInstancePayload(payload)
