feat: add get_data api for Trusted Secret

cloudforet-io · Mar 12, 2024 · ea6cb30 · ea6cb30
1 parent d27fe1b
commit ea6cb30
Show file tree

Hide file tree

Showing 3 changed files with 54 additions and 0 deletions.
diff --git a/src/spaceone/secret/info/trusted_secret_info.py b/src/spaceone/secret/info/trusted_secret_info.py
@@ -9,6 +9,16 @@
 _LOGGER = logging.getLogger(__name__)
 
 
+def TrustedSecretDataInfo(secret_data):
+    info = {
+        "encrypted": secret_data.get("encrypted", False),
+        "encrypt_options": change_struct_type(secret_data.get("encrypt_options", {})),
+        "data": change_struct_type(secret_data["data"]),
+    }
+
+    return trusted_secret_pb2.TrustedSecretDataInfo(**info)
+
+
 def TrustedSecretInfo(trusted_secret_vo: TrustedSecret, minimal=False):
     info = {
         "trusted_secret_id": trusted_secret_vo.trusted_secret_id,

diff --git a/src/spaceone/secret/interface/grpc/trusted_secret.py b/src/spaceone/secret/interface/grpc/trusted_secret.py
@@ -33,6 +33,13 @@ def update_data(self, request, context):
             trusted_secret_service.update_data(params)
             return self.locator.get_info('EmptyInfo')
 
+    def get_data(self, request, context):
+        params, metadata = self.parse_request(request, context)
+
+        with self.locator.get_service('TrustedSecretService', metadata) as trusted_secret_service:
+            trusted_secret_data = trusted_secret_service.get_data(params)
+            return self.locator.get_info('TrustedSecretDataInfo', trusted_secret_data)
+
     def get(self, request, context):
         params, metadata = self.parse_request(request, context)
 

diff --git a/src/spaceone/secret/service/trusted_secret_service.py b/src/spaceone/secret/service/trusted_secret_service.py
@@ -8,6 +8,7 @@
 from spaceone.secret.manager.secret_manager import SecretManager
 from spaceone.secret.manager.trusted_secret_manager import TrustedSecretManager
 from spaceone.secret.manager.secret_connector_manager import SecretConnectorManager
+from spaceone.secret.model.trusted_secret_model import TrustedSecret
 
 _LOGGER = logging.getLogger(__name__)
 
@@ -188,6 +189,42 @@ def update_data(self, params):
         )
         secret_conn_mgr.update_secret(trusted_secret_id, data)
 
+    @transaction(exclude=["authentication", "authorization", "mutation"])
+    @check_required(["trusted_account_id", "domain_id"])
+    def get_data(self, params):
+        """Get user secret data
+
+        Args:
+            params (dict): {
+                'trusted_account_id': 'str',        # required
+                'workspace_id': 'str',              # injected from auth
+                'domain_id': 'str',                 # injected from auth (required)
+            }
+
+        Returns:
+            user_secret_data (dict)
+        """
+
+        trusted_account_id = params["secret_id"]
+        domain_id = params["domain_id"]
+        workspace_id = params.get("workspace_id")
+
+        trusted_secret_vo: TrustedSecret = self.trusted_secret_mgr.get_trusted_secret(
+            trusted_account_id, domain_id, workspace_id
+        )
+
+        secret_conn_mgr: SecretConnectorManager = self.locator.get_manager(
+            "SecretConnectorManager"
+        )
+
+        trusted_secret_data = secret_conn_mgr.get_secret(trusted_account_id)
+
+        return {
+            "encrypted": trusted_secret_vo.encrypted,
+            "encrypt_options": trusted_secret_vo.encrypt_options,
+            "data": trusted_secret_data,
+        }
+
     @transaction(
         permission="secret:TrustedSecret.read",
         role_types=["DOMAIN_ADMIN", "WORKSPACE_OWNER", "WORKSPACE_MEMBER"],