Implement keywhiz.cli clone #1216
Conversation
| public CloneSecretRequestV2 build() { | ||
| // throws IllegalArgumentException if content not valid base64. | ||
| return autoBuild(); | ||
| } |
There was a problem hiding this comment.
Is this comment still applicable?
There was a problem hiding this comment.
Nope, good call
| /** | ||
| * Static factory method used by Jackson for deserialization | ||
| */ | ||
| @SuppressWarnings("unused") | ||
| @JsonCreator public static CloneSecretRequestV2 fromParts( | ||
| @JsonProperty("name") String name, | ||
| @JsonProperty("newName") String newName) { | ||
| return builder() | ||
| .name(name) | ||
| .newName(newName) | ||
| .build(); | ||
| } |
There was a problem hiding this comment.
I guess while we're on the subject of comments, since @JsonCreator literally means "static factory method for Jackson", we could probably ditch the comment.
| try { | ||
| Secret newSecret = secretController.builder(existingSecret.getName(), | ||
| existingSecret.getSecret(), | ||
| existingSecret.getCreatedBy(), | ||
| existingSecret.getExpiry()) | ||
| .withDescription(existingSecret.getDescription()) | ||
| .withMetadata(existingSecret.getMetadata()) | ||
| .withOwnerName(existingSecret.getOwner()) | ||
| .withType(existingSecret.getType().orElse("")) | ||
| .create(); | ||
| newId = newSecret.getId(); | ||
| } catch (DataAccessException e) { |
There was a problem hiding this comment.
What about the secret contents? I'm worried that we'll have a new top-level secret with no actual contents/content history pointing to it. Or is this handled magically by the SecretController logic? Or do we not actually want the whole history cloned?
There was a problem hiding this comment.
Actually you're right, the content history is lost. I had another implementation that used the SecretDAO directly and I think we need to do that + add a DAO method to clone the actual history.
Adds a new command,
keywhiz.cli clone, that allows cloning a secret to a new name. This is intended to help resolve an issue where a user needs to recover an old version of their secret without rolling back the existing secret.Example usage: