diff --git a/scaleway-async/scaleway_async/secret/v1alpha1/api.py b/scaleway-async/scaleway_async/secret/v1alpha1/api.py index f1cbf3a8..9a977014 100644 --- a/scaleway-async/scaleway_async/secret/v1alpha1/api.py +++ b/scaleway-async/scaleway_async/secret/v1alpha1/api.py @@ -363,6 +363,70 @@ async def delete_secret( self._throw_on_error(res) return None + async def protect_secret( + self, + *, + secret_id: str, + region: Optional[Region] = None, + ) -> Secret: + """ + Protect a secret. + Protect a given secret specified by the `secret_id` parameter. A protected secret can be read and modified but cannot be deleted. + :param region: Region to target. If none is passed will use default region from the config. + :param secret_id: ID of the secret to protect. + :return: :class:`Secret ` + + Usage: + :: + + result = await api.protect_secret(secret_id="example") + """ + + param_region = validate_path_param( + "region", region or self.client.default_region + ) + param_secret_id = validate_path_param("secret_id", secret_id) + + res = self._request( + "POST", + f"/secret-manager/v1alpha1/regions/{param_region}/secrets/{param_secret_id}/protect", + ) + + self._throw_on_error(res) + return unmarshal_Secret(res.json()) + + async def unprotect_secret( + self, + *, + secret_id: str, + region: Optional[Region] = None, + ) -> Secret: + """ + Unprotect a secret. + Unprotect a given secret specified by the `secret_id` parameter. An unprotected secret can be read, modified and deleted. + :param region: Region to target. If none is passed will use default region from the config. + :param secret_id: ID of the secret to unprotect. + :return: :class:`Secret ` + + Usage: + :: + + result = await api.unprotect_secret(secret_id="example") + """ + + param_region = validate_path_param( + "region", region or self.client.default_region + ) + param_secret_id = validate_path_param("secret_id", secret_id) + + res = self._request( + "POST", + f"/secret-manager/v1alpha1/regions/{param_region}/secrets/{param_secret_id}/unprotect", + ) + + self._throw_on_error(res) + return unmarshal_Secret(res.json()) + async def add_secret_owner( self, *, diff --git a/scaleway-async/scaleway_async/secret/v1alpha1/marshalling.py b/scaleway-async/scaleway_async/secret/v1alpha1/marshalling.py index 66c34bfd..947c1665 100644 --- a/scaleway-async/scaleway_async/secret/v1alpha1/marshalling.py +++ b/scaleway-async/scaleway_async/secret/v1alpha1/marshalling.py @@ -48,6 +48,9 @@ def unmarshal_Secret(data: Any) -> Secret: field = data.get("is_managed", None) args["is_managed"] = field + field = data.get("is_protected", None) + args["is_protected"] = field + field = data.get("name", None) args["name"] = field diff --git a/scaleway-async/scaleway_async/secret/v1alpha1/types.py b/scaleway-async/scaleway_async/secret/v1alpha1/types.py index 0c64484e..a756f866 100644 --- a/scaleway-async/scaleway_async/secret/v1alpha1/types.py +++ b/scaleway-async/scaleway_async/secret/v1alpha1/types.py @@ -194,8 +194,8 @@ class Secret: status: SecretStatus """ Current status of the secret. - * `ready`: the secret is ready. - * `locked`: the secret is locked. + * `ready`: the secret can be read, modified and deleted. + * `locked`: no action can be performed on the secret. This status can only be applied and removed by Scaleway. """ created_at: Optional[datetime] @@ -228,6 +228,11 @@ class Secret: Returns `true` for secrets that are managed by another product. """ + is_protected: bool + """ + Returns `true` for protected secrets that cannot be deleted. + """ + type_: SecretType """ Type of the secret. @@ -433,6 +438,32 @@ class DeleteSecretRequest: """ +@dataclass +class ProtectSecretRequest: + region: Optional[Region] + """ + Region to target. If none is passed will use default region from the config. + """ + + secret_id: str + """ + ID of the secret to protect. + """ + + +@dataclass +class UnprotectSecretRequest: + region: Optional[Region] + """ + Region to target. If none is passed will use default region from the config. + """ + + secret_id: str + """ + ID of the secret to unprotect. + """ + + @dataclass class AddSecretOwnerRequest: region: Optional[Region] diff --git a/scaleway/scaleway/secret/v1alpha1/api.py b/scaleway/scaleway/secret/v1alpha1/api.py index b4702e20..044bc309 100644 --- a/scaleway/scaleway/secret/v1alpha1/api.py +++ b/scaleway/scaleway/secret/v1alpha1/api.py @@ -363,6 +363,70 @@ def delete_secret( self._throw_on_error(res) return None + def protect_secret( + self, + *, + secret_id: str, + region: Optional[Region] = None, + ) -> Secret: + """ + Protect a secret. + Protect a given secret specified by the `secret_id` parameter. A protected secret can be read and modified but cannot be deleted. + :param region: Region to target. If none is passed will use default region from the config. + :param secret_id: ID of the secret to protect. + :return: :class:`Secret ` + + Usage: + :: + + result = api.protect_secret(secret_id="example") + """ + + param_region = validate_path_param( + "region", region or self.client.default_region + ) + param_secret_id = validate_path_param("secret_id", secret_id) + + res = self._request( + "POST", + f"/secret-manager/v1alpha1/regions/{param_region}/secrets/{param_secret_id}/protect", + ) + + self._throw_on_error(res) + return unmarshal_Secret(res.json()) + + def unprotect_secret( + self, + *, + secret_id: str, + region: Optional[Region] = None, + ) -> Secret: + """ + Unprotect a secret. + Unprotect a given secret specified by the `secret_id` parameter. An unprotected secret can be read, modified and deleted. + :param region: Region to target. If none is passed will use default region from the config. + :param secret_id: ID of the secret to unprotect. + :return: :class:`Secret ` + + Usage: + :: + + result = api.unprotect_secret(secret_id="example") + """ + + param_region = validate_path_param( + "region", region or self.client.default_region + ) + param_secret_id = validate_path_param("secret_id", secret_id) + + res = self._request( + "POST", + f"/secret-manager/v1alpha1/regions/{param_region}/secrets/{param_secret_id}/unprotect", + ) + + self._throw_on_error(res) + return unmarshal_Secret(res.json()) + def add_secret_owner( self, *, diff --git a/scaleway/scaleway/secret/v1alpha1/marshalling.py b/scaleway/scaleway/secret/v1alpha1/marshalling.py index 66c34bfd..947c1665 100644 --- a/scaleway/scaleway/secret/v1alpha1/marshalling.py +++ b/scaleway/scaleway/secret/v1alpha1/marshalling.py @@ -48,6 +48,9 @@ def unmarshal_Secret(data: Any) -> Secret: field = data.get("is_managed", None) args["is_managed"] = field + field = data.get("is_protected", None) + args["is_protected"] = field + field = data.get("name", None) args["name"] = field diff --git a/scaleway/scaleway/secret/v1alpha1/types.py b/scaleway/scaleway/secret/v1alpha1/types.py index 0c64484e..a756f866 100644 --- a/scaleway/scaleway/secret/v1alpha1/types.py +++ b/scaleway/scaleway/secret/v1alpha1/types.py @@ -194,8 +194,8 @@ class Secret: status: SecretStatus """ Current status of the secret. - * `ready`: the secret is ready. - * `locked`: the secret is locked. + * `ready`: the secret can be read, modified and deleted. + * `locked`: no action can be performed on the secret. This status can only be applied and removed by Scaleway. """ created_at: Optional[datetime] @@ -228,6 +228,11 @@ class Secret: Returns `true` for secrets that are managed by another product. """ + is_protected: bool + """ + Returns `true` for protected secrets that cannot be deleted. + """ + type_: SecretType """ Type of the secret. @@ -433,6 +438,32 @@ class DeleteSecretRequest: """ +@dataclass +class ProtectSecretRequest: + region: Optional[Region] + """ + Region to target. If none is passed will use default region from the config. + """ + + secret_id: str + """ + ID of the secret to protect. + """ + + +@dataclass +class UnprotectSecretRequest: + region: Optional[Region] + """ + Region to target. If none is passed will use default region from the config. + """ + + secret_id: str + """ + ID of the secret to unprotect. + """ + + @dataclass class AddSecretOwnerRequest: region: Optional[Region]