diff --git a/src/spaceone/secret/info/trusted_secret_info.py b/src/spaceone/secret/info/trusted_secret_info.py index 3c45dd7..6ac3fdd 100644 --- a/src/spaceone/secret/info/trusted_secret_info.py +++ b/src/spaceone/secret/info/trusted_secret_info.py @@ -9,6 +9,16 @@ _LOGGER = logging.getLogger(__name__) +def TrustedSecretDataInfo(secret_data): + info = { + "encrypted": secret_data.get("encrypted", False), + "encrypt_options": change_struct_type(secret_data.get("encrypt_options", {})), + "data": change_struct_type(secret_data["data"]), + } + + return trusted_secret_pb2.TrustedSecretDataInfo(**info) + + def TrustedSecretInfo(trusted_secret_vo: TrustedSecret, minimal=False): info = { "trusted_secret_id": trusted_secret_vo.trusted_secret_id, diff --git a/src/spaceone/secret/interface/grpc/trusted_secret.py b/src/spaceone/secret/interface/grpc/trusted_secret.py index c1b9c24..cbad53b 100644 --- a/src/spaceone/secret/interface/grpc/trusted_secret.py +++ b/src/spaceone/secret/interface/grpc/trusted_secret.py @@ -33,6 +33,13 @@ def update_data(self, request, context): trusted_secret_service.update_data(params) return self.locator.get_info('EmptyInfo') + def get_data(self, request, context): + params, metadata = self.parse_request(request, context) + + with self.locator.get_service('TrustedSecretService', metadata) as trusted_secret_service: + trusted_secret_data = trusted_secret_service.get_data(params) + return self.locator.get_info('TrustedSecretDataInfo', trusted_secret_data) + def get(self, request, context): params, metadata = self.parse_request(request, context) diff --git a/src/spaceone/secret/service/trusted_secret_service.py b/src/spaceone/secret/service/trusted_secret_service.py index 0f6fd35..43abca1 100644 --- a/src/spaceone/secret/service/trusted_secret_service.py +++ b/src/spaceone/secret/service/trusted_secret_service.py @@ -8,6 +8,7 @@ from spaceone.secret.manager.secret_manager import SecretManager from spaceone.secret.manager.trusted_secret_manager import TrustedSecretManager from spaceone.secret.manager.secret_connector_manager import SecretConnectorManager +from spaceone.secret.model.trusted_secret_model import TrustedSecret _LOGGER = logging.getLogger(__name__) @@ -188,6 +189,42 @@ def update_data(self, params): ) secret_conn_mgr.update_secret(trusted_secret_id, data) + @transaction(exclude=["authentication", "authorization", "mutation"]) + @check_required(["trusted_account_id", "domain_id"]) + def get_data(self, params): + """Get user secret data + + Args: + params (dict): { + 'trusted_account_id': 'str', # required + 'workspace_id': 'str', # injected from auth + 'domain_id': 'str', # injected from auth (required) + } + + Returns: + user_secret_data (dict) + """ + + trusted_account_id = params["secret_id"] + domain_id = params["domain_id"] + workspace_id = params.get("workspace_id") + + trusted_secret_vo: TrustedSecret = self.trusted_secret_mgr.get_trusted_secret( + trusted_account_id, domain_id, workspace_id + ) + + secret_conn_mgr: SecretConnectorManager = self.locator.get_manager( + "SecretConnectorManager" + ) + + trusted_secret_data = secret_conn_mgr.get_secret(trusted_account_id) + + return { + "encrypted": trusted_secret_vo.encrypted, + "encrypt_options": trusted_secret_vo.encrypt_options, + "data": trusted_secret_data, + } + @transaction( permission="secret:TrustedSecret.read", role_types=["DOMAIN_ADMIN", "WORKSPACE_OWNER", "WORKSPACE_MEMBER"],