github.com/juju/juju@v0.0.0-20240430160146-1752b71fcf00/apiserver/facades/controller/usersecrets/secrets.go

github.com/juju/juju@v0.0.0-20240430160146-1752b71fcf00/apiserver/facades/controller/usersecrets/secrets.go (about)

     1  // Copyright 2023 Canonical Ltd.
     2  // Licensed under the AGPLv3, see LICENCE file for details.
     3  
     4  package usersecrets
     5  
     6  import (
     7  	"github.com/juju/errors"
     8  	"github.com/juju/names/v5"
     9  
    10  	commonsecrets "github.com/juju/juju/apiserver/common/secrets"
    11  	apiservererrors "github.com/juju/juju/apiserver/errors"
    12  	"github.com/juju/juju/apiserver/facade"
    13  	coresecrets "github.com/juju/juju/core/secrets"
    14  	"github.com/juju/juju/rpc/params"
    15  	"github.com/juju/juju/secrets/provider"
    16  	"github.com/juju/juju/state/watcher"
    17  )
    18  
    19  // UserSecretsManager is the implementation for the usersecrets facade.
    20  type UserSecretsManager struct {
    21  	authorizer facade.Authorizer
    22  	resources  facade.Resources
    23  
    24  	authTag        names.Tag
    25  	controllerUUID string
    26  	modelUUID      string
    27  
    28  	secretsState        SecretsState
    29  	backendConfigGetter func() (*provider.ModelBackendConfigInfo, error)
    30  }
    31  
    32  // WatchRevisionsToPrune returns a watcher for notifying when:
    33  //   - a secret revision owned by the model no longer
    34  //     has any consumers and should be pruned.
    35  func (s *UserSecretsManager) WatchRevisionsToPrune() (params.StringsWatchResult, error) {
    36  	result := params.StringsWatchResult{}
    37  	w, err := s.secretsState.WatchRevisionsToPrune([]names.Tag{names.NewModelTag(s.modelUUID)})
    38  	if err != nil {
    39  		return result, errors.Trace(err)
    40  	}
    41  	if changes, ok := <-w.Changes(); ok {
    42  		result.StringsWatcherId = s.resources.Register(w)
    43  		result.Changes = changes
    44  	} else {
    45  		err = watcher.EnsureErr(w)
    46  		result.Error = apiservererrors.ServerError(err)
    47  	}
    48  	return result, nil
    49  }
    50  
    51  // DeleteRevisions deletes the specified revisions of the specified secret.
    52  func (s *UserSecretsManager) DeleteRevisions(args params.DeleteSecretArgs) (params.ErrorResults, error) {
    53  	return commonsecrets.RemoveUserSecrets(
    54  		s.secretsState, s.backendConfigGetter,
    55  		s.authTag, args, s.modelUUID,
    56  		func(uri *coresecrets.URI) error {
    57  			md, err := s.secretsState.GetSecret(uri)
    58  			if err != nil {
    59  				return errors.Trace(err)
    60  			}
    61  			// Can only delete model owned(user supplied) secrets.
    62  			if md.OwnerTag != names.NewModelTag(s.modelUUID).String() {
    63  				return apiservererrors.ErrPerm
    64  			}
    65  			if !md.AutoPrune {
    66  				return errors.Errorf("cannot delete non auto-prune secret %q", uri.String())
    67  			}
    68  			return nil
    69  		},
    70  	)
    71  }