feat(secret): add support for ephemeral-policy-template (#3547)

Co-authored-by: Rémy Léone <rleone@scaleway.com>

Author: scaleway-bot

cmd/scw/testdata/test-all-usage-secret-secret-create-usage.golden

@@ -10,15 +10,16 @@ EXAMPLES:
     scw secret secret create name=foobar description="$(cat <path/to/your/secret>)"
 
 ARGS:
-  [project-id]         Project ID to use. If none is passed the default project ID will be used
-  [name]               Name of the secret
-  [tags.{index}]       List of the secret's tags
-  [description]        Description of the secret
-  [type]               Type of the secret (unknown_secret_type | opaque | certificate | key_value)
-  [path]               Path of the secret
-  [expires-at]         Expiration date of the secret
-  [ephemeral-action]   Action to be taken when the secret expires (unknown_ephemeral_action | delete_secret | disable_secret)
-  [region=fr-par]      Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+  [project-id]                                        Project ID to use. If none is passed the default project ID will be used
+  [name]                                              Name of the secret
+  [tags.{index}]                                      List of the secret's tags
+  [description]                                       Description of the secret
+  [type]                                              Type of the secret (unknown_secret_type | opaque | certificate | key_value)
+  [path]                                              Path of the secret
+  [ephemeral-policy-template.time-to-live]            Time frame, from one second and up to one year, during which the secret's versions are valid.
+  [ephemeral-policy-template.expires-once-accessed]   Returns `true` if the version expires after a single user access.
+  [ephemeral-policy-template.action]                  Action to perform when the version of a secret expires (unknown_action | delete | disable)
+  [region=fr-par]                                     Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
 
 FLAGS:
   -h, --help   help for create

cmd/scw/testdata/test-all-usage-secret-secret-update-usage.golden

@@ -1,17 +1,20 @@
 🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
 🟥🟥🟥 STDERR️️ 🟥🟥🟥️
-Edit a secret's metadata such as name, tag(s) and description. The secret to update is specified by the `secret_id` and `region` parameters.
+Edit a secret's metadata such as name, tag(s), description and ephemeral policy. The secret to update is specified by the `secret_id` and `region` parameters.
 
 USAGE:
   scw secret secret update [arg=value ...]
 
 ARGS:
-  secret-id         ID of the secret
-  [name]            Secret's updated name (optional)
-  [tags.{index}]    Secret's updated list of tags (optional)
-  [description]     Description of the secret
-  [path]            Path of the folder
-  [region=fr-par]   Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+  secret-id                                           ID of the secret
+  [name]                                              Secret's updated name (optional)
+  [tags.{index}]                                      Secret's updated list of tags (optional)
+  [description]                                       Description of the secret
+  [path]                                              Path of the folder
+  [ephemeral-policy-template.time-to-live]            Time frame, from one second and up to one year, during which the secret's versions are valid.
+  [ephemeral-policy-template.expires-once-accessed]   Returns `true` if the version expires after a single user access.
+  [ephemeral-policy-template.action]                  Action to perform when the version of a secret expires (unknown_action | delete | disable)
+  [region=fr-par]                                     Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
 
 FLAGS:
   -h, --help   help for update

cmd/scw/testdata/test-all-usage-secret-version-update-usage.golden

@@ -6,10 +6,13 @@ USAGE:
   scw secret version update [arg=value ...]
 
 ARGS:
-  secret-id         ID of the secret
-  revision          Version number
-  [description]     Description of the version
-  [region=fr-par]   Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+  secret-id                                  ID of the secret
+  revision                                   Version number
+  [description]                              Description of the version
+  [ephemeral-status.expires-at]              The version's expiration date
+  [ephemeral-status.expires-once-accessed]   Returns `true` if the version expires after a single user access.
+  [ephemeral-status.action]                  Action to perform when the version of a secret expires (unknown_action | delete | disable)
+  [region=fr-par]                            Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
 
 FLAGS:
   -h, --help   help for update

docs/commands/secret.md

@@ -146,8 +146,9 @@ scw secret secret create [arg=value ...]
 | description |  | Description of the secret |
 | type | One of: `unknown_secret_type`, `opaque`, `certificate`, `key_value` | Type of the secret |
 | path |  | Path of the secret |
-| expires-at |  | Expiration date of the secret |
-| ephemeral-action | One of: `unknown_ephemeral_action`, `delete_secret`, `disable_secret` | Action to be taken when the secret expires |
+| ephemeral-policy-template.time-to-live |  | Time frame, from one second and up to one year, during which the secret's versions are valid. |
+| ephemeral-policy-template.expires-once-accessed |  | Returns `true` if the version expires after a single user access. |
+| ephemeral-policy-template.action | One of: `unknown_action`, `delete`, `disable` | Action to perform when the version of a secret expires |
 | region | Default: `fr-par`<br />One of: `fr-par`, `nl-ams`, `pl-waw` | Region to target. If none is passed will use default region from the config |
 
 
@@ -301,7 +302,7 @@ scw secret secret unprotect 11111111-1111-1111-1111-111111111111
 
 ### Update metadata of a secret
 
-Edit a secret's metadata such as name, tag(s) and description. The secret to update is specified by the `secret_id` and `region` parameters.
+Edit a secret's metadata such as name, tag(s), description and ephemeral policy. The secret to update is specified by the `secret_id` and `region` parameters.
 
 **Usage:**
 
@@ -319,6 +320,9 @@ scw secret secret update [arg=value ...]
 | tags.{index} |  | Secret's updated list of tags (optional) |
 | description |  | Description of the secret |
 | path |  | Path of the folder |
+| ephemeral-policy-template.time-to-live |  | Time frame, from one second and up to one year, during which the secret's versions are valid. |
+| ephemeral-policy-template.expires-once-accessed |  | Returns `true` if the version expires after a single user access. |
+| ephemeral-policy-template.action | One of: `unknown_action`, `delete`, `disable` | Action to perform when the version of a secret expires |
 | region | Default: `fr-par`<br />One of: `fr-par`, `nl-ams`, `pl-waw` | Region to target. If none is passed will use default region from the config |
 
 
@@ -563,6 +567,9 @@ scw secret version update [arg=value ...]
 | secret-id | Required | ID of the secret |
 | revision | Required | Version number |
 | description |  | Description of the version |
+| ephemeral-status.expires-at |  | The version's expiration date |
+| ephemeral-status.expires-once-accessed |  | Returns `true` if the version expires after a single user access. |
+| ephemeral-status.action | One of: `unknown_action`, `delete`, `disable` | Action to perform when the version of a secret expires |
 | region | Default: `fr-par`<br />One of: `fr-par`, `nl-ams`, `pl-waw` | Region to target. If none is passed will use default region from the config |
 
 

internal/namespaces/secret/v1alpha1/secret_cli.go

@@ -139,19 +139,26 @@ func secretSecretCreate() *core.Command {
 				Positional: false,
 			},
 			{
-				Name:       "expires-at",
-				Short:      `Expiration date of the secret`,
+				Name:       "ephemeral-policy-template.time-to-live",
+				Short:      `Time frame, from one second and up to one year, during which the secret's versions are valid.`,
 				Required:   false,
 				Deprecated: false,
 				Positional: false,
 			},
 			{
-				Name:       "ephemeral-action",
-				Short:      `Action to be taken when the secret expires`,
+				Name:       "ephemeral-policy-template.expires-once-accessed",
+				Short:      `Returns ` + "`" + `true` + "`" + ` if the version expires after a single user access.`,
 				Required:   false,
 				Deprecated: false,
 				Positional: false,
-				EnumValues: []string{"unknown_ephemeral_action", "delete_secret", "disable_secret"},
+			},
+			{
+				Name:       "ephemeral-policy-template.action",
+				Short:      `Action to perform when the version of a secret expires`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+				EnumValues: []string{"unknown_action", "delete", "disable"},
 			},
 			core.RegionArgSpec(scw.RegionFrPar, scw.RegionNlAms, scw.RegionPlWaw),
 		},
@@ -243,7 +250,7 @@ func secretSecretGet() *core.Command {
 func secretSecretUpdate() *core.Command {
 	return &core.Command{
 		Short:     `Update metadata of a secret`,
-		Long:      `Edit a secret's metadata such as name, tag(s) and description. The secret to update is specified by the ` + "`" + `secret_id` + "`" + ` and ` + "`" + `region` + "`" + ` parameters.`,
+		Long:      `Edit a secret's metadata such as name, tag(s), description and ephemeral policy. The secret to update is specified by the ` + "`" + `secret_id` + "`" + ` and ` + "`" + `region` + "`" + ` parameters.`,
 		Namespace: "secret",
 		Resource:  "secret",
 		Verb:      "update",
@@ -285,6 +292,28 @@ func secretSecretUpdate() *core.Command {
 				Deprecated: false,
 				Positional: false,
 			},
+			{
+				Name:       "ephemeral-policy-template.time-to-live",
+				Short:      `Time frame, from one second and up to one year, during which the secret's versions are valid.`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "ephemeral-policy-template.expires-once-accessed",
+				Short:      `Returns ` + "`" + `true` + "`" + ` if the version expires after a single user access.`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "ephemeral-policy-template.action",
+				Short:      `Action to perform when the version of a secret expires`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+				EnumValues: []string{"unknown_action", "delete", "disable"},
+			},
 			core.RegionArgSpec(scw.RegionFrPar, scw.RegionNlAms, scw.RegionPlWaw),
 		},
 		Run: func(ctx context.Context, args interface{}) (i interface{}, e error) {
@@ -880,6 +909,28 @@ func secretVersionUpdate() *core.Command {
 				Deprecated: false,
 				Positional: false,
 			},
+			{
+				Name:       "ephemeral-status.expires-at",
+				Short:      `The version's expiration date`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "ephemeral-status.expires-once-accessed",
+				Short:      `Returns ` + "`" + `true` + "`" + ` if the version expires after a single user access.`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "ephemeral-status.action",
+				Short:      `Action to perform when the version of a secret expires`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+				EnumValues: []string{"unknown_action", "delete", "disable"},
+			},
 			core.RegionArgSpec(scw.RegionFrPar, scw.RegionNlAms, scw.RegionPlWaw),
 		},
 		Run: func(ctx context.Context, args interface{}) (i interface{}, e error) {