Add wrapper _delete_secret() that accepts a Secret object.

garloff · garloff · commit 7a4dafb08df0 · 2025-04-04T08:50:41.000+02:00
This keeps the code cleaner.

Signed-off-by: Kurt Garloff &lt;kurt@garloff.de&gt;
diff --git a/Tests/iaas/key-manager/check-for-key-manager.py b/Tests/iaas/key-manager/check-for-key-manager.py
@@ -57,7 +57,7 @@ def check_presence_of_key_manager(conn: openstack.connection.Connection) -> None
             return True
 
 
-def _find_secrets(conn: openstack.connection.Connection, secret_name_or_id: str):
+def _find_secrets(conn: openstack.connection.Connection, secret_name_or_id: str) -> list:
     """Replacement method for finding secrets.
 
     Mimicks the behavior of Connection.key_manager.find_secret()
@@ -69,6 +69,32 @@ def _find_secrets(conn: openstack.connection.Connection, secret_name_or_id: str)
     return [s for s in secrets if s.name == secret_name_or_id or s.id == secret_name_or_id]
 
 
+def _delete_secret(conn: openstack.connection.Connection, secret: openstack.key_manager.v1.secret.Secret):
+    """Replacement method for deleting secrets
+    _delete_secret(connection, secret object)
+
+    Workaround for SDK bugs:
+     - The id field in reality is a href (containg the UUID at the end)
+     - The delete_secret() function contrary to the documentation does
+       not accept openstack.key_manager.v1.secret.Secret objects nor the
+       hrefs, just plain UUIDs.
+     - It does not return an error when I try to delete a secret passing
+       an object or href, just silently does nothing.
+    The code here assumes that the SDK (when fixed) will continue to
+    accept UUIDs as argument for delete_secret() in the future.
+    Code is robust against those being passed directly in the .id attr
+    of the objects. (It would be even more robust to try to pass the
+    object first, then the href, then the UUID extracted from the href,
+    each time checking whether it was effective. But that's three delete
+    plus list calls and very ugly.)
+    """
+    uuid_part = secret.id.rfind('/') + 1
+    if uuid_part != 0:
+        conn.key_manager.delete_secret(secret.id[uuid_part:])
+    else:
+        conn.key_manager.delete_secret(secret.id)
+
+
 def check_key_manager_permissions(conn: openstack.connection.Connection) -> None:
     """
     After checking that the current user only has the member and maybe the
@@ -79,25 +105,10 @@ def check_key_manager_permissions(conn: openstack.connection.Connection) -> None
     try:
         existing_secrets = _find_secrets(conn, secret_name)
         for secret in existing_secrets:
-            # Workaround for SDK bugs:
-            # - The id field in reality is a href (containg the UUID at the end)
-            # - The delete_secret() function contrary to the documentation does
-            #   not accept openstack.key_managerv1.secret.Secret objects nor the
-            #   hrefs, just plain UUIDs.
-            # - It does not return an error when I try to delete a secret passing
-            #   an object or href, just silently does nothing.
-            # The code here assumes that the SDK (when fixed) will continue to
-            # accept UUIDs as argument for delete_secret() in the future.
-            # Code is robust against those being passed directly in the .id attr
-            # of the objects. (It would be even more robust to try to pass the
-            # object first, then the href, then the UUID extracted from the href,
-            # each time checking whether it was effective. But that's three delete
-            # plus list calls and very ugly.)
-            uuid_part = secret.id.rfind('/') + 1
-            if uuid_part != 0:
-                conn.key_manager.delete_secret(secret.id[uuid_part:])
-            else:
-                conn.key_manager.delete_secret(secret.id)
+            _delete_secret(conn, secret)
+
+        if existing_secrets:
+            logger.debug(f'Deleted {len(existing_secrets)} secrets')
 
         conn.key_manager.create_secret(
             name=secret_name,
@@ -106,11 +117,11 @@ def check_key_manager_permissions(conn: openstack.connection.Connection) -> None
             payload="foo",
         )
         try:
-            new_secret = _find_secret(conn, secret_name)
+            new_secret = _find_secrets(conn, secret_name)
             if not new_secret:
                 raise ValueError(f"Secret '{secret_name}' was not discoverable by the user")
         finally:
-            conn.key_manager.delete_secret(new_secret)
+            _delete_secret(conn, new_secret[0])
     except openstack.exceptions.ForbiddenException:
         logger.debug('exception details', exc_info=True)
         logger.error(
