feat(secret): add ephemeral policy (#1072)

Author: scaleway-bot

packages/clients/src/api/secret/v1alpha1/api.gen.ts

@@ -167,9 +167,9 @@ export class API extends ParentAPI {
     )
 
   /**
-   * Update metadata of a secret. Edit a secret's metadata such as name, tag(s)
-   * and description. The secret to update is specified by the `secret_id` and
-   * `region` parameters.
+   * Update metadata of a secret. Edit a secret's metadata such as name, tag(s),
+   * description and ephemeral policy. The secret to update is specified by the
+   * `secret_id` and `region` parameters.
    *
    * @param request - The request {@link UpdateSecretRequest}
    * @returns A Promise of Secret

packages/clients/src/api/secret/v1alpha1/index.gen.ts

@@ -14,6 +14,9 @@ export type {
   DestroySecretVersionRequest,
   DisableSecretVersionRequest,
   EnableSecretVersionRequest,
+  EphemeralPolicy,
+  EphemeralPolicyAction,
+  EphemeralProperties,
   Folder,
   GeneratePasswordRequest,
   GetSecretByNameRequest,
@@ -35,7 +38,6 @@ export type {
   Product,
   ProtectSecretRequest,
   Secret,
-  SecretEphemeralAction,
   SecretStatus,
   SecretType,
   SecretVersion,

packages/clients/src/api/secret/v1alpha1/marshalling.gen.ts

@@ -12,6 +12,8 @@ import type {
   CreateFolderRequest,
   CreateSecretRequest,
   CreateSecretVersionRequest,
+  EphemeralPolicy,
+  EphemeralProperties,
   Folder,
   GeneratePasswordRequest,
   ListFoldersResponse,
@@ -42,6 +44,20 @@ export const unmarshalFolder = (data: unknown): Folder => {
   } as Folder
 }
 
+const unmarshalEphemeralProperties = (data: unknown): EphemeralProperties => {
+  if (!isJSONObject(data)) {
+    throw new TypeError(
+      `Unmarshalling the type 'EphemeralProperties' failed as data isn't a dictionary.`,
+    )
+  }
+
+  return {
+    action: data.action,
+    expiresAt: unmarshalDate(data.expires_at),
+    expiresOnceAccessed: data.expires_once_accessed,
+  } as EphemeralProperties
+}
+
 export const unmarshalSecretVersion = (data: unknown): SecretVersion => {
   if (!isJSONObject(data)) {
     throw new TypeError(
@@ -52,6 +68,9 @@ export const unmarshalSecretVersion = (data: unknown): SecretVersion => {
   return {
     createdAt: unmarshalDate(data.created_at),
     description: data.description,
+    ephemeralProperties: data.ephemeral_properties
+      ? unmarshalEphemeralProperties(data.ephemeral_properties)
+      : undefined,
     isLatest: data.is_latest,
     revision: data.revision,
     secretId: data.secret_id,
@@ -60,6 +79,20 @@ export const unmarshalSecretVersion = (data: unknown): SecretVersion => {
   } as SecretVersion
 }
 
+export const unmarshalEphemeralPolicy = (data: unknown): EphemeralPolicy => {
+  if (!isJSONObject(data)) {
+    throw new TypeError(
+      `Unmarshalling the type 'EphemeralPolicy' failed as data isn't a dictionary.`,
+    )
+  }
+
+  return {
+    action: data.action,
+    expiresOnceAccessed: data.expires_once_accessed,
+    timeToLive: data.time_to_live,
+  } as EphemeralPolicy
+}
+
 export const unmarshalSecret = (data: unknown): Secret => {
   if (!isJSONObject(data)) {
     throw new TypeError(
@@ -70,8 +103,9 @@ export const unmarshalSecret = (data: unknown): Secret => {
   return {
     createdAt: unmarshalDate(data.created_at),
     description: data.description,
-    ephemeralAction: data.ephemeral_action,
-    expiresAt: unmarshalDate(data.expires_at),
+    ephemeralPolicy: data.ephemeral_policy
+      ? unmarshalEphemeralPolicy(data.ephemeral_policy)
+      : undefined,
     id: data.id,
     isManaged: data.is_managed,
     isProtected: data.is_protected,
@@ -179,13 +213,24 @@ export const marshalCreateFolderRequest = (
   project_id: request.projectId ?? defaults.defaultProjectId,
 })
 
+export const marshalEphemeralPolicy = (
+  request: EphemeralPolicy,
+  defaults: DefaultValues,
+): Record<string, unknown> => ({
+  action: request.action,
+  expires_once_accessed: request.expiresOnceAccessed,
+  time_to_live: request.timeToLive,
+})
+
 export const marshalCreateSecretRequest = (
   request: CreateSecretRequest,
   defaults: DefaultValues,
 ): Record<string, unknown> => ({
   description: request.description,
-  ephemeral_action: request.ephemeralAction,
-  expires_at: request.expiresAt,
+  ephemeral_policy:
+    request.ephemeralPolicy !== undefined
+      ? marshalEphemeralPolicy(request.ephemeralPolicy, defaults)
+      : undefined,
   name: request.name,
   path: request.path,
   project_id: request.projectId ?? defaults.defaultProjectId,
@@ -236,14 +281,31 @@ export const marshalUpdateSecretRequest = (
   defaults: DefaultValues,
 ): Record<string, unknown> => ({
   description: request.description,
+  ephemeral_policy:
+    request.ephemeralPolicy !== undefined
+      ? marshalEphemeralPolicy(request.ephemeralPolicy, defaults)
+      : undefined,
   name: request.name,
   path: request.path,
   tags: request.tags,
 })
 
+const marshalEphemeralProperties = (
+  request: EphemeralProperties,
+  defaults: DefaultValues,
+): Record<string, unknown> => ({
+  action: request.action,
+  expires_at: request.expiresAt,
+  expires_once_accessed: request.expiresOnceAccessed,
+})
+
 export const marshalUpdateSecretVersionRequest = (
   request: UpdateSecretVersionRequest,
   defaults: DefaultValues,
 ): Record<string, unknown> => ({
   description: request.description,
+  ephemeral_properties:
+    request.ephemeralProperties !== undefined
+      ? marshalEphemeralProperties(request.ephemeralProperties, defaults)
+      : undefined,
 })

packages/clients/src/api/secret/v1alpha1/types.gen.ts

@@ -2,6 +2,8 @@
 // If you have any remark or suggestion do not hesitate to open an issue.
 import type { Region } from '../../../bridge'
 
+export type EphemeralPolicyAction = 'unknown_action' | 'delete' | 'disable'
+
 export type ListFoldersRequestOrderBy =
   | 'created_at_asc'
   | 'created_at_desc'
@@ -18,11 +20,6 @@ export type ListSecretsRequestOrderBy =
 
 export type Product = 'unknown' | 'edge_services'
 
-export type SecretEphemeralAction =
-  | 'unknown_ephemeral_action'
-  | 'delete_secret'
-  | 'disable_secret'
-
 export type SecretStatus = 'ready' | 'locked'
 
 export type SecretType =
@@ -37,6 +34,30 @@ export type SecretVersionStatus =
   | 'disabled'
   | 'destroyed'
 
+export interface EphemeralProperties {
+  /** (Optional.) If not specified, the version does not have an expiration date. */
+  expiresAt?: Date
+  /**
+   * (Optional.) If not specified, the version can be accessed an unlimited
+   * amount of times.
+   */
+  expiresOnceAccessed?: boolean
+  /** See `EphemeralPolicy.Action` enum for a description of values. */
+  action: EphemeralPolicyAction
+}
+
+export interface EphemeralPolicy {
+  /**
+   * Time frame, from one second and up to one year, during which the secret's
+   * versions are valid.
+   */
+  timeToLive?: string
+  /** Returns `true` if the version expires after a single user access. */
+  expiresOnceAccessed?: boolean
+  /** See the `EphemeralPolicy.Action` enum for a description of values. */
+  action: EphemeralPolicyAction
+}
+
 export interface PasswordGenerationParams {
   /** Length of the password to generate (between 1 and 1024). */
   length: number
@@ -88,6 +109,12 @@ export interface SecretVersion {
   description?: string
   /** Returns `true` if the version is the latest. */
   isLatest: boolean
+  /**
+   * Returns the version's expiration date, whether it expires after being
+   * accessed once, and the action to perform (disable or delete) once the
+   * version expires.
+   */
+  ephemeralProperties?: EphemeralProperties
 }
 
 export interface Secret {
@@ -121,10 +148,11 @@ export interface Secret {
   type: SecretType
   /** Location of the secret in the directory structure. */
   path: string
-  /** (Optional.) Date on which the secret will be deleted or deactivated. */
-  expiresAt?: Date
-  /** See `Secret.EphemeralAction` enum for description of values. */
-  ephemeralAction: SecretEphemeralAction
+  /**
+   * (Optional.) Policy that defines whether/when a secret's versions expire. By
+   * default, the policy is applied to all the secret's versions.
+   */
+  ephemeralPolicy?: EphemeralPolicy
   /** Region of the secret. */
   region: Region
 }
@@ -244,10 +272,11 @@ export type CreateSecretRequest = {
    * specified, the path is `/`.
    */
   path?: string
-  /** (Optional.) Date on which the secret will be deleted or deactivated. */
-  expiresAt?: Date
-  /** Action to be taken when the secret expires. */
-  ephemeralAction?: SecretEphemeralAction
+  /**
+   * (Optional.) Policy that defines whether/when a secret's versions expire. By
+   * default, the policy is applied to all the secret's versions.
+   */
+  ephemeralPolicy?: EphemeralPolicy
 }
 
 export type CreateSecretVersionRequest = {
@@ -619,6 +648,8 @@ export type UpdateSecretRequest = {
    * specified, the path is `/`.
    */
   path?: string
+  /** (Optional.) Policy that defines whether/when a secret's versions expire. */
+  ephemeralPolicy?: EphemeralPolicy
 }
 
 export type UpdateSecretVersionRequest = {
@@ -640,4 +671,10 @@ export type UpdateSecretVersionRequest = {
   revision: string
   /** Description of the version. */
   description?: string
+  /**
+   * (Optional.) Properties that defines the version's expiration date, whether
+   * it expires after being accessed once, and the action to perform (disable or
+   * delete) once the version expires.
+   */
+  ephemeralProperties?: EphemeralProperties
 }