Skip to content

feat: Add kms key options to secrets manager instance commands#1347

Open
s-inter wants to merge 15 commits intomainfrom
feat/STACKITCLI-338-Add-kms-key-options-to-secrets-manager-instance-commands
Open

feat: Add kms key options to secrets manager instance commands#1347
s-inter wants to merge 15 commits intomainfrom
feat/STACKITCLI-338-Add-kms-key-options-to-secrets-manager-instance-commands

Conversation

@s-inter
Copy link
Contributor

@s-inter s-inter commented Mar 24, 2026
edited
Loading

Description

This PR implements KMS key options for secrets manager instance commands (create, update, describe).

Changes

  • Added --kms-key-id, --kms-keyring-id, --kms-key-version, and --kms-service-account-email flags to stackit secrets-manager instance create and stackit secrets-manager instance update commands.
  • Added KMS key output fields to stackit secrets-manager instance describe command.
  • Added unit tests for input parsing, request building, and KMS-related functionality.
  • Generated updated command documentation.

Testing Instructions

Prerequisite: Run make build (if needed)

1. instance create (with KMS options)

bin/stackit secrets-manager instance create \
  --project-id <PROJECT_ID> \
  --name my-instance \
  --kms-key-id key-id \
  --kms-keyring-id keyring-id \
  --kms-key-version 1 \
  --kms-service-account-email my-service-account@sa.stackit.cloud
  • Expected: Prints instance ID and creation details. Internal API payload includes KmsKey properties.
  • Verify: Run describe command. Outputs should include KMS KEY ID, KMS KEYRING ID, KMS KEY VERSION, and KMS SERVICE ACCOUNT EMAIL.
bin/stackit secrets-manager instance describe <INSTANCE_ID> --project-id <PROJECT_ID>

2. instance update

Update Name Only

bin/stackit secrets-manager instance update <INSTANCE_ID> --project-id <PROJECT_ID> --name my-new-name
  • Expected: describe reflects the new name.

Update Name & ACLs Together

bin/stackit secrets-manager instance update <INSTANCE_ID> --project-id <PROJECT_ID> --name my-new-name --acl 1.2.3.0/24
  • Expected: describe reflects both changes.

Update KMS Options (requires --name)

bin/stackit secrets-manager instance update <INSTANCE_ID> \
  --project-id <PROJECT_ID> \
  --name my-instance \
  --kms-key-id new-key \
  --kms-keyring-id new-keyring \
  --kms-key-version 2 \
  --kms-service-account-email new-sa@sa.stackit.cloud
  • Expected: describe reflects the new KMS values.

3. Edge Cases & Negative Tests

  1. Use KMS flags without --name: Error "--name is required when using KMS flags" 
    bin/stackit secrets-manager instance update <INSTANCE_ID> --project-id <PROJECT_ID> --kms-key-id key-id --kms-keyring-id keyring-id --kms-key-version 1 --kms-service-account-email sa@sa.stackit.cloud
  2. Use partial KMS flags (missing others): Error about all KMS flags needing to be provided together. 
    bin/stackit secrets-manager instance update <INSTANCE_ID> --project-id <PROJECT_ID> --name my-instance --kms-key-id key-id
  3. No --name or --acl provided: Error about missing required fields. 
    bin/stackit secrets-manager instance update <INSTANCE_ID> --project-id <PROJECT_ID>

Notes for Reviewers

  • Behavior Changes:
    • update now supports updating instance name, ACLs, and KMS settings (separately or together).
    • --name is required when using any KMS flags.
    • At least one of --name or --acl must be provided.
  • API Details:
    • Name/KMS updates use UpdateInstance; ACLs use UpdateACLs.
    • When updating both, separate calls occur. If UpdateInstance succeeds but UpdateACLs fails, the user gets a helpful error indicating partial success.

relates to STACKITCLI-338

Checklist

  • Issue was linked above
  • Code format was applied: make fmt
  • Examples were added / adjusted
  • Docs are up-to-date: make generate-docs
  • Unit tests got implemented or updated
  • Unit tests are passing: make test
  • No linter issues: make lint

@s-inter s-inter changed the title Feat/STACKITCLI 338 Add kms key options to secrets manager instance commands feat: Add kms key options to secrets manager instance commands Mar 24, 2026
@rubenhoenle

This comment was marked as resolved.

Sign in to view
@rubenhoenle

This comment was marked as resolved.

Sign in to view
s-inter
s-inter commented Mar 25, 2026
View reviewed changes
@s-inter s-inter marked this pull request as ready for review March 25, 2026 14:38
@s-inter s-inter requested a review from a team as a code owner March 25, 2026 14:38
@github-actions
Copy link

github-actions bot commented Mar 25, 2026

Merging this branch will increase overall coverage

Impacted Packages Coverage Δ 🤖
github.com/stackitcloud/stackit-cli/internal/cmd/secrets-manager/instance/create 57.38% (+6.43%) 👍
github.com/stackitcloud/stackit-cli/internal/cmd/secrets-manager/instance/describe 66.67% (+3.51%) 👍
github.com/stackitcloud/stackit-cli/internal/cmd/secrets-manager/instance/update 50.82% (+2.04%) 👍
Coverage by file

Changed files (no unit tests)

Changed File Coverage Δ Total Covered Missed 🤖
github.com/stackitcloud/stackit-cli/internal/cmd/secrets-manager/instance/create/create.go 57.38% (+6.43%) 61 (+8) 35 (+8) 26 👍
github.com/stackitcloud/stackit-cli/internal/cmd/secrets-manager/instance/describe/describe.go 66.67% (+3.51%) 69 (+12) 46 (+10) 23 (+2) 👍
github.com/stackitcloud/stackit-cli/internal/cmd/secrets-manager/instance/update/update.go 50.82% (+2.04%) 61 (+20) 31 (+11) 30 (+9) 👍

Please note that the "Total", "Covered", and "Missed" counts above refer to code statements instead of lines of code. The value in brackets refers to the test coverage of that file in the old version of the code.

Changed unit test files

  • github.com/stackitcloud/stackit-cli/internal/cmd/secrets-manager/instance/create/create_test.go
  • github.com/stackitcloud/stackit-cli/internal/cmd/secrets-manager/instance/describe/describe_test.go
  • github.com/stackitcloud/stackit-cli/internal/cmd/secrets-manager/instance/update/update_test.go

@s-inter s-inter enabled auto-merge (squash) March 26, 2026 07:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rubenhoenle rubenhoenle rubenhoenle left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@s-inter @rubenhoenle