fix: now sanctuary destroys previous secret versions (!32) · Merge requests · Information Services / DevOps / Tools / Logan

Dmitrii Unterov requested to merge 26-sanctuary-fix-secret-destroy into master Feb 06, 2024

Fix explanation:

Current implementation - if getattr(version, "destroy_time", None) is None: is False every time and versions destroying simply doesn't work, because attribute destroy_time is always there. Easy to check it with hasattr(version, "destroy_time"). This is always True for every item in secret_versions.versions[1:]. It seems this is a google's lib behaviour.

So, as said, destroy_time attribute is always there, (type: <class 'google.protobuf.timestamp_pb2.Timestamp'>). The only difference is that the object field "seconds" is 0 (int) for non-destroyed versions (because destroy_time.seconds indicates time since version was destroyed).

So that's why the easiest way was to check if it is == 0 and if it is, destroy the version.

Edited Feb 08, 2024 by Dr Rich Wareham

fix: now sanctuary destroys previous secret versions

Merge request reports