(key db.AccessKey)
| 84 | } |
| 85 | |
| 86 | func (s *AccessKeyServiceImpl) Update(key db.AccessKey) (err error) { |
| 87 | if !key.OverrideSecret { |
| 88 | err = s.accessKeyRepo.UpdateAccessKey(key) |
| 89 | return |
| 90 | } |
| 91 | |
| 92 | var oldKey db.AccessKey |
| 93 | oldKey, err = s.accessKeyRepo.GetAccessKey(*key.ProjectID, key.ID) |
| 94 | if err != nil { |
| 95 | return |
| 96 | } |
| 97 | |
| 98 | if oldKey.SourceStorageType != nil && !oldKey.IsNativelyReadOnly() { |
| 99 | // validate if it is secure to override secret storage |
| 100 | |
| 101 | var oldSt db.SecretStorage |
| 102 | oldSt, err = s.secretStorageRepo.GetSecretStorage(*key.ProjectID, *oldKey.SourceStorageID) |
| 103 | if err != nil { |
| 104 | return |
| 105 | } |
| 106 | |
| 107 | if !oldSt.ReadOnly && (key.SourceStorageID == nil || *oldKey.SourceStorageID != *key.SourceStorageID) { |
| 108 | err = common_errors.NewUserErrorS("cannot override secret storage") |
| 109 | return |
| 110 | } |
| 111 | } |
| 112 | |
| 113 | if !key.IsNativelyReadOnly() { |
| 114 | err = s.encryptionService.SerializeSecret(&key) |
| 115 | if err != nil { |
| 116 | return |
| 117 | } |
| 118 | } |
| 119 | |
| 120 | err = s.accessKeyRepo.UpdateAccessKey(key) |
| 121 | |
| 122 | return |
| 123 | } |
nothing calls this directly
no test coverage detected