Onboard Secrets Manager (ACL): describe command

internal/cmd/secrets-manager/instance/describe/describe.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"strings"
 
 	"github.com/stackitcloud/stackit-cli/internal/pkg/args"
 	"github.com/stackitcloud/stackit-cli/internal/pkg/errors"
@@ -52,14 +53,21 @@ func NewCmd() *cobra.Command {
 				return err
 			}
 
-			// Call API
-			req := buildRequest(ctx, model, apiClient)
-			resp, err := req.Execute()
+			// Call API to get instance details
+			req := buildGetInstanceRequest(ctx, model, apiClient)
+			instance, err := req.Execute()
 			if err != nil {
 				return fmt.Errorf("read Secrets Manager instance: %w", err)
 			}
 
-			return outputResult(cmd, model.OutputFormat, resp)
+			// Call API to get instance acls
+			listACLsReq := buildListACLsRequest(ctx, model, apiClient)
+			aclList, err := listACLsReq.Execute()
+			if err != nil {
+				return fmt.Errorf("read Secrets Manager instance ACLs: %w", err)
+			}
+
+			return outputResult(cmd, model.OutputFormat, instance, aclList)
 		},
 	}
 	return cmd
@@ -79,12 +87,17 @@ func parseInput(cmd *cobra.Command, inputArgs []string) (*inputModel, error) {
 	}, nil
 }
 
-func buildRequest(ctx context.Context, model *inputModel, apiClient *secretsmanager.APIClient) secretsmanager.ApiGetInstanceRequest {
+func buildGetInstanceRequest(ctx context.Context, model *inputModel, apiClient *secretsmanager.APIClient) secretsmanager.ApiGetInstanceRequest {
 	req := apiClient.GetInstance(ctx, model.ProjectId, model.InstanceId)
 	return req
 }
 
-func outputResult(cmd *cobra.Command, outputFormat string, instance *secretsmanager.Instance) error {
+func buildListACLsRequest(ctx context.Context, model *inputModel, apiClient *secretsmanager.APIClient) secretsmanager.ApiListACLsRequest {
+	req := apiClient.ListACLs(ctx, model.ProjectId, model.InstanceId)
+	return req
+}
+
+func outputResult(cmd *cobra.Command, outputFormat string, instance *secretsmanager.Instance, aclList *secretsmanager.AclList) error {
 	switch outputFormat {
 	case globalflags.PrettyOutputFormat:
 
@@ -101,14 +114,29 @@ func outputResult(cmd *cobra.Command, outputFormat string, instance *secretsmana
 		table.AddSeparator()
 		table.AddRow("CREATION DATE", *instance.CreationStartDate)
 		table.AddSeparator()
+		// Only show ACL if it's present and not empty
+		if aclList != nil && aclList.Acls != nil && len(*aclList.Acls) > 0 {
+			var cidrs []string
+
+			for _, acl := range *aclList.Acls {
+				cidrs = append(cidrs, *acl.Cidr)
+			}
+
+			table.AddRow("ACL", strings.Join(cidrs, ","))
+		}
 		err := table.Display(cmd)
 		if err != nil {
 			return fmt.Errorf("render table: %w", err)
 		}
 
 		return nil
 	default:
-		details, err := json.MarshalIndent(instance, "", "  ")
+		output := struct {
+			*secretsmanager.Instance
+			*secretsmanager.AclList
+		}{instance, aclList}
+
+		details, err := json.MarshalIndent(output, "", "  ")
 		if err != nil {
 			return fmt.Errorf("marshal Secrets Manager instance: %w", err)
 		}

internal/cmd/secrets-manager/instance/describe/describe_test.go

@@ -54,14 +54,22 @@ func fixtureInputModel(mods ...func(model *inputModel)) *inputModel {
 	return model
 }
 
-func fixtureRequest(mods ...func(request *secretsmanager.ApiGetInstanceRequest)) secretsmanager.ApiGetInstanceRequest {
+func fixtureGetInstanceRequest(mods ...func(request *secretsmanager.ApiGetInstanceRequest)) secretsmanager.ApiGetInstanceRequest {
 	request := testClient.GetInstance(testCtx, testProjectId, testInstanceId)
 	for _, mod := range mods {
 		mod(&request)
 	}
 	return request
 }
 
+func fixtureListACLsRequest(mods ...func(request *secretsmanager.ApiListACLsRequest)) secretsmanager.ApiListACLsRequest {
+	request := testClient.ListACLs(testCtx, testProjectId, testInstanceId)
+	for _, mod := range mods {
+		mod(&request)
+	}
+	return request
+}
+
 func TestParseInput(t *testing.T) {
 	tests := []struct {
 		description   string
@@ -186,7 +194,7 @@ func TestParseInput(t *testing.T) {
 	}
 }
 
-func TestBuildRequest(t *testing.T) {
+func TestBuildGetInstanceRequest(t *testing.T) {
 	tests := []struct {
 		description     string
 		model           *inputModel
@@ -195,13 +203,41 @@ func TestBuildRequest(t *testing.T) {
 		{
 			description:     "base",
 			model:           fixtureInputModel(),
-			expectedRequest: fixtureRequest(),
+			expectedRequest: fixtureGetInstanceRequest(),
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.description, func(t *testing.T) {
+			request := buildGetInstanceRequest(testCtx, tt.model, testClient)
+
+			diff := cmp.Diff(request, tt.expectedRequest,
+				cmp.AllowUnexported(tt.expectedRequest),
+				cmpopts.EquateComparable(testCtx),
+			)
+			if diff != "" {
+				t.Fatalf("Data does not match: %s", diff)
+			}
+		})
+	}
+}
+
+func TestBuildGetACLsRequest(t *testing.T) {
+	tests := []struct {
+		description     string
+		model           *inputModel
+		expectedRequest secretsmanager.ApiListACLsRequest
+	}{
+		{
+			description:     "base",
+			model:           fixtureInputModel(),
+			expectedRequest: fixtureListACLsRequest(),
 		},
 	}
 
 	for _, tt := range tests {
 		t.Run(tt.description, func(t *testing.T) {
-			request := buildRequest(testCtx, tt.model, testClient)
+			request := buildListACLsRequest(testCtx, tt.model, testClient)
 
 			diff := cmp.Diff(request, tt.expectedRequest,
 				cmp.AllowUnexported(tt.expectedRequest),