RD-6368 Add secret schema to secret create (#1450)

* RD-6368 Add secret schema to secret create

Author: glukhman

cloudify_cli/cli/cfy.py

@@ -1283,6 +1283,33 @@ def __init__(self):
             required=False,
             help=helptexts.SECRET_STRING)
 
+        self.secret_schema = click.option(
+            '--schema',
+            'secret_schema',
+            required=False,
+            default=None,
+            cls=MutuallyExclusiveOption,
+            mutually_exclusive=['dict', 'list'],
+            help=helptexts.SECRET_SCHEMA)
+
+        self.secret_flag_dict = click.option(
+            '--dict',
+            'secret_flag_dict',
+            is_flag=True,
+            default=False,
+            cls=MutuallyExclusiveOption,
+            mutually_exclusive=['schema', 'list'],
+            help=helptexts.SECRET_FLAG_DICT)
+
+        self.secret_flag_list = click.option(
+            '--list',
+            'secret_flag_list',
+            is_flag=True,
+            default=False,
+            cls=MutuallyExclusiveOption,
+            mutually_exclusive=['schema', 'dict'],
+            help=helptexts.SECRET_FLAG_LIST)
+
         self.secret_update_if_exists = click.option(
             '-u',
             '--update-if-exists',

cloudify_cli/cli/helptexts.py

@@ -335,6 +335,10 @@
 PROFILE_NAME = 'Name of the profile to use'
 SECRET_VALUE = "The secret's value to be set"
 SECRET_STRING = "The string to use as the secret's value"
+SECRET_FLAG_DICT = "Whether the secret is to be treated as a dict"
+SECRET_FLAG_LIST = "Whether the secret is to be treated as a lists"
+SECRET_SCHEMA = "A JSON schema against which the secret will be validated [" \
+                "default: '{\"type\": \"string\"}']"
 SECRET_FILE = "The file with the contents of the secret"
 SECRET_UPDATE_IF_EXISTS = 'Update secret value if secret key already ' \
                           'exists. [This option is deprecated; use cfy ' \

cloudify_cli/commands/secrets.py

@@ -71,6 +71,9 @@ def providers():
 @cfy.options.secret_update_if_exists
 @cfy.options.visibility(mutually_exclusive_required=False)
 @cfy.options.hidden_value
+@cfy.options.secret_schema
+@cfy.options.secret_flag_dict
+@cfy.options.secret_flag_list
 @cfy.options.tenant_name(required=False, resource_name_for_help='secret')
 @cfy.options.common_options
 @cfy.assert_manager_active()
@@ -81,6 +84,9 @@ def create(key,
            secret_file,
            update_if_exists,
            hidden_value,
+           secret_schema,
+           secret_flag_dict,
+           secret_flag_list,
            visibility,
            tenant_name,
            logger,
@@ -91,16 +97,42 @@ def create(key,
     """
     utils.explicit_tenant_name_message(tenant_name, logger)
     validate_visibility(visibility)
-    secret_string = _get_secret_string(secret_file, secret_string)
-    if not secret_string:
+    value = _get_secret_string(secret_file, secret_string)
+    if not value:
         raise CloudifyCliError('Failed to create secret key. '
                                'Missing option '
                                '--secret-string or secret-file.')
+
+    if secret_schema:
+        try:
+            secret_schema = json.loads(secret_schema)
+        except json.decoder.JSONDecodeError as e:
+            raise CloudifyCliError(
+                f'Error decoding JSON schema "{secret_schema}": {e}')
+        if not isinstance(secret_schema, dict) or \
+                not secret_schema.get('type'):
+            raise CloudifyCliError(
+                'Invalid JSON schema. Expected a dict with a "type" key')
+
+    if secret_flag_dict:
+        secret_schema = {"type": "object"}
+    if secret_flag_list:
+        secret_schema = {"type": "array"}
+
+    if secret_schema:
+        try:
+            value = json.loads(value)
+        except json.decoder.JSONDecodeError:
+            raise CloudifyCliError(
+                f'Error decoding secret value: \'{value}\' is not of '
+                f'type \'{secret_schema.get("type")}\'')
+
     client.secrets.create(key,
-                          secret_string,
+                          value,
                           update_if_exists,
                           hidden_value,
-                          visibility)
+                          visibility,
+                          secret_schema)
 
     logger.info('Secret `{0}` created'.format(key))
 

cloudify_cli/tests/commands/test_secrets.py

@@ -92,6 +92,17 @@ def test_secrets_create_mutually_exclusive_arguments(self):
         )
         self.assertIn('mutually exclusive with arguments:', outcome.output)
 
+    def test_secrets_create_invalid_schema(self):
+        self.invoke("cfy secrets create s1 -s hi --schema bye",
+                    err_str_segment="Error decoding JSON schema",
+                    exception=CloudifyCliError)
+
+    def test_secrets_create_invalid_json_value(self):
+        self.invoke("cfy secrets create s1 -s hi --dict",
+                    err_str_segment="Error decoding secret value: 'hi' is "
+                                    "not of type 'object'",
+                    exception=CloudifyCliError)
+
     def test_secrets_export_invalid_password_length(self):
         self.invoke('cfy secrets export -p 1234567',
                     err_str_segment='ERROR: Passphrase must contain at least '