func()

in pkg/berglas/revoke.go [97:141]

• 37 lines of code
• 8 McCabe index (conditional complexity)

func (c *Client) secretManagerRevoke(ctx context.Context, i *SecretManagerRevokeRequest) error {
	project := i.Project
	if project == "" {
		return fmt.Errorf("missing project")
	}

	name := i.Name
	if name == "" {
		return fmt.Errorf("missing secret name")
	}

	members := i.Members
	if len(members) == 0 {
		return nil
	}
	sort.Strings(members)

	logger := logging.FromContext(ctx).With(
		"project", project,
		"name", name,
		"members", members,
	)

	logger.DebugContext(ctx, "revoke.start")
	defer logger.DebugContext(ctx, "revoke.finish")

	logger.DebugContext(ctx, "revoking access to seetcr")

	storageHandle := c.secretManagerIAM(project, name)
	if err := updateIAMPolicy(ctx, storageHandle, func(p *iam.Policy) *iam.Policy {
		for _, m := range members {
			p.Remove(m, iamSecretManagerAccessor)
		}
		return p
	}); err != nil {
		terr, ok := grpcstatus.FromError(err)
		if ok && terr.Code() == grpccodes.NotFound {
			return errSecretDoesNotExist
		}

		return fmt.Errorf("failed to update Storage IAM policy for %s: %w", name, err)
	}

	return nil
}