def set_secret()

in tools/rotate-secrets-manager-credentials/docker_hub_change_password.py [0:0]

• 19 lines of code
• 6 McCabe index (conditional complexity)

def set_secret(service_client, arn, token):
    """Set the pending secret in the database

    This method tries to login to the database with the AWSPENDING secret and returns on success. If that fails, it
    tries to login with the AWSCURRENT and AWSPREVIOUS secrets. If either one succeeds, it sets the AWSPENDING password
    as the user password in the database. Else, it throws a ValueError.

    Args:
        service_client (client): The secrets manager service client

        arn (string): The secret ARN or other identifier

        token (string): The ClientRequestToken associated with the secret version

    Raises:
        ResourceNotFoundException: If the secret with the specified arn and stage does not exist

        ValueError: If the secret is not valid JSON or valid credentials are found to login to the database

        KeyError: If the secret json does not contain the expected keys

    """
    # First try to login with the pending secret, if it succeeds, return
    pending_dict = get_secret_dict(service_client, arn, "AWSPENDING", token)
    session = dockerhub_get_session(pending_dict)
    if session:
        logging.info("setSecret: AWSPENDING secret is already set as password in DockerHub for secret arn %s." % arn)
        return

    # Now try the current password
    current_dict = get_secret_dict(service_client, arn, "AWSCURRENT")
    session = dockerhub_get_session(current_dict)
    if not session:
        # If both current and pending do not work, try previous
        try:
            previous_dict = get_secret_dict(service_client, arn, "AWSPREVIOUS")
            session = dockerhub_get_session(previous_dict)

            # The current password is actually the previous one, correct that fact
            current_dict = previous_dict
        except service_client.exceptions.ResourceNotFoundException:
            session = None

    # If we still don't have a session, raise a ValueError
    if not session:
        logging.error("setSecret: Unable to log into DockerHub with previous, current, or pending secret of secret arn %s" % arn)
        raise ValueError("Unable to log into DockerHub with previous, current, or pending secret of secret arn %s" % arn)

    # Now set the password to the pending password
    dockerhub_set_password(session, pending_dict['username'], current_dict['password'], pending_dict['password'])