From 86e03fb3927260ef17017bb94dff36301d4f9242 Mon Sep 17 00:00:00 2001
From: Ralf Grubenmann <ralf.grubenmann@sdsc.ethz.ch>
Date: Mon, 7 Oct 2024 13:27:51 +0200
Subject: [PATCH] fix: allow unsetting storage secrets (#415)

---
 .../renku_data_services/storage/api.spec.yaml       | 13 +++++++------
 components/renku_data_services/storage/apispec.py   |  4 ++--
 components/renku_data_services/storage/db.py        | 10 ++++++++++
 components/renku_data_services/storage/models.py    |  2 +-
 4 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/components/renku_data_services/storage/api.spec.yaml b/components/renku_data_services/storage/api.spec.yaml
index 4c24ee653..9848cdf24 100644
--- a/components/renku_data_services/storage/api.spec.yaml
+++ b/components/renku_data_services/storage/api.spec.yaml
@@ -515,7 +515,7 @@ components:
           minLength: 1
           maxLength: 99
         value:
-          $ref: "#/components/schemas/SecretValue"
+          $ref: "#/components/schemas/SecretValueNullable"
       required:
         - name
         - value
@@ -543,11 +543,12 @@ components:
       required:
         - name
         - secret_id
-    SecretValue:
-      description: Secret value that can be any text
-      type: string
-      minLength: 1
-      maxLength: 5000
+    SecretValueNullable: 
+      description: Secret value that can be any text 
+      type: string 
+      minLength: 1 
+      maxLength: 5000 
+      nullable: true 
     RCloneSchema:
       description: List of RClone schemas for different storage types
       type: array
diff --git a/components/renku_data_services/storage/apispec.py b/components/renku_data_services/storage/apispec.py
index d72e04dc9..e746800d0 100644
--- a/components/renku_data_services/storage/apispec.py
+++ b/components/renku_data_services/storage/apispec.py
@@ -1,6 +1,6 @@
 # generated by datamodel-codegen:
 #   filename:  api.spec.yaml
-#   timestamp: 2024-08-13T13:29:46+00:00
+#   timestamp: 2024-10-07T08:21:24+00:00
 
 from __future__ import annotations
 
@@ -242,7 +242,7 @@ class CloudStorageSecretPost(BaseAPISpec):
         max_length=99,
         min_length=1,
     )
-    value: str = Field(
+    value: Optional[str] = Field(
         ...,
         description="Secret value that can be any text",
         max_length=5000,
diff --git a/components/renku_data_services/storage/db.py b/components/renku_data_services/storage/db.py
index c2156da0b..2b381e1c9 100644
--- a/components/renku_data_services/storage/db.py
+++ b/components/renku_data_services/storage/db.py
@@ -188,6 +188,16 @@ async def upsert_storage_secrets(
             stored_secrets = []
 
             for name, value in secret_names_values.items():
+                if value is None:
+                    # delete the secret
+                    storage_secret_orm = existing_secrets.get(name)
+                    if storage_secret_orm is None:
+                        continue
+                    await session.delete(storage_secret_orm)
+                    await session.delete(storage_secret_orm.secret)
+                    del existing_secrets[name]
+                    continue
+
                 encrypted_value, encrypted_key = await encrypt_user_secret(
                     user_repo=self.user_repo,
                     requested_by=user,
diff --git a/components/renku_data_services/storage/models.py b/components/renku_data_services/storage/models.py
index e019f77c5..7db75cce0 100644
--- a/components/renku_data_services/storage/models.py
+++ b/components/renku_data_services/storage/models.py
@@ -252,4 +252,4 @@ class CloudStorageSecretUpsert(BaseModel):
     """Insert/update storage secret data."""
 
     name: str = Field()
-    value: str = Field()
+    value: str | None = Field()