MCPcopy Create free account
hub / github.com/StackStorm/st2 / delete

Method delete

st2api/st2api/controllers/v1/keyvalue.py:417–492  ·  view source on GitHub ↗

Delete the key value pair. Handles requests: DELETE /keys/1

(self, name, requester_user, scope=None, user=None)

Source from the content-addressed store, hash-verified

415 return KeyValuePairAPI.from_model(kvp_db)
416
417 def delete(self, name, requester_user, scope=None, user=None):
418 """
419 Delete the key value pair.
420
421 Handles requests:
422 DELETE /keys/1
423 """
424 if not scope or scope == ALL_SCOPE:
425 # Default to system scope
426 scope = FULL_SYSTEM_SCOPE
427
428 if not requester_user:
429 requester_user = UserDB(name=cfg.CONF.system_user.user)
430
431 scope = get_datastore_full_scope(scope)
432 self._validate_scope(scope=scope)
433
434 user = user or requester_user.name
435
436 rbac_utils = get_rbac_backend().get_utils_class()
437
438 # Validate that the authenticated user is admin if user query param is provided
439 rbac_utils.assert_user_is_admin_if_user_query_param_is_provided(
440 user_db=requester_user, user=user, require_rbac=True
441 )
442
443 # Set key reference for system or user scope
444 key_ref = get_key_reference(scope=scope, name=name, user=user)
445 extra = {"scope": scope, "name": name, "user": user, "key_ref": key_ref}
446 LOG.debug("DELETE /v1/keys/%s", name, extra=extra)
447
448 # Setup a kvp database object used for verifying permission
449 kvp_db = KeyValuePairDB(
450 uid="%s:%s:%s" % (ResourceType.KEY_VALUE_PAIR, scope, key_ref),
451 scope=scope,
452 name=key_ref,
453 )
454
455 # Check that user has permission to the key value pair.
456 # If RBAC is enabled, this check will verify if user has system role with all access.
457 # If RBAC is enabled, this check guards against a user accessing another user's kvp.
458 # If RBAC is enabled, user needs to be explicitly granted permission to delete a system kvp.
459 # The check is sufficient to allow decryption of the system kvp.
460 rbac_utils.assert_user_has_resource_db_permission(
461 user_db=requester_user,
462 resource_db=kvp_db,
463 permission_type=PermissionType.KEY_VALUE_PAIR_DELETE,
464 )
465
466 # Acquire a lock to avoid race condition between concurrent API calls
467 with self._coordinator.get_lock(
468 self._get_lock_name_for_key(name=key_ref, scope=scope)
469 ):
470 from_model_kwargs = {"mask_secrets": True}
471 kvp_api = self._get_one_by_scope_and_name(
472 name=key_ref, scope=scope, from_model_kwargs=from_model_kwargs
473 )
474 kvp_db = KeyValuePairAPI.to_model(kvp_api)

Callers

nothing calls this directly

Calls 15

_validate_scopeMethod · 0.95
UserDBClass · 0.90
get_datastore_full_scopeFunction · 0.90
get_rbac_backendFunction · 0.90
get_key_referenceFunction · 0.90
KeyValuePairDBClass · 0.90
abortFunction · 0.90
ResponseClass · 0.90
get_lockMethod · 0.80
get_utils_classMethod · 0.45

Tested by

no test coverage detected