Update (#3)

* Updaate to remove legacy style support

* Bugfixes

- Update `credentials.py` to unpack str copies of tokens
- Update `secret_manager.py` to store tokens better

Author: davidharcombe

auth/credentials.py

@@ -15,6 +15,7 @@
 
 from dataclasses import dataclass
 from datetime import datetime
+import json
 from typing import Any, Dict, Mapping, Type, TypeVar, Union
 
 import pytz
@@ -140,7 +141,7 @@ def credentials(self) -> oauth.Credentials:
     expiry = self._to_utc(
         datetime.now().astimezone(pytz.utc) + relativedelta(minutes=30))
     if token := self.token_details:
-      creds = oauth.Credentials.from_authorized_user_info(token)
+      creds = oauth.Credentials.from_authorized_user_info(json.loads(token))
 
       if creds.expired:
         creds.expiry = expiry

auth/datastore/secret_manager.py

@@ -12,6 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 from __future__ import annotations
+from io import BytesIO
 
 import json
 from typing import Any, List, Mapping, Optional, Type
@@ -72,8 +73,10 @@ def store_document(self,  id: str, document: Mapping[str, Any],
         document (Dict[str, Any]): The document to store.
         type (Optional[Type]): Unused.
     """
+    b_document = BytesIO()
+    b_document.write(json.dumps(document).encode())
     payload = secretmanager_v1.SecretPayload(
-        data=json.dumps(document).encode('utf-8'))
+        data=b_document.getvalue())
     request = secretmanager_v1.AddSecretVersionRequest(
         parent=self.client.secret_path(self._project, id),
         payload=payload)
@@ -101,14 +104,13 @@ def update_document(self, id: str, new_data: Mapping[str, Any],
     # Destroy other versions
     request = secretmanager_v1.ListSecretVersionsRequest(
         parent=self.client.secret_path(project=self._project, secret=id),
-        filter=f'state:enabled AND name!="{latest.name}"'
+        filter=f'state:enabled' # AND name!="{latest.name}"'
     )
     version_list = self.client.list_secret_versions(request=request)
     for page in version_list.pages:
       for version in page.versions:
-        if version == new_version:
-          continue
-        else:
+        # Only delete older versions
+        if version.create_time < new_version.create_time:
           self.client.destroy_secret_version(
               secretmanager_v1.DestroySecretVersionRequest(
                   name=version.name
@@ -153,7 +155,7 @@ def get_document(self, id: str, type: Optional[Type] = None,
     try:
       request = secretmanager_v1.AccessSecretVersionRequest(name=secret)
       response = self.client.access_secret_version(request=request)
-      return json.loads(response.payload.data)
+      return json.loads(response.payload.data.decode('utf-8'))
     except Exception as e:
       print(e)
       return None

pyproject.toml

@@ -5,7 +5,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "python-oauth-token-manager"
-version = "0.3.0"
+version = "0.4.0"
 authors = [{ name = "David Harcombe", email = "[email protected]" }]
 description = "API for managing stored OAuth credentials."
 readme = "README.md"