From c78efe27d21916c518ef18dcbfed4c4f197f3a4c Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Wed, 28 Jun 2023 17:37:12 -0400
Subject: [PATCH] Change secrets Replace to modify the ID

We decided that podman secret create --replace should match behaviour
of podman container create --replace, so the ID should change.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 pkg/secrets/secrets.go      | 30 +++++++++++++-----------------
 pkg/secrets/secrets_test.go |  4 ++--
 2 files changed, 15 insertions(+), 19 deletions(-)

diff --git a/pkg/secrets/secrets.go b/pkg/secrets/secrets.go
index 18902cb1d..3be9b489f 100644
--- a/pkg/secrets/secrets.go
+++ b/pkg/secrets/secrets.go
@@ -144,12 +144,7 @@ func NewManager(rootPath string) (*SecretsManager, error) {
 	return manager, nil
 }
 
-func (s *SecretsManager) newSecret(name string) (*Secret, error) {
-	secr := new(Secret)
-	secr.Name = name
-	secr.CreatedAt = time.Now()
-	secr.UpdatedAt = secr.CreatedAt
-
+func (s *SecretsManager) newID() (string, error) {
 	for {
 		newID := stringid.GenerateNonCryptoID()
 		// GenerateNonCryptoID() gives 64 characters, so we truncate to correct length
@@ -157,13 +152,11 @@ func (s *SecretsManager) newSecret(name string) (*Secret, error) {
 		_, err := s.lookupSecret(newID)
 		if err != nil {
 			if errors.Is(err, ErrNoSuchSecret) {
-				secr.ID = newID
-				break
+				return newID, nil
 			}
-			return nil, err
+			return "", err
 		}
 	}
-	return secr, nil
 }
 
 // Store takes a name, creates a secret and stores the secret metadata and the secret payload.
@@ -197,13 +190,10 @@ func (s *SecretsManager) Store(name string, data []byte, driverType string, opti
 		}
 		secr.UpdatedAt = time.Now()
 	} else {
-		if options.Replace {
-			return "", fmt.Errorf("%s: %w", name, ErrNoSuchSecret)
-		}
-		secr, err = s.newSecret(name)
-		if err != nil {
-			return "", err
-		}
+		secr = new(Secret)
+		secr.Name = name
+		secr.CreatedAt = time.Now()
+		secr.UpdatedAt = secr.CreatedAt
 	}
 
 	if options.Metadata == nil {
@@ -225,6 +215,7 @@ func (s *SecretsManager) Store(name string, data []byte, driverType string, opti
 	if err != nil {
 		return "", err
 	}
+
 	if options.Replace {
 		err = driver.Delete(secr.ID)
 		if err != nil {
@@ -232,6 +223,11 @@ func (s *SecretsManager) Store(name string, data []byte, driverType string, opti
 		}
 	}
 
+	secr.ID, err = s.newID()
+	if err != nil {
+		return "", err
+	}
+
 	err = driver.Store(secr.ID, data)
 	if err != nil {
 		return "", fmt.Errorf("creating secret %s: %w", name, err)
diff --git a/pkg/secrets/secrets_test.go b/pkg/secrets/secrets_test.go
index 03335067b..191b15eef 100644
--- a/pkg/secrets/secrets_test.go
+++ b/pkg/secrets/secrets_test.go
@@ -74,8 +74,8 @@ func TestAddSecretAndLookupData(t *testing.T) {
 	storeOpts.Replace = true
 	id2, err := manager.Store("mysecret", []byte("mydata"), drivertype, storeOpts)
 	require.NoError(t, err)
-	if id1 != id2 {
-		t.Errorf("error: secret id after Replace should be same")
+	if id1 == id2 {
+		t.Errorf("error: secret id after Replace should be different")
 	}
 
 	s, _, err = manager.LookupSecretData("mysecret")