RubyGems - google_cloud_env_secrets - Versions diffs - 0.1.0 - Mend

google_cloud_env_secrets 0.1.0

Files changed (11) hide show

checksums.yaml +7 -0
data/LICENSE +21 -0
data/README.md +38 -0
data/Rakefile +27 -0
data/lib/google_cloud_env_secrets.rb +5 -0
data/lib/google_cloud_env_secrets/config.rb +21 -0
data/lib/google_cloud_env_secrets/railtie.rb +14 -0
data/lib/google_cloud_env_secrets/secrets.rb +54 -0
data/lib/google_cloud_env_secrets/version.rb +3 -0
data/lib/tasks/google_cloud_env_secrets_tasks.rake +5 -0
metadata +128 -0

checksums.yaml ADDED

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 7fab903e59b088a60cb9d49094486fe45b02548810173815d3402dce4691dad2
+  data.tar.gz: f3282975fd0322ccce97d160c66deceddecabae685923d16d686bfc1eec471ea
+SHA512:
+  metadata.gz: 9e0edffc6c1e70e59960d9f05a03a4a452aa0701f77c81d7a682fe746e721aad2f4a41d8f583019a2906e20cd8841e294e5f146ed3c592f9417149562be8d6af
+  data.tar.gz: 11f1759d55177b5c7f3eb99b749f589b7d59eb4eedfacebf6d435f98208a3e1f6574824f782239032e689352c8aed3f605e2746601b4bb3b39f480b637d83d66

data/LICENSE ADDED

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2020 Matthias Kadenbach
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md ADDED

@@ -0,0 +1,38 @@
+# Google Cloud ENV Secrets
+Load Google Cloud Secrets into ENV.
+## Installation
+Add this line to your application's Gemfile:
+```ruby
+gem 'google_cloud_env_secrets'
+```
+And then execute:
+```bash
+$ bundle
+```
+Or install it yourself as:
+```bash
+$ gem install google_cloud_env_secrets
+```
+## Usage
+Configure this gem with environment vars:
+| Variable                         | Description                                                                                                                                                                                                                                          |
+|----------------------------------|--------------------------------------------------------------------|
+| `GOOGLE_APPLICATION_CREDENTIALS` | Manually set path to Google Application Credentials.               |
+| `GOOGLE_PROJECT`                 | Manually set the Google project. Automatically detected otherwise. |
+| `GOOGLE_SECRETS_PREFIX`          | Only load secrets that start with prefix.                          |
+## Required IAM Roles
+```
+Secret Manager Secret Accessor
+Secret Manager Viewer
+```

data/Rakefile ADDED

@@ -0,0 +1,27 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+require 'rdoc/task'
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'GoogleCloudEnvSecrets'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.md')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+require 'bundler/gem_tasks'
+require 'rake/testtask'
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+task default: :test

data/lib/google_cloud_env_secrets.rb ADDED

@@ -0,0 +1,5 @@
+require "google/cloud/env"
+require "google/cloud/secret_manager"
+require "google_cloud_env_secrets/config"
+require "google_cloud_env_secrets/secrets"
+require "google_cloud_env_secrets/railtie"

data/lib/google_cloud_env_secrets/config.rb ADDED

@@ -0,0 +1,21 @@
+module GoogleCloudEnvSecrets
+  class Configuration
+    attr_accessor :project
+    attr_accessor :credentials
+    attr_accessor :cache_secrets
+    attr_accessor :prefix
+    def initialize
+      @cache_secrets = true
+    end
+  end
+  class << self
+    attr_accessor :configuration
+  end
+  def self.configure
+    self.configuration ||= Configuration.new
+    yield(configuration)
+  end
+end

data/lib/google_cloud_env_secrets/railtie.rb ADDED

@@ -0,0 +1,14 @@
+module GoogleCloudEnvSecrets
+  class Railtie < ::Rails::Railtie
+    initializer "google_cloud_env_secrets.initialize", after: :bootstrap_hook do |app|
+      GoogleCloudEnvSecrets.configure do |config|
+        config.credentials = ENV["GOOGLE_APPLICATION_CREDENTIALS"] || nil
+        config.project = ENV["GOOGLE_PROJECT"] || Google::Cloud.env.project_id
+        config.prefix = ENV["GOOGLE_SECRETS_PREFIX"] || nil
+      end
+      secrets = GoogleCloudEnvSecrets.all
+      GoogleCloudEnvSecrets.inject_env!(secrets)
+    end
+  end
+end

data/lib/google_cloud_env_secrets/secrets.rb ADDED

@@ -0,0 +1,54 @@
+module GoogleCloudEnvSecrets
+  def self.all
+    @secrets = nil unless self.configuration.cache_secrets
+    @secrets ||= begin
+        # Configure and initialize
+        # https://googleapis.dev/ruby/google-cloud-secret_manager/latest/Google/Cloud/SecretManager.html
+        Google::Cloud::SecretManager.configure do |config|
+          config.credentials = self.configuration.credentials
+        end
+        client = Google::Cloud::SecretManager.secret_manager_service
+        # create worker pool to read secrets in parallel
+        pool = Concurrent::FixedThreadPool.new(Concurrent.processor_count * 4)
+        secrets = Concurrent::Hash.new
+        # read all secrets ...
+        client.list_secrets(parent: "projects/" + self.configuration.project).each do |secret|
+          pool.post(secret) do |secret|
+            name = secret.name.split("/").last
+            # only consider prefixed secrets?
+            if self.configuration.prefix
+              next unless name.start_with? self.configuration.prefix
+              # clean up name
+              name.delete_prefix! self.configuration.prefix
+              name.sub! /^[^a-z0-9]+/i, ""
+            end
+            secrets[name] = client.access_secret_version(name: secret.name + "/versions/latest").payload.data
+          end
+        end
+        # shutdown worker pool
+        pool.shutdown
+        pool.wait_for_termination
+        secrets
+      end
+    @secrets
+  end
+  def self.find(name)
+    self.all # make sure we have the secrets loaded
+    @secrets[name.to_s]
+  end
+  def self.inject_env!(secrets = {})
+    secrets.each do |name, value|
+      ENV[name.to_s] = value
+    end
+  end
+end

data/lib/google_cloud_env_secrets/version.rb ADDED

@@ -0,0 +1,3 @@
+module GoogleCloudEnvSecrets
+  VERSION = '0.1.0'
+end

data/lib/tasks/google_cloud_env_secrets_tasks.rake ADDED

@@ -0,0 +1,5 @@
+desc "Fetch Google Cloud Secret"
+task :google_cloud_secret do
+  name = ARGV[1]
+  puts GoogleCloudEnvSecrets.find(name)
+end

metadata ADDED

@@ -0,0 +1,128 @@
+--- !ruby/object:Gem::Specification
+name: google_cloud_env_secrets
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Matthias Kadenbach
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2020-10-09 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.0.3
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 6.0.3.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.0.3
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 6.0.3.4
+- !ruby/object:Gem::Dependency
+  name: google-cloud-secret_manager
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.0.0
+- !ruby/object:Gem::Dependency
+  name: google-cloud-env
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.3.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.3.3
+- !ruby/object:Gem::Dependency
+  name: concurrent-ruby
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.1.7
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.1.7
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description:
+email:
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- Rakefile
+- lib/google_cloud_env_secrets.rb
+- lib/google_cloud_env_secrets/config.rb
+- lib/google_cloud_env_secrets/railtie.rb
+- lib/google_cloud_env_secrets/secrets.rb
+- lib/google_cloud_env_secrets/version.rb
+- lib/tasks/google_cloud_env_secrets_tasks.rake
+homepage: https://github.com/mattes/rails_google_cloud_env_secrets
+licenses:
+- MIT
+metadata:
+  allowed_push_host: https://rubygems.org
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3
+signing_key:
+specification_version: 4
+summary: Load Google Cloud Secrets into ENV
+test_files: []