google_cloud_env_secrets 0.1.0 → 1.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +14 -5
  3. data/lib/google_cloud_env_secrets/config.rb +16 -0
  4. data/lib/google_cloud_env_secrets/railtie.rb +23 -8
  5. data/lib/google_cloud_env_secrets/secrets.rb +24 -6
  6. data/lib/google_cloud_env_secrets/version.rb +1 -1
  7. data/lib/tasks/google_cloud_env_secrets_tasks.rake +6 -2
  8. metadata +4 -10
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7fab903e59b088a60cb9d49094486fe45b02548810173815d3402dce4691dad2
4
- data.tar.gz: f3282975fd0322ccce97d160c66deceddecabae685923d16d686bfc1eec471ea
3
+ metadata.gz: 8ffdb42eb21d616a6cb019876bf789e683d28c64a9e558de253c3c72e0382a9c
4
+ data.tar.gz: 5761a861832c4ebe93b1eab5d93d9dfab3c04cccf378fa8444bebc19867a6c6e
5
5
  SHA512:
6
- metadata.gz: 9e0edffc6c1e70e59960d9f05a03a4a452aa0701f77c81d7a682fe746e721aad2f4a41d8f583019a2906e20cd8841e294e5f146ed3c592f9417149562be8d6af
7
- data.tar.gz: 11f1759d55177b5c7f3eb99b749f589b7d59eb4eedfacebf6d435f98208a3e1f6574824f782239032e689352c8aed3f605e2746601b4bb3b39f480b637d83d66
6
+ metadata.gz: 988ddf45d7210a08f200070cc6ef8a8416d4f35213f5cf202a6544aed08755bf187bd604f82f884a07e63f20307df35f62b2a3b64cf109fdbba3701886ce19e0
7
+ data.tar.gz: c4c95a3d190def351086673ad62f9aa6a234b2e609ace0723f5aefa03a25a39930b90fe02f9654e23030ddfdbede34c865ca2bd92ba7df0b24fe94089f5a7b6f
data/README.md CHANGED
@@ -23,12 +23,20 @@ $ gem install google_cloud_env_secrets
23
23
 
24
24
  Configure this gem with environment vars:
25
25
 
26
- | Variable | Description |
27
- |----------------------------------|--------------------------------------------------------------------|
28
- | `GOOGLE_APPLICATION_CREDENTIALS` | Manually set path to Google Application Credentials. |
29
- | `GOOGLE_PROJECT` | Manually set the Google project. Automatically detected otherwise. |
30
- | `GOOGLE_SECRETS_PREFIX` | Only load secrets that start with prefix. |
26
+ | Variable | Description |
27
+ |---------------------------------------|--------------------------------------------------------------------|
28
+ | `GOOGLE_APPLICATION_CREDENTIALS` | Google Application Credentials, path or data (not base64 encoded). |
29
+ | `GOOGLE_PROJECT` | Google project |
30
+ | `GOOGLE_SECRETS_PREFIX` | Only load secrets that start with given prefix. |
31
+ | `GOOGLE_SECRETS_OVERLOAD` | Replace existing ENV vars with secret's value. Default `true`. |
31
32
 
33
+ The `GOOGLE_APPLICATION_CREDENTIALS` and `GOOGLE_PROJECT` variables are both optional. If not given,
34
+ we will detect them automatically, if run on Google Cloud.
35
+
36
+ Google Secrets are available after the [before_configuration hook](https://guides.rubyonrails.org/configuring.html#initialization-events).
37
+ You can call `GoogleCloudEnvSecrets.load` if you need the ENV secrets sooner than that.
38
+
39
+ See [docs](https://www.rubydoc.info/github/mattes/rails_google_cloud_env_secrets/main), too.
32
40
 
33
41
  ## Required IAM Roles
34
42
 
@@ -36,3 +44,4 @@ Configure this gem with environment vars:
36
44
  Secret Manager Secret Accessor
37
45
  Secret Manager Viewer
38
46
  ```
47
+
data/lib/google_cloud_env_secrets/config.rb CHANGED
@@ -1,12 +1,16 @@
1
+ require "json"
2
+
1
3
  module GoogleCloudEnvSecrets
2
4
  class Configuration
3
5
  attr_accessor :project
4
6
  attr_accessor :credentials
5
7
  attr_accessor :cache_secrets
6
8
  attr_accessor :prefix
9
+ attr_accessor :overload
7
10
 
8
11
  def initialize
9
12
  @cache_secrets = true
13
+ @overload = true
10
14
  end
11
15
  end
12
16
 
@@ -18,4 +22,16 @@ module GoogleCloudEnvSecrets
18
22
  self.configuration ||= Configuration.new
19
23
  yield(configuration)
20
24
  end
25
+
26
+ def self.parse_project_from_credentials(credentials)
27
+ if File.exist?(credentials)
28
+ j = JSON.parse(File.read(credentials))
29
+ return j["project_id"]
30
+ else
31
+ j = JSON.parse(credentials)
32
+ return j["project_id"]
33
+ end
34
+ rescue
35
+ nil
36
+ end
21
37
  end
data/lib/google_cloud_env_secrets/railtie.rb CHANGED
@@ -1,14 +1,29 @@
1
1
  module GoogleCloudEnvSecrets
2
2
  class Railtie < ::Rails::Railtie
3
- initializer "google_cloud_env_secrets.initialize", after: :bootstrap_hook do |app|
4
- GoogleCloudEnvSecrets.configure do |config|
5
- config.credentials = ENV["GOOGLE_APPLICATION_CREDENTIALS"] || nil
6
- config.project = ENV["GOOGLE_PROJECT"] || Google::Cloud.env.project_id
7
- config.prefix = ENV["GOOGLE_SECRETS_PREFIX"] || nil
8
- end
9
3
 
10
- secrets = GoogleCloudEnvSecrets.all
11
- GoogleCloudEnvSecrets.inject_env!(secrets)
4
+ # load Google Secrets during Rails `before_configuration` hook
5
+ config.before_configuration do
6
+ GoogleCloudEnvSecrets.load
7
+ end
8
+
9
+ rake_tasks do
10
+ load "tasks/google_cloud_env_secrets_tasks.rake"
12
11
  end
13
12
  end
13
+
14
+ # load Google Secrets into ENV
15
+ def self.load
16
+ GoogleCloudEnvSecrets.configure do |config|
17
+ config.credentials = ENV["GOOGLE_APPLICATION_CREDENTIALS"] || nil
18
+ config.project = ENV["GOOGLE_PROJECT"] || GoogleCloudEnvSecrets.parse_project_from_credentials(config.credentials) || Google::Cloud.env.project_id
19
+ config.prefix = ENV["GOOGLE_SECRETS_PREFIX"] || nil
20
+
21
+ if ENV.has_key?("GOOGLE_SECRETS_OVERLOAD")
22
+ config.overload = ENV["GOOGLE_SECRETS_OVERLOAD"]&.to_s&.downcase == "true"
23
+ end
24
+ end
25
+
26
+ secrets = GoogleCloudEnvSecrets.all
27
+ GoogleCloudEnvSecrets.inject_env!(secrets, GoogleCloudEnvSecrets.configuration.overload)
28
+ end
14
29
  end
data/lib/google_cloud_env_secrets/secrets.rb CHANGED
@@ -2,10 +2,19 @@ module GoogleCloudEnvSecrets
2
2
  def self.all
3
3
  @secrets = nil unless self.configuration.cache_secrets
4
4
  @secrets ||= begin
5
+ # Skip if not running on Google Cloud and credentials are not set explicitly
6
+ if self.configuration.credentials.nil? && Google::Cloud.env.project_id.nil?
7
+ return {}
8
+ end
9
+
5
10
  # Configure and initialize
6
11
  # https://googleapis.dev/ruby/google-cloud-secret_manager/latest/Google/Cloud/SecretManager.html
7
12
  Google::Cloud::SecretManager.configure do |config|
8
- config.credentials = self.configuration.credentials
13
+ if File.exist?(self.configuration.credentials)
14
+ config.credentials = self.configuration.credentials # load by file
15
+ else
16
+ config.credentials = JSON.parse(self.configuration.credentials) # load data
17
+ end
9
18
  end
10
19
 
11
20
  client = Google::Cloud::SecretManager.secret_manager_service
@@ -38,17 +47,26 @@ module GoogleCloudEnvSecrets
38
47
 
39
48
  secrets
40
49
  end
41
- @secrets
50
+
51
+ @secrets || {}
42
52
  end
43
53
 
44
54
  def self.find(name)
45
- self.all # make sure we have the secrets loaded
46
- @secrets[name.to_s]
55
+ self.all[name.to_s]
47
56
  end
48
57
 
49
- def self.inject_env!(secrets = {})
58
+ def self.exist?(name)
59
+ self.all.has_key?(name.to_s)
60
+ end
61
+
62
+ def self.inject_env!(secrets = {}, overload = true, env = ENV)
50
63
  secrets.each do |name, value|
51
- ENV[name.to_s] = value
64
+ name = name.to_s
65
+ if overload
66
+ env[name] = value
67
+ else
68
+ env[name] ||= value
69
+ end
52
70
  end
53
71
  end
54
72
  end
data/lib/google_cloud_env_secrets/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module GoogleCloudEnvSecrets
2
- VERSION = '0.1.0'
2
+ VERSION = "1.0.1"
3
3
  end
data/lib/tasks/google_cloud_env_secrets_tasks.rake CHANGED
@@ -1,5 +1,9 @@
1
1
  desc "Fetch Google Cloud Secret"
2
2
  task :google_cloud_secret do
3
- name = ARGV[1]
4
- puts GoogleCloudEnvSecrets.find(name)
3
+ name = ENV["NAME"].strip
4
+
5
+ fail "#{name} not found" unless GoogleCloudEnvSecrets.exist?(name)
6
+
7
+ $stdout.sync = true
8
+ print GoogleCloudEnvSecrets.find(name)
5
9
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: google_cloud_env_secrets
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 1.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Matthias Kadenbach
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-10-09 00:00:00.000000000 Z
11
+ date: 2020-10-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -16,20 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 6.0.3
20
- - - ">="
21
- - !ruby/object:Gem::Version
22
- version: 6.0.3.4
19
+ version: '6'
23
20
  type: :runtime
24
21
  prerelease: false
25
22
  version_requirements: !ruby/object:Gem::Requirement
26
23
  requirements:
27
24
  - - "~>"
28
25
  - !ruby/object:Gem::Version
29
- version: 6.0.3
30
- - - ">="
31
- - !ruby/object:Gem::Version
32
- version: 6.0.3.4
26
+ version: '6'
33
27
  - !ruby/object:Gem::Dependency
34
28
  name: google-cloud-secret_manager
35
29
  requirement: !ruby/object:Gem::Requirement