google_cloud_env_secrets 0.1.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +14 -5
  3. data/lib/google_cloud_env_secrets/config.rb +16 -0
  4. data/lib/google_cloud_env_secrets/railtie.rb +23 -8
  5. data/lib/google_cloud_env_secrets/secrets.rb +24 -6
  6. data/lib/google_cloud_env_secrets/version.rb +1 -1
  7. data/lib/tasks/google_cloud_env_secrets_tasks.rake +6 -2
  8. metadata +4 -10
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7fab903e59b088a60cb9d49094486fe45b02548810173815d3402dce4691dad2
4
- data.tar.gz: f3282975fd0322ccce97d160c66deceddecabae685923d16d686bfc1eec471ea
3
+ metadata.gz: 8ffdb42eb21d616a6cb019876bf789e683d28c64a9e558de253c3c72e0382a9c
4
+ data.tar.gz: 5761a861832c4ebe93b1eab5d93d9dfab3c04cccf378fa8444bebc19867a6c6e
5
5
  SHA512:
6
- metadata.gz: 9e0edffc6c1e70e59960d9f05a03a4a452aa0701f77c81d7a682fe746e721aad2f4a41d8f583019a2906e20cd8841e294e5f146ed3c592f9417149562be8d6af
7
- data.tar.gz: 11f1759d55177b5c7f3eb99b749f589b7d59eb4eedfacebf6d435f98208a3e1f6574824f782239032e689352c8aed3f605e2746601b4bb3b39f480b637d83d66
6
+ metadata.gz: 988ddf45d7210a08f200070cc6ef8a8416d4f35213f5cf202a6544aed08755bf187bd604f82f884a07e63f20307df35f62b2a3b64cf109fdbba3701886ce19e0
7
+ data.tar.gz: c4c95a3d190def351086673ad62f9aa6a234b2e609ace0723f5aefa03a25a39930b90fe02f9654e23030ddfdbede34c865ca2bd92ba7df0b24fe94089f5a7b6f
data/README.md CHANGED
@@ -23,12 +23,20 @@ $ gem install google_cloud_env_secrets
23
23
 
24
24
  Configure this gem with environment vars:
25
25
 
26
- | Variable | Description |
27
- |----------------------------------|--------------------------------------------------------------------|
28
- | `GOOGLE_APPLICATION_CREDENTIALS` | Manually set path to Google Application Credentials. |
29
- | `GOOGLE_PROJECT` | Manually set the Google project. Automatically detected otherwise. |
30
- | `GOOGLE_SECRETS_PREFIX` | Only load secrets that start with prefix. |
26
+ | Variable | Description |
27
+ |---------------------------------------|--------------------------------------------------------------------|
28
+ | `GOOGLE_APPLICATION_CREDENTIALS` | Google Application Credentials, path or data (not base64 encoded). |
29
+ | `GOOGLE_PROJECT` | Google project |
30
+ | `GOOGLE_SECRETS_PREFIX` | Only load secrets that start with given prefix. |
31
+ | `GOOGLE_SECRETS_OVERLOAD` | Replace existing ENV vars with secret's value. Default `true`. |
31
32
 
33
+ The `GOOGLE_APPLICATION_CREDENTIALS` and `GOOGLE_PROJECT` variables are both optional. If not given,
34
+ we will detect them automatically, if run on Google Cloud.
35
+
36
+ Google Secrets are available after the [before_configuration hook](https://guides.rubyonrails.org/configuring.html#initialization-events).
37
+ You can call `GoogleCloudEnvSecrets.load` if you need the ENV secrets sooner than that.
38
+
39
+ See [docs](https://www.rubydoc.info/github/mattes/rails_google_cloud_env_secrets/main), too.
32
40
 
33
41
  ## Required IAM Roles
34
42
 
@@ -36,3 +44,4 @@ Configure this gem with environment vars:
36
44
  Secret Manager Secret Accessor
37
45
  Secret Manager Viewer
38
46
  ```
47
+
data/lib/google_cloud_env_secrets/config.rb CHANGED
@@ -1,12 +1,16 @@
1
+ require "json"
2
+
1
3
  module GoogleCloudEnvSecrets
2
4
  class Configuration
3
5
  attr_accessor :project
4
6
  attr_accessor :credentials
5
7
  attr_accessor :cache_secrets
6
8
  attr_accessor :prefix
9
+ attr_accessor :overload
7
10
 
8
11
  def initialize
9
12
  @cache_secrets = true
13
+ @overload = true
10
14
  end
11
15
  end
12
16
 
@@ -18,4 +22,16 @@ module GoogleCloudEnvSecrets
18
22
  self.configuration ||= Configuration.new
19
23
  yield(configuration)
20
24
  end
25
+
26
+ def self.parse_project_from_credentials(credentials)
27
+ if File.exist?(credentials)
28
+ j = JSON.parse(File.read(credentials))
29
+ return j["project_id"]
30
+ else
31
+ j = JSON.parse(credentials)
32
+ return j["project_id"]
33
+ end
34
+ rescue
35
+ nil
36
+ end
21
37
  end
data/lib/google_cloud_env_secrets/railtie.rb CHANGED
@@ -1,14 +1,29 @@
1
1
  module GoogleCloudEnvSecrets
2
2
  class Railtie < ::Rails::Railtie
3
- initializer "google_cloud_env_secrets.initialize", after: :bootstrap_hook do |app|
4
- GoogleCloudEnvSecrets.configure do |config|
5
- config.credentials = ENV["GOOGLE_APPLICATION_CREDENTIALS"] || nil
6
- config.project = ENV["GOOGLE_PROJECT"] || Google::Cloud.env.project_id
7
- config.prefix = ENV["GOOGLE_SECRETS_PREFIX"] || nil
8
- end
9
3
 
10
- secrets = GoogleCloudEnvSecrets.all
11
- GoogleCloudEnvSecrets.inject_env!(secrets)
4
+ # load Google Secrets during Rails `before_configuration` hook
5
+ config.before_configuration do
6
+ GoogleCloudEnvSecrets.load
7
+ end
8
+
9
+ rake_tasks do
10
+ load "tasks/google_cloud_env_secrets_tasks.rake"
12
11
  end
13
12
  end
13
+
14
+ # load Google Secrets into ENV
15
+ def self.load
16
+ GoogleCloudEnvSecrets.configure do |config|
17
+ config.credentials = ENV["GOOGLE_APPLICATION_CREDENTIALS"] || nil
18
+ config.project = ENV["GOOGLE_PROJECT"] || GoogleCloudEnvSecrets.parse_project_from_credentials(config.credentials) || Google::Cloud.env.project_id
19
+ config.prefix = ENV["GOOGLE_SECRETS_PREFIX"] || nil
20
+
21
+ if ENV.has_key?("GOOGLE_SECRETS_OVERLOAD")
22
+ config.overload = ENV["GOOGLE_SECRETS_OVERLOAD"]&.to_s&.downcase == "true"
23
+ end
24
+ end
25
+
26
+ secrets = GoogleCloudEnvSecrets.all
27
+ GoogleCloudEnvSecrets.inject_env!(secrets, GoogleCloudEnvSecrets.configuration.overload)
28
+ end
14
29
  end
data/lib/google_cloud_env_secrets/secrets.rb CHANGED
@@ -2,10 +2,19 @@ module GoogleCloudEnvSecrets
2
2
  def self.all
3
3
  @secrets = nil unless self.configuration.cache_secrets
4
4
  @secrets ||= begin
5
+ # Skip if not running on Google Cloud and credentials are not set explicitly
6
+ if self.configuration.credentials.nil? && Google::Cloud.env.project_id.nil?
7
+ return {}
8
+ end
9
+
5
10
  # Configure and initialize
6
11
  # https://googleapis.dev/ruby/google-cloud-secret_manager/latest/Google/Cloud/SecretManager.html
7
12
  Google::Cloud::SecretManager.configure do |config|
8
- config.credentials = self.configuration.credentials
13
+ if File.exist?(self.configuration.credentials)
14
+ config.credentials = self.configuration.credentials # load by file
15
+ else
16
+ config.credentials = JSON.parse(self.configuration.credentials) # load data
17
+ end
9
18
  end
10
19
 
11
20
  client = Google::Cloud::SecretManager.secret_manager_service
@@ -38,17 +47,26 @@ module GoogleCloudEnvSecrets
38
47
 
39
48
  secrets
40
49
  end
41
- @secrets
50
+
51
+ @secrets || {}
42
52
  end
43
53
 
44
54
  def self.find(name)
45
- self.all # make sure we have the secrets loaded
46
- @secrets[name.to_s]
55
+ self.all[name.to_s]
47
56
  end
48
57
 
49
- def self.inject_env!(secrets = {})
58
+ def self.exist?(name)
59
+ self.all.has_key?(name.to_s)
60
+ end
61
+
62
+ def self.inject_env!(secrets = {}, overload = true, env = ENV)
50
63
  secrets.each do |name, value|
51
- ENV[name.to_s] = value
64
+ name = name.to_s
65
+ if overload
66
+ env[name] = value
67
+ else
68
+ env[name] ||= value
69
+ end
52
70
  end
53
71
  end
54
72
  end
data/lib/google_cloud_env_secrets/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module GoogleCloudEnvSecrets
2
- VERSION = '0.1.0'
2
+ VERSION = "1.0.1"
3
3
  end
data/lib/tasks/google_cloud_env_secrets_tasks.rake CHANGED
@@ -1,5 +1,9 @@
1
1
  desc "Fetch Google Cloud Secret"
2
2
  task :google_cloud_secret do
3
- name = ARGV[1]
4
- puts GoogleCloudEnvSecrets.find(name)
3
+ name = ENV["NAME"].strip
4
+
5
+ fail "#{name} not found" unless GoogleCloudEnvSecrets.exist?(name)
6
+
7
+ $stdout.sync = true
8
+ print GoogleCloudEnvSecrets.find(name)
5
9
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: google_cloud_env_secrets
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 1.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Matthias Kadenbach
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-10-09 00:00:00.000000000 Z
11
+ date: 2020-10-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -16,20 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 6.0.3
20
- - - ">="
21
- - !ruby/object:Gem::Version
22
- version: 6.0.3.4
19
+ version: '6'
23
20
  type: :runtime
24
21
  prerelease: false
25
22
  version_requirements: !ruby/object:Gem::Requirement
26
23
  requirements:
27
24
  - - "~>"
28
25
  - !ruby/object:Gem::Version
29
- version: 6.0.3
30
- - - ">="
31
- - !ruby/object:Gem::Version
32
- version: 6.0.3.4
26
+ version: '6'
33
27
  - !ruby/object:Gem::Dependency
34
28
  name: google-cloud-secret_manager
35
29
  requirement: !ruby/object:Gem::Requirement