RubyGems - google_cloud_env_secrets - Versions diffs - 0.1.1 → 0.1.2 - Mend

google_cloud_env_secrets 0.1.1 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/README.md +5 -0
data/lib/google_cloud_env_secrets/config.rb +2 -0
data/lib/google_cloud_env_secrets/railtie.rb +19 -8
data/lib/google_cloud_env_secrets/secrets.rb +15 -5
data/lib/google_cloud_env_secrets/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 90ac38d180204dec944c36ba57e7072e36e87dadbafee415fb864a25b0b24fcf
-  data.tar.gz: 8373386dd3089abdad83128d2bff2ca5ac2d8ff954389a1f6810d67f6aee883f
+  metadata.gz: 8cae42f0b4569a668a8cd720672427c63862a2873c3029d811f6ffbe784ca0a5
+  data.tar.gz: fdff6f40d8b416e10e77b8097b23e6c222295d6cc02e90d981c3ad82b2176c36
 SHA512:
-  metadata.gz: 0c9f4cfb80145fc506d78949ec3053e3a16994443a8245176d120f2c4597619eef889f62dd8997a79cd9979610c0a43dddfc158b54be2e9d0aa298427fde58e4
-  data.tar.gz: 96d34802b6c79246c8252f96cd6635de3c1ee3d8ef55ccc993264f350488fa5449d6f57a3a272d14360b48f88e6d88b9e159c716f45319bd7ea000ad8c809f53
+  metadata.gz: c48d2996eb230b92c7a48fe5b8610bc1267d1da340237c53e18311506799a7a0e13978c1a8edb1d503e4aefa1badffe2b4ed2cdc3b4ea386a26dc6052ba836e5
+  data.tar.gz: 37de843da13be35009b5371c98403ee1ec8420182160b3ab8f7211e9db8a450a164b915e6c015ec3553b9f9d72b32d847956824a71b677915ae823e6e636fccf

data/README.md CHANGED

@@ -28,7 +28,12 @@ Configure this gem with environment vars:
 | `GOOGLE_APPLICATION_CREDENTIALS` | Manually set path to Google Application Credentials.               |
 | `GOOGLE_PROJECT`                 | Manually set the Google project. Automatically detected otherwise. |
 | `GOOGLE_SECRETS_PREFIX`          | Only load secrets that start with prefix.                          |
+| `GOOGLE_SECRETS_FORCE`           | Replace existing ENV vars with secret's value. Default `true`.     |
+Google Secrets are available after the [before_configuration hook](https://guides.rubyonrails.org/configuring.html#initialization-events).
+You can call `GoogleCloudEnvSecrets.load` if you need the ENV secrets sooner than that.
+See [docs](https://www.rubydoc.info/github/mattes/rails_google_cloud_env_secrets/main), too.
 ## Required IAM Roles

data/lib/google_cloud_env_secrets/config.rb CHANGED

@@ -4,9 +4,11 @@ module GoogleCloudEnvSecrets
     attr_accessor :credentials
     attr_accessor :cache_secrets
     attr_accessor :prefix
+    attr_accessor :force
     def initialize
       @cache_secrets = true
+      @force = true
     end
   end

data/lib/google_cloud_env_secrets/railtie.rb CHANGED

@@ -1,14 +1,25 @@
 module GoogleCloudEnvSecrets
   class Railtie < ::Rails::Railtie
-    initializer "google_cloud_env_secrets.initialize", after: :bootstrap_hook do |app|
-      GoogleCloudEnvSecrets.configure do |config|
-        config.credentials = ENV["GOOGLE_APPLICATION_CREDENTIALS"] || nil
-        config.project = ENV["GOOGLE_PROJECT"] || Google::Cloud.env.project_id
-        config.prefix = ENV["GOOGLE_SECRETS_PREFIX"] || nil
-      end
-      secrets = GoogleCloudEnvSecrets.all
-      GoogleCloudEnvSecrets.inject_env!(secrets)
+    # load Google Secrets during Rails `before_configuration` hook
+    config.before_configuration do
+      GoogleCloudEnvSecrets.load
     end
   end
+  # load Google Secrets into ENV
+  def self.load
+    GoogleCloudEnvSecrets.configure do |config|
+      config.credentials = ENV["GOOGLE_APPLICATION_CREDENTIALS"] || nil
+      config.project = ENV["GOOGLE_PROJECT"] || Google::Cloud.env.project_id
+      config.prefix = ENV["GOOGLE_SECRETS_PREFIX"] || nil
+      if ENV.has_key?("GOOGLE_SECRETS_FORCE")
+        config.force = ENV["GOOGLE_SECRETS_FORCE"]&.to_s&.downcase == "true"
+      end
+    end
+    secrets = GoogleCloudEnvSecrets.all
+    GoogleCloudEnvSecrets.inject_env!(secrets, GoogleCloudEnvSecrets.configuration.force)
+  end
 end

data/lib/google_cloud_env_secrets/secrets.rb CHANGED

@@ -2,6 +2,11 @@ module GoogleCloudEnvSecrets
   def self.all
     @secrets = nil unless self.configuration.cache_secrets
     @secrets ||= begin
+        # Skip if not running on Google Cloud and credentials are not set explicitly
+        if self.configuration.credentials.nil? && Google::Cloud.env.project_id.nil?
+          return {}
+        end
         # Configure and initialize
         # https://googleapis.dev/ruby/google-cloud-secret_manager/latest/Google/Cloud/SecretManager.html
         Google::Cloud::SecretManager.configure do |config|
@@ -38,17 +43,22 @@ module GoogleCloudEnvSecrets
         secrets
       end
-    @secrets
+    @secrets || {}
   end
   def self.find(name)
-    self.all # make sure we have the secrets loaded
-    @secrets[name.to_s]
+    self.all[name.to_s]
   end
-  def self.inject_env!(secrets = {})
+  def self.inject_env!(secrets = {}, force = true, env = ENV)
     secrets.each do |name, value|
-      ENV[name.to_s] = value
+      name = name.to_s
+      if force
+        env[name] = value
+      else
+        env[name] unless env.has_key?(name)
+      end
     end
   end
 end

data/lib/google_cloud_env_secrets/version.rb CHANGED

@@ -1,3 +1,3 @@
 module GoogleCloudEnvSecrets
-  VERSION = "0.1.1"
+  VERSION = "0.1.2"
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google_cloud_env_secrets
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.2
 platform: ruby
 authors:
 - Matthias Kadenbach
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-10-09 00:00:00.000000000 Z
+date: 2020-10-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails