google_cloud_env_secrets 0.1.1 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 90ac38d180204dec944c36ba57e7072e36e87dadbafee415fb864a25b0b24fcf
4
- data.tar.gz: 8373386dd3089abdad83128d2bff2ca5ac2d8ff954389a1f6810d67f6aee883f
3
+ metadata.gz: 0f6fb0a3005e03c0be10f2e423f049ec2c103f44696f43eb47f62bdfc5d4a109
4
+ data.tar.gz: c2111c2c4a8819321a1875c46651a16d847b1f6fb9e20d6ea821ae136571a38c
5
5
  SHA512:
6
- metadata.gz: 0c9f4cfb80145fc506d78949ec3053e3a16994443a8245176d120f2c4597619eef889f62dd8997a79cd9979610c0a43dddfc158b54be2e9d0aa298427fde58e4
7
- data.tar.gz: 96d34802b6c79246c8252f96cd6635de3c1ee3d8ef55ccc993264f350488fa5449d6f57a3a272d14360b48f88e6d88b9e159c716f45319bd7ea000ad8c809f53
6
+ metadata.gz: 4a1a64482d17981bc421768820d5b07b40a5c6dd0a64c93b80f01bed0ae61b425a7938a2faf1b961b4401e25840d286dbd84ec191cb158d30a1902043a2b5722
7
+ data.tar.gz: 44d02eb848d40f9314d4d7fa4a16c2f57e1aa020b130d6843810b74245b11d5d96c6b2cc8c13651fd51b701c49068994ffc008a21b81dab6242c07733265853d
data/README.md CHANGED
@@ -23,12 +23,20 @@ $ gem install google_cloud_env_secrets
23
23
 
24
24
  Configure this gem with environment vars:
25
25
 
26
- | Variable | Description |
27
- |----------------------------------|--------------------------------------------------------------------|
28
- | `GOOGLE_APPLICATION_CREDENTIALS` | Manually set path to Google Application Credentials. |
29
- | `GOOGLE_PROJECT` | Manually set the Google project. Automatically detected otherwise. |
30
- | `GOOGLE_SECRETS_PREFIX` | Only load secrets that start with prefix. |
26
+ | Variable | Description |
27
+ |---------------------------------------|--------------------------------------------------------------------|
28
+ | `GOOGLE_APPLICATION_CREDENTIALS` | Google Application Credentials, path or data (not base64 encoded). |
29
+ | `GOOGLE_PROJECT` | Google project |
30
+ | `GOOGLE_SECRETS_PREFIX` | Only load secrets that start with given prefix. |
31
+ | `GOOGLE_SECRETS_OVERLOAD` | Replace existing ENV vars with secret's value. Default `true`. |
31
32
 
33
+ The `GOOGLE_APPLICATION_CREDENTIALS` and `GOOGLE_PROJECT` variables are both optional. If not given,
34
+ we will detect them automatically, if run on Google Cloud.
35
+
36
+ Google Secrets are available after the [before_configuration hook](https://guides.rubyonrails.org/configuring.html#initialization-events).
37
+ You can call `GoogleCloudEnvSecrets.load` if you need the ENV secrets sooner than that.
38
+
39
+ See [docs](https://www.rubydoc.info/github/mattes/rails_google_cloud_env_secrets/main), too.
32
40
 
33
41
  ## Required IAM Roles
34
42
 
@@ -36,3 +44,4 @@ Configure this gem with environment vars:
36
44
  Secret Manager Secret Accessor
37
45
  Secret Manager Viewer
38
46
  ```
47
+
@@ -1,12 +1,16 @@
1
+ require "json"
2
+
1
3
  module GoogleCloudEnvSecrets
2
4
  class Configuration
3
5
  attr_accessor :project
4
6
  attr_accessor :credentials
5
7
  attr_accessor :cache_secrets
6
8
  attr_accessor :prefix
9
+ attr_accessor :overload
7
10
 
8
11
  def initialize
9
12
  @cache_secrets = true
13
+ @overload = true
10
14
  end
11
15
  end
12
16
 
@@ -18,4 +22,16 @@ module GoogleCloudEnvSecrets
18
22
  self.configuration ||= Configuration.new
19
23
  yield(configuration)
20
24
  end
25
+
26
+ def self.parse_project_from_credentials(credentials)
27
+ if File.exist?(credentials)
28
+ j = JSON.parse(File.read(credentials))
29
+ return j["project_id"]
30
+ else
31
+ j = JSON.parse(credentials)
32
+ return j["project_id"]
33
+ end
34
+ rescue
35
+ nil
36
+ end
21
37
  end
@@ -1,14 +1,29 @@
1
1
  module GoogleCloudEnvSecrets
2
2
  class Railtie < ::Rails::Railtie
3
- initializer "google_cloud_env_secrets.initialize", after: :bootstrap_hook do |app|
4
- GoogleCloudEnvSecrets.configure do |config|
5
- config.credentials = ENV["GOOGLE_APPLICATION_CREDENTIALS"] || nil
6
- config.project = ENV["GOOGLE_PROJECT"] || Google::Cloud.env.project_id
7
- config.prefix = ENV["GOOGLE_SECRETS_PREFIX"] || nil
8
- end
9
3
 
10
- secrets = GoogleCloudEnvSecrets.all
11
- GoogleCloudEnvSecrets.inject_env!(secrets)
4
+ # load Google Secrets during Rails `before_configuration` hook
5
+ config.before_configuration do
6
+ GoogleCloudEnvSecrets.load
7
+ end
8
+
9
+ rake_tasks do
10
+ load "tasks/google_cloud_env_secrets_tasks.rake"
12
11
  end
13
12
  end
13
+
14
+ # load Google Secrets into ENV
15
+ def self.load
16
+ GoogleCloudEnvSecrets.configure do |config|
17
+ config.credentials = ENV["GOOGLE_APPLICATION_CREDENTIALS"] || nil
18
+ config.project = ENV["GOOGLE_PROJECT"] || GoogleCloudEnvSecrets.parse_project_from_credentials(config.credentials) || Google::Cloud.env.project_id
19
+ config.prefix = ENV["GOOGLE_SECRETS_PREFIX"] || nil
20
+
21
+ if ENV.has_key?("GOOGLE_SECRETS_OVERLOAD")
22
+ config.overload = ENV["GOOGLE_SECRETS_OVERLOAD"]&.to_s&.downcase == "true"
23
+ end
24
+ end
25
+
26
+ secrets = GoogleCloudEnvSecrets.all
27
+ GoogleCloudEnvSecrets.inject_env!(secrets, GoogleCloudEnvSecrets.configuration.overload)
28
+ end
14
29
  end
@@ -2,10 +2,21 @@ module GoogleCloudEnvSecrets
2
2
  def self.all
3
3
  @secrets = nil unless self.configuration.cache_secrets
4
4
  @secrets ||= begin
5
+ # Skip if not running on Google Cloud and credentials are not set explicitly
6
+ if self.configuration.credentials.nil? && Google::Cloud.env.project_id.nil?
7
+ return {}
8
+ end
9
+
5
10
  # Configure and initialize
6
11
  # https://googleapis.dev/ruby/google-cloud-secret_manager/latest/Google/Cloud/SecretManager.html
7
12
  Google::Cloud::SecretManager.configure do |config|
8
- config.credentials = self.configuration.credentials
13
+ if self.configuration.credentials
14
+ if File.exist?(self.configuration.credentials)
15
+ config.credentials = self.configuration.credentials # load by file
16
+ else
17
+ config.credentials = JSON.parse(self.configuration.credentials) # load data
18
+ end
19
+ end
9
20
  end
10
21
 
11
22
  client = Google::Cloud::SecretManager.secret_manager_service
@@ -38,17 +49,26 @@ module GoogleCloudEnvSecrets
38
49
 
39
50
  secrets
40
51
  end
41
- @secrets
52
+
53
+ @secrets || {}
42
54
  end
43
55
 
44
56
  def self.find(name)
45
- self.all # make sure we have the secrets loaded
46
- @secrets[name.to_s]
57
+ self.all[name.to_s]
58
+ end
59
+
60
+ def self.exist?(name)
61
+ self.all.has_key?(name.to_s)
47
62
  end
48
63
 
49
- def self.inject_env!(secrets = {})
64
+ def self.inject_env!(secrets = {}, overload = true, env = ENV)
50
65
  secrets.each do |name, value|
51
- ENV[name.to_s] = value
66
+ name = name.to_s
67
+ if overload
68
+ env[name] = value
69
+ else
70
+ env[name] ||= value
71
+ end
52
72
  end
53
73
  end
54
74
  end
@@ -1,3 +1,3 @@
1
1
  module GoogleCloudEnvSecrets
2
- VERSION = "0.1.1"
2
+ VERSION = "1.0.2"
3
3
  end
@@ -1,5 +1,9 @@
1
1
  desc "Fetch Google Cloud Secret"
2
2
  task :google_cloud_secret do
3
- name = ARGV[1]
4
- puts GoogleCloudEnvSecrets.find(name)
3
+ name = ENV["NAME"].strip
4
+
5
+ fail "#{name} not found" unless GoogleCloudEnvSecrets.exist?(name)
6
+
7
+ $stdout.sync = true
8
+ print GoogleCloudEnvSecrets.find(name)
5
9
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: google_cloud_env_secrets
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 1.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Matthias Kadenbach
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-10-09 00:00:00.000000000 Z
11
+ date: 2020-10-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails