kubes_google 0.3.2 → 0.3.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e286468a570668c5d92665f0966165c18f987de7bc09a27c0527d4e732ba3cc0
-  data.tar.gz: 5f36b3d707942e78160a677dcb3dd9b936bba513d43b61d20176486cacf201ba
+  metadata.gz: 36b12dca084f1a7011be11085f1e91b3e2551ae1814ddc33acec6172da1b5a66
+  data.tar.gz: 1fb93979efa46e903873fb18f9bad7affce32c73bc52bfe4c68c35b642033c60
 SHA512:
-  metadata.gz: 0c86e64af5fd59083820f5a34ae59ad3ee323ae038e5f99ecb63900ffe41701c5ae5e1b661117f210153eacc151cc01e44681e63292e9b059802ae1916aa9dcb
-  data.tar.gz: 572b87da4fc774078994cce80eea09a4a3ca74d445f605fb286958c1ecf0eb0ea4210d7ed30b713d160c46f06acecc6e757652d79e7e9d00d4d58afd00291922
+  metadata.gz: 7494108d3c48d710449494be1c4e3c772b13a5341becdaa76afd5cb02c3b390fd715bc6f48b46b62f0b3335731df6cf1e308a7e1851acba9c33544548a5e9252
+  data.tar.gz: 38fade8f5865c6355153b1ff18c4c37e28532d318b802503629b49553a0f5fe69e4e0d99fbbab53423a231b8ab5909d87c6ec55d91269086b9a1a76cf5c892b4

data/CHANGELOG.md

@@ -3,6 +3,9 @@
 All notable changes to this project will be documented in this file.
 This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
 
+## [0.3.3] - 2020-11-12
+- [#6](https://github.com/boltops-tools/kubes_google/pull/6) sdk and gcloud secrets fetcher strategy: secrets.fetcher option
+
 ## [0.3.2] - 2020-11-11
 - [#5](https://github.com/boltops-tools/kubes_google/pull/5) config.base64 option
 

data/lib/kubes_google/config.rb

@@ -4,7 +4,6 @@ module KubesGoogle
 
     def defaults
       c = ActiveSupport::OrderedOptions.new
-      c.base64_secrets = true
       c.gke = ActiveSupport::OrderedOptions.new
       c.gke.cluster_name = nil
       c.gke.enable_get_credentials = nil
@@ -12,6 +11,9 @@ module KubesGoogle
       c.gke.google_project = nil
       c.gke.google_region = nil
       c.gke.whitelist_ip = nil # default will auto-detect IP
+      c.secrets = ActiveSupport::OrderedOptions.new
+      c.secrets.fetcher = "sdk"
+      c.secrets.base64 = true
       c
     end
 

data/lib/kubes_google/secrets/fetcher.rb

@@ -1,45 +1,22 @@
 class KubesGoogle::Secrets
   class Fetcher
-    include KubesGoogle::Logging
-    include KubesGoogle::Services
+    extend Memoist
 
     def initialize(options={})
       @options = options
-      @base64 = options[:base64]
-      @project_id = ENV['GOOGLE_PROJECT'] || raise("GOOGLE_PROJECT env variable is not set. It's required.")
     end
 
     def fetch(short_name)
-      value = fetch_value(short_name)
-      value = Base64.strict_encode64(value).strip if base64?
-      value
+      fetcher.fetch(short_name)
     end
 
-    def base64?
-      @base64.nil? ? KubesGoogle.config.base64_secrets : @base64
-    end
-
-    def fetch_value(short_name)
-      name = "projects/#{project_number}/secrets/#{short_name}/versions/latest"
-      version = secret_manager_service.access_secret_version(name: name)
-      version.payload.data
-    rescue Google::Cloud::NotFoundError => e
-      logger.info "WARN: secret #{name} not found".color(:yellow)
-      logger.info e.message
-      "NOT FOUND #{name}" # simple string so Kubernetes YAML is valid
-    end
-
-    # TODO: Get the project from the list project api instead. Unsure where the docs are for this.
-    # If someone knows, let me know.
-    # Right now grabbing the first secret to then be able to get the google project number
-    @@project_number = nil
-    def project_number
-      return @@project_number if @@project_number
-
-      parent = "projects/#{@project_id}"
-      resp = secret_manager_service.list_secrets(parent: parent) # note: page_size doesnt seem to get respected
-      name = resp.first.name # IE: projects/686010496118/secrets/demo-dev-db_host
-      @@project_number = name.split('/')[1]
+    def fetcher
+      if Kubes.config.secrets_fetcher == "sdk"
+        Sdk.new(@options)
+      else
+        Gcloud.new(@options)
+      end
     end
+    memoize :fetcher
   end
 end

data/lib/kubes_google/secrets/fetcher/base.rb

@@ -0,0 +1,15 @@
+class KubesGoogle::Secrets::Fetcher
+  class Base
+    include KubesGoogle::Logging
+
+    def initialize(options={})
+      @options = options
+      @base64 = options[:base64]
+      @project_id = options[:google_project] || ENV['GOOGLE_PROJECT'] || raise("GOOGLE_PROJECT env variable is not set. It's required.")
+    end
+
+    def base64?
+      @base64.nil? ? KubesGoogle.config.secrets.base64 : @base64
+    end
+  end
+end

data/lib/kubes_google/secrets/fetcher/gcloud.rb

@@ -0,0 +1,22 @@
+class KubesGoogle::Secrets::Fetcher
+  class Gcloud < Base
+    include KubesGoogle::Util::Sh
+
+    def fetch(short_name, version="latest")
+      puts "gcloud fetch #{short_name}"
+      value = gcloud("secrets versions access #{version} --secret #{short_name}")
+      if value.include?("ERROR") && value.include?("NOT_FOUND")
+        logger.info "WARN: secret #{short_name} not found".color(:yellow)
+        logger.info e.message
+        "NOT FOUND #{short_name}" # simple string so Kubernetes YAML is valid
+      else
+        value = Base64.strict_encode64(value).strip if base64?
+        value
+      end
+    end
+
+    def gcloud(args)
+      capture("gcloud --project #{@project_id} #{args}")
+    end
+  end
+end

data/lib/kubes_google/secrets/fetcher/sdk.rb

@@ -0,0 +1,34 @@
+class KubesGoogle::Secrets::Fetcher
+  class Sdk < Base
+    include KubesGoogle::Services
+
+    def fetch(short_name, version="latest")
+      value = fetch_value(short_name, version)
+      value = Base64.strict_encode64(value).strip if base64?
+      value
+    end
+
+    def fetch_value(short_name, version="latest")
+      name = "projects/#{project_number}/secrets/#{short_name}/versions/#{version}"
+      version = secret_manager_service.access_secret_version(name: name)
+      version.payload.data
+    rescue Google::Cloud::NotFoundError => e
+      logger.info "WARN: secret #{name} not found".color(:yellow)
+      logger.info e.message
+      "NOT FOUND #{name}" # simple string so Kubernetes YAML is valid
+    end
+
+    # TODO: Get the project from the list project api instead. Unsure where the docs are for this.
+    # If someone knows, let me know.
+    # Right now grabbing the first secret to then be able to get the google project number
+    @@project_number = nil
+    def project_number
+      return @@project_number if @@project_number
+
+      parent = "projects/#{@project_id}"
+      resp = secret_manager_service.list_secrets(parent: parent) # note: page_size doesnt seem to get respected
+      name = resp.first.name # IE: projects/686010496118/secrets/demo-dev-db_host
+      @@project_number = name.split('/')[1]
+    end
+  end
+end

data/lib/kubes_google/version.rb

@@ -1,3 +1,3 @@
 module KubesGoogle
-  VERSION = "0.3.2"
+  VERSION = "0.3.3"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kubes_google
 version: !ruby/object:Gem::Version
-  version: 0.3.2
+  version: 0.3.3
 platform: ruby
 authors:
 - Tung Nguyen
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-11-11 00:00:00.000000000 Z
+date: 2020-11-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -119,6 +119,9 @@ files:
 - lib/kubes_google/logging.rb
 - lib/kubes_google/secrets.rb
 - lib/kubes_google/secrets/fetcher.rb
+- lib/kubes_google/secrets/fetcher/base.rb
+- lib/kubes_google/secrets/fetcher/gcloud.rb
+- lib/kubes_google/secrets/fetcher/sdk.rb
 - lib/kubes_google/service_account.rb
 - lib/kubes_google/services.rb
 - lib/kubes_google/util/sh.rb