kubes_google 0.3.2 → 0.3.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/lib/kubes_google/config.rb +3 -1
- data/lib/kubes_google/secrets/fetcher.rb +9 -32
- data/lib/kubes_google/secrets/fetcher/base.rb +15 -0
- data/lib/kubes_google/secrets/fetcher/gcloud.rb +22 -0
- data/lib/kubes_google/secrets/fetcher/sdk.rb +34 -0
- data/lib/kubes_google/version.rb +1 -1
- metadata +5 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 36b12dca084f1a7011be11085f1e91b3e2551ae1814ddc33acec6172da1b5a66
|
4
|
+
data.tar.gz: 1fb93979efa46e903873fb18f9bad7affce32c73bc52bfe4c68c35b642033c60
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7494108d3c48d710449494be1c4e3c772b13a5341becdaa76afd5cb02c3b390fd715bc6f48b46b62f0b3335731df6cf1e308a7e1851acba9c33544548a5e9252
|
7
|
+
data.tar.gz: 38fade8f5865c6355153b1ff18c4c37e28532d318b802503629b49553a0f5fe69e4e0d99fbbab53423a231b8ab5909d87c6ec55d91269086b9a1a76cf5c892b4
|
data/CHANGELOG.md
CHANGED
@@ -3,6 +3,9 @@
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
4
4
|
This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
|
5
5
|
|
6
|
+
## [0.3.3] - 2020-11-12
|
7
|
+
- [#6](https://github.com/boltops-tools/kubes_google/pull/6) sdk and gcloud secrets fetcher strategy: secrets.fetcher option
|
8
|
+
|
6
9
|
## [0.3.2] - 2020-11-11
|
7
10
|
- [#5](https://github.com/boltops-tools/kubes_google/pull/5) config.base64 option
|
8
11
|
|
data/lib/kubes_google/config.rb
CHANGED
@@ -4,7 +4,6 @@ module KubesGoogle
|
|
4
4
|
|
5
5
|
def defaults
|
6
6
|
c = ActiveSupport::OrderedOptions.new
|
7
|
-
c.base64_secrets = true
|
8
7
|
c.gke = ActiveSupport::OrderedOptions.new
|
9
8
|
c.gke.cluster_name = nil
|
10
9
|
c.gke.enable_get_credentials = nil
|
@@ -12,6 +11,9 @@ module KubesGoogle
|
|
12
11
|
c.gke.google_project = nil
|
13
12
|
c.gke.google_region = nil
|
14
13
|
c.gke.whitelist_ip = nil # default will auto-detect IP
|
14
|
+
c.secrets = ActiveSupport::OrderedOptions.new
|
15
|
+
c.secrets.fetcher = "sdk"
|
16
|
+
c.secrets.base64 = true
|
15
17
|
c
|
16
18
|
end
|
17
19
|
|
@@ -1,45 +1,22 @@
|
|
1
1
|
class KubesGoogle::Secrets
|
2
2
|
class Fetcher
|
3
|
-
|
4
|
-
include KubesGoogle::Services
|
3
|
+
extend Memoist
|
5
4
|
|
6
5
|
def initialize(options={})
|
7
6
|
@options = options
|
8
|
-
@base64 = options[:base64]
|
9
|
-
@project_id = ENV['GOOGLE_PROJECT'] || raise("GOOGLE_PROJECT env variable is not set. It's required.")
|
10
7
|
end
|
11
8
|
|
12
9
|
def fetch(short_name)
|
13
|
-
|
14
|
-
value = Base64.strict_encode64(value).strip if base64?
|
15
|
-
value
|
10
|
+
fetcher.fetch(short_name)
|
16
11
|
end
|
17
12
|
|
18
|
-
def
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
version = secret_manager_service.access_secret_version(name: name)
|
25
|
-
version.payload.data
|
26
|
-
rescue Google::Cloud::NotFoundError => e
|
27
|
-
logger.info "WARN: secret #{name} not found".color(:yellow)
|
28
|
-
logger.info e.message
|
29
|
-
"NOT FOUND #{name}" # simple string so Kubernetes YAML is valid
|
30
|
-
end
|
31
|
-
|
32
|
-
# TODO: Get the project from the list project api instead. Unsure where the docs are for this.
|
33
|
-
# If someone knows, let me know.
|
34
|
-
# Right now grabbing the first secret to then be able to get the google project number
|
35
|
-
@@project_number = nil
|
36
|
-
def project_number
|
37
|
-
return @@project_number if @@project_number
|
38
|
-
|
39
|
-
parent = "projects/#{@project_id}"
|
40
|
-
resp = secret_manager_service.list_secrets(parent: parent) # note: page_size doesnt seem to get respected
|
41
|
-
name = resp.first.name # IE: projects/686010496118/secrets/demo-dev-db_host
|
42
|
-
@@project_number = name.split('/')[1]
|
13
|
+
def fetcher
|
14
|
+
if Kubes.config.secrets_fetcher == "sdk"
|
15
|
+
Sdk.new(@options)
|
16
|
+
else
|
17
|
+
Gcloud.new(@options)
|
18
|
+
end
|
43
19
|
end
|
20
|
+
memoize :fetcher
|
44
21
|
end
|
45
22
|
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
class KubesGoogle::Secrets::Fetcher
|
2
|
+
class Base
|
3
|
+
include KubesGoogle::Logging
|
4
|
+
|
5
|
+
def initialize(options={})
|
6
|
+
@options = options
|
7
|
+
@base64 = options[:base64]
|
8
|
+
@project_id = options[:google_project] || ENV['GOOGLE_PROJECT'] || raise("GOOGLE_PROJECT env variable is not set. It's required.")
|
9
|
+
end
|
10
|
+
|
11
|
+
def base64?
|
12
|
+
@base64.nil? ? KubesGoogle.config.secrets.base64 : @base64
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
class KubesGoogle::Secrets::Fetcher
|
2
|
+
class Gcloud < Base
|
3
|
+
include KubesGoogle::Util::Sh
|
4
|
+
|
5
|
+
def fetch(short_name, version="latest")
|
6
|
+
puts "gcloud fetch #{short_name}"
|
7
|
+
value = gcloud("secrets versions access #{version} --secret #{short_name}")
|
8
|
+
if value.include?("ERROR") && value.include?("NOT_FOUND")
|
9
|
+
logger.info "WARN: secret #{short_name} not found".color(:yellow)
|
10
|
+
logger.info e.message
|
11
|
+
"NOT FOUND #{short_name}" # simple string so Kubernetes YAML is valid
|
12
|
+
else
|
13
|
+
value = Base64.strict_encode64(value).strip if base64?
|
14
|
+
value
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
def gcloud(args)
|
19
|
+
capture("gcloud --project #{@project_id} #{args}")
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
class KubesGoogle::Secrets::Fetcher
|
2
|
+
class Sdk < Base
|
3
|
+
include KubesGoogle::Services
|
4
|
+
|
5
|
+
def fetch(short_name, version="latest")
|
6
|
+
value = fetch_value(short_name, version)
|
7
|
+
value = Base64.strict_encode64(value).strip if base64?
|
8
|
+
value
|
9
|
+
end
|
10
|
+
|
11
|
+
def fetch_value(short_name, version="latest")
|
12
|
+
name = "projects/#{project_number}/secrets/#{short_name}/versions/#{version}"
|
13
|
+
version = secret_manager_service.access_secret_version(name: name)
|
14
|
+
version.payload.data
|
15
|
+
rescue Google::Cloud::NotFoundError => e
|
16
|
+
logger.info "WARN: secret #{name} not found".color(:yellow)
|
17
|
+
logger.info e.message
|
18
|
+
"NOT FOUND #{name}" # simple string so Kubernetes YAML is valid
|
19
|
+
end
|
20
|
+
|
21
|
+
# TODO: Get the project from the list project api instead. Unsure where the docs are for this.
|
22
|
+
# If someone knows, let me know.
|
23
|
+
# Right now grabbing the first secret to then be able to get the google project number
|
24
|
+
@@project_number = nil
|
25
|
+
def project_number
|
26
|
+
return @@project_number if @@project_number
|
27
|
+
|
28
|
+
parent = "projects/#{@project_id}"
|
29
|
+
resp = secret_manager_service.list_secrets(parent: parent) # note: page_size doesnt seem to get respected
|
30
|
+
name = resp.first.name # IE: projects/686010496118/secrets/demo-dev-db_host
|
31
|
+
@@project_number = name.split('/')[1]
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
data/lib/kubes_google/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: kubes_google
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.3.
|
4
|
+
version: 0.3.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tung Nguyen
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-11-
|
11
|
+
date: 2020-11-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -119,6 +119,9 @@ files:
|
|
119
119
|
- lib/kubes_google/logging.rb
|
120
120
|
- lib/kubes_google/secrets.rb
|
121
121
|
- lib/kubes_google/secrets/fetcher.rb
|
122
|
+
- lib/kubes_google/secrets/fetcher/base.rb
|
123
|
+
- lib/kubes_google/secrets/fetcher/gcloud.rb
|
124
|
+
- lib/kubes_google/secrets/fetcher/sdk.rb
|
122
125
|
- lib/kubes_google/service_account.rb
|
123
126
|
- lib/kubes_google/services.rb
|
124
127
|
- lib/kubes_google/util/sh.rb
|