kubes_google 0.3.2 → 0.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e286468a570668c5d92665f0966165c18f987de7bc09a27c0527d4e732ba3cc0
4
- data.tar.gz: 5f36b3d707942e78160a677dcb3dd9b936bba513d43b61d20176486cacf201ba
3
+ metadata.gz: 36b12dca084f1a7011be11085f1e91b3e2551ae1814ddc33acec6172da1b5a66
4
+ data.tar.gz: 1fb93979efa46e903873fb18f9bad7affce32c73bc52bfe4c68c35b642033c60
5
5
  SHA512:
6
- metadata.gz: 0c86e64af5fd59083820f5a34ae59ad3ee323ae038e5f99ecb63900ffe41701c5ae5e1b661117f210153eacc151cc01e44681e63292e9b059802ae1916aa9dcb
7
- data.tar.gz: 572b87da4fc774078994cce80eea09a4a3ca74d445f605fb286958c1ecf0eb0ea4210d7ed30b713d160c46f06acecc6e757652d79e7e9d00d4d58afd00291922
6
+ metadata.gz: 7494108d3c48d710449494be1c4e3c772b13a5341becdaa76afd5cb02c3b390fd715bc6f48b46b62f0b3335731df6cf1e308a7e1851acba9c33544548a5e9252
7
+ data.tar.gz: 38fade8f5865c6355153b1ff18c4c37e28532d318b802503629b49553a0f5fe69e4e0d99fbbab53423a231b8ab5909d87c6ec55d91269086b9a1a76cf5c892b4
@@ -3,6 +3,9 @@
3
3
  All notable changes to this project will be documented in this file.
4
4
  This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
5
5
 
6
+ ## [0.3.3] - 2020-11-12
7
+ - [#6](https://github.com/boltops-tools/kubes_google/pull/6) sdk and gcloud secrets fetcher strategy: secrets.fetcher option
8
+
6
9
  ## [0.3.2] - 2020-11-11
7
10
  - [#5](https://github.com/boltops-tools/kubes_google/pull/5) config.base64 option
8
11
 
@@ -4,7 +4,6 @@ module KubesGoogle
4
4
 
5
5
  def defaults
6
6
  c = ActiveSupport::OrderedOptions.new
7
- c.base64_secrets = true
8
7
  c.gke = ActiveSupport::OrderedOptions.new
9
8
  c.gke.cluster_name = nil
10
9
  c.gke.enable_get_credentials = nil
@@ -12,6 +11,9 @@ module KubesGoogle
12
11
  c.gke.google_project = nil
13
12
  c.gke.google_region = nil
14
13
  c.gke.whitelist_ip = nil # default will auto-detect IP
14
+ c.secrets = ActiveSupport::OrderedOptions.new
15
+ c.secrets.fetcher = "sdk"
16
+ c.secrets.base64 = true
15
17
  c
16
18
  end
17
19
 
@@ -1,45 +1,22 @@
1
1
  class KubesGoogle::Secrets
2
2
  class Fetcher
3
- include KubesGoogle::Logging
4
- include KubesGoogle::Services
3
+ extend Memoist
5
4
 
6
5
  def initialize(options={})
7
6
  @options = options
8
- @base64 = options[:base64]
9
- @project_id = ENV['GOOGLE_PROJECT'] || raise("GOOGLE_PROJECT env variable is not set. It's required.")
10
7
  end
11
8
 
12
9
  def fetch(short_name)
13
- value = fetch_value(short_name)
14
- value = Base64.strict_encode64(value).strip if base64?
15
- value
10
+ fetcher.fetch(short_name)
16
11
  end
17
12
 
18
- def base64?
19
- @base64.nil? ? KubesGoogle.config.base64_secrets : @base64
20
- end
21
-
22
- def fetch_value(short_name)
23
- name = "projects/#{project_number}/secrets/#{short_name}/versions/latest"
24
- version = secret_manager_service.access_secret_version(name: name)
25
- version.payload.data
26
- rescue Google::Cloud::NotFoundError => e
27
- logger.info "WARN: secret #{name} not found".color(:yellow)
28
- logger.info e.message
29
- "NOT FOUND #{name}" # simple string so Kubernetes YAML is valid
30
- end
31
-
32
- # TODO: Get the project from the list project api instead. Unsure where the docs are for this.
33
- # If someone knows, let me know.
34
- # Right now grabbing the first secret to then be able to get the google project number
35
- @@project_number = nil
36
- def project_number
37
- return @@project_number if @@project_number
38
-
39
- parent = "projects/#{@project_id}"
40
- resp = secret_manager_service.list_secrets(parent: parent) # note: page_size doesnt seem to get respected
41
- name = resp.first.name # IE: projects/686010496118/secrets/demo-dev-db_host
42
- @@project_number = name.split('/')[1]
13
+ def fetcher
14
+ if Kubes.config.secrets_fetcher == "sdk"
15
+ Sdk.new(@options)
16
+ else
17
+ Gcloud.new(@options)
18
+ end
43
19
  end
20
+ memoize :fetcher
44
21
  end
45
22
  end
@@ -0,0 +1,15 @@
1
+ class KubesGoogle::Secrets::Fetcher
2
+ class Base
3
+ include KubesGoogle::Logging
4
+
5
+ def initialize(options={})
6
+ @options = options
7
+ @base64 = options[:base64]
8
+ @project_id = options[:google_project] || ENV['GOOGLE_PROJECT'] || raise("GOOGLE_PROJECT env variable is not set. It's required.")
9
+ end
10
+
11
+ def base64?
12
+ @base64.nil? ? KubesGoogle.config.secrets.base64 : @base64
13
+ end
14
+ end
15
+ end
@@ -0,0 +1,22 @@
1
+ class KubesGoogle::Secrets::Fetcher
2
+ class Gcloud < Base
3
+ include KubesGoogle::Util::Sh
4
+
5
+ def fetch(short_name, version="latest")
6
+ puts "gcloud fetch #{short_name}"
7
+ value = gcloud("secrets versions access #{version} --secret #{short_name}")
8
+ if value.include?("ERROR") && value.include?("NOT_FOUND")
9
+ logger.info "WARN: secret #{short_name} not found".color(:yellow)
10
+ logger.info e.message
11
+ "NOT FOUND #{short_name}" # simple string so Kubernetes YAML is valid
12
+ else
13
+ value = Base64.strict_encode64(value).strip if base64?
14
+ value
15
+ end
16
+ end
17
+
18
+ def gcloud(args)
19
+ capture("gcloud --project #{@project_id} #{args}")
20
+ end
21
+ end
22
+ end
@@ -0,0 +1,34 @@
1
+ class KubesGoogle::Secrets::Fetcher
2
+ class Sdk < Base
3
+ include KubesGoogle::Services
4
+
5
+ def fetch(short_name, version="latest")
6
+ value = fetch_value(short_name, version)
7
+ value = Base64.strict_encode64(value).strip if base64?
8
+ value
9
+ end
10
+
11
+ def fetch_value(short_name, version="latest")
12
+ name = "projects/#{project_number}/secrets/#{short_name}/versions/#{version}"
13
+ version = secret_manager_service.access_secret_version(name: name)
14
+ version.payload.data
15
+ rescue Google::Cloud::NotFoundError => e
16
+ logger.info "WARN: secret #{name} not found".color(:yellow)
17
+ logger.info e.message
18
+ "NOT FOUND #{name}" # simple string so Kubernetes YAML is valid
19
+ end
20
+
21
+ # TODO: Get the project from the list project api instead. Unsure where the docs are for this.
22
+ # If someone knows, let me know.
23
+ # Right now grabbing the first secret to then be able to get the google project number
24
+ @@project_number = nil
25
+ def project_number
26
+ return @@project_number if @@project_number
27
+
28
+ parent = "projects/#{@project_id}"
29
+ resp = secret_manager_service.list_secrets(parent: parent) # note: page_size doesnt seem to get respected
30
+ name = resp.first.name # IE: projects/686010496118/secrets/demo-dev-db_host
31
+ @@project_number = name.split('/')[1]
32
+ end
33
+ end
34
+ end
@@ -1,3 +1,3 @@
1
1
  module KubesGoogle
2
- VERSION = "0.3.2"
2
+ VERSION = "0.3.3"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: kubes_google
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.2
4
+ version: 0.3.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tung Nguyen
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-11-11 00:00:00.000000000 Z
11
+ date: 2020-11-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -119,6 +119,9 @@ files:
119
119
  - lib/kubes_google/logging.rb
120
120
  - lib/kubes_google/secrets.rb
121
121
  - lib/kubes_google/secrets/fetcher.rb
122
+ - lib/kubes_google/secrets/fetcher/base.rb
123
+ - lib/kubes_google/secrets/fetcher/gcloud.rb
124
+ - lib/kubes_google/secrets/fetcher/sdk.rb
122
125
  - lib/kubes_google/service_account.rb
123
126
  - lib/kubes_google/services.rb
124
127
  - lib/kubes_google/util/sh.rb