RubyGems - kubes_google - Versions diffs - 0.3.2 → 0.3.3 - Mend

kubes_google 0.3.2 → 0.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +3 -0
data/lib/kubes_google/config.rb +3 -1
data/lib/kubes_google/secrets/fetcher.rb +9 -32
data/lib/kubes_google/secrets/fetcher/base.rb +15 -0
data/lib/kubes_google/secrets/fetcher/gcloud.rb +22 -0
data/lib/kubes_google/secrets/fetcher/sdk.rb +34 -0
data/lib/kubes_google/version.rb +1 -1
metadata +5 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e286468a570668c5d92665f0966165c18f987de7bc09a27c0527d4e732ba3cc0
-  data.tar.gz: 5f36b3d707942e78160a677dcb3dd9b936bba513d43b61d20176486cacf201ba
+  metadata.gz: 36b12dca084f1a7011be11085f1e91b3e2551ae1814ddc33acec6172da1b5a66
+  data.tar.gz: 1fb93979efa46e903873fb18f9bad7affce32c73bc52bfe4c68c35b642033c60
 SHA512:
-  metadata.gz: 0c86e64af5fd59083820f5a34ae59ad3ee323ae038e5f99ecb63900ffe41701c5ae5e1b661117f210153eacc151cc01e44681e63292e9b059802ae1916aa9dcb
-  data.tar.gz: 572b87da4fc774078994cce80eea09a4a3ca74d445f605fb286958c1ecf0eb0ea4210d7ed30b713d160c46f06acecc6e757652d79e7e9d00d4d58afd00291922
+  metadata.gz: 7494108d3c48d710449494be1c4e3c772b13a5341becdaa76afd5cb02c3b390fd715bc6f48b46b62f0b3335731df6cf1e308a7e1851acba9c33544548a5e9252
+  data.tar.gz: 38fade8f5865c6355153b1ff18c4c37e28532d318b802503629b49553a0f5fe69e4e0d99fbbab53423a231b8ab5909d87c6ec55d91269086b9a1a76cf5c892b4

data/CHANGELOG.md CHANGED

@@ -3,6 +3,9 @@
 All notable changes to this project will be documented in this file.
 This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
+## [0.3.3] - 2020-11-12
+- [#6](https://github.com/boltops-tools/kubes_google/pull/6) sdk and gcloud secrets fetcher strategy: secrets.fetcher option
 ## [0.3.2] - 2020-11-11
 - [#5](https://github.com/boltops-tools/kubes_google/pull/5) config.base64 option

data/lib/kubes_google/config.rb CHANGED

@@ -4,7 +4,6 @@ module KubesGoogle
     def defaults
       c = ActiveSupport::OrderedOptions.new
-      c.base64_secrets = true
       c.gke = ActiveSupport::OrderedOptions.new
       c.gke.cluster_name = nil
       c.gke.enable_get_credentials = nil
@@ -12,6 +11,9 @@ module KubesGoogle
       c.gke.google_project = nil
       c.gke.google_region = nil
       c.gke.whitelist_ip = nil # default will auto-detect IP
+      c.secrets = ActiveSupport::OrderedOptions.new
+      c.secrets.fetcher = "sdk"
+      c.secrets.base64 = true
       c
     end

data/lib/kubes_google/secrets/fetcher.rb CHANGED

@@ -1,45 +1,22 @@
 class KubesGoogle::Secrets
   class Fetcher
-    include KubesGoogle::Logging
-    include KubesGoogle::Services
+    extend Memoist
     def initialize(options={})
       @options = options
-      @base64 = options[:base64]
-      @project_id = ENV['GOOGLE_PROJECT'] || raise("GOOGLE_PROJECT env variable is not set. It's required.")
     end
     def fetch(short_name)
-      value = fetch_value(short_name)
-      value = Base64.strict_encode64(value).strip if base64?
-      value
+      fetcher.fetch(short_name)
     end
-    def base64?
-      @base64.nil? ? KubesGoogle.config.base64_secrets : @base64
-    end
-    def fetch_value(short_name)
-      name = "projects/#{project_number}/secrets/#{short_name}/versions/latest"
-      version = secret_manager_service.access_secret_version(name: name)
-      version.payload.data
-    rescue Google::Cloud::NotFoundError => e
-      logger.info "WARN: secret #{name} not found".color(:yellow)
-      logger.info e.message
-      "NOT FOUND #{name}" # simple string so Kubernetes YAML is valid
-    end
-    # TODO: Get the project from the list project api instead. Unsure where the docs are for this.
-    # If someone knows, let me know.
-    # Right now grabbing the first secret to then be able to get the google project number
-    @@project_number = nil
-    def project_number
-      return @@project_number if @@project_number
-      parent = "projects/#{@project_id}"
-      resp = secret_manager_service.list_secrets(parent: parent) # note: page_size doesnt seem to get respected
-      name = resp.first.name # IE: projects/686010496118/secrets/demo-dev-db_host
-      @@project_number = name.split('/')[1]
+    def fetcher
+      if Kubes.config.secrets_fetcher == "sdk"
+        Sdk.new(@options)
+      else
+        Gcloud.new(@options)
+      end
     end
+    memoize :fetcher
   end
 end

data/lib/kubes_google/secrets/fetcher/base.rb ADDED

@@ -0,0 +1,15 @@
+class KubesGoogle::Secrets::Fetcher
+  class Base
+    include KubesGoogle::Logging
+    def initialize(options={})
+      @options = options
+      @base64 = options[:base64]
+      @project_id = options[:google_project] || ENV['GOOGLE_PROJECT'] || raise("GOOGLE_PROJECT env variable is not set. It's required.")
+    end
+    def base64?
+      @base64.nil? ? KubesGoogle.config.secrets.base64 : @base64
+    end
+  end
+end

data/lib/kubes_google/secrets/fetcher/gcloud.rb ADDED

@@ -0,0 +1,22 @@
+class KubesGoogle::Secrets::Fetcher
+  class Gcloud < Base
+    include KubesGoogle::Util::Sh
+    def fetch(short_name, version="latest")
+      puts "gcloud fetch #{short_name}"
+      value = gcloud("secrets versions access #{version} --secret #{short_name}")
+      if value.include?("ERROR") && value.include?("NOT_FOUND")
+        logger.info "WARN: secret #{short_name} not found".color(:yellow)
+        logger.info e.message
+        "NOT FOUND #{short_name}" # simple string so Kubernetes YAML is valid
+      else
+        value = Base64.strict_encode64(value).strip if base64?
+        value
+      end
+    end
+    def gcloud(args)
+      capture("gcloud --project #{@project_id} #{args}")
+    end
+  end
+end

data/lib/kubes_google/secrets/fetcher/sdk.rb ADDED

@@ -0,0 +1,34 @@
+class KubesGoogle::Secrets::Fetcher
+  class Sdk < Base
+    include KubesGoogle::Services
+    def fetch(short_name, version="latest")
+      value = fetch_value(short_name, version)
+      value = Base64.strict_encode64(value).strip if base64?
+      value
+    end
+    def fetch_value(short_name, version="latest")
+      name = "projects/#{project_number}/secrets/#{short_name}/versions/#{version}"
+      version = secret_manager_service.access_secret_version(name: name)
+      version.payload.data
+    rescue Google::Cloud::NotFoundError => e
+      logger.info "WARN: secret #{name} not found".color(:yellow)
+      logger.info e.message
+      "NOT FOUND #{name}" # simple string so Kubernetes YAML is valid
+    end
+    # TODO: Get the project from the list project api instead. Unsure where the docs are for this.
+    # If someone knows, let me know.
+    # Right now grabbing the first secret to then be able to get the google project number
+    @@project_number = nil
+    def project_number
+      return @@project_number if @@project_number
+      parent = "projects/#{@project_id}"
+      resp = secret_manager_service.list_secrets(parent: parent) # note: page_size doesnt seem to get respected
+      name = resp.first.name # IE: projects/686010496118/secrets/demo-dev-db_host
+      @@project_number = name.split('/')[1]
+    end
+  end
+end

data/lib/kubes_google/version.rb CHANGED

@@ -1,3 +1,3 @@
 module KubesGoogle
-  VERSION = "0.3.2"
+  VERSION = "0.3.3"
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kubes_google
 version: !ruby/object:Gem::Version
-  version: 0.3.2
+  version: 0.3.3
 platform: ruby
 authors:
 - Tung Nguyen
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-11-11 00:00:00.000000000 Z
+date: 2020-11-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -119,6 +119,9 @@ files:
 - lib/kubes_google/logging.rb
 - lib/kubes_google/secrets.rb
 - lib/kubes_google/secrets/fetcher.rb
+- lib/kubes_google/secrets/fetcher/base.rb
+- lib/kubes_google/secrets/fetcher/gcloud.rb
+- lib/kubes_google/secrets/fetcher/sdk.rb
 - lib/kubes_google/service_account.rb
 - lib/kubes_google/services.rb
 - lib/kubes_google/util/sh.rb