kubes_google 0.3.2 → 0.3.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/lib/kubes_google/config.rb +3 -1
- data/lib/kubes_google/secrets/fetcher.rb +9 -32
- data/lib/kubes_google/secrets/fetcher/base.rb +15 -0
- data/lib/kubes_google/secrets/fetcher/gcloud.rb +22 -0
- data/lib/kubes_google/secrets/fetcher/sdk.rb +34 -0
- data/lib/kubes_google/version.rb +1 -1
- metadata +5 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 36b12dca084f1a7011be11085f1e91b3e2551ae1814ddc33acec6172da1b5a66
|
4
|
+
data.tar.gz: 1fb93979efa46e903873fb18f9bad7affce32c73bc52bfe4c68c35b642033c60
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7494108d3c48d710449494be1c4e3c772b13a5341becdaa76afd5cb02c3b390fd715bc6f48b46b62f0b3335731df6cf1e308a7e1851acba9c33544548a5e9252
|
7
|
+
data.tar.gz: 38fade8f5865c6355153b1ff18c4c37e28532d318b802503629b49553a0f5fe69e4e0d99fbbab53423a231b8ab5909d87c6ec55d91269086b9a1a76cf5c892b4
|
data/CHANGELOG.md
CHANGED
@@ -3,6 +3,9 @@
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
4
4
|
This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
|
5
5
|
|
6
|
+
## [0.3.3] - 2020-11-12
|
7
|
+
- [#6](https://github.com/boltops-tools/kubes_google/pull/6) sdk and gcloud secrets fetcher strategy: secrets.fetcher option
|
8
|
+
|
6
9
|
## [0.3.2] - 2020-11-11
|
7
10
|
- [#5](https://github.com/boltops-tools/kubes_google/pull/5) config.base64 option
|
8
11
|
|
data/lib/kubes_google/config.rb
CHANGED
@@ -4,7 +4,6 @@ module KubesGoogle
|
|
4
4
|
|
5
5
|
def defaults
|
6
6
|
c = ActiveSupport::OrderedOptions.new
|
7
|
-
c.base64_secrets = true
|
8
7
|
c.gke = ActiveSupport::OrderedOptions.new
|
9
8
|
c.gke.cluster_name = nil
|
10
9
|
c.gke.enable_get_credentials = nil
|
@@ -12,6 +11,9 @@ module KubesGoogle
|
|
12
11
|
c.gke.google_project = nil
|
13
12
|
c.gke.google_region = nil
|
14
13
|
c.gke.whitelist_ip = nil # default will auto-detect IP
|
14
|
+
c.secrets = ActiveSupport::OrderedOptions.new
|
15
|
+
c.secrets.fetcher = "sdk"
|
16
|
+
c.secrets.base64 = true
|
15
17
|
c
|
16
18
|
end
|
17
19
|
|
@@ -1,45 +1,22 @@
|
|
1
1
|
class KubesGoogle::Secrets
|
2
2
|
class Fetcher
|
3
|
-
|
4
|
-
include KubesGoogle::Services
|
3
|
+
extend Memoist
|
5
4
|
|
6
5
|
def initialize(options={})
|
7
6
|
@options = options
|
8
|
-
@base64 = options[:base64]
|
9
|
-
@project_id = ENV['GOOGLE_PROJECT'] || raise("GOOGLE_PROJECT env variable is not set. It's required.")
|
10
7
|
end
|
11
8
|
|
12
9
|
def fetch(short_name)
|
13
|
-
|
14
|
-
value = Base64.strict_encode64(value).strip if base64?
|
15
|
-
value
|
10
|
+
fetcher.fetch(short_name)
|
16
11
|
end
|
17
12
|
|
18
|
-
def
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
version = secret_manager_service.access_secret_version(name: name)
|
25
|
-
version.payload.data
|
26
|
-
rescue Google::Cloud::NotFoundError => e
|
27
|
-
logger.info "WARN: secret #{name} not found".color(:yellow)
|
28
|
-
logger.info e.message
|
29
|
-
"NOT FOUND #{name}" # simple string so Kubernetes YAML is valid
|
30
|
-
end
|
31
|
-
|
32
|
-
# TODO: Get the project from the list project api instead. Unsure where the docs are for this.
|
33
|
-
# If someone knows, let me know.
|
34
|
-
# Right now grabbing the first secret to then be able to get the google project number
|
35
|
-
@@project_number = nil
|
36
|
-
def project_number
|
37
|
-
return @@project_number if @@project_number
|
38
|
-
|
39
|
-
parent = "projects/#{@project_id}"
|
40
|
-
resp = secret_manager_service.list_secrets(parent: parent) # note: page_size doesnt seem to get respected
|
41
|
-
name = resp.first.name # IE: projects/686010496118/secrets/demo-dev-db_host
|
42
|
-
@@project_number = name.split('/')[1]
|
13
|
+
def fetcher
|
14
|
+
if Kubes.config.secrets_fetcher == "sdk"
|
15
|
+
Sdk.new(@options)
|
16
|
+
else
|
17
|
+
Gcloud.new(@options)
|
18
|
+
end
|
43
19
|
end
|
20
|
+
memoize :fetcher
|
44
21
|
end
|
45
22
|
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
class KubesGoogle::Secrets::Fetcher
|
2
|
+
class Base
|
3
|
+
include KubesGoogle::Logging
|
4
|
+
|
5
|
+
def initialize(options={})
|
6
|
+
@options = options
|
7
|
+
@base64 = options[:base64]
|
8
|
+
@project_id = options[:google_project] || ENV['GOOGLE_PROJECT'] || raise("GOOGLE_PROJECT env variable is not set. It's required.")
|
9
|
+
end
|
10
|
+
|
11
|
+
def base64?
|
12
|
+
@base64.nil? ? KubesGoogle.config.secrets.base64 : @base64
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
class KubesGoogle::Secrets::Fetcher
|
2
|
+
class Gcloud < Base
|
3
|
+
include KubesGoogle::Util::Sh
|
4
|
+
|
5
|
+
def fetch(short_name, version="latest")
|
6
|
+
puts "gcloud fetch #{short_name}"
|
7
|
+
value = gcloud("secrets versions access #{version} --secret #{short_name}")
|
8
|
+
if value.include?("ERROR") && value.include?("NOT_FOUND")
|
9
|
+
logger.info "WARN: secret #{short_name} not found".color(:yellow)
|
10
|
+
logger.info e.message
|
11
|
+
"NOT FOUND #{short_name}" # simple string so Kubernetes YAML is valid
|
12
|
+
else
|
13
|
+
value = Base64.strict_encode64(value).strip if base64?
|
14
|
+
value
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
def gcloud(args)
|
19
|
+
capture("gcloud --project #{@project_id} #{args}")
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
class KubesGoogle::Secrets::Fetcher
|
2
|
+
class Sdk < Base
|
3
|
+
include KubesGoogle::Services
|
4
|
+
|
5
|
+
def fetch(short_name, version="latest")
|
6
|
+
value = fetch_value(short_name, version)
|
7
|
+
value = Base64.strict_encode64(value).strip if base64?
|
8
|
+
value
|
9
|
+
end
|
10
|
+
|
11
|
+
def fetch_value(short_name, version="latest")
|
12
|
+
name = "projects/#{project_number}/secrets/#{short_name}/versions/#{version}"
|
13
|
+
version = secret_manager_service.access_secret_version(name: name)
|
14
|
+
version.payload.data
|
15
|
+
rescue Google::Cloud::NotFoundError => e
|
16
|
+
logger.info "WARN: secret #{name} not found".color(:yellow)
|
17
|
+
logger.info e.message
|
18
|
+
"NOT FOUND #{name}" # simple string so Kubernetes YAML is valid
|
19
|
+
end
|
20
|
+
|
21
|
+
# TODO: Get the project from the list project api instead. Unsure where the docs are for this.
|
22
|
+
# If someone knows, let me know.
|
23
|
+
# Right now grabbing the first secret to then be able to get the google project number
|
24
|
+
@@project_number = nil
|
25
|
+
def project_number
|
26
|
+
return @@project_number if @@project_number
|
27
|
+
|
28
|
+
parent = "projects/#{@project_id}"
|
29
|
+
resp = secret_manager_service.list_secrets(parent: parent) # note: page_size doesnt seem to get respected
|
30
|
+
name = resp.first.name # IE: projects/686010496118/secrets/demo-dev-db_host
|
31
|
+
@@project_number = name.split('/')[1]
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
data/lib/kubes_google/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: kubes_google
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.3.
|
4
|
+
version: 0.3.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tung Nguyen
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-11-
|
11
|
+
date: 2020-11-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -119,6 +119,9 @@ files:
|
|
119
119
|
- lib/kubes_google/logging.rb
|
120
120
|
- lib/kubes_google/secrets.rb
|
121
121
|
- lib/kubes_google/secrets/fetcher.rb
|
122
|
+
- lib/kubes_google/secrets/fetcher/base.rb
|
123
|
+
- lib/kubes_google/secrets/fetcher/gcloud.rb
|
124
|
+
- lib/kubes_google/secrets/fetcher/sdk.rb
|
122
125
|
- lib/kubes_google/service_account.rb
|
123
126
|
- lib/kubes_google/services.rb
|
124
127
|
- lib/kubes_google/util/sh.rb
|