kubes_google 0.3.3 → 0.3.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +15 -0
- data/kubes_google.gemspec +1 -0
- data/lib/kubes_google/secrets/fetcher/gcloud.rb +0 -1
- data/lib/kubes_google/secrets/fetcher/sdk.rb +17 -8
- data/lib/kubes_google/secrets/fetcher.rb +9 -1
- data/lib/kubes_google/service_account.rb +1 -0
- data/lib/kubes_google/services.rb +6 -0
- data/lib/kubes_google/version.rb +1 -1
- data/lib/kubes_google.rb +5 -0
- metadata +17 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 82665e26689438f751a461e77057cfbe2f442a097c80f788e965b2c69af16468
|
4
|
+
data.tar.gz: adc9c449688f97bbdc5117f3238bf005029ca674abca41ce54a0c6cd019d1313
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 27dea1991e538398e8d9be728887bd9b553645a8bd6437ca13bbd94721cc09b88d3956d224c98420362933309203844d964397516f496797fa4373ad0d09cec1
|
7
|
+
data.tar.gz: df11c671e4b70beac80e55a2c6fae56fe156ae2b9e892b018fe63da418577a14edb4f4550e27c10b682946b6ddc92e1f368e19edc4e04c94eb6055346da86f90
|
data/CHANGELOG.md
CHANGED
@@ -3,6 +3,21 @@
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
4
4
|
This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
|
5
5
|
|
6
|
+
## [0.3.7] - 2022-02-07
|
7
|
+
- [#9](https://github.com/boltops-tools/kubes_google/pull/9) performance improvement: cache secrets
|
8
|
+
|
9
|
+
## [0.3.6] - 2022-02-04
|
10
|
+
- [#7](https://github.com/boltops-tools/kubes_google/pull/7) Secret auto retry with gcloud strategy
|
11
|
+
- [#8](https://github.com/boltops-tools/kubes_google/pull/8) add condition none
|
12
|
+
- get google project number via api
|
13
|
+
|
14
|
+
## [0.3.5] - 2020-11-12
|
15
|
+
- add KubesGoogle.cloudbuild? check
|
16
|
+
- fetcher sdk friendly suggestion to use gcloud when vpn errors
|
17
|
+
|
18
|
+
## [0.3.4] - 2020-11-12
|
19
|
+
- fix KubesGoogle.config.secrets.fetcher check
|
20
|
+
|
6
21
|
## [0.3.3] - 2020-11-12
|
7
22
|
- [#6](https://github.com/boltops-tools/kubes_google/pull/6) sdk and gcloud secrets fetcher strategy: secrets.fetcher option
|
8
23
|
|
data/kubes_google.gemspec
CHANGED
@@ -24,6 +24,7 @@ Gem::Specification.new do |spec|
|
|
24
24
|
|
25
25
|
spec.add_dependency "activesupport"
|
26
26
|
spec.add_dependency "google-cloud-container"
|
27
|
+
spec.add_dependency "google-cloud-resource_manager"
|
27
28
|
spec.add_dependency "google-cloud-secret_manager"
|
28
29
|
spec.add_dependency "memoist"
|
29
30
|
spec.add_dependency "zeitwerk"
|
@@ -3,7 +3,6 @@ class KubesGoogle::Secrets::Fetcher
|
|
3
3
|
include KubesGoogle::Util::Sh
|
4
4
|
|
5
5
|
def fetch(short_name, version="latest")
|
6
|
-
puts "gcloud fetch #{short_name}"
|
7
6
|
value = gcloud("secrets versions access #{version} --secret #{short_name}")
|
8
7
|
if value.include?("ERROR") && value.include?("NOT_FOUND")
|
9
8
|
logger.info "WARN: secret #{short_name} not found".color(:yellow)
|
@@ -16,19 +16,28 @@ class KubesGoogle::Secrets::Fetcher
|
|
16
16
|
logger.info "WARN: secret #{name} not found".color(:yellow)
|
17
17
|
logger.info e.message
|
18
18
|
"NOT FOUND #{name}" # simple string so Kubernetes YAML is valid
|
19
|
+
rescue Google::Cloud::UnavailableError => e
|
20
|
+
logger.error "ERROR: #{e.message}"
|
21
|
+
if e.message.include?("failed to connect")
|
22
|
+
logger.info <<~EOL
|
23
|
+
WARNING: SSL Handshake failed. This error seems to happen with some VPN setups.
|
24
|
+
You can turn off this warning by setting the gcloud fetcher instead.
|
25
|
+
To set up see:
|
26
|
+
|
27
|
+
https://kubes.guru/docs/helpers/google/secrets/#fetcher-strategy
|
28
|
+
EOL
|
29
|
+
raise KubesGoogle::VpnSslError
|
30
|
+
else
|
31
|
+
raise
|
32
|
+
end
|
19
33
|
end
|
20
34
|
|
21
|
-
|
22
|
-
# If someone knows, let me know.
|
23
|
-
# Right now grabbing the first secret to then be able to get the google project number
|
35
|
+
private
|
24
36
|
@@project_number = nil
|
25
37
|
def project_number
|
26
38
|
return @@project_number if @@project_number
|
27
|
-
|
28
|
-
|
29
|
-
resp = secret_manager_service.list_secrets(parent: parent) # note: page_size doesnt seem to get respected
|
30
|
-
name = resp.first.name # IE: projects/686010496118/secrets/demo-dev-db_host
|
31
|
-
@@project_number = name.split('/')[1]
|
39
|
+
project = resource_manager.project(@project_id)
|
40
|
+
@@project_number = project.project_number
|
32
41
|
end
|
33
42
|
end
|
34
43
|
end
|
@@ -1,17 +1,25 @@
|
|
1
1
|
class KubesGoogle::Secrets
|
2
2
|
class Fetcher
|
3
|
+
include KubesGoogle::Logging
|
3
4
|
extend Memoist
|
4
5
|
|
5
6
|
def initialize(options={})
|
6
7
|
@options = options
|
7
8
|
end
|
8
9
|
|
10
|
+
@@cache = {}
|
9
11
|
def fetch(short_name)
|
12
|
+
return @@cache[short_name] if @@cache[short_name]
|
13
|
+
logger.debug "Fetching secret: #{short_name}"
|
14
|
+
@@cache[short_name] = fetcher.fetch(short_name)
|
15
|
+
rescue KubesGoogle::VpnSslError
|
16
|
+
logger.info "Retry fetching secret with the gcloud strategy"
|
17
|
+
fetcher = Gcloud.new(@options)
|
10
18
|
fetcher.fetch(short_name)
|
11
19
|
end
|
12
20
|
|
13
21
|
def fetcher
|
14
|
-
if
|
22
|
+
if KubesGoogle.config.secrets.fetcher == "sdk"
|
15
23
|
Sdk.new(@options)
|
16
24
|
else
|
17
25
|
Gcloud.new(@options)
|
@@ -1,3 +1,4 @@
|
|
1
|
+
require "google-cloud-resource_manager"
|
1
2
|
require "google-cloud-secret_manager"
|
2
3
|
require "google/cloud/container"
|
3
4
|
|
@@ -14,6 +15,11 @@ module KubesGoogle
|
|
14
15
|
Google::Cloud::SecretManager.secret_manager_service
|
15
16
|
end
|
16
17
|
memoize :secret_manager_service
|
18
|
+
|
19
|
+
def resource_manager
|
20
|
+
Google::Cloud.new.resource_manager
|
21
|
+
end
|
22
|
+
memoize :resource_manager
|
17
23
|
end
|
18
24
|
end
|
19
25
|
|
data/lib/kubes_google/version.rb
CHANGED
data/lib/kubes_google.rb
CHANGED
@@ -6,6 +6,7 @@ KubesGoogle::Autoloader.setup
|
|
6
6
|
|
7
7
|
module KubesGoogle
|
8
8
|
class Error < StandardError; end
|
9
|
+
class VpnSslError < StandardError; end
|
9
10
|
|
10
11
|
@@logger = nil
|
11
12
|
def logger
|
@@ -35,6 +36,10 @@ module KubesGoogle
|
|
35
36
|
Config.instance.config
|
36
37
|
end
|
37
38
|
|
39
|
+
def cloudbuild?
|
40
|
+
!!ENV['BUILDER_OUTPUT'] # cloudbuild env vars: https://gist.github.com/tongueroo/7ae26abd60d30da3972e86b4e7ca315e
|
41
|
+
end
|
42
|
+
|
38
43
|
extend self
|
39
44
|
end
|
40
45
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: kubes_google
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.3.
|
4
|
+
version: 0.3.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tung Nguyen
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-02-07 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -38,6 +38,20 @@ dependencies:
|
|
38
38
|
- - ">="
|
39
39
|
- !ruby/object:Gem::Version
|
40
40
|
version: '0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: google-cloud-resource_manager
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ">="
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '0'
|
48
|
+
type: :runtime
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - ">="
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '0'
|
41
55
|
- !ruby/object:Gem::Dependency
|
42
56
|
name: google-cloud-secret_manager
|
43
57
|
requirement: !ruby/object:Gem::Requirement
|
@@ -146,7 +160,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
146
160
|
- !ruby/object:Gem::Version
|
147
161
|
version: '0'
|
148
162
|
requirements: []
|
149
|
-
rubygems_version: 3.
|
163
|
+
rubygems_version: 3.2.32
|
150
164
|
signing_key:
|
151
165
|
specification_version: 4
|
152
166
|
summary: Kubes Google Helpers Library
|