kubes_google 0.3.3 → 0.3.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 36b12dca084f1a7011be11085f1e91b3e2551ae1814ddc33acec6172da1b5a66
4
- data.tar.gz: 1fb93979efa46e903873fb18f9bad7affce32c73bc52bfe4c68c35b642033c60
3
+ metadata.gz: 82665e26689438f751a461e77057cfbe2f442a097c80f788e965b2c69af16468
4
+ data.tar.gz: adc9c449688f97bbdc5117f3238bf005029ca674abca41ce54a0c6cd019d1313
5
5
  SHA512:
6
- metadata.gz: 7494108d3c48d710449494be1c4e3c772b13a5341becdaa76afd5cb02c3b390fd715bc6f48b46b62f0b3335731df6cf1e308a7e1851acba9c33544548a5e9252
7
- data.tar.gz: 38fade8f5865c6355153b1ff18c4c37e28532d318b802503629b49553a0f5fe69e4e0d99fbbab53423a231b8ab5909d87c6ec55d91269086b9a1a76cf5c892b4
6
+ metadata.gz: 27dea1991e538398e8d9be728887bd9b553645a8bd6437ca13bbd94721cc09b88d3956d224c98420362933309203844d964397516f496797fa4373ad0d09cec1
7
+ data.tar.gz: df11c671e4b70beac80e55a2c6fae56fe156ae2b9e892b018fe63da418577a14edb4f4550e27c10b682946b6ddc92e1f368e19edc4e04c94eb6055346da86f90
data/CHANGELOG.md CHANGED
@@ -3,6 +3,21 @@
3
3
  All notable changes to this project will be documented in this file.
4
4
  This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
5
5
 
6
+ ## [0.3.7] - 2022-02-07
7
+ - [#9](https://github.com/boltops-tools/kubes_google/pull/9) performance improvement: cache secrets
8
+
9
+ ## [0.3.6] - 2022-02-04
10
+ - [#7](https://github.com/boltops-tools/kubes_google/pull/7) Secret auto retry with gcloud strategy
11
+ - [#8](https://github.com/boltops-tools/kubes_google/pull/8) add condition none
12
+ - get google project number via api
13
+
14
+ ## [0.3.5] - 2020-11-12
15
+ - add KubesGoogle.cloudbuild? check
16
+ - fetcher sdk friendly suggestion to use gcloud when vpn errors
17
+
18
+ ## [0.3.4] - 2020-11-12
19
+ - fix KubesGoogle.config.secrets.fetcher check
20
+
6
21
  ## [0.3.3] - 2020-11-12
7
22
  - [#6](https://github.com/boltops-tools/kubes_google/pull/6) sdk and gcloud secrets fetcher strategy: secrets.fetcher option
8
23
 
data/kubes_google.gemspec CHANGED
@@ -24,6 +24,7 @@ Gem::Specification.new do |spec|
24
24
 
25
25
  spec.add_dependency "activesupport"
26
26
  spec.add_dependency "google-cloud-container"
27
+ spec.add_dependency "google-cloud-resource_manager"
27
28
  spec.add_dependency "google-cloud-secret_manager"
28
29
  spec.add_dependency "memoist"
29
30
  spec.add_dependency "zeitwerk"
@@ -3,7 +3,6 @@ class KubesGoogle::Secrets::Fetcher
3
3
  include KubesGoogle::Util::Sh
4
4
 
5
5
  def fetch(short_name, version="latest")
6
- puts "gcloud fetch #{short_name}"
7
6
  value = gcloud("secrets versions access #{version} --secret #{short_name}")
8
7
  if value.include?("ERROR") && value.include?("NOT_FOUND")
9
8
  logger.info "WARN: secret #{short_name} not found".color(:yellow)
@@ -16,19 +16,28 @@ class KubesGoogle::Secrets::Fetcher
16
16
  logger.info "WARN: secret #{name} not found".color(:yellow)
17
17
  logger.info e.message
18
18
  "NOT FOUND #{name}" # simple string so Kubernetes YAML is valid
19
+ rescue Google::Cloud::UnavailableError => e
20
+ logger.error "ERROR: #{e.message}"
21
+ if e.message.include?("failed to connect")
22
+ logger.info <<~EOL
23
+ WARNING: SSL Handshake failed. This error seems to happen with some VPN setups.
24
+ You can turn off this warning by setting the gcloud fetcher instead.
25
+ To set up see:
26
+
27
+ https://kubes.guru/docs/helpers/google/secrets/#fetcher-strategy
28
+ EOL
29
+ raise KubesGoogle::VpnSslError
30
+ else
31
+ raise
32
+ end
19
33
  end
20
34
 
21
- # TODO: Get the project from the list project api instead. Unsure where the docs are for this.
22
- # If someone knows, let me know.
23
- # Right now grabbing the first secret to then be able to get the google project number
35
+ private
24
36
  @@project_number = nil
25
37
  def project_number
26
38
  return @@project_number if @@project_number
27
-
28
- parent = "projects/#{@project_id}"
29
- resp = secret_manager_service.list_secrets(parent: parent) # note: page_size doesnt seem to get respected
30
- name = resp.first.name # IE: projects/686010496118/secrets/demo-dev-db_host
31
- @@project_number = name.split('/')[1]
39
+ project = resource_manager.project(@project_id)
40
+ @@project_number = project.project_number
32
41
  end
33
42
  end
34
43
  end
@@ -1,17 +1,25 @@
1
1
  class KubesGoogle::Secrets
2
2
  class Fetcher
3
+ include KubesGoogle::Logging
3
4
  extend Memoist
4
5
 
5
6
  def initialize(options={})
6
7
  @options = options
7
8
  end
8
9
 
10
+ @@cache = {}
9
11
  def fetch(short_name)
12
+ return @@cache[short_name] if @@cache[short_name]
13
+ logger.debug "Fetching secret: #{short_name}"
14
+ @@cache[short_name] = fetcher.fetch(short_name)
15
+ rescue KubesGoogle::VpnSslError
16
+ logger.info "Retry fetching secret with the gcloud strategy"
17
+ fetcher = Gcloud.new(@options)
10
18
  fetcher.fetch(short_name)
11
19
  end
12
20
 
13
21
  def fetcher
14
- if Kubes.config.secrets_fetcher == "sdk"
22
+ if KubesGoogle.config.secrets.fetcher == "sdk"
15
23
  Sdk.new(@options)
16
24
  else
17
25
  Gcloud.new(@options)
@@ -40,6 +40,7 @@ module KubesGoogle
40
40
  sh "gcloud iam service-accounts add-iam-policy-binding \
41
41
  --role roles/iam.workloadIdentityUser \
42
42
  --member #{member} \
43
+ --condition=None \
43
44
  #{@service_account}".squish
44
45
  end
45
46
 
@@ -1,3 +1,4 @@
1
+ require "google-cloud-resource_manager"
1
2
  require "google-cloud-secret_manager"
2
3
  require "google/cloud/container"
3
4
 
@@ -14,6 +15,11 @@ module KubesGoogle
14
15
  Google::Cloud::SecretManager.secret_manager_service
15
16
  end
16
17
  memoize :secret_manager_service
18
+
19
+ def resource_manager
20
+ Google::Cloud.new.resource_manager
21
+ end
22
+ memoize :resource_manager
17
23
  end
18
24
  end
19
25
 
@@ -1,3 +1,3 @@
1
1
  module KubesGoogle
2
- VERSION = "0.3.3"
2
+ VERSION = "0.3.7"
3
3
  end
data/lib/kubes_google.rb CHANGED
@@ -6,6 +6,7 @@ KubesGoogle::Autoloader.setup
6
6
 
7
7
  module KubesGoogle
8
8
  class Error < StandardError; end
9
+ class VpnSslError < StandardError; end
9
10
 
10
11
  @@logger = nil
11
12
  def logger
@@ -35,6 +36,10 @@ module KubesGoogle
35
36
  Config.instance.config
36
37
  end
37
38
 
39
+ def cloudbuild?
40
+ !!ENV['BUILDER_OUTPUT'] # cloudbuild env vars: https://gist.github.com/tongueroo/7ae26abd60d30da3972e86b4e7ca315e
41
+ end
42
+
38
43
  extend self
39
44
  end
40
45
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: kubes_google
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.3
4
+ version: 0.3.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tung Nguyen
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-11-12 00:00:00.000000000 Z
11
+ date: 2022-02-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -38,6 +38,20 @@ dependencies:
38
38
  - - ">="
39
39
  - !ruby/object:Gem::Version
40
40
  version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: google-cloud-resource_manager
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :runtime
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
41
55
  - !ruby/object:Gem::Dependency
42
56
  name: google-cloud-secret_manager
43
57
  requirement: !ruby/object:Gem::Requirement
@@ -146,7 +160,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
146
160
  - !ruby/object:Gem::Version
147
161
  version: '0'
148
162
  requirements: []
149
- rubygems_version: 3.1.4
163
+ rubygems_version: 3.2.32
150
164
  signing_key:
151
165
  specification_version: 4
152
166
  summary: Kubes Google Helpers Library