kubes_google 0.3.5 → 0.3.9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +14 -0
- data/kubes_google.gemspec +1 -0
- data/lib/kubes_google/helpers.rb +4 -0
- data/lib/kubes_google/secrets/fetcher/sdk.rb +12 -16
- data/lib/kubes_google/secrets/fetcher.rb +8 -0
- data/lib/kubes_google/service_account.rb +2 -0
- data/lib/kubes_google/services.rb +6 -0
- data/lib/kubes_google/version.rb +1 -1
- data/lib/kubes_google.rb +1 -0
- metadata +17 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d593aeda0613c869927cc4a394a6074f2cb0b37a65a300c34e2c1843795665fd
|
|
4
|
+
data.tar.gz: 612e010ffb671cbe6fae182be9013c0d0e0a35360ea74a3b241e31852ede785c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: '03709e5092eb0d4bdee232a60a3bd7369eff75e2b58591716fdc5a9e6d4833c5529740ee488e0a1cc2c04f389bb350e78bdbfd98c3d1b8d34717edd35025be90'
|
|
7
|
+
data.tar.gz: 492c3b693b2f44db71b08dabc1a66d1a45e3b776efab24292f438be1c94da5f9caf295c0da36e8c058f3f5b4d5cfff7c3f801135d1aaa164992bda2f7053368e
|
data/CHANGELOG.md
CHANGED
|
@@ -3,6 +3,20 @@
|
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
|
4
4
|
This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
|
|
5
5
|
|
|
6
|
+
## [0.3.9] - 2022-02-16
|
|
7
|
+
- [#10](https://github.com/boltops-tools/kubes_google/pull/10) google_secret_data helper
|
|
8
|
+
|
|
9
|
+
## [0.3.8] - 2022-02-07
|
|
10
|
+
- fix service account creation: add condition none
|
|
11
|
+
|
|
12
|
+
## [0.3.7] - 2022-02-07
|
|
13
|
+
- [#9](https://github.com/boltops-tools/kubes_google/pull/9) performance improvement: cache secrets
|
|
14
|
+
|
|
15
|
+
## [0.3.6] - 2022-02-04
|
|
16
|
+
- [#7](https://github.com/boltops-tools/kubes_google/pull/7) Secret auto retry with gcloud strategy
|
|
17
|
+
- [#8](https://github.com/boltops-tools/kubes_google/pull/8) add condition none
|
|
18
|
+
- get google project number via api
|
|
19
|
+
|
|
6
20
|
## [0.3.5] - 2020-11-12
|
|
7
21
|
- add KubesGoogle.cloudbuild? check
|
|
8
22
|
- fetcher sdk friendly suggestion to use gcloud when vpn errors
|
data/kubes_google.gemspec
CHANGED
|
@@ -24,6 +24,7 @@ Gem::Specification.new do |spec|
|
|
|
24
24
|
|
|
25
25
|
spec.add_dependency "activesupport"
|
|
26
26
|
spec.add_dependency "google-cloud-container"
|
|
27
|
+
spec.add_dependency "google-cloud-resource_manager"
|
|
27
28
|
spec.add_dependency "google-cloud-secret_manager"
|
|
28
29
|
spec.add_dependency "memoist"
|
|
29
30
|
spec.add_dependency "zeitwerk"
|
data/lib/kubes_google/helpers.rb
CHANGED
|
@@ -16,32 +16,28 @@ class KubesGoogle::Secrets::Fetcher
|
|
|
16
16
|
logger.info "WARN: secret #{name} not found".color(:yellow)
|
|
17
17
|
logger.info e.message
|
|
18
18
|
"NOT FOUND #{name}" # simple string so Kubernetes YAML is valid
|
|
19
|
-
end
|
|
20
|
-
|
|
21
|
-
# TODO: Get the project from the list project api instead. Unsure where the docs are for this.
|
|
22
|
-
# If someone knows, let me know.
|
|
23
|
-
# Right now grabbing the first secret to then be able to get the google project number
|
|
24
|
-
@@project_number = nil
|
|
25
|
-
def project_number
|
|
26
|
-
return @@project_number if @@project_number
|
|
27
|
-
|
|
28
|
-
parent = "projects/#{@project_id}"
|
|
29
|
-
resp = secret_manager_service.list_secrets(parent: parent) # note: page_size doesnt seem to get respected
|
|
30
|
-
name = resp.first.name # IE: projects/686010496118/secrets/demo-dev-db_host
|
|
31
|
-
@@project_number = name.split('/')[1]
|
|
32
19
|
rescue Google::Cloud::UnavailableError => e
|
|
33
20
|
logger.error "ERROR: #{e.message}"
|
|
34
21
|
if e.message.include?("failed to connect")
|
|
35
22
|
logger.info <<~EOL
|
|
36
|
-
SSL Handshake failed. This error seems to happen with some VPN setups.
|
|
37
|
-
|
|
23
|
+
WARNING: SSL Handshake failed. This error seems to happen with some VPN setups.
|
|
24
|
+
You can turn off this warning by setting the gcloud fetcher instead.
|
|
25
|
+
To set up see:
|
|
38
26
|
|
|
39
27
|
https://kubes.guru/docs/helpers/google/secrets/#fetcher-strategy
|
|
40
28
|
EOL
|
|
41
|
-
|
|
29
|
+
raise KubesGoogle::VpnSslError
|
|
42
30
|
else
|
|
43
31
|
raise
|
|
44
32
|
end
|
|
45
33
|
end
|
|
34
|
+
|
|
35
|
+
private
|
|
36
|
+
@@project_number = nil
|
|
37
|
+
def project_number
|
|
38
|
+
return @@project_number if @@project_number
|
|
39
|
+
project = resource_manager.project(@project_id)
|
|
40
|
+
@@project_number = project.project_number
|
|
41
|
+
end
|
|
46
42
|
end
|
|
47
43
|
end
|
|
@@ -1,12 +1,20 @@
|
|
|
1
1
|
class KubesGoogle::Secrets
|
|
2
2
|
class Fetcher
|
|
3
|
+
include KubesGoogle::Logging
|
|
3
4
|
extend Memoist
|
|
4
5
|
|
|
5
6
|
def initialize(options={})
|
|
6
7
|
@options = options
|
|
7
8
|
end
|
|
8
9
|
|
|
10
|
+
@@cache = {}
|
|
9
11
|
def fetch(short_name)
|
|
12
|
+
return @@cache[short_name] if @@cache[short_name]
|
|
13
|
+
logger.debug "Fetching secret: #{short_name}"
|
|
14
|
+
@@cache[short_name] = fetcher.fetch(short_name)
|
|
15
|
+
rescue KubesGoogle::VpnSslError
|
|
16
|
+
logger.info "Retry fetching secret with the gcloud strategy"
|
|
17
|
+
fetcher = Gcloud.new(@options)
|
|
10
18
|
fetcher.fetch(short_name)
|
|
11
19
|
end
|
|
12
20
|
|
|
@@ -40,6 +40,7 @@ module KubesGoogle
|
|
|
40
40
|
sh "gcloud iam service-accounts add-iam-policy-binding \
|
|
41
41
|
--role roles/iam.workloadIdentityUser \
|
|
42
42
|
--member #{member} \
|
|
43
|
+
--condition=None \
|
|
43
44
|
#{@service_account}".squish
|
|
44
45
|
end
|
|
45
46
|
|
|
@@ -70,6 +71,7 @@ module KubesGoogle
|
|
|
70
71
|
|
|
71
72
|
sh "gcloud projects add-iam-policy-binding #{@google_project} \
|
|
72
73
|
--member=serviceAccount:#{@service_account} \
|
|
74
|
+
--condition=None \
|
|
73
75
|
--role=#{role} > /dev/null".squish
|
|
74
76
|
end
|
|
75
77
|
end
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
require "google-cloud-resource_manager"
|
|
1
2
|
require "google-cloud-secret_manager"
|
|
2
3
|
require "google/cloud/container"
|
|
3
4
|
|
|
@@ -14,6 +15,11 @@ module KubesGoogle
|
|
|
14
15
|
Google::Cloud::SecretManager.secret_manager_service
|
|
15
16
|
end
|
|
16
17
|
memoize :secret_manager_service
|
|
18
|
+
|
|
19
|
+
def resource_manager
|
|
20
|
+
Google::Cloud.new.resource_manager
|
|
21
|
+
end
|
|
22
|
+
memoize :resource_manager
|
|
17
23
|
end
|
|
18
24
|
end
|
|
19
25
|
|
data/lib/kubes_google/version.rb
CHANGED
data/lib/kubes_google.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: kubes_google
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.9
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tung Nguyen
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-02-16 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -38,6 +38,20 @@ dependencies:
|
|
|
38
38
|
- - ">="
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
40
|
version: '0'
|
|
41
|
+
- !ruby/object:Gem::Dependency
|
|
42
|
+
name: google-cloud-resource_manager
|
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
|
44
|
+
requirements:
|
|
45
|
+
- - ">="
|
|
46
|
+
- !ruby/object:Gem::Version
|
|
47
|
+
version: '0'
|
|
48
|
+
type: :runtime
|
|
49
|
+
prerelease: false
|
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
+
requirements:
|
|
52
|
+
- - ">="
|
|
53
|
+
- !ruby/object:Gem::Version
|
|
54
|
+
version: '0'
|
|
41
55
|
- !ruby/object:Gem::Dependency
|
|
42
56
|
name: google-cloud-secret_manager
|
|
43
57
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -146,7 +160,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
146
160
|
- !ruby/object:Gem::Version
|
|
147
161
|
version: '0'
|
|
148
162
|
requirements: []
|
|
149
|
-
rubygems_version: 3.
|
|
163
|
+
rubygems_version: 3.2.32
|
|
150
164
|
signing_key:
|
|
151
165
|
specification_version: 4
|
|
152
166
|
summary: Kubes Google Helpers Library
|