RubyGems - kubes_google - Versions diffs - 0.3.7 → 0.3.10 - Mend

kubes_google 0.3.7 → 0.3.10

Files changed (7) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +12 -0
data/lib/kubes_google/helpers.rb +4 -0
data/lib/kubes_google/secrets/fetcher.rb +7 -2
data/lib/kubes_google/service_account.rb +16 -8
data/lib/kubes_google/version.rb +1 -1
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 82665e26689438f751a461e77057cfbe2f442a097c80f788e965b2c69af16468
-  data.tar.gz: adc9c449688f97bbdc5117f3238bf005029ca674abca41ce54a0c6cd019d1313
+  metadata.gz: cb741f591115d3b288978ec1f2c3a442d911bfd4553f0a606eb9c579c32e20bd
+  data.tar.gz: 48809f850b487a187ffe12188c9ea7fb2a9446bbdd798b5aaf5a4cc76bf3f784
 SHA512:
-  metadata.gz: 27dea1991e538398e8d9be728887bd9b553645a8bd6437ca13bbd94721cc09b88d3956d224c98420362933309203844d964397516f496797fa4373ad0d09cec1
-  data.tar.gz: df11c671e4b70beac80e55a2c6fae56fe156ae2b9e892b018fe63da418577a14edb4f4550e27c10b682946b6ddc92e1f368e19edc4e04c94eb6055346da86f90
+  metadata.gz: 227d531538e94ce3a1746aa28b3fe9de339e45cf8450edc1171c304d4fc6f49e2041206fe70d0de8620a3a61d583ccb831114a114a50b9f20da15a668faabba7
+  data.tar.gz: b44bf02993394a774e6e45225650bd2e952c63080171df243a2fdd6adbedad1284350464a3ee2da1508fcb4fd4a56cf40c7f8b680dc68b0c1b9f94ee4e521162

data/CHANGELOG.md CHANGED Viewed

@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
+## [0.3.10] - 2022-08-19
+- [#11](https://github.com/boltops-tools/kubes_google/pull/11) Google service account fixes
+- KUBES_MOCK_SECRET ability
+- dont add project iam binding if already exists
+- fix iam service has_role? check
+## [0.3.9] - 2022-02-16
+- [#10](https://github.com/boltops-tools/kubes_google/pull/10) google_secret_data helper
+## [0.3.8] - 2022-02-07
+- fix service account creation: add condition none
 ## [0.3.7] - 2022-02-07
 - [#9](https://github.com/boltops-tools/kubes_google/pull/9) performance improvement: cache secrets

data/lib/kubes_google/helpers.rb CHANGED Viewed

@@ -7,5 +7,9 @@ module KubesGoogle
       fetcher = Secrets::Fetcher.new(options)
       fetcher.fetch(name)
     end
+    def google_secret_data(name, options={})
+      generic_secret_data(:google_secret, name, options)
+    end
   end
 end

data/lib/kubes_google/secrets/fetcher.rb CHANGED Viewed

@@ -10,8 +10,13 @@ class KubesGoogle::Secrets
     @@cache = {}
     def fetch(short_name)
       return @@cache[short_name] if @@cache[short_name]
-      logger.debug "Fetching secret: #{short_name}"
-      @@cache[short_name] = fetcher.fetch(short_name)
+      if ENV['KUBES_MOCK_SECRET']
+        logger.info "KUBES_MOCK_SECRET=1 is set. Mocking secret: #{short_name}"
+        @@cache[short_name] = "mock"
+      else
+        logger.debug "Fetching secret: #{short_name}"
+        @@cache[short_name] = fetcher.fetch(short_name)
+      end
     rescue KubesGoogle::VpnSslError
       logger.info "Retry fetching secret with the gcloud strategy"
       fetcher = Gcloud.new(@options)

data/lib/kubes_google/service_account.rb CHANGED Viewed

@@ -34,14 +34,14 @@ module KubesGoogle
       logger.debug "Creating GKE IAM Binding"
       member = "serviceAccount:#{@google_project}.svc.id.goog[#{@namespace}/#{@ksa}]"
-      found = sh "gcloud iam service-accounts get-iam-policy #{@service_account} | grep -F #{member} > /dev/null"
+      found = sh "gcloud iam service-accounts get-iam-policy '#{@service_account}' | grep -F '#{member}' > /dev/null"
       return if found
       sh "gcloud iam service-accounts add-iam-policy-binding \
                 --role roles/iam.workloadIdentityUser \
-                --member #{member} \
+                --member '#{member}' \
                 --condition=None \
-                #{@service_account}".squish
+                '#{@service_account}'".squish
     end
     def add_roles
@@ -58,20 +58,28 @@ module KubesGoogle
     end
     def has_role?(role)
-      out = capture "gcloud projects get-iam-policy #{@google_project} --format json"
-      data = JSON.load(out)
+      data = project_iam_policies
       bindings = data['bindings']
       binding = bindings.find { |b| b['role'] == role }
       return false unless binding
-      binding['members'].include?(@service_account)
+      binding['members'].include?("serviceAccount:#{@service_account}")
+    end
+    @@project_iam_policies = nil
+    def project_iam_policies
+      return @@project_iam_policies if @@project_iam_policies
+      logger.debug "=> gcloud projects get-iam-policy #{@google_project} --format json"
+      out = capture "gcloud projects get-iam-policy #{@google_project} --format json"
+      @@project_iam_policies = JSON.load(out)
     end
     def add_role(role)
       return if has_role?(role)
       sh "gcloud projects add-iam-policy-binding #{@google_project} \
-          --member=serviceAccount:#{@service_account} \
-          --role=#{role} > /dev/null".squish
+          --member='serviceAccount:#{@service_account}' \
+          --condition=None \
+          --role='#{role}' > /dev/null".squish
     end
   end
 end

data/lib/kubes_google/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module KubesGoogle
-  VERSION = "0.3.7"
+  VERSION = "0.3.10"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kubes_google
 version: !ruby/object:Gem::Version
-  version: 0.3.7
+  version: 0.3.10
 platform: ruby
 authors:
 - Tung Nguyen
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-02-07 00:00:00.000000000 Z
+date: 2022-08-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -160,7 +160,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.32
+rubygems_version: 3.3.12
 signing_key:
 specification_version: 4
 summary: Kubes Google Helpers Library