kubes_google 0.3.8 → 0.3.11

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 40ae0ba0d700db7b90701bf80715f9e0154c02a9d57fd834bbc4a42cf4dc3abb
-  data.tar.gz: 1cfda1099092957ecf9e9a338203e10339b6fdc8e90a9bdba70441bb039cb42a
+  metadata.gz: 21bf0c110c15fe7d695063eb17b329d63c83f258294650331d7455edef4fdf6d
+  data.tar.gz: 50bb786d0b75b33048e9d94e6f46a96d2b47e65c2576e5c3c3939a3958f04846
 SHA512:
-  metadata.gz: 231ecd51d941f2f82d9f82ee2199216fa193deef450d501314d82750b54f177947b8085849c899655c57db42aa27c309499c032d413821efc825f8592fca1649
-  data.tar.gz: 183a2a3a3cd5bcd8b91c0541c4d5aa9ffdffe1b5967e19e7e5d2d87d031d7c31033cb7843cc43ff5236090fe2ec1e0980cdf512855b687427b83c33d7f1b198e
+  metadata.gz: d0b30cb44cdadac3c2c31bf9e445f6dcbcabc85bb708e0ece99d3add2fcf3931e762c21f3bf6f47b9047e611454622444752bc2c4231be6415d6b1bd56d05c76
+  data.tar.gz: 0a7efc8f7cdbbc585fc0511a982aaf8da8838b0923e728825accfe1cc03c7590d13b56f9202eb3c2e4c86bdbfe27ce34ce3ac6e67e2dd5c2e87fff6f6569c29a

data/CHANGELOG.md

@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
 
+## [0.3.11] - 2022-08-24
+- [#12](https://github.com/boltops-tools/kubes_google/pull/12) KUBES_MOCK_SECRET_QUIET env var support
+
+## [0.3.10] - 2022-08-19
+- [#11](https://github.com/boltops-tools/kubes_google/pull/11) Google service account fixes
+- KUBES_MOCK_SECRET ability
+- dont add project iam binding if already exists
+- fix iam service has_role? check
+
+## [0.3.9] - 2022-02-16
+- [#10](https://github.com/boltops-tools/kubes_google/pull/10) google_secret_data helper
+
 ## [0.3.8] - 2022-02-07
 - fix service account creation: add condition none
 

data/lib/kubes_google/helpers.rb

@@ -7,5 +7,9 @@ module KubesGoogle
       fetcher = Secrets::Fetcher.new(options)
       fetcher.fetch(name)
     end
+
+    def google_secret_data(name, options={})
+      generic_secret_data(:google_secret, name, options)
+    end
   end
 end

data/lib/kubes_google/secrets/fetcher.rb

@@ -10,8 +10,13 @@ class KubesGoogle::Secrets
     @@cache = {}
     def fetch(short_name)
       return @@cache[short_name] if @@cache[short_name]
-      logger.debug "Fetching secret: #{short_name}"
-      @@cache[short_name] = fetcher.fetch(short_name)
+      if ENV['KUBES_MOCK_SECRET']
+        logger.info "KUBES_MOCK_SECRET=1 is set. Mocking secret: #{short_name}" unless ENV['KUBES_MOCK_SECRET_QUIET']
+        @@cache[short_name] = "mock"
+      else
+        logger.debug "Fetching secret: #{short_name}"
+        @@cache[short_name] = fetcher.fetch(short_name)
+      end
     rescue KubesGoogle::VpnSslError
       logger.info "Retry fetching secret with the gcloud strategy"
       fetcher = Gcloud.new(@options)

data/lib/kubes_google/service_account.rb

@@ -34,14 +34,14 @@ module KubesGoogle
       logger.debug "Creating GKE IAM Binding"
       member = "serviceAccount:#{@google_project}.svc.id.goog[#{@namespace}/#{@ksa}]"
 
-      found = sh "gcloud iam service-accounts get-iam-policy #{@service_account} | grep -F #{member} > /dev/null"
+      found = sh "gcloud iam service-accounts get-iam-policy '#{@service_account}' | grep -F '#{member}' > /dev/null"
       return if found
 
       sh "gcloud iam service-accounts add-iam-policy-binding \
                 --role roles/iam.workloadIdentityUser \
-                --member #{member} \
+                --member '#{member}' \
                 --condition=None \
-                #{@service_account}".squish
+                '#{@service_account}'".squish
     end
 
     def add_roles
@@ -58,21 +58,28 @@ module KubesGoogle
     end
 
     def has_role?(role)
-      out = capture "gcloud projects get-iam-policy #{@google_project} --format json"
-      data = JSON.load(out)
+      data = project_iam_policies
       bindings = data['bindings']
       binding = bindings.find { |b| b['role'] == role }
       return false unless binding
-      binding['members'].include?(@service_account)
+      binding['members'].include?("serviceAccount:#{@service_account}")
+    end
+
+    @@project_iam_policies = nil
+    def project_iam_policies
+      return @@project_iam_policies if @@project_iam_policies
+      logger.debug "=> gcloud projects get-iam-policy #{@google_project} --format json"
+      out = capture "gcloud projects get-iam-policy #{@google_project} --format json"
+      @@project_iam_policies = JSON.load(out)
     end
 
     def add_role(role)
       return if has_role?(role)
 
       sh "gcloud projects add-iam-policy-binding #{@google_project} \
-          --member=serviceAccount:#{@service_account} \
+          --member='serviceAccount:#{@service_account}' \
           --condition=None \
-          --role=#{role} > /dev/null".squish
+          --role='#{role}' > /dev/null".squish
     end
   end
 end

data/lib/kubes_google/version.rb

@@ -1,3 +1,3 @@
 module KubesGoogle
-  VERSION = "0.3.8"
+  VERSION = "0.3.11"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kubes_google
 version: !ruby/object:Gem::Version
-  version: 0.3.8
+  version: 0.3.11
 platform: ruby
 authors:
 - Tung Nguyen
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-02-07 00:00:00.000000000 Z
+date: 2022-08-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -160,7 +160,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.32
+rubygems_version: 3.3.12
 signing_key: 
 specification_version: 4
 summary: Kubes Google Helpers Library