kubes_google 0.3.8 → 0.3.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 40ae0ba0d700db7b90701bf80715f9e0154c02a9d57fd834bbc4a42cf4dc3abb
4
- data.tar.gz: 1cfda1099092957ecf9e9a338203e10339b6fdc8e90a9bdba70441bb039cb42a
3
+ metadata.gz: 21bf0c110c15fe7d695063eb17b329d63c83f258294650331d7455edef4fdf6d
4
+ data.tar.gz: 50bb786d0b75b33048e9d94e6f46a96d2b47e65c2576e5c3c3939a3958f04846
5
5
  SHA512:
6
- metadata.gz: 231ecd51d941f2f82d9f82ee2199216fa193deef450d501314d82750b54f177947b8085849c899655c57db42aa27c309499c032d413821efc825f8592fca1649
7
- data.tar.gz: 183a2a3a3cd5bcd8b91c0541c4d5aa9ffdffe1b5967e19e7e5d2d87d031d7c31033cb7843cc43ff5236090fe2ec1e0980cdf512855b687427b83c33d7f1b198e
6
+ metadata.gz: d0b30cb44cdadac3c2c31bf9e445f6dcbcabc85bb708e0ece99d3add2fcf3931e762c21f3bf6f47b9047e611454622444752bc2c4231be6415d6b1bd56d05c76
7
+ data.tar.gz: 0a7efc8f7cdbbc585fc0511a982aaf8da8838b0923e728825accfe1cc03c7590d13b56f9202eb3c2e4c86bdbfe27ce34ce3ac6e67e2dd5c2e87fff6f6569c29a
data/CHANGELOG.md CHANGED
@@ -3,6 +3,18 @@
3
3
  All notable changes to this project will be documented in this file.
4
4
  This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
5
5
 
6
+ ## [0.3.11] - 2022-08-24
7
+ - [#12](https://github.com/boltops-tools/kubes_google/pull/12) KUBES_MOCK_SECRET_QUIET env var support
8
+
9
+ ## [0.3.10] - 2022-08-19
10
+ - [#11](https://github.com/boltops-tools/kubes_google/pull/11) Google service account fixes
11
+ - KUBES_MOCK_SECRET ability
12
+ - dont add project iam binding if already exists
13
+ - fix iam service has_role? check
14
+
15
+ ## [0.3.9] - 2022-02-16
16
+ - [#10](https://github.com/boltops-tools/kubes_google/pull/10) google_secret_data helper
17
+
6
18
  ## [0.3.8] - 2022-02-07
7
19
  - fix service account creation: add condition none
8
20
 
@@ -7,5 +7,9 @@ module KubesGoogle
7
7
  fetcher = Secrets::Fetcher.new(options)
8
8
  fetcher.fetch(name)
9
9
  end
10
+
11
+ def google_secret_data(name, options={})
12
+ generic_secret_data(:google_secret, name, options)
13
+ end
10
14
  end
11
15
  end
@@ -10,8 +10,13 @@ class KubesGoogle::Secrets
10
10
  @@cache = {}
11
11
  def fetch(short_name)
12
12
  return @@cache[short_name] if @@cache[short_name]
13
- logger.debug "Fetching secret: #{short_name}"
14
- @@cache[short_name] = fetcher.fetch(short_name)
13
+ if ENV['KUBES_MOCK_SECRET']
14
+ logger.info "KUBES_MOCK_SECRET=1 is set. Mocking secret: #{short_name}" unless ENV['KUBES_MOCK_SECRET_QUIET']
15
+ @@cache[short_name] = "mock"
16
+ else
17
+ logger.debug "Fetching secret: #{short_name}"
18
+ @@cache[short_name] = fetcher.fetch(short_name)
19
+ end
15
20
  rescue KubesGoogle::VpnSslError
16
21
  logger.info "Retry fetching secret with the gcloud strategy"
17
22
  fetcher = Gcloud.new(@options)
@@ -34,14 +34,14 @@ module KubesGoogle
34
34
  logger.debug "Creating GKE IAM Binding"
35
35
  member = "serviceAccount:#{@google_project}.svc.id.goog[#{@namespace}/#{@ksa}]"
36
36
 
37
- found = sh "gcloud iam service-accounts get-iam-policy #{@service_account} | grep -F #{member} > /dev/null"
37
+ found = sh "gcloud iam service-accounts get-iam-policy '#{@service_account}' | grep -F '#{member}' > /dev/null"
38
38
  return if found
39
39
 
40
40
  sh "gcloud iam service-accounts add-iam-policy-binding \
41
41
  --role roles/iam.workloadIdentityUser \
42
- --member #{member} \
42
+ --member '#{member}' \
43
43
  --condition=None \
44
- #{@service_account}".squish
44
+ '#{@service_account}'".squish
45
45
  end
46
46
 
47
47
  def add_roles
@@ -58,21 +58,28 @@ module KubesGoogle
58
58
  end
59
59
 
60
60
  def has_role?(role)
61
- out = capture "gcloud projects get-iam-policy #{@google_project} --format json"
62
- data = JSON.load(out)
61
+ data = project_iam_policies
63
62
  bindings = data['bindings']
64
63
  binding = bindings.find { |b| b['role'] == role }
65
64
  return false unless binding
66
- binding['members'].include?(@service_account)
65
+ binding['members'].include?("serviceAccount:#{@service_account}")
66
+ end
67
+
68
+ @@project_iam_policies = nil
69
+ def project_iam_policies
70
+ return @@project_iam_policies if @@project_iam_policies
71
+ logger.debug "=> gcloud projects get-iam-policy #{@google_project} --format json"
72
+ out = capture "gcloud projects get-iam-policy #{@google_project} --format json"
73
+ @@project_iam_policies = JSON.load(out)
67
74
  end
68
75
 
69
76
  def add_role(role)
70
77
  return if has_role?(role)
71
78
 
72
79
  sh "gcloud projects add-iam-policy-binding #{@google_project} \
73
- --member=serviceAccount:#{@service_account} \
80
+ --member='serviceAccount:#{@service_account}' \
74
81
  --condition=None \
75
- --role=#{role} > /dev/null".squish
82
+ --role='#{role}' > /dev/null".squish
76
83
  end
77
84
  end
78
85
  end
@@ -1,3 +1,3 @@
1
1
  module KubesGoogle
2
- VERSION = "0.3.8"
2
+ VERSION = "0.3.11"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: kubes_google
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.8
4
+ version: 0.3.11
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tung Nguyen
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2022-02-07 00:00:00.000000000 Z
11
+ date: 2022-08-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -160,7 +160,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
160
160
  - !ruby/object:Gem::Version
161
161
  version: '0'
162
162
  requirements: []
163
- rubygems_version: 3.2.32
163
+ rubygems_version: 3.3.12
164
164
  signing_key:
165
165
  specification_version: 4
166
166
  summary: Kubes Google Helpers Library