Class: KubesGoogle::Secrets::Fetcher::Sdk

Inherits:
Base
  • Object
show all
Includes:
KubesGoogle::Services
Defined in:
lib/kubes_google/secrets/fetcher/sdk.rb

Instance Method Summary collapse

Methods included from KubesGoogle::Services

#cluster_manager, #resource_manager, #secret_manager_service

Methods inherited from Base

#base64?, #initialize

Methods included from Logging

#logger

Constructor Details

This class inherits a constructor from KubesGoogle::Secrets::Fetcher::Base

Instance Method Details

#fetch(short_name, version = "latest") ⇒ Object 



5
6
7
8
9
 
# File 'lib/kubes_google/secrets/fetcher/sdk.rb', line 5

def fetch(short_name, version="latest")
  value = fetch_value(short_name, version)
  value = Base64.strict_encode64(value).strip if base64?
  value
end

#fetch_value(short_name, version = "latest") ⇒ Object 



11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/kubes_google/secrets/fetcher/sdk.rb', line 11

def fetch_value(short_name, version="latest")
  name = "projects/#{project_number}/secrets/#{short_name}/versions/#{version}"
  version = secret_manager_service.access_secret_version(name: name)
  version.payload.data
rescue Google::Cloud::NotFoundError => e
  logger.info "WARN: secret #{name} not found".color(:yellow)
  logger.info e.message
  "NOT FOUND #{name}" # simple string so Kubernetes YAML is valid
rescue Google::Cloud::UnavailableError => e
  logger.error "ERROR: #{e.message}"
  if e.message.include?("failed to connect")
    logger.info <<~EOL
      WARNING: SSL Handshake failed. This error seems to happen with some VPN setups.
      You can turn off this warning by setting the gcloud fetcher instead.
      To set up see:

        https://kubes.guru/docs/helpers/google/secrets/#fetcher-strategy
    EOL
    raise KubesGoogle::VpnSslError
  else
    raise
  end
end