From 4f3987904d7d681513e0d27fdf231c68d7d8ddbf Mon Sep 17 00:00:00 2001 From: felipegenef Date: Mon, 9 Oct 2023 18:50:13 -0300 Subject: [PATCH 1/2] feat:Add AWS SSM like variable functionality for GCP Secrets Manager --- provider/googleProvider.js | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/provider/googleProvider.js b/provider/googleProvider.js index 00bbd85..fb7e89a 100644 --- a/provider/googleProvider.js +++ b/provider/googleProvider.js @@ -198,6 +198,39 @@ class GoogleProvider { return { value: await this.gsValue({ bucket, object }) }; }, }, + "gcp-sm": { + async resolve({ params }) { + const [value, defaultValue] = params; + + const secretName = `projects/${this.serverless.configurationInput.provider.project}/secrets/${value}/versions/latest`; + try { + + const auth = this.getAuthClient(); + + const secretManager = google.secretmanager("v1"); + + const secretVersion = + await secretManager.projects.secrets.versions.access({ + auth, + name: secretName, + }); + + return { + value: Buffer.from( + secretVersion.data.payload.data, + "base64" + ).toString("utf-8"), + }; + } catch (error) { + if (!defaultValue) { + throw new Error( + "Variable not found on GCP Secrets Manager: " + value + ); + } + return { value: defaultValue }; + } + }, + } }; // TODO: Remove with next major From 21e5969b048c13786576ff65997cb3141056e650 Mon Sep 17 00:00:00 2001 From: felipegenef Date: Mon, 9 Oct 2023 20:09:38 -0300 Subject: [PATCH 2/2] fixed variable names --- provider/googleProvider.js | 47 +++++++++++++++++++++++--------------- 1 file changed, 29 insertions(+), 18 deletions(-) diff --git a/provider/googleProvider.js b/provider/googleProvider.js index fb7e89a..e317711 100644 --- a/provider/googleProvider.js +++ b/provider/googleProvider.js @@ -198,39 +198,50 @@ class GoogleProvider { return { value: await this.gsValue({ bucket, object }) }; }, }, - "gcp-sm": { + 'gcp-sm': { async resolve({ params }) { const [value, defaultValue] = params; - - const secretName = `projects/${this.serverless.configurationInput.provider.project}/secrets/${value}/versions/latest`; + const secretName = `projects/${serverless.configurationInput.provider.project}/secrets/${value}/versions/latest`; try { + let credentials = serverless.service.provider.credentials; + let auth; + if (credentials) { + const credParts = serverless.service.provider.credentials.split(path.sep); + if (credParts[0] === '~') { + credParts[0] = os.homedir(); + credentials = credParts.reduce((memo, part) => path.join(memo, part), ''); + } + + auth = new google.auth.GoogleAuth({ + keyFile: credentials.toString(), + scopes: 'https://www.googleapis.com/auth/cloud-platform', + projectId: serverless.configurationInput.provider.project, + }); + } - const auth = this.getAuthClient(); + auth = new google.auth.GoogleAuth({ + scopes: 'https://www.googleapis.com/auth/cloud-platform', + projectId: serverless.configurationInput.provider.project, + }); - const secretManager = google.secretmanager("v1"); + const secretManager = google.secretmanager('v1'); - const secretVersion = - await secretManager.projects.secrets.versions.access({ - auth, - name: secretName, - }); + const secretVersion = await secretManager.projects.secrets.versions.access({ + auth, + name: secretName, + }); return { - value: Buffer.from( - secretVersion.data.payload.data, - "base64" - ).toString("utf-8"), + value: Buffer.from(secretVersion.data.payload.data, 'base64').toString('utf-8'), }; } catch (error) { if (!defaultValue) { - throw new Error( - "Variable not found on GCP Secrets Manager: " + value - ); + throw new Error('Variable not found on GCP Secrets Manager: ' + value); } return { value: defaultValue }; } }, - } + }, }; // TODO: Remove with next major