Adds support for fetching GCP Secrets

serpulga · Feb 5, 2022 · ead5b85 · ead5b85
1 parent c5f9a4e
commit ead5b85
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 4 deletions.
diff --git a/konfug.py b/konfug.py
@@ -5,20 +5,23 @@
 import functools
 
 from google.cloud import datastore
+from google.cloud import secretmanager
 from google.auth.exceptions import DefaultCredentialsError
 
 
 DEFAULT_FALSEY_EXPRESSIONS = ('0', 'false', 0, False, None,)
+UTF8 = 'UTF-8'
 
 
 class KonfugError(Exception):
     pass
 
 
 class KonfugMissingError(KonfugError):
-    def __init__(self, missing_setting):
+    def __init__(self, missing_setting, is_secret=False):
         self._missing_setting = missing_setting
-        self.message = f'Missing setting "{missing_setting}"'
+        space = "setting" if is_secret is False else "secret"
+        self.message = f'Missing {space} "{missing_setting}"'
 
         super(KonfugMissingError, self).__init__(self.message)
 
@@ -71,12 +74,28 @@ def __init__(self, **kwargs):
                 falsey_expressions=self._falsey_expressions
             )
 
+            self._secret_resource_name_tpl = (
+                f"projects/{project_id}/"
+                f"secrets/{{secret_id}}/"
+                f"versions/latest"
+            )
+
             self._skip_datastore = kwargs.get('skip_datastore', False)
+            self._skip_secret_manager = kwargs.get(
+                                            'skip_secret_manager', False)
+            self._dataclient = None
+            self._secretclient = None
+
             if not self._skip_datastore:
                 self._dataclient = datastore.Client(project=project_id)
             else:
                 self._dataclient = None
 
+            if not self._skip_secret_manager:
+                self._secretclient = secretmanager.SecretManagerServiceClient()
+            else:
+                self._secretclient = None
+
             def fetch_kinds(ns):
                 kinds = {}
                 if self._skip_datastore is False:
@@ -171,3 +190,21 @@ def to_dict(val):
             raise ValueError(f'Not a dict {val}')
         else:
             return dict_
+
+    def secret(self, key, default_val=None, encoding=UTF8):
+        if key in os.environ:
+            val = os.getenv(key)
+        elif self._skip_secret_manager or self._secretclient is None:
+            val = None
+        else:
+            name = self._secret_resource_name_tpl.format(secret_id=key)
+            secret = self._secretclient.access_secret_version(
+                                                    request={"name": name})
+            val = secret.payload.data.decode(encoding)
+
+        if val is None and default_val:
+            val = default_val
+        elif val is None:
+            raise KonfugMissingError(key, is_secret=True)
+
+        return val
diff --git a/setup.cfg b/setup.cfg
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 0.0.1
+current_version = 0.0.3
 commit = True
 tag = True
 

diff --git a/setup.py b/setup.py
@@ -6,14 +6,18 @@
 setuptools.setup(
     name='konfug',
     py_modules=['konfug'],
-    version='0.0.2',
+    version='0.0.3',
     description='The configuration source for all your projects',
     author='Sergio Pulgarin',
     license='BSD',
     author_email='serpulga@gmail.com',
     url="https://github.com/serpulga/konfug",
     keywords=['konfug', 'datastore', 'configuration'],
     python_requires='>=3.6',
+    install_requires=[
+        "google-cloud-secret-manager==2.8.0",
+        "google-cloud-datastore==2.4.0"
+    ],
     classifiers=[
         'Development Status :: 4 - Beta',
         'Environment :: Console',
@@ -24,6 +28,7 @@
         'Programming Language :: Python :: 3.6',
         'Programming Language :: Python :: 3.7',
         'Programming Language :: Python :: 3.8',
+        'Programming Language :: Python :: 3.9',
         'Programming Language :: Python :: Implementation :: CPython',
         'Programming Language :: Python :: Implementation :: PyPy',
         'Topic :: Software Development',