dagger/pkg/alpha.dagger.io/gcp/secretmanager/secrets.cue

// Google Cloud Secret Manager
package secretmanager

import (
	"alpha.dagger.io/dagger"
	"alpha.dagger.io/dagger/op"
	"alpha.dagger.io/gcp"
	"alpha.dagger.io/os"
)

#Secrets: {
	// GCP Config
	config: gcp.#Config

	// Map of secrets
	secrets: [name=string]: dagger.#Secret

	// Deploy encrypted secrets
	deployment: os.#Container & {
		image: gcp.#GCloud & {"config": config}
		shell: path: "/bin/bash"
		always: true

		for name, s in secrets {
			secret: "/tmp/secrets/\(name)": s
		}

		command: #"""
			    # Loop on all files, including hidden files
			    shopt -s dotglob
			    echo "{}" > /tmp/output.json
			    for FILE in /tmp/secrets/*; do
			        BOOL=0 # Boolean
			        gcloud secrets describe "${FILE##*/}" 2>/dev/null > /dev/null
			        status=$?

			        # If secret not found
			        if [[ ! "${status}" -eq 0 ]]; then
			            (\
			                RES="$(gcloud secrets create "${FILE##*/}" --replication-policy automatic --data-file "${FILE}" --format='value(name)' 2>&1 | sed -n '1!p')" \
			                && cat <<< $(cat /tmp/output.json | jq ".|.\"${FILE##*/}\"=\"$RES\"") > /tmp/output.json \
			            ) || (echo "Error while creating secret ${FILE##*/}" >&2 && exit 1)
			            BOOL=1
			        else
									(\
											RES="$(gcloud secrets versions add "${FILE##*/}" --data-file "${FILE}" --format='value(name)' 2>&1 | sed -n '1!p')" \
											&& cat <<< $(cat /tmp/output.json | jq ".|.\"${FILE##*/}\"=\"$RES\"") > /tmp/output.json \
									) || (echo "Error while updating secret ${FILE##*/}" >&2 && exit 1)
									BOOL=1
			        fi
			        if [ $BOOL -eq 0 ]; then
			            (\
			                RES="$(gcloud secrets describe "${FILE##*/}" --format='value(name)' 2>&1)" \
			                && cat <<< $(cat /tmp/output.json | jq ".|.\"${FILE##*/}\"=\"$RES\"") > /tmp/output.json \
			            ) || (echo "Error while retrieving secret ${FILE##*/}" >&2 && exit 1)
			        fi
			    done
			"""#
	}

	// dynamic references
	references: {
		[string]: string
	}

	references: #up: [
		op.#Load & {
			from: deployment
		},

		op.#Export & {
			source: "/tmp/output.json"
			format: "json"
		},
	]
}
Add secrets deployment for GCP Signed-off-by: Benjamin Grandfond <benjamin.grandfond@gmail.com> 2021-08-30 00:43:17 +02:00			`// Google Cloud Secret Manager`
			`package secretmanager`

			`import (`
			`"alpha.dagger.io/dagger"`
			`"alpha.dagger.io/dagger/op"`
			`"alpha.dagger.io/gcp"`
			`"alpha.dagger.io/os"`
			`)`

			`#Secrets: {`
			`// GCP Config`
			`config: gcp.#Config`

			`// Map of secrets`
			`secrets: [name=string]: dagger.#Secret`

			`// Deploy encrypted secrets`
			`deployment: os.#Container & {`
			`image: gcp.#GCloud & {"config": config}`
			`shell: path: "/bin/bash"`
			`always: true`

			`for name, s in secrets {`
			`secret: "/tmp/secrets/\(name)": s`
			`}`

			`command: #"""`
			`# Loop on all files, including hidden files`
			`shopt -s dotglob`
			`echo "{}" > /tmp/output.json`
			`for FILE in /tmp/secrets/*; do`
			`BOOL=0 # Boolean`
			`gcloud secrets describe "${FILE##*/}" 2>/dev/null > /dev/null`
			`status=$?`

			`# If secret not found`
			`if [[ ! "${status}" -eq 0 ]]; then`
			`(\`
Port packages to latest versions + update netlify to latest CLI version + update aws to latest version Signed-off-by: guillaume <guillaume.derouville@gmail.com> 2022-01-04 15:27:33 +01:00			`RES="$(gcloud secrets create "${FILE##*/}" --replication-policy automatic --data-file "${FILE}" --format='value(name)' 2>&1 \| sed -n '1!p')" \`
Add secrets deployment for GCP Signed-off-by: Benjamin Grandfond <benjamin.grandfond@gmail.com> 2021-08-30 00:43:17 +02:00			`&& cat <<< $(cat /tmp/output.json \| jq ".\|.\"${FILE##*/}\"=\"$RES\"") > /tmp/output.json \`
			`) \|\| (echo "Error while creating secret ${FILE##*/}" >&2 && exit 1)`
			`BOOL=1`
			`else`
			`(\`
Port packages to latest versions + update netlify to latest CLI version + update aws to latest version Signed-off-by: guillaume <guillaume.derouville@gmail.com> 2022-01-04 15:27:33 +01:00			`RES="$(gcloud secrets versions add "${FILE##*/}" --data-file "${FILE}" --format='value(name)' 2>&1 \| sed -n '1!p')" \`
Add secrets deployment for GCP Signed-off-by: Benjamin Grandfond <benjamin.grandfond@gmail.com> 2021-08-30 00:43:17 +02:00			`&& cat <<< $(cat /tmp/output.json \| jq ".\|.\"${FILE##*/}\"=\"$RES\"") > /tmp/output.json \`
			`) \|\| (echo "Error while updating secret ${FILE##*/}" >&2 && exit 1)`
			`BOOL=1`
			`fi`
			`if [ $BOOL -eq 0 ]; then`
			`(\`
Port packages to latest versions + update netlify to latest CLI version + update aws to latest version Signed-off-by: guillaume <guillaume.derouville@gmail.com> 2022-01-04 15:27:33 +01:00			`RES="$(gcloud secrets describe "${FILE##*/}" --format='value(name)' 2>&1)" \`
Add secrets deployment for GCP Signed-off-by: Benjamin Grandfond <benjamin.grandfond@gmail.com> 2021-08-30 00:43:17 +02:00			`&& cat <<< $(cat /tmp/output.json \| jq ".\|.\"${FILE##*/}\"=\"$RES\"") > /tmp/output.json \`
			`) \|\| (echo "Error while retrieving secret ${FILE##*/}" >&2 && exit 1)`
			`fi`
			`done`
			`"""#`
			`}`

			`// dynamic references`
			`references: {`
			`[string]: string`
			`}`

			`references: #up: [`
			`op.#Load & {`
			`from: deployment`
			`},`

			`op.#Export & {`
			`source: "/tmp/output.json"`
			`format: "json"`
			`},`
			`]`
			`}`