bd4916873b
Signed-off-by: guillaume <guillaume.derouville@gmail.com>
77 lines
2.1 KiB
CUE
77 lines
2.1 KiB
CUE
// Google Cloud Secret Manager
|
|
package secretmanager
|
|
|
|
import (
|
|
"alpha.dagger.io/dagger"
|
|
"alpha.dagger.io/dagger/op"
|
|
"alpha.dagger.io/gcp"
|
|
"alpha.dagger.io/os"
|
|
)
|
|
|
|
#Secrets: {
|
|
// GCP Config
|
|
config: gcp.#Config
|
|
|
|
// Map of secrets
|
|
secrets: [name=string]: dagger.#Secret
|
|
|
|
// Deploy encrypted secrets
|
|
deployment: os.#Container & {
|
|
image: gcp.#GCloud & {"config": config}
|
|
shell: path: "/bin/bash"
|
|
always: true
|
|
|
|
for name, s in secrets {
|
|
secret: "/tmp/secrets/\(name)": s
|
|
}
|
|
|
|
command: #"""
|
|
# Loop on all files, including hidden files
|
|
shopt -s dotglob
|
|
echo "{}" > /tmp/output.json
|
|
for FILE in /tmp/secrets/*; do
|
|
BOOL=0 # Boolean
|
|
gcloud secrets describe "${FILE##*/}" 2>/dev/null > /dev/null
|
|
status=$?
|
|
|
|
# If secret not found
|
|
if [[ ! "${status}" -eq 0 ]]; then
|
|
(\
|
|
RES="$(gcloud secrets create "${FILE##*/}" --replication-policy automatic --data-file "${FILE}" --format='value(name)' 2>&1 | sed -n '1!p')" \
|
|
&& cat <<< $(cat /tmp/output.json | jq ".|.\"${FILE##*/}\"=\"$RES\"") > /tmp/output.json \
|
|
) || (echo "Error while creating secret ${FILE##*/}" >&2 && exit 1)
|
|
BOOL=1
|
|
else
|
|
(\
|
|
RES="$(gcloud secrets versions add "${FILE##*/}" --data-file "${FILE}" --format='value(name)' 2>&1 | sed -n '1!p')" \
|
|
&& cat <<< $(cat /tmp/output.json | jq ".|.\"${FILE##*/}\"=\"$RES\"") > /tmp/output.json \
|
|
) || (echo "Error while updating secret ${FILE##*/}" >&2 && exit 1)
|
|
BOOL=1
|
|
fi
|
|
if [ $BOOL -eq 0 ]; then
|
|
(\
|
|
RES="$(gcloud secrets describe "${FILE##*/}" --format='value(name)' 2>&1)" \
|
|
&& cat <<< $(cat /tmp/output.json | jq ".|.\"${FILE##*/}\"=\"$RES\"") > /tmp/output.json \
|
|
) || (echo "Error while retrieving secret ${FILE##*/}" >&2 && exit 1)
|
|
fi
|
|
done
|
|
"""#
|
|
}
|
|
|
|
// dynamic references
|
|
references: {
|
|
[string]: string
|
|
}
|
|
|
|
references: #up: [
|
|
op.#Load & {
|
|
from: deployment
|
|
},
|
|
|
|
op.#Export & {
|
|
source: "/tmp/output.json"
|
|
format: "json"
|
|
},
|
|
]
|
|
}
|