Skip to content

Commit

Permalink
Merge pull request #1 from in4it/feature/labels
Browse files Browse the repository at this point in the history 
support for labels
  • Loading branch information
@wardviaene
wardviaene authored Apr 26, 2020
2 parents 62fe721 + 4a7193d commit 056b099
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 5 deletions.
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,5 +5,5 @@ Execute binary with secrets loaded as environment variables
Run bash command and inject environment variables that start with "myapp"
```
export GOOGLE_APPLICATION_CREDENTIALS=credentials.json
./gcloud-load-secrets-darwin-amd64 -prefix myapp -cmd '/bin/bash -c ls -ahl' -debug true
./gcloud-load-secrets-darwin-amd64 -label app=myapp -cmd '/bin/bash -c ls -ahl' -debug true
```
6 changes: 4 additions & 2 deletions cmd/gcloud-load-secrets/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,12 @@ func main() {

var (
secretsPrefix string
secretsLabel string
cmd string
debug bool
)
flag.StringVar(&secretsPrefix, "prefix", "", "prefix to use when retrieving secrets")
flag.StringVar(&secretsPrefix, "prefix", "", "prefix to filter on when retrieving secrets")
flag.StringVar(&secretsLabel, "label", "", "label to filter on when retrieving secrets")
flag.StringVar(&cmd, "cmd", "", "execute command")
flag.BoolVar(&debug, "debug", false, "enable debug output")

Expand All @@ -35,7 +37,7 @@ func main() {
panic(err)
}

secrets, err := readSecrets.ListSecrets(secretsPrefix)
secrets, err := readSecrets.ListSecrets(secretsPrefix, secretsLabel)
if err != nil {
panic(err)
}
Expand Down
20 changes: 18 additions & 2 deletions pkg/gcloud/secrets/read.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ func NewReadSecrets() (*ReadSecrets, error) {
}, nil
}

func (r *ReadSecrets) ListSecrets(secretsPrefix string) ([]Secret, error) {
func (r *ReadSecrets) ListSecrets(secretsPrefix, secretsLabel string) ([]Secret, error) {
ctx := context.Background()

req := &secretmanagerpb.ListSecretsRequest{
Expand All @@ -60,7 +60,7 @@ func (r *ReadSecrets) ListSecrets(secretsPrefix string) ([]Secret, error) {
return secrets, fmt.Errorf("secret name in unexpected format: %s", resp.Name)
}
secretName := strings.Join(secretElements[3:], "/")
if strings.HasPrefix(secretName, secretsPrefix) {
if strings.HasPrefix(secretName, secretsPrefix) && r.MatchLabel(secretsLabel, resp.Labels) {
secrets = append(secrets, Secret{ID: resp.Name, Name: secretName})
}
}
Expand Down Expand Up @@ -90,3 +90,19 @@ func (r *ReadSecrets) GetKV(secrets []Secret) []string {
}
return ret
}

func (r *ReadSecrets) MatchLabel(label string, labels map[string]string) bool {
if label == "" {
return true
}
split := strings.Split(label, "=")
if len(split) != 2 {
return false
}
for k, v := range labels {
if k == split[0] && v == split[1] {
return true
}
}
return false
}

0 comments on commit 056b099

Please sign in to comment.