cloud: Switch to password_secret_ namespace

cloud

@@ -169,9 +169,9 @@ function execute_command() {
     declare -a -r psql_args
 
     # Enable fetching PostgreSQL passwords from their secrets
-    password_set_secret "psql_superuser" "$project" "kcidb_psql_superuser"
-    password_set_secret "psql_viewer" "$project" "kcidb_psql_viewer"
-    password_set_secret "psql_editor" "$project" "${prefix}psql_editor"
+    password_secret_set "psql_superuser" "$project" "kcidb_psql_superuser"
+    password_secret_set "psql_viewer" "$project" "kcidb_psql_viewer"
+    password_secret_set "psql_editor" "$project" "${prefix}psql_editor"
 
     declare -r bigquery_dataset="${prefix}${version}"
     declare -r bigquery_clean_test_dataset="${prefix}${version}_clean_test"
@@ -237,7 +237,7 @@ function execute_command() {
     fi
 
     # Register SMTP password secret
-    password_set_secret "smtp" "$project" "$SECRETS_SMTP_PASSWORD"
+    password_secret_set "smtp" "$project" "$SECRETS_SMTP_PASSWORD"
 
     declare -r smtp_topic=$("$smtp_mocked" && echo "${prefix}smtp" || true)
     declare -r smtp_subscription=$(

kcidb/cloud/password.sh

@@ -148,7 +148,7 @@ function password_set_file() {
 # specified name. The password will be retrieved from the secret, if it wasn't
 # cached, and if its source file wasn't specified.
 # Args: name project secret
-function password_set_secret() {
+function password_secret_set() {
     declare -r name="$1"; shift
     declare -r project="$1"; shift
     declare -r secret="$1"; shift
@@ -195,10 +195,10 @@ function password_is_specified() {
 }
 
 # Deploy passwords to their secrets (assuming they're set with
-# "password_set_secret"). For every password deploy only if the password is
+# "password_secret_set"). For every password deploy only if the password is
 # specified, or the secret doesn't exist.
 # Args: name...
-function password_deploy_secret() {
+function password_secret_deploy() {
     declare name
     declare project
     declare secret
@@ -226,9 +226,9 @@ function password_deploy_secret() {
 }
 
 # Withdraw passwords from their secrets (assuming they're set with
-# "password_set_secret").
+# "password_secret_set").
 # Args: name...
-function password_withdraw_secret() {
+function password_secret_withdraw() {
     declare name
     declare project
     declare secret
@@ -252,7 +252,7 @@ function password_withdraw_secret() {
 # Deploy only if one of the passwords is specified, or if the pgpass secret
 # doesn't exist.
 # Args: project pgpass_secret [password_name user_name]...
-function password_deploy_pgpass_secret() {
+function password_secret_deploy_pgpass() {
     declare -r project="$1"; shift
     declare -r pgpass_secret="$1"; shift
     declare -a -r password_and_user_names=("$@")

kcidb/cloud/secrets.sh

@@ -19,19 +19,19 @@ function secrets_deploy() {
     declare exists
 
     # Make sure the shared SMTP password secret is deployed
-    password_deploy_secret smtp
+    password_secret_deploy smtp
     # Give Cloud Functions access to the shared SMTP password secret
     mute gcloud secrets add-iam-policy-binding \
         --quiet --project="$project" "$SECRETS_SMTP_PASSWORD" \
         --role roles/secretmanager.secretAccessor \
         --member "serviceAccount:$project@appspot.gserviceaccount.com"
 
     # Make sure all PostgreSQL's password secrets are deployed
-    password_deploy_secret psql_superuser psql_editor psql_viewer
+    password_secret_deploy psql_superuser psql_editor psql_viewer
     # DO NOT give Cloud Functions access to *any* PostgreSQL password secrets
 
     # Make sure PostgreSQL's .pgpass secret is deployed
-    password_deploy_pgpass_secret "$project" "$psql_pgpass_secret" \
+    password_secret_deploy_pgpass "$project" "$psql_pgpass_secret" \
         psql_editor "$psql_editor_username"
 
     # Give Cloud Functions access to the .pgpass secret
@@ -47,7 +47,7 @@ function secrets_deploy() {
 function secrets_withdraw() {
     declare -r project="$1"; shift
     declare -r psql_pgpass_secret="$1"; shift
-    password_withdraw_secret psql_editor
+    password_secret_withdraw psql_editor
     secret_withdraw "$project" "$psql_pgpass_secret"
     # NOTE: Not withdrawing the shared secrets
 }