From c8dad0b01c7ce592a16923bf147b4c50dab50345 Mon Sep 17 00:00:00 2001 From: Nikolai Kondrashov Date: Fri, 19 Jan 2024 13:58:38 +0200 Subject: [PATCH] cloud: Switch to password_secret_ namespace --- cloud | 8 ++++---- kcidb/cloud/password.sh | 12 ++++++------ kcidb/cloud/secrets.sh | 8 ++++---- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/cloud b/cloud index a7bf4f6e..fde72e1e 100755 --- a/cloud +++ b/cloud @@ -169,9 +169,9 @@ function execute_command() { declare -a -r psql_args # Enable fetching PostgreSQL passwords from their secrets - password_set_secret "psql_superuser" "$project" "kcidb_psql_superuser" - password_set_secret "psql_viewer" "$project" "kcidb_psql_viewer" - password_set_secret "psql_editor" "$project" "${prefix}psql_editor" + password_secret_set "psql_superuser" "$project" "kcidb_psql_superuser" + password_secret_set "psql_viewer" "$project" "kcidb_psql_viewer" + password_secret_set "psql_editor" "$project" "${prefix}psql_editor" declare -r bigquery_dataset="${prefix}${version}" declare -r bigquery_clean_test_dataset="${prefix}${version}_clean_test" @@ -237,7 +237,7 @@ function execute_command() { fi # Register SMTP password secret - password_set_secret "smtp" "$project" "$SECRETS_SMTP_PASSWORD" + password_secret_set "smtp" "$project" "$SECRETS_SMTP_PASSWORD" declare -r smtp_topic=$("$smtp_mocked" && echo "${prefix}smtp" || true) declare -r smtp_subscription=$( diff --git a/kcidb/cloud/password.sh b/kcidb/cloud/password.sh index 563014c6..e479a674 100644 --- a/kcidb/cloud/password.sh +++ b/kcidb/cloud/password.sh @@ -148,7 +148,7 @@ function password_set_file() { # specified name. The password will be retrieved from the secret, if it wasn't # cached, and if its source file wasn't specified. # Args: name project secret -function password_set_secret() { +function password_secret_set() { declare -r name="$1"; shift declare -r project="$1"; shift declare -r secret="$1"; shift @@ -195,10 +195,10 @@ function password_is_specified() { } # Deploy passwords to their secrets (assuming they're set with -# "password_set_secret"). For every password deploy only if the password is +# "password_secret_set"). For every password deploy only if the password is # specified, or the secret doesn't exist. # Args: name... -function password_deploy_secret() { +function password_secret_deploy() { declare name declare project declare secret @@ -226,9 +226,9 @@ function password_deploy_secret() { } # Withdraw passwords from their secrets (assuming they're set with -# "password_set_secret"). +# "password_secret_set"). # Args: name... -function password_withdraw_secret() { +function password_secret_withdraw() { declare name declare project declare secret @@ -252,7 +252,7 @@ function password_withdraw_secret() { # Deploy only if one of the passwords is specified, or if the pgpass secret # doesn't exist. # Args: project pgpass_secret [password_name user_name]... -function password_deploy_pgpass_secret() { +function password_secret_deploy_pgpass() { declare -r project="$1"; shift declare -r pgpass_secret="$1"; shift declare -a -r password_and_user_names=("$@") diff --git a/kcidb/cloud/secrets.sh b/kcidb/cloud/secrets.sh index ab9173eb..a1799db2 100644 --- a/kcidb/cloud/secrets.sh +++ b/kcidb/cloud/secrets.sh @@ -19,7 +19,7 @@ function secrets_deploy() { declare exists # Make sure the shared SMTP password secret is deployed - password_deploy_secret smtp + password_secret_deploy smtp # Give Cloud Functions access to the shared SMTP password secret mute gcloud secrets add-iam-policy-binding \ --quiet --project="$project" "$SECRETS_SMTP_PASSWORD" \ @@ -27,11 +27,11 @@ function secrets_deploy() { --member "serviceAccount:$project@appspot.gserviceaccount.com" # Make sure all PostgreSQL's password secrets are deployed - password_deploy_secret psql_superuser psql_editor psql_viewer + password_secret_deploy psql_superuser psql_editor psql_viewer # DO NOT give Cloud Functions access to *any* PostgreSQL password secrets # Make sure PostgreSQL's .pgpass secret is deployed - password_deploy_pgpass_secret "$project" "$psql_pgpass_secret" \ + password_secret_deploy_pgpass "$project" "$psql_pgpass_secret" \ psql_editor "$psql_editor_username" # Give Cloud Functions access to the .pgpass secret @@ -47,7 +47,7 @@ function secrets_deploy() { function secrets_withdraw() { declare -r project="$1"; shift declare -r psql_pgpass_secret="$1"; shift - password_withdraw_secret psql_editor + password_secret_withdraw psql_editor secret_withdraw "$project" "$psql_pgpass_secret" # NOTE: Not withdrawing the shared secrets }