-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
73a15fb
commit 40d457b
Showing
19 changed files
with
209 additions
and
34 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| { | ||
| "type": "service_account", | ||
| "project_id": "asaph-dev", | ||
| "private_key_id": "8233a3f09f026303d76949bbafa14f61d924e14e", | ||
| "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDbForo+GnsGJqk\nRrdTGcDgsGJu2SULEyu303gRFBtvHjSWddBpYyvIXGOdT+ph/0T3KcytFKmI9Y2M\n4um97+55IgV0SBKb1W6s0Eejl2ofxoGPjRHcIdTtokHmr+WPpYFV/7+xha0Rf4Z3\n2QmBk7UfmN/awXb7MxTKGC4b2ZFlcwINdXXQIf0i8D474uhpNYbeTEQ4kR29WshW\nGSApFy4frbdEjUl0u06JWcfI0EMCPMzD1GbOQFtb6HnU0lD//U0Ett5H3npMbWY+\n4Nya/qGSB+gmeQGrVu/kVQhZowuYh6pReCPGBcj8Wy4DKI510IL/875g4x6I40Ju\nXHvNhS7ZAgMBAAECggEAA6Up+OfvlNOj+KLxXrSWMCbYvGqbryxJrrlNM7UkVhwo\nJW8ex8iBBfuWvLTqFWjsRzoVNoJnGU92MQ3ldBkpD2Lj7FddCxkcY+VJpXMmrnip\ncMkye6y+Bv++hCdEQbhjOoCsbWu0wXT5uJMn3iJzAdLG7RpvvFlq0yH4qNLDeu7/\n2H5dYLKEtIs20GxLXRXmlAk8UtmuOkL3ThejLemEO9U5DExOIzQ9lkD4OhRDdI9L\nrY2Q7XgJnkjZN0Fln/Xq2p56v34mZ+5HRcCc6mtSDXZbmZX8LZ/Pk0a/BP8ZvkW3\nRnL6jTxO5aqma9KnSO4M1OT5e/vqO/fZ748Tci62wQKBgQDynX1GEWP6LgxkF9Ox\ns1GY/ZFWPfk8Fj3wWgRC5uIjYI0JoFOps69Uij3n2AxJypInIM5so4zIKWus7k64\nrWoHGQnQKiCLbuHRpa2N4EeUYhjUIwoAmi0pVlIlGfzs6N8Lab7/bfzqj9D5Vgq+\ngLl/RWa3NNBnhkmKmLeepu5JjQKBgQDnLMYplFGvaJtQ7cz2hwOP42dDyvrMQTim\nJsb+4/IMrwI7dwSmcWpz3sRUzPbjbLzPUlgJOzDgyRqv85yObMo1FB691EfpTkPV\nA4i0ARerJhIjnaNeIVF/9eUMcRyOHglcYLbXSXbmmaEZbNEz+dj+58RwsLjKkitl\nVO/ZqY6ZfQKBgQCbKAzNmqGNhZV3DaXcpwkwBjnEJa4Wt0K1S1weTPmiFkUcOuRG\nSxt9vUsJ0ilJp7sAOwLIh2+pMpQh6+V8RarhDyovbkGR6j+Qi5wKd7xPMM0gHahv\n6imnngS6pXwTJno+GkqDoBt3BrJmQphsbHY05nViBOyiyEaP1ErZs3gAoQKBgGEH\nLuk2wo4/9qiiFtwGUR1skeQnZtqiKVe7gNxs6iQetG4nB0Gg6tBVWMxK9vj/o8PU\nyPSe7mX6ooPlWPmCeeCLYFfGqKQo4Fmg0RjUOI3yPbzLJk2U6HMvzwJI23Ze7wjh\n4vw7bnddVfuo66nIHSboOlAeLIGBlktCuiT+gMa1AoGAB4R6o4Y+Ue+i173G6AbC\nsTODEpXOnBNlgt+RQ9900qc1sBU7518QSJQOe645a4+BIIQ6WwUZgPRoN2qr1Eec\nmazXdT+xDFi8OjhlF1j/RZsp6f5bMVuQkAqadPgtN7NjA7xyE/YFTSu1OMYseyXn\ngfDA5SUUy6LKPDfEclZkidA=\n-----END PRIVATE KEY-----\n", | ||
| "client_email": "[email protected]", | ||
| "client_id": "117527350958472163100", | ||
| "auth_uri": "https://accounts.google.com/o/oauth2/auth", | ||
| "token_uri": "https://oauth2.googleapis.com/token", | ||
| "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", | ||
| "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/secret-accessor%40asaph-dev.iam.gserviceaccount.com" | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
25 changes: 25 additions & 0 deletions
25
...h.WebApi/GcpSecretManagerConfigurationProvider/GcpSecretManagerConfigurationExtensions.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| namespace Asaph.WebApi.GcpSecretManagerConfigurationProvider; | ||
|
|
||
| /// <summary> | ||
| /// Provides extensions for adding GCP Secret Manager secrets to configuration. | ||
| /// </summary> | ||
| public static class GcpSecretManagerConfigurationExtensions | ||
| { | ||
| /// <summary> | ||
| /// Adds GCP Secret Manager as a configuration source. | ||
| /// </summary> | ||
| /// <param name="builder">Configuration builder.</param> | ||
| /// <param name="configuration">Configuration. "Gcp" is the assumed section.</param> | ||
| /// <returns>The updated configuration builder.</returns> | ||
| public static IConfigurationBuilder AddGcpSecretManager( | ||
| this IConfigurationBuilder builder, IConfiguration configuration) | ||
| { | ||
| string? projectId = configuration["Gcp:ProjectId"]; | ||
| string? secretManagerCredentialsPath = configuration["Gcp:SecretManagerCredentialsPath"]; | ||
|
|
||
| builder.Add(new GcpSecretManagerConfigurationSource( | ||
| projectId, secretManagerCredentialsPath)); | ||
|
|
||
| return builder; | ||
| } | ||
| } |
98 changes: 98 additions & 0 deletions
98
Asaph.WebApi/GcpSecretManagerConfigurationProvider/GcpSecretManagerConfigurationProvider.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,98 @@ | ||
| using Google.Api.Gax; | ||
| using Google.Api.Gax.ResourceNames; | ||
| using Google.Cloud.SecretManager.V1; | ||
|
|
||
| namespace Asaph.WebApi.GcpSecretManagerConfigurationProvider; | ||
|
|
||
| /// <summary> | ||
| /// Configuration provider for GCP Secret Manager. | ||
| /// </summary> | ||
| public class GcpSecretManagerConfigurationProvider : ConfigurationProvider | ||
| { | ||
| private readonly SecretManagerServiceClient _client; | ||
| private readonly string _projectId; | ||
|
|
||
| /// <summary> | ||
| /// Initializes a new instance of the <see cref="GcpSecretManagerConfigurationProvider"/> class. | ||
| /// </summary> | ||
| /// <param name="projectId">GCP project id.</param> | ||
| /// <param name="secretManagerCredentialsPath">Secret Manager credentials path.</param> | ||
| public GcpSecretManagerConfigurationProvider( | ||
| string? projectId, string? secretManagerCredentialsPath) | ||
| { | ||
| if (projectId != null && secretManagerCredentialsPath != null) | ||
| { | ||
| SecretManagerServiceClientBuilder secretManagerServiceClientBuilder = new(); | ||
| secretManagerServiceClientBuilder.CredentialsPath = secretManagerCredentialsPath; | ||
| _client = secretManagerServiceClientBuilder.Build(); | ||
| } | ||
| else | ||
| { | ||
| _client = SecretManagerServiceClient.Create(); | ||
| } | ||
|
|
||
| _projectId = string.IsNullOrWhiteSpace(projectId) ? GetGcpProjectId() : projectId; | ||
| } | ||
|
|
||
| /// <inheritdoc/> | ||
| public override void Load() | ||
| { | ||
| IEnumerable<SecretName>? secretNames = _client | ||
| .ListSecrets(new ProjectName(_projectId))? | ||
| .Select(i => i.SecretName); | ||
|
|
||
| if (secretNames?.Any() == false) | ||
| return; | ||
|
|
||
| foreach (SecretName secretName in secretNames!) | ||
| { | ||
| try | ||
| { | ||
| SecretVersionName secretVersionName = new( | ||
| secretName.ProjectId, secretName.SecretId, "latest"); | ||
|
|
||
| AccessSecretVersionResponse secretVersion = _client | ||
| .AccessSecretVersion(secretVersionName); | ||
|
|
||
| Set( | ||
| NormalizeDelimiter(secretName.SecretId), | ||
| secretVersion.Payload.Data.ToStringUtf8()); | ||
| } | ||
| catch (Grpc.Core.RpcException) | ||
| { | ||
| // Ignore. This might happen if the secret has no versions available. | ||
| } | ||
| } | ||
| } | ||
|
|
||
| /// <summary> | ||
| /// Gets the GCP project id from the execution platform. | ||
| /// </summary> | ||
| /// <returns>Project id.</returns> | ||
| /// <exception cref="InvalidOperationException"> | ||
| /// Thrown if GCP execution platform information couldn't be retrieved. This is most likely due | ||
| /// to the service not running on GCP (e.g. local testing.) | ||
| /// </exception> | ||
| private static string GetGcpProjectId() | ||
| { | ||
| string? projectId = Platform.Instance()?.ProjectId; | ||
|
|
||
| if (projectId == null) | ||
| { | ||
| throw new InvalidOperationException( | ||
| "Could not retrieve GCP project id for GcpSecretManagerProvider."); | ||
| } | ||
|
|
||
| return projectId; | ||
| } | ||
|
|
||
| /// <summary> | ||
| /// Normalizes the "__" (double underscore) key delimeter. | ||
| /// </summary> | ||
| /// <param name="key">Key.</param> | ||
| /// <returns>The normalized key.</returns> | ||
| private static string NormalizeDelimiter(string key) | ||
| { | ||
| return key.Replace("__", ConfigurationPath.KeyDelimiter); | ||
| } | ||
| } |
29 changes: 29 additions & 0 deletions
29
Asaph.WebApi/GcpSecretManagerConfigurationProvider/GcpSecretManagerConfigurationSource.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| namespace Asaph.WebApi.GcpSecretManagerConfigurationProvider; | ||
|
|
||
| /// <summary> | ||
| /// GCP Secret Manager configurtion source. | ||
| /// </summary> | ||
| public class GcpSecretManagerConfigurationSource : IConfigurationSource | ||
| { | ||
| // Project id | ||
| private readonly string? _projectId; | ||
|
|
||
| // Secret Manager credentials path | ||
| private readonly string? _secretManagerCredentialsPath; | ||
|
|
||
| /// <summary> | ||
| /// Initializes a new instance of the <see cref="GcpSecretManagerConfigurationSource"/> class. | ||
| /// </summary> | ||
| /// <param name="projectId">Project id.</param> | ||
| /// <param name="secretManagerCredentialsPath">Secret Manager credentials path.</param> | ||
| public GcpSecretManagerConfigurationSource( | ||
| string? projectId, string? secretManagerCredentialsPath) | ||
| { | ||
| _projectId = projectId; | ||
| _secretManagerCredentialsPath = secretManagerCredentialsPath; | ||
| } | ||
|
|
||
| /// <inheritdoc/> | ||
| public IConfigurationProvider Build(IConfigurationBuilder builder) => | ||
| new GcpSecretManagerConfigurationProvider(_projectId, _secretManagerCredentialsPath); | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.