github.com/nais/knorten@v0.0.0-20240104110906-55926958e361/pkg/gcp/gsm.go

github.com/nais/knorten@v0.0.0-20240104110906-55926958e361/pkg/gcp/gsm.go (about)

     1  package gcp
     2  
     3  import (
     4  	"context"
     5  	"fmt"
     6  
     7  	secretmanager "cloud.google.com/go/secretmanager/apiv1"
     8  	"cloud.google.com/go/secretmanager/apiv1/secretmanagerpb"
     9  	"github.com/googleapis/gax-go/v2/apierror"
    10  	"google.golang.org/grpc/codes"
    11  )
    12  
    13  func CreateSecret(ctx context.Context, gcpProject, gcpRegion, secretID string, labels map[string]string) (*secretmanagerpb.Secret, error) {
    14  	client, err := secretmanager.NewClient(ctx)
    15  	if err != nil {
    16  		return nil, err
    17  	}
    18  	defer client.Close()
    19  
    20  	labels["created-by"] = "knorten"
    21  
    22  	req := &secretmanagerpb.CreateSecretRequest{
    23  		Parent:   "projects/" + gcpProject,
    24  		SecretId: secretID,
    25  		Secret: &secretmanagerpb.Secret{
    26  			Labels: labels,
    27  			Replication: &secretmanagerpb.Replication{
    28  				Replication: &secretmanagerpb.Replication_UserManaged_{
    29  					UserManaged: &secretmanagerpb.Replication_UserManaged{
    30  						Replicas: []*secretmanagerpb.Replication_UserManaged_Replica{
    31  							{
    32  								Location: gcpRegion,
    33  							},
    34  						},
    35  					},
    36  				},
    37  			},
    38  		},
    39  	}
    40  
    41  	s, err := client.CreateSecret(ctx, req)
    42  	if err != nil {
    43  		apiError, ok := apierror.FromError(err)
    44  		if ok {
    45  			if apiError.GRPCStatus().Code() == codes.AlreadyExists {
    46  				return client.GetSecret(ctx, &secretmanagerpb.GetSecretRequest{
    47  					Name: fmt.Sprintf("projects/%v/secrets/%v", gcpProject, secretID),
    48  				})
    49  			}
    50  		}
    51  		return nil, err
    52  	}
    53  
    54  	return s, nil
    55  }
    56  
    57  func DeleteSecret(ctx context.Context, gcpProject, secretID string) error {
    58  	client, err := secretmanager.NewClient(ctx)
    59  	if err != nil {
    60  		return err
    61  	}
    62  	defer client.Close()
    63  
    64  	project := fmt.Sprintf("projects/%v", gcpProject)
    65  	_ = client.ListSecrets(ctx, &secretmanagerpb.ListSecretsRequest{
    66  		Parent:   project,
    67  		PageSize: int32(500),
    68  	})
    69  
    70  	req := &secretmanagerpb.DeleteSecretRequest{
    71  		Name: fmt.Sprintf("%v/secrets/%v", project, secretID),
    72  	}
    73  
    74  	err = client.DeleteSecret(ctx, req)
    75  	if err != nil {
    76  		apiError, ok := apierror.FromError(err)
    77  		if ok {
    78  			if apiError.GRPCStatus().Code() == codes.NotFound {
    79  				return nil
    80  			}
    81  		}
    82  
    83  		return err
    84  	}
    85  
    86  	return nil
    87  }