internal/gaby: add -netrc flag
This allows running gaby against Cloud-hosted databases
and using the Gemini API without needing access to the
Cloud Secret Manager.
Change-Id: I0b6e2d3d146fecf5f855530a7c914060a4aa8697
Reviewed-on: https://go-review.googlesource.com/c/oscar/+/708879
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Hyang-Ah Hana Kim <hyangah@gmail.com>
diff --git a/internal/gaby/main.go b/internal/gaby/main.go
index a7cccb1..7bca036 100644
--- a/internal/gaby/main.go
+++ b/internal/gaby/main.go
@@ -62,6 +62,7 @@
enablesync bool
enablechanges bool
testactions bool
+ netrc bool
level string
overlay string
autoApprove string // list of packages that do not require manual approval
@@ -81,6 +82,7 @@
flag.StringVar(&flags.overlay, "overlay", "", "spec for overlay to DB; see internal/dbspec for syntax")
flag.StringVar(&flags.autoApprove, "autoapprove", "", "comma-separated list of packages whose actions do not require approval")
flag.BoolVar(&flags.enforcePolicy, "enforcepolicy", false, "whether to enforce safety policies on LLM inputs and outputs")
+ flag.BoolVar(&flags.netrc, "netrc", false, "use netrc for secrets")
}
// Gaby holds the state for gaby's execution.
@@ -356,11 +358,15 @@
log.Fatal("missing -firestoredb flag")
}
- sdb, err := gcpsecret.NewSecretDB(g.ctx, flags.project)
- if err != nil {
- log.Fatal(err)
+ if flags.netrc {
+ g.secret = secret.Netrc()
+ } else {
+ sdb, err := gcpsecret.NewSecretDB(g.ctx, flags.project)
+ if err != nil {
+ log.Fatal(err)
+ }
+ g.secret = sdb
}
- g.secret = sdb
if flags.enforcePolicy {
llmchecker, err := checks.New(g.ctx, g.slog, flags.project, llm.AllPolicyTypes())
