internal: add GetSecret to get a GCP secret
Move this function out of internal/pkgsitedb so it can be
used elsewhere.
Change-Id: I782871042d424997c1476cf27a57436612ba9ad5
Reviewed-on: https://go-review.googlesource.com/c/pkgsite-metrics/+/483038
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
diff --git a/internal/pkgsitedb/db.go b/internal/pkgsitedb/db.go
index a583067..e5a7afe 100644
--- a/internal/pkgsitedb/db.go
+++ b/internal/pkgsitedb/db.go
@@ -16,8 +16,7 @@
_ "github.com/lib/pq"
- secretmanager "cloud.google.com/go/secretmanager/apiv1"
- smpb "cloud.google.com/go/secretmanager/apiv1/secretmanagerpb"
+ "golang.org/x/pkgsite-metrics/internal"
"golang.org/x/pkgsite-metrics/internal/config"
"golang.org/x/pkgsite-metrics/internal/derrors"
"golang.org/x/pkgsite-metrics/internal/scan"
@@ -26,7 +25,7 @@
// Open creates a connection to the pkgsite database.
func Open(ctx context.Context, cfg *config.Config) (_ *sql.DB, err error) {
defer derrors.Wrap(&err, "Open")
- password, err := getPasswordSecret(ctx, cfg.PkgsiteDBSecret)
+ password, err := internal.GetSecret(ctx, cfg.PkgsiteDBSecret)
if err != nil {
return nil, err
}
@@ -50,23 +49,6 @@
return passwordRegexp.ReplaceAllLiteralString(dbinfo, "password=REDACTED")
}
-func getPasswordSecret(ctx context.Context, secretFullName string) (_ string, err error) {
- defer derrors.Wrap(&err, "getPasswordSecret(ctx, %q)", secretFullName)
-
- client, err := secretmanager.NewClient(ctx)
- if err != nil {
- return "", err
- }
- defer client.Close()
- result, err := client.AccessSecretVersion(ctx, &smpb.AccessSecretVersionRequest{
- Name: secretFullName + "/versions/latest",
- })
- if err != nil {
- return "", err
- }
- return string(result.Payload.Data), nil
-}
-
// ModuleSpecs retrieves all modules that contain packages that are
// imported by minImportedByCount or more packages.
// It looks for the information in the search_documents table of the given pkgsite DB.
diff --git a/internal/secrets.go b/internal/secrets.go
new file mode 100644
index 0000000..88cd29d
--- /dev/null
+++ b/internal/secrets.go
@@ -0,0 +1,32 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package internal
+
+import (
+ "context"
+
+ secretmanager "cloud.google.com/go/secretmanager/apiv1"
+ smpb "cloud.google.com/go/secretmanager/apiv1/secretmanagerpb"
+ "golang.org/x/pkgsite-metrics/internal/derrors"
+)
+
+// GetSecret retrieves a secret from the GCP Secret Manager.
+// secretFullName should be of the form "projects/PROJECT/secrets/NAME".
+func GetSecret(ctx context.Context, secretFullName string) (_ string, err error) {
+ defer derrors.Wrap(&err, "GetSecret(ctx, %q)", secretFullName)
+
+ client, err := secretmanager.NewClient(ctx)
+ if err != nil {
+ return "", err
+ }
+ defer client.Close()
+ result, err := client.AccessSecretVersion(ctx, &smpb.AccessSecretVersionRequest{
+ Name: secretFullName + "/versions/latest",
+ })
+ if err != nil {
+ return "", err
+ }
+ return string(result.Payload.Data), nil
+}
