pkg: move gcpsecret to a separate package

It simplifies the dependency tree and fixes a build error for the send-test-email container.
author: Aleksandr Nogikh <nogikh@google.com> 2025-08-11 17:10:16 +0200
committer: Aleksandr Nogikh <nogikh@google.com> 2025-08-11 16:55:39 +0000
commit: aa5bfe04d57ae0697839036e76b6f7a046606ece (patch)
tree: 0896bc76a5dc15843eba6de4abfcf445aa26e9f0 /pkg/gcpsecret
parent: 32a0e5edfeef60e894c453dc9e9ae45528626ef1 (diff)
1 files changed, 61 insertions, 0 deletions
diff --git a/pkg/gcpsecret/secret.go b/pkg/gcpsecret/secret.go
new file mode 100644
index 000000000..a801615f2
--- /dev/null
+++ b/pkg/gcpsecret/secret.go
@@ -0,0 +1,61 @@
+// Copyright 2021 syzkaller project authors. All rights reserved.
+// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+package gcpsecret
+
+import (
+	"context"
+	"fmt"
+
+	"cloud.google.com/go/compute/metadata"
+	secretmanager "cloud.google.com/go/secretmanager/apiv1"
+	"cloud.google.com/go/secretmanager/apiv1/secretmanagerpb"
+)
+
+// GcpSecret returns the GCP Secret Manager blob as a []byte data.
+func GcpSecret(name string) ([]byte, error) {
+	return GcpSecretWithContext(context.Background(), name)
+}
+
+func GcpSecretWithContext(ctx context.Context, name string) ([]byte, error) {
+	// name := "projects/my-project/secrets/my-secret/versions/5"
+	// name := "projects/my-project/secrets/my-secret/versions/latest"
+
+	// Create the client.
+	client, err := secretmanager.NewClient(ctx)
+	if err != nil {
+		return nil, err
+	}
+	defer client.Close()
+
+	// Build the request.
+	req := &secretmanagerpb.AccessSecretVersionRequest{
+		Name: name,
+	}
+
+	// Call the API.
+	result, err := client.AccessSecretVersion(ctx, req)
+	if err != nil {
+		return nil, err
+	}
+
+	return result.Payload.Data, nil
+}
+
+// LatestGcpSecret returns the latest secret value.
+func LatestGcpSecret(ctx context.Context, projectName, key string) ([]byte, error) {
+	return GcpSecretWithContext(ctx,
+		fmt.Sprintf("projects/%s/secrets/%s/versions/latest", projectName, key))
+}
+
+// ProjectName returns the name of the GCP project the code is running on.
+func ProjectName(ctx context.Context) (string, error) {
+	if !metadata.OnGCE() {
+		return "", fmt.Errorf("not running on GKE/GCE")
+	}
+	projectID, err := metadata.ProjectIDWithContext(ctx)
+	if err != nil {
+		return "", err
+	}
+	return projectID, nil
+}
author	Aleksandr Nogikh <nogikh@google.com>	2025-08-11 17:10:16 +0200
committer	Aleksandr Nogikh <nogikh@google.com>	2025-08-11 16:55:39 +0000
commit	aa5bfe04d57ae0697839036e76b6f7a046606ece (patch)
tree	0896bc76a5dc15843eba6de4abfcf445aa26e9f0 /pkg/gcpsecret
parent	32a0e5edfeef60e894c453dc9e9ae45528626ef1 (diff)