From aa5bfe04d57ae0697839036e76b6f7a046606ece Mon Sep 17 00:00:00 2001 From: Aleksandr Nogikh Date: Mon, 11 Aug 2025 17:10:16 +0200 Subject: pkg: move gcpsecret to a separate package It simplifies the dependency tree and fixes a build error for the send-test-email container. --- pkg/gce/gcp_secret.go | 61 ---------------------------- pkg/gcpsecret/secret.go | 61 ++++++++++++++++++++++++++++ syz-cluster/pkg/emailclient/smtp_sender.go | 6 +-- syz-cluster/tools/send-test-email/Dockerfile | 2 +- 4 files changed, 65 insertions(+), 65 deletions(-) delete mode 100644 pkg/gce/gcp_secret.go create mode 100644 pkg/gcpsecret/secret.go diff --git a/pkg/gce/gcp_secret.go b/pkg/gce/gcp_secret.go deleted file mode 100644 index ef4eb2341..000000000 --- a/pkg/gce/gcp_secret.go +++ /dev/null @@ -1,61 +0,0 @@ -// Copyright 2021 syzkaller project authors. All rights reserved. -// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. - -package gce - -import ( - "context" - "fmt" - - "cloud.google.com/go/compute/metadata" - secretmanager "cloud.google.com/go/secretmanager/apiv1" - "cloud.google.com/go/secretmanager/apiv1/secretmanagerpb" -) - -// GcpSecret returns the GCP Secret Manager blob as a []byte data. -func GcpSecret(name string) ([]byte, error) { - return GcpSecretWithContext(context.Background(), name) -} - -func GcpSecretWithContext(ctx context.Context, name string) ([]byte, error) { - // name := "projects/my-project/secrets/my-secret/versions/5" - // name := "projects/my-project/secrets/my-secret/versions/latest" - - // Create the client. - client, err := secretmanager.NewClient(ctx) - if err != nil { - return nil, err - } - defer client.Close() - - // Build the request. - req := &secretmanagerpb.AccessSecretVersionRequest{ - Name: name, - } - - // Call the API. - result, err := client.AccessSecretVersion(ctx, req) - if err != nil { - return nil, err - } - - return result.Payload.Data, nil -} - -// LatestGcpSecret returns the latest secret value. -func LatestGcpSecret(ctx context.Context, projectName, key string) ([]byte, error) { - return GcpSecretWithContext(ctx, - fmt.Sprintf("projects/%s/secrets/%s/versions/latest", projectName, key)) -} - -// ProjectName returns the name of the GCP project the code is running on. -func ProjectName(ctx context.Context) (string, error) { - if !metadata.OnGCE() { - return "", fmt.Errorf("not running on GKE/GCE") - } - projectID, err := metadata.ProjectIDWithContext(ctx) - if err != nil { - return "", err - } - return projectID, nil -} diff --git a/pkg/gcpsecret/secret.go b/pkg/gcpsecret/secret.go new file mode 100644 index 000000000..a801615f2 --- /dev/null +++ b/pkg/gcpsecret/secret.go @@ -0,0 +1,61 @@ +// Copyright 2021 syzkaller project authors. All rights reserved. +// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. + +package gcpsecret + +import ( + "context" + "fmt" + + "cloud.google.com/go/compute/metadata" + secretmanager "cloud.google.com/go/secretmanager/apiv1" + "cloud.google.com/go/secretmanager/apiv1/secretmanagerpb" +) + +// GcpSecret returns the GCP Secret Manager blob as a []byte data. +func GcpSecret(name string) ([]byte, error) { + return GcpSecretWithContext(context.Background(), name) +} + +func GcpSecretWithContext(ctx context.Context, name string) ([]byte, error) { + // name := "projects/my-project/secrets/my-secret/versions/5" + // name := "projects/my-project/secrets/my-secret/versions/latest" + + // Create the client. + client, err := secretmanager.NewClient(ctx) + if err != nil { + return nil, err + } + defer client.Close() + + // Build the request. + req := &secretmanagerpb.AccessSecretVersionRequest{ + Name: name, + } + + // Call the API. + result, err := client.AccessSecretVersion(ctx, req) + if err != nil { + return nil, err + } + + return result.Payload.Data, nil +} + +// LatestGcpSecret returns the latest secret value. +func LatestGcpSecret(ctx context.Context, projectName, key string) ([]byte, error) { + return GcpSecretWithContext(ctx, + fmt.Sprintf("projects/%s/secrets/%s/versions/latest", projectName, key)) +} + +// ProjectName returns the name of the GCP project the code is running on. +func ProjectName(ctx context.Context) (string, error) { + if !metadata.OnGCE() { + return "", fmt.Errorf("not running on GKE/GCE") + } + projectID, err := metadata.ProjectIDWithContext(ctx) + if err != nil { + return "", err + } + return projectID, nil +} diff --git a/syz-cluster/pkg/emailclient/smtp_sender.go b/syz-cluster/pkg/emailclient/smtp_sender.go index b3f204d9f..7a0e3829d 100644 --- a/syz-cluster/pkg/emailclient/smtp_sender.go +++ b/syz-cluster/pkg/emailclient/smtp_sender.go @@ -11,7 +11,7 @@ import ( "strconv" "strings" - "github.com/google/syzkaller/pkg/gce" + "github.com/google/syzkaller/pkg/gcpsecret" "github.com/google/syzkaller/syz-cluster/pkg/app" "github.com/google/uuid" ) @@ -22,7 +22,7 @@ type smtpSender struct { } func newSMTPSender(ctx context.Context, cfg *app.EmailConfig) (*smtpSender, error) { - project, err := gce.ProjectName(ctx) + project, err := gcpsecret.ProjectName(ctx) if err != nil { return nil, fmt.Errorf("failed to query project name: %w", err) } @@ -117,7 +117,7 @@ func (sender *smtpSender) querySecret(ctx context.Context, key string) (string, var err error for i := 0; i < retries; i++ { var val []byte - val, err := gce.LatestGcpSecret(ctx, sender.projectName, key) + val, err := gcpsecret.LatestGcpSecret(ctx, sender.projectName, key) if err == nil { return string(val), nil } diff --git a/syz-cluster/tools/send-test-email/Dockerfile b/syz-cluster/tools/send-test-email/Dockerfile index 41e029ded..69706aff0 100644 --- a/syz-cluster/tools/send-test-email/Dockerfile +++ b/syz-cluster/tools/send-test-email/Dockerfile @@ -8,9 +8,9 @@ COPY go.sum ./ RUN go mod download COPY dashboard/dashapi/ dashboard/dashapi/ COPY pkg/gcs/ pkg/gcs/ -COPY pkg/gce/ pkg/gce/ COPY pkg/email/ pkg/email/ COPY pkg/auth/ pkg/auth/ +COPY pkg/gcpsecret/ pkg/gcpsecret/ # Build the tool. COPY syz-cluster/tools/send-test-email/*.go syz-cluster/tools/send-test-email/ -- cgit mrf-deployment