Skip to content

Commit

Permalink
Merge pull request #184 from statisticsnorway/173-add-use-of-google-s…
Browse files Browse the repository at this point in the history
…ecret-manager

173 add use of google secret manager
  • Loading branch information
mallport authored Nov 6, 2024
2 parents f63332e + 980cf79 commit 8153a3a
Show file tree
Hide file tree
Showing 6 changed files with 1,336 additions and 1,216 deletions.
2,494 changes: 1,280 additions & 1,214 deletions poetry.lock

Large diffs are not rendered by default.

4 changes: 3 additions & 1 deletion pyproject.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[tool.poetry]
name = "dapla-toolbelt"
version = "3.0.2"
version = "3.1.2"
description = "Dapla Toolbelt"
authors = ["Dapla Developers <dapla-platform-developers@ssb.no>"]
license = "MIT"
Expand All @@ -27,6 +27,8 @@ pyjwt = ">=2.6.0"
tomli = ">=1.1.0"
google-cloud-pubsub = ">=2.14.1"
fsspec = ">=2023.12.2"
google-cloud-secret-manager = "^2.21.0"
pytest-mock = "^3.14.0"

[tool.poetry.group.dev.dependencies]
pygments = ">=2.10.0"
Expand Down
2 changes: 2 additions & 0 deletions src/dapla/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
from .doctor import Doctor
from .files import FileClient
from .git import repo_root_dir
from .gsm import get_secret_version
from .guardian import GuardianClient
from .jupyterhub import generate_api_token
from .pandas import read_pandas
Expand All @@ -33,6 +34,7 @@
"read_pandas",
"write_pandas",
"trigger_source_data_processing",
"get_secret_version",
]


Expand Down
29 changes: 29 additions & 0 deletions src/dapla/gsm.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
from typing import Optional

from google.cloud.secretmanager import SecretManagerServiceClient

from .auth import AuthClient


def get_secret_version(
project_id: str, shortname: str, version_id: Optional[str] = "latest"
) -> str:
"""Access the payload for a given secret version.
The user's google credentials are used to authorize that the user have permission
to access the secret_id.
Args:
project_id (str): ID of the Google Cloud project where the secret is stored.
shortname (str): Name (not full path) of the secret in Secret Manager.
version_id (str, optional): The version of the secret to access. Defaults to 'latest'.
Returns:
str: The payload of the secret version as a UTF-8 decoded string.
"""
client = SecretManagerServiceClient(
credentials=AuthClient.fetch_google_credentials()
)
secret_name = f"projects/{project_id}/secrets/{shortname}/versions/{version_id}"
response = client.access_secret_version(name=secret_name)
return str(response.payload.data.decode("UTF-8"))
2 changes: 1 addition & 1 deletion src/dapla/pandas.py
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ def read_pandas(
gcs_path = FileClient._remove_gcs_uri_prefix(gcs_path)

parquet_ds = pq.ParquetDataset(
gcs_path,
gcs_path, # type: ignore [arg-type]
filesystem=fs,
filters=filters, # type: ignore [arg-type]
) # Stubs show the incorrect type -
Expand Down
21 changes: 21 additions & 0 deletions tests/test_gsm.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
from unittest.mock import Mock

from pytest_mock import MockerFixture

from dapla.gsm import get_secret_version

PKG = "dapla.gsm"


def test_get_secret_version(mocker: MockerFixture) -> None:
mock_smclient = mocker.patch(f"{PKG}.SecretManagerServiceClient")
mock_authclient = mocker.patch(f"{PKG}.AuthClient")

fake_creds = Mock()
mock_authclient.fetch_google_credentials.return_value = fake_creds

project_id = "tester-a92f"
shortname = "supersecret"

get_secret_version(project_id=project_id, shortname=shortname)
mock_smclient.assert_called_once_with(credentials=fake_creds)

0 comments on commit 8153a3a

Please sign in to comment.