1#!/bin/bash
2# Copyright 2023 Google LLC.
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15
16set -eo pipefail
17
18function now { date +"%Y-%m-%d %H:%M:%S" | tr -d '\n'; }
19function msg { println "$*" >&2; }
20function println { printf '%s\n' "$(now) $*"; }
21
22# Populates requested secrets set in SECRET_MANAGER_KEYS from service account:
23# kokoro-trampoline@cloud-devrel-kokoro-resources.iam.gserviceaccount.com
24SECRET_LOCATION="${KOKORO_GFILE_DIR}/secret_manager"
25msg "Creating folder on disk for secrets: ${SECRET_LOCATION}"
26mkdir -p ${SECRET_LOCATION}
27for key in $(echo ${SECRET_MANAGER_KEYS} | sed "s/,/ /g"); do
28 msg "Retrieving secret ${key}"
29 docker run --entrypoint=gcloud \
30 --volume=${KOKORO_GFILE_DIR}:${KOKORO_GFILE_DIR} \
31 gcr.io/google.com/cloudsdktool/cloud-sdk \
32 secrets versions access latest \
33 --credential-file-override=${KOKORO_GFILE_DIR}/kokoro-trampoline.service-account.json \
34 --project cloud-devrel-kokoro-resources \
35 --secret ${key} > \
36 "${SECRET_LOCATION}/${key}"
37 if [[ $? == 0 ]]; then
38 msg "Secret written to ${SECRET_LOCATION}/${key}"
39 else
40 msg "Error retrieving secret ${key}"
41 fi
42done
View as plain text