1#!/bin/bash 2# Copyright 2020 Google LLC. 3# 4# Licensed under the Apache License, Version 2.0 (the "License"); 5# you may not use this file except in compliance with the License. 6# You may obtain a copy of the License at 7# 8# http://www.apache.org/licenses/LICENSE-2.0 9# 10# Unless required by applicable law or agreed to in writing, software 11# distributed under the License is distributed on an "AS IS" BASIS, 12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13# See the License for the specific language governing permissions and 14# limitations under the License. 15 16set -eo pipefail 17 18function now { date +"%Y-%m-%d %H:%M:%S" | tr -d '\n' ;} 19function msg { println "$*" >&2 ;} 20function println { printf '%s\n' "$(now) $*" ;} 21 22 23# Populates requested secrets set in SECRET_MANAGER_KEYS from service account: 24# kokoro-trampoline@cloud-devrel-kokoro-resources.iam.gserviceaccount.com 25SECRET_LOCATION="${KOKORO_GFILE_DIR}/secret_manager" 26msg "Creating folder on disk for secrets: ${SECRET_LOCATION}" 27mkdir -p ${SECRET_LOCATION} 28for key in $(echo ${SECRET_MANAGER_KEYS} | sed "s/,/ /g") 29do 30 msg "Retrieving secret ${key}" 31 docker run --entrypoint=gcloud \ 32 --volume=${KOKORO_GFILE_DIR}:${KOKORO_GFILE_DIR} \ 33 gcr.io/google.com/cloudsdktool/cloud-sdk \ 34 secrets versions access latest \ 35 --project cloud-devrel-kokoro-resources \ 36 --secret ${key} > \ 37 "${SECRET_LOCATION}/${key}" 38 if [[ $? == 0 ]]; then 39 msg "Secret written to ${SECRET_LOCATION}/${key}" 40 else 41 msg "Error retrieving secret ${key}" 42 fi 43done 44