pkg/gcs: add helper methods for secret retrieval

a-nogikh · a-nogikh · commit f958dc971e37 · 2025-05-08T13:40:57.000+02:00
Add a method for querying the current project name.
Add a method for querying the latest secret version.
diff --git a/pkg/gce/gcp_secret.go b/pkg/gce/gcp_secret.go
@@ -5,18 +5,23 @@ package gce
 
 import (
 	"context"
+	"fmt"
 
+	"cloud.google.com/go/compute/metadata"
 	secretmanager "cloud.google.com/go/secretmanager/apiv1"
 	"cloud.google.com/go/secretmanager/apiv1/secretmanagerpb"
 )
 
 // GcpSecret returns the GCP Secret Manager blob as a []byte data.
 func GcpSecret(name string) ([]byte, error) {
+	return GcpSecretWithContext(context.Background(), name)
+}
+
+func GcpSecretWithContext(ctx context.Context, name string) ([]byte, error) {
 	// name := "projects/my-project/secrets/my-secret/versions/5"
 	// name := "projects/my-project/secrets/my-secret/versions/latest"
 
 	// Create the client.
-	ctx := context.Background()
 	client, err := secretmanager.NewClient(ctx)
 	if err != nil {
 		return nil, err
@@ -36,3 +41,21 @@ func GcpSecret(name string) ([]byte, error) {
 
 	return result.Payload.Data, nil
 }
+
+// LatestGcpSecret returns the latest secret value.
+func LatestGcpSecret(ctx context.Context, projectName, key string) ([]byte, error) {
+	return GcpSecretWithContext(ctx,
+		fmt.Sprintf("projects/%s/secrets/%s/versions/latest", projectName, key))
+}
+
+// ProjectName returns the name of the GCP project the code is running on.
+func ProjectName(ctx context.Context) (string, error) {
+	if !metadata.OnGCE() {
+		return "", fmt.Errorf("not running on GKE/GCE")
+	}
+	projectID, err := metadata.ProjectIDWithContext(ctx)
+	if err != nil {
+		return "", err
+	}
+	return projectID, nil
+}
