in pkg/berglas/read.go [101:168]
func (c *Client) secretManagerRead(ctx context.Context, i *SecretManagerReadRequest) (*Secret, error) {
project := i.Project
if project == "" {
return nil, fmt.Errorf("missing project")
}
name := i.Name
if name == "" {
return nil, fmt.Errorf("missing secret name")
}
version := i.Version
if version == "" {
version = "latest"
}
logger := logging.FromContext(ctx).With(
"project", project,
"name", name,
"version", version,
)
logger.DebugContext(ctx, "read.start")
defer logger.DebugContext(ctx, "read.finish")
logger.DebugContext(ctx, "reading secret version")
versionResp, err := c.secretManagerClient.GetSecretVersion(ctx, &secretspb.GetSecretVersionRequest{
Name: fmt.Sprintf("projects/%s/secrets/%s/versions/%s", project, name, version),
})
if err != nil {
terr, ok := grpcstatus.FromError(err)
if ok && terr.Code() == grpccodes.NotFound {
return nil, errSecretDoesNotExist
}
return nil, fmt.Errorf("failed to read secret: %w", err)
}
logger.DebugContext(ctx, "accessing secret data")
accessResp, err := c.secretManagerClient.AccessSecretVersion(ctx, &secretspb.AccessSecretVersionRequest{
Name: fmt.Sprintf("projects/%s/secrets/%s/versions/%s", project, name, version),
})
if err != nil {
return nil, fmt.Errorf("failed to access secret: %w", err)
}
logger.DebugContext(ctx, "parsing location")
var locations []string
replication := versionResp.ReplicationStatus.GetUserManaged()
if replication != nil {
locations = make([]string, len(replication.Replicas))
for i, r := range replication.Replicas {
locations[i] = r.Location
}
}
sort.Strings(locations)
return &Secret{
Parent: project,
Name: name,
Version: path.Base(versionResp.Name),
Plaintext: accessResp.Payload.Data,
UpdatedAt: timestampToTime(versionResp.CreateTime),
Locations: locations,
}, nil
}