googleapis · bcoe · Jun 2, 2020 · Jun 2, 2020 · Jun 4, 2020
diff --git a/.kokoro/populate-secrets.sh b/.kokoro/populate-secrets.sh
@@ -0,0 +1,36 @@
+#!/bin/bash
+# Copyright 2020 Google LLC.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -eo pipefail
+
+user_uid="$(id -u)"
+user_gid="$(id -g)"
+
+# Populates requested secrets set in SECRET_MANAGER_KEYS from service account:
+# kokoro-trampoline@cloud-devrel-kokoro-resources.iam.gserviceaccount.com
+SECRET_LOCATION="${KOKORO_GFILE_DIR}/secret_manager"
+mkdir -p ${SECRET_LOCATION}
+for key in $(echo ${SECRET_MANAGER_KEYS} | sed "s/,/ /g")
+do
+  docker run --entrypoint=gcloud \
+    --user "${user_uid}:${user_gid}" \
+    --volume=${KOKORO_GFILE_DIR}:${KOKORO_GFILE_DIR} \
+    gcr.io/google.com/cloudsdktool/cloud-sdk \
+    secrets versions access latest \
+    --credential-file-override=${KOKORO_GFILE_DIR}/kokoro-trampoline.service-account.json \
+    --project cloud-devrel-kokoro-resources \
+    --secret $key > \
+    "$SECRET_LOCATION/$key"
+done
diff --git a/.kokoro/presubmit/node10/common.cfg b/.kokoro/presubmit/node10/common.cfg
@@ -32,3 +32,8 @@ env_vars: {
     key: "TRAMPOLINE_BUILD_FILE"
     value: "github/nodejs-secret-manager/.kokoro/test.sh"
 }
+env_vars: {
+    key: "SECRET_MANAGER_KEYS"
+    value: "not_a_real_secret_testing_permissions,npm_publish_token"
+}
+
diff --git a/.kokoro/publish.sh b/.kokoro/publish.sh
@@ -24,7 +24,7 @@ python3 -m releasetool publish-reporter-script > /tmp/publisher-script; source /
 
 cd $(dirname $0)/..
 
-NPM_TOKEN=$(cat $KOKORO_KEYSTORE_DIR/73713_google-cloud-secret-manager-npm-token)
+NPM_TOKEN=$(cat $KOKORO_GFILE_DIR/secret_manager/npm_publish_token
 echo "//wombat-dressing-room.appspot.com/:_authToken=${NPM_TOKEN}" > ~/.npmrc
 
 npm install

diff --git a/.kokoro/release/publish.cfg b/.kokoro/release/publish.cfg
@@ -47,13 +47,9 @@ before_action {
   }
 }
 
-before_action {
-  fetch_keystore {
-    keystore_resource {
-      keystore_config_id: 73713
-      keyname: "google-cloud-secret-manager-npm-token"
-    }
-  }
+env_vars: {
+  key: "SECRET_MANAGER_KEYS"
+  value: "npm_publish_token"
 }
 
 # Download trampoline resources.

diff --git a/.kokoro/samples-test.sh b/.kokoro/samples-test.sh
@@ -24,6 +24,9 @@ export GCLOUD_PROJECT=long-door-651
 
 cd $(dirname $0)/..
 
+# Test the new logic for populating secrets from secret manager:
+cat $KOKORO_GFILE_DIR/secret_manager/not_a_real_secret_testing_permissions
+
 # Run a pre-test hook, if a pre-samples-test.sh is in the project
 if [ -f .kokoro/pre-samples-test.sh ]; then
     set +x

diff --git a/.kokoro/system-test.sh b/.kokoro/system-test.sh
@@ -22,6 +22,11 @@ export NPM_CONFIG_PREFIX=/home/node/.npm-global
 export GOOGLE_APPLICATION_CREDENTIALS=${KOKORO_GFILE_DIR}/service-account.json
 export GCLOUD_PROJECT=long-door-651
 
+# Test the new logic for populating secrets from secret manager:
+cat $KOKORO_GFILE_DIR/secret_manager/not_a_real_secret_testing_permissions
+
+exit 0
+
 cd $(dirname $0)/..
 
 # Run a pre-test hook, if a pre-system-test.sh is in the project

diff --git a/.kokoro/trampoline.sh b/.kokoro/trampoline.sh
@@ -24,4 +24,5 @@ function cleanup() {
 }
 trap cleanup EXIT
 
+$(dirname $0)/populate-secrets.sh # Secret Manager secrets.
 python3 "${KOKORO_GFILE_DIR}/trampoline_v1.py"
diff --git a/README.md b/README.md
@@ -96,7 +96,7 @@ async function createAndAccessSecret() {
     name: version.name,
   });
 
-  const responsePayload = accessResponse.payload.data.toString();
+  const responsePayload = accessResponse.payload.data.toString('utf8');
   console.info(`Payload: ${responsePayload}`);
 }
 createAndAccessSecret();

diff --git a/protos/protos.js b/protos/protos.js
diff --git a/synth.metadata b/synth.metadata
@@ -3,23 +3,16 @@
     {
       "git": {
         "name": ".",
-        "remote": "https://github.com/googleapis/nodejs-secret-manager.git",
-        "sha": "783524d5925029f130a8787f02319d14a0a8dc59"
+        "remote": "git@github.com:googleapis/nodejs-secret-manager.git",
+        "sha": "92d466e383867d312bc26e1133f3e079426d9b37"
       }
     },
     {
       "git": {
         "name": "googleapis",
         "remote": "https://github.com/googleapis/googleapis.git",
-        "sha": "358c09c45c681c6773b49aeb136f0a7ccbf7720c",
-        "internalRef": "311216074"
-      }
-    },
-    {
-      "git": {
-        "name": "synthtool",
-        "remote": "https://github.com/googleapis/synthtool.git",
-        "sha": "be74d3e532faa47eb59f1a0eaebde0860d1d8ab4"
+        "sha": "e45a2f54dce1ac68497acf305145f9e5bb7e1e48",
+        "internalRef": "314725741"
       }
     }
   ],