Add an API flag to restore_secrets script (#991)

Add an optional api flag so that you one may checkout secrets for only a subset of products.

Author: DellaBitta

scripts/gha/restore_secrets.py

@@ -24,6 +24,8 @@
 --passphrase_file: Specify a file to read the passphrase from (only reads the
  first line). Use "-" (without quotes) for stdin.
 --repo_dir: Path to C++ SDK Github repository. Defaults to current directory.
+--apis: Specify a list of particular product APIs and retrieve only their
+ secrets.
 
 This script will perform the following:
 
@@ -50,7 +52,9 @@
 flags.DEFINE_string("passphrase", None, "The passphrase itself.")
 flags.DEFINE_string("passphrase_file", None,
  "Path to file with passphrase. Use \"-\" (without quotes) for stdin.")
-flags.DEFINE_string("artifact", None, "Artifact Path, google-services.json will be placed here.")
+flags.DEFINE_string("artifact", None, "Artifact Path, google-services.json will be placed here.") 
+flags.DEFINE_list("apis",[], "Optional comma-separated list of APIs for which to retreive "
+ " secrets. All secrets will be fetched if this is flag is not defined.")
 
 
 def main(argv):
@@ -69,17 +73,23 @@ def main(argv):
  else:
  raise ValueError("Must supply passphrase or passphrase_file arg.")
 
+ if FLAGS.apis:
+ print("Retrieving secrets for product APIs: ", FLAGS.apis)
+
  secrets_dir = os.path.join(repo_dir, "scripts", "gha-encrypted")
  encrypted_files = _find_encrypted_files(secrets_dir)
  print("Found these encrypted files:\n%s" % "\n".join(encrypted_files))
 
  for path in encrypted_files:
  if "google-services" in path or "GoogleService" in path:
- print("Encrypted Google Service file found: %s" % path)
  # We infer the destination from the file's directory, example:
  # /scripts/gha-encrypted/auth/google-services.json.gpg turns into
  # /<repo_dir>/auth/integration_test/google-services.json
  api = os.path.basename(os.path.dirname(path))
+ if FLAGS.apis and api not in FLAGS.apis:
+ print("Skipping secret found in product api", api)
+ continue
+ print("Encrypted Google Service file found: %s" % path)
  file_name = os.path.basename(path).replace(".gpg", "")
  dest_paths = [os.path.join(repo_dir, api, "integration_test", file_name)]
  if FLAGS.artifact:
@@ -107,17 +117,19 @@ def main(argv):
  if FLAGS.artifact:
  return
 
- print("Attempting to patch Dynamic Links uri prefix.")
- uri_path = os.path.join(secrets_dir, "dynamic_links", "uri_prefix.txt.gpg")
- uri_prefix = _decrypt(uri_path, passphrase)
- dlinks_project = os.path.join(repo_dir, "dynamic_links", "integration_test")
- _patch_main_src(dlinks_project, "REPLACE_WITH_YOUR_URI_PREFIX", uri_prefix)
-
- print("Attempting to patch Messaging server key.")
- server_key_path = os.path.join(secrets_dir, "messaging", "server_key.txt.gpg")
- server_key = _decrypt(server_key_path, passphrase)
- messaging_project = os.path.join(repo_dir, "messaging", "integration_test")
- _patch_main_src(messaging_project, "REPLACE_WITH_YOUR_SERVER_KEY", server_key)
+ if not FLAGS.apis or "dynamic_links" in FLAGS.apis:
+ print("Attempting to patch Dynamic Links uri prefix.")
+ uri_path = os.path.join(secrets_dir, "dynamic_links", "uri_prefix.txt.gpg")
+ uri_prefix = _decrypt(uri_path, passphrase)
+ dlinks_project = os.path.join(repo_dir, "dynamic_links", "integration_test")
+ _patch_main_src(dlinks_project, "REPLACE_WITH_YOUR_URI_PREFIX", uri_prefix)
+
+ if not FLAGS.apis or "messaging" in FLAGS.apis:
+ print("Attempting to patch Messaging server key.")
+ server_key_path = os.path.join(secrets_dir, "messaging", "server_key.txt.gpg")
+ server_key = _decrypt(server_key_path, passphrase)
+ messaging_project = os.path.join(repo_dir, "messaging", "integration_test")
+ _patch_main_src(messaging_project, "REPLACE_WITH_YOUR_SERVER_KEY", server_key)
 
  print("Attempting to decrypt GCS service account key file.")
  decrypted_key_file = os.path.join(secrets_dir, "gcs_key_file.json")