fix: correctly fetch gcp project id

bazel-contrib · Jan 2, 2024 · 09fdf46 · 09fdf46
1 parent 3ecac12
commit 09fdf46
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 2 deletions.
diff --git a/e2e/stubs/cloud-functions.ts b/e2e/stubs/cloud-functions.ts
@@ -38,7 +38,6 @@ export class CloudFunctions implements StubbedServer {
           SMTP_HOST: this.emailAccount.smtp.host,
           SMTP_PORT: this.emailAccount.smtp.port.toString(),
           NOTIFICATIONS_EMAIL: this.emailAccount.user,
-          GCP_PROJECT: "test-project",
           SECRET_MANAGER_HOST: this.secrets.getHost(),
           SECRET_MANAGER_PORT: this.secrets.getPort().toString(),
           BAZEL_CENTRAL_REGISTRY: "bazelbuild/bazel-central-registry",

diff --git a/src/infrastructure/secrets.ts b/src/infrastructure/secrets.ts
@@ -1,4 +1,5 @@
 import { SecretManagerServiceClient } from "@google-cloud/secret-manager";
+import gcpMetadata from "gcp-metadata";
 
 export class SecretsClient {
   private readonly googleSecretsClient;
@@ -19,7 +20,7 @@ export class SecretsClient {
   }
 
   public async accessSecret(name: string): Promise<string> {
-    const projectId = process.env.GCP_PROJECT;
+    const projectId = await getProjectIdOfExecutingCloudFunction();
     const secretName = `projects/${projectId}/secrets/${name}/versions/latest`;
 
     const [response] = await this.googleSecretsClient.accessSecretVersion({
@@ -30,3 +31,10 @@ export class SecretsClient {
     return secret;
   }
 }
+
+async function getProjectIdOfExecutingCloudFunction(): Promise<string> {
+  if (process.env.INTEGRATION_TESTING) {
+    return "test-project";
+  }
+  return await gcpMetadata.project("numeric-project-id");
+}