Add an API flag to restore_secrets script

scripts/gha/restore_secrets.py

@@ -24,6 +24,8 @@
 --passphrase_file: Specify a file to read the passphrase from (only reads the
     first line). Use "-" (without quotes) for stdin.
 --repo_dir: Path to C++ SDK Github repository. Defaults to current directory.
+--apis: Specify a list of particular product APIs and retrieve only their
+    secrets.
 
 This script will perform the following:
 
@@ -50,7 +52,9 @@
 flags.DEFINE_string("passphrase", None, "The passphrase itself.")
 flags.DEFINE_string("passphrase_file", None,
                     "Path to file with passphrase. Use \"-\" (without quotes) for stdin.")
-flags.DEFINE_string("artifact", None, "Artifact Path, google-services.json will be placed here.")
+flags.DEFINE_string("artifact", None, "Artifact Path, google-services.json will be placed here.")    
+flags.DEFINE_list("apis",[], "Optional comma-separated list of APIs for which to retreive "
+                   " secrets. All secrets will be fetched if this is flag is not defined.")
 
 
 def main(argv):
@@ -69,17 +73,23 @@ def main(argv):
   else:
     raise ValueError("Must supply passphrase or passphrase_file arg.")
 
+  if FLAGS.apis:
+    print("Retrieving secrets for product APIs: ", FLAGS.apis)
+
   secrets_dir = os.path.join(repo_dir, "scripts", "gha-encrypted")
   encrypted_files = _find_encrypted_files(secrets_dir)
   print("Found these encrypted files:\n%s" % "\n".join(encrypted_files))
 
   for path in encrypted_files:
     if "google-services" in path or "GoogleService" in path:
-      print("Encrypted Google Service file found: %s" % path)
       # We infer the destination from the file's directory, example:
       # /scripts/gha-encrypted/auth/google-services.json.gpg turns into
       # /<repo_dir>/auth/integration_test/google-services.json
       api = os.path.basename(os.path.dirname(path))
+      if FLAGS.apis and api not in FLAGS.apis:
+        print("Skipping secret found in product api", api)
+        continue
+      print("Encrypted Google Service file found: %s" % path)
       file_name = os.path.basename(path).replace(".gpg", "")
       dest_paths = [os.path.join(repo_dir, api, "integration_test", file_name)]
       if FLAGS.artifact:
@@ -107,17 +117,19 @@ def main(argv):
   if FLAGS.artifact:
     return
 
-  print("Attempting to patch Dynamic Links uri prefix.")
-  uri_path = os.path.join(secrets_dir, "dynamic_links", "uri_prefix.txt.gpg")
-  uri_prefix = _decrypt(uri_path, passphrase)
-  dlinks_project = os.path.join(repo_dir, "dynamic_links", "integration_test")
-  _patch_main_src(dlinks_project, "REPLACE_WITH_YOUR_URI_PREFIX", uri_prefix)
-
-  print("Attempting to patch Messaging server key.")
-  server_key_path = os.path.join(secrets_dir, "messaging", "server_key.txt.gpg")
-  server_key = _decrypt(server_key_path, passphrase)
-  messaging_project = os.path.join(repo_dir, "messaging", "integration_test")
-  _patch_main_src(messaging_project, "REPLACE_WITH_YOUR_SERVER_KEY", server_key)
+  if not FLAGS.apis or "dynamic_links" in FLAGS.apis:
+    print("Attempting to patch Dynamic Links uri prefix.")
+    uri_path = os.path.join(secrets_dir, "dynamic_links", "uri_prefix.txt.gpg")
+    uri_prefix = _decrypt(uri_path, passphrase)
+    dlinks_project = os.path.join(repo_dir, "dynamic_links", "integration_test")
+    _patch_main_src(dlinks_project, "REPLACE_WITH_YOUR_URI_PREFIX", uri_prefix)
+
+  if not FLAGS.apis or "messaging" in FLAGS.apis:
+    print("Attempting to patch Messaging server key.")
+    server_key_path = os.path.join(secrets_dir, "messaging", "server_key.txt.gpg")
+    server_key = _decrypt(server_key_path, passphrase)
+    messaging_project = os.path.join(repo_dir, "messaging", "integration_test")
+    _patch_main_src(messaging_project, "REPLACE_WITH_YOUR_SERVER_KEY", server_key)
 
   print("Attempting to decrypt GCS service account key file.")
   decrypted_key_file = os.path.join(secrets_dir, "gcs_key_file.json")