How to access Secret Manager in Cloud Function node.js10?

Question

I've been working on this for 2 days, very frustrated with the progress, any guidance on what is possibly wrong with my understanding/code/approach would be highly appreciated!

I'm trying to get version value from secret mananger using node.js, the script below works fine on GCE, but whenever I run it on Cloud function it fails.

// My script on GCE, it works fine
const { SecretManagerServiceClient } = require('@google-cloud/secret-manager');
const secretManagerServiceClient = new SecretManagerServiceClient();
const name = 'projects/moonhome/secrets/moonFirstSecret/versions/latest';

testSecretManager = async () => {
  const [version] = await secretManagerServiceClient.accessSecretVersion({ name });
  const payload = version.payload.data.toString();
  console.debug(`Payload: ${payload}`);
};
testSecretManager();

// My index.js on Cloud Function
const { SecretManagerServiceClient } = require('@google-cloud/secret-manager');
const secretManagerServiceClient = new SecretManagerServiceClient();
const name = 'projects/moonhome/secrets/moonFirstSecret/versions/latest';

testSecretManager = async () => {
  const [version] = await secretManagerServiceClient.accessSecretVersion({ name });
  const payload = version.payload.data.toString();
  console.debug(`Payload: ${payload}`);
};

exports.helloHttp = (req, res) => {
  testSecretManager();
  res.send("noooo1");
};

// One of many versions of packaga.json I tried on Cloud function
{
  "dependencies": {
      "@google-cloud/secret-manager": {
        "version": "3.1.0",
        "resolved": "https://registry.npmjs.org/@google-cloud/secret-manager/-/secret-manager-3.1.0.tgz",
        "integrity": "sha512-/9IOWEhKAz/r3kSyp16kjudELkEJSRhwFfzukKbzQehVRZ3RceNDzjn+Rti1TivODJHEEIBZVsQFsKp7cLfUgQ==",
        "requires": {
            "google-gax": "^2.1.0"
      }
    }
  }
}

Below are my questions:

1. I noticed there is a list of available system packages on node.js runtime in Cloud Function, so I am wondering if that's the reason. I already filed a request to add @google-cloud/secret-manager to node.js runtime. However, there is a example in the Cloud Function documentation where escape-html is used which also is absent from that list. My question is, should I request to add the secret-manager package to node.js runtime in my case?

2. Since Cloud Function needs an event trigger, I also tried to wrap this testSecretManager with a simple function to handle http request and tested it at the endpoint in my browser. The simple function itself works fine, but whenever I insert anything related to secret manager into that function, either the function fails or the page shows it Error: could not handle the request. My question is, do I have to wrap testSecretManager with an HTTP request or any other event handling function to trigger my target function in Cloud Function?

3. I am very confused with the package.json file on Cloud function, when I use secret-manager in GCE, the package-lock.json has 600+ lines, so I tried coping these lines to package.json on Cloud Function, but it does not work.....my question is, what should I include in package.json when all I want is just the @google-cloud/secret-manager package?

Answer 1

1. You’re confusing system packages and Node packages. System packages are installed on the host machine (e.g. apt-get install). NPM packages are installed into Node (e.g. npm install). You should not request secret manager be added to system packages.

2. You’re function is mixing sync and async. Since your testSecretManager function is a sync, you need to preface with await when you call it in helloHttp. Then you’ll need to mark helloHttp as async. If that doesn’t work, please copy and paste the exact error message and stacktrace.

3. package.json and package-lock.json are separate files with separate syntaxes. You should not copy data from the lockfile into your package file. Here’s an example you can copy:

    "dependencies": {
      "@google-cloud/secret-manager": "^3.1.0"
    },