Read secrets from variable path

This change enables secrets to be read from any mount on disk rather than hard-coding a certain location which suits Swarm or K8s. The default value if not specified will look in the Swarm location of /run/secrets/ README.md (docs) updated and set to off by default. Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
2025-06-21 22:33:23 +00:00 · 2018-05-22 14:46:29 +01:00
parent a38931ce69
commit 8133414183
9 changed files with 91 additions and 25 deletions
--- a/gateway/server.go
+++ b/gateway/server.go
@ -5,10 +5,8 @@ package main

 import (
 	"fmt"
-	"io/ioutil"
 	"log"
 	"net/http"
-	"strings"
 	"time"

 	"github.com/gorilla/mux"
@ -35,24 +33,17 @@ func main() {

 	log.Printf("Binding to external function provider: %s", config.FunctionsProviderURL)

-	var credentials *handlers.BasicAuthCredentials
+	var credentials *types.BasicAuthCredentials

 	if config.UseBasicAuth {
-		userPath := "/var/secrets/basic_auth_user"
-		user, userErr := ioutil.ReadFile(userPath)
-		if userErr != nil {
-			log.Panicf("Unable to load %s", userPath)
+		var readErr error
+		reader := types.ReadBasicAuthFromDisk{
+			SecretMountPath: config.SecretMountPath,
 		}
+		credentials, readErr = reader.Read()

-		userPassword := "/var/secrets/basic_auth_password"
-		password, passErr := ioutil.ReadFile(userPassword)
-		if passErr != nil {
-			log.Panicf("Unable to load %s", userPassword)
-		}
-
-		credentials = &handlers.BasicAuthCredentials{
-			User:     strings.TrimSpace(string(user)),
-			Password: strings.TrimSpace(string(password)),
+		if readErr != nil {
+			log.Panicf(readErr.Error())
 		}
 	}