From 8fe40406fa2422550be6cc5a9faa9eef6d6fd192 Mon Sep 17 00:00:00 2001 From: Carlos Panato Date: Tue, 7 May 2019 15:19:59 +0200 Subject: [PATCH] redirect to another sample Signed-off-by: Carlos Panato --- .../ApiKeyProtected-Secrets/.gitignore | 2 - .../ApiKeyProtected-Secrets/Dockerfile | 48 ------------------- .../ApiKeyProtected-Secrets/README.md | 3 +- .../ApiKeyProtected-Secrets/handler.go | 42 ---------------- 4 files changed, 2 insertions(+), 93 deletions(-) delete mode 100644 sample-functions/ApiKeyProtected-Secrets/.gitignore delete mode 100644 sample-functions/ApiKeyProtected-Secrets/Dockerfile delete mode 100644 sample-functions/ApiKeyProtected-Secrets/handler.go diff --git a/sample-functions/ApiKeyProtected-Secrets/.gitignore b/sample-functions/ApiKeyProtected-Secrets/.gitignore deleted file mode 100644 index 4e568b8f..00000000 --- a/sample-functions/ApiKeyProtected-Secrets/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -ApiKeyProtected - diff --git a/sample-functions/ApiKeyProtected-Secrets/Dockerfile b/sample-functions/ApiKeyProtected-Secrets/Dockerfile deleted file mode 100644 index 05cc1392..00000000 --- a/sample-functions/ApiKeyProtected-Secrets/Dockerfile +++ /dev/null @@ -1,48 +0,0 @@ -FROM golang:1.10.4-alpine3.8 as builder - -# Allows you to add additional packages via build-arg -ARG ADDITIONAL_PACKAGE -ARG CGO_ENABLED=0 - -RUN apk --no-cache add curl ${ADDITIONAL_PACKAGE} \ - && echo "Pulling watchdog binary from Github." \ - && curl -sSL https://github.com/openfaas/faas/releases/download/0.13.0/fwatchdog > /usr/bin/fwatchdog \ - && chmod +x /usr/bin/fwatchdog \ - && apk del curl --no-cache - -WORKDIR /go/src/handler -COPY . . - -# Run a gofmt and exclude all vendored code. -RUN test -z "$(gofmt -l $(find . -type f -name '*.go' -not -path "./vendor/*" -not -path "./function/vendor/*"))" || { echo "Run \"gofmt -s -w\" on your Golang code"; exit 1; } - -RUN CGO_ENABLED=${CGO_ENABLED} GOOS=linux \ - go build --ldflags "-s -w" -a -installsuffix cgo -o handler . && \ - go test $(go list ./... | grep -v /vendor/) -cover - -FROM alpine:3.8 -RUN apk --no-cache add ca-certificates - -# Add non root user -RUN addgroup -S app && adduser -S -g app app -RUN mkdir -p /home/app - -WORKDIR /home/app - -COPY --from=builder /usr/bin/fwatchdog . - -COPY --from=builder /go/src/handler/function/ . -COPY --from=builder /go/src/handler/handler . - -ENV fprocess "/usr/bin/ApiKeyProtected" - -RUN chown -R app /home/app - -USER app - -ENV fprocess="./handler" -EXPOSE 8080 - -HEALTHCHECK --interval=3s CMD [ -e /tmp/.lock ] || exit 1 - -CMD ["./fwatchdog"] diff --git a/sample-functions/ApiKeyProtected-Secrets/README.md b/sample-functions/ApiKeyProtected-Secrets/README.md index 70958823..0ae55d78 100644 --- a/sample-functions/ApiKeyProtected-Secrets/README.md +++ b/sample-functions/ApiKeyProtected-Secrets/README.md @@ -1,6 +1,7 @@ ### Api-Key-Protected sample +Please see [apikey-secret](../apikey-secret/README.md) + See the [secure secret management guide](../../guide/secure_secret_management.md) for instructions on how to use this function. When calling via the gateway pass the additional header "X-Api-Key", if it matches the `secret_api_key` value then the function will give access, otherwise access denied. - diff --git a/sample-functions/ApiKeyProtected-Secrets/handler.go b/sample-functions/ApiKeyProtected-Secrets/handler.go deleted file mode 100644 index eca9a4eb..00000000 --- a/sample-functions/ApiKeyProtected-Secrets/handler.go +++ /dev/null @@ -1,42 +0,0 @@ -package main - -import ( - "fmt" - "io/ioutil" - "log" - "os" - "strings" -) - -func getAPISecret(secretName string) (secretBytes []byte, err error) { - // read from the openfaas secrets folder - secretBytes, err = ioutil.ReadFile("/var/openfaas/secrets/" + secretName) - if err != nil { - // read from the original location for backwards compatibility with openfaas <= 0.8.2 - secretBytes, err = ioutil.ReadFile("/run/secrets/" + secretName) - } - - return secretBytes, err -} - -func handle(body []byte) { - key := os.Getenv("Http_X_Api_Key") - - secretBytes, err := getAPISecret("secret_api_key") - if err != nil { - log.Fatal(err) - } - - secret := strings.TrimSpace(string(secretBytes)) - - if key == secret { - fmt.Println("Unlocked the function!") - } else { - fmt.Println("Access denied!") - } -} - -func main() { - bytes, _ := ioutil.ReadAll(os.Stdin) - handle(bytes) -}