mirror of
https://github.com/openfaas/faas.git
synced 2025-06-09 00:36:46 +00:00
41bda568a7
**What** - Update the documentation about secret management to note the changed file location - Remove the documentation on secret rotation, because this will not currently work - Update apikey-secret and ApiKeyProtected-Secrets to read secret values from both the old and the new locations **Why** - Recent updates to faas-swarm and faas-netes changed the mount location of secrets. These changes update the docs to reflect this change. Signed-off-by: Lucas Roesler <roesler.lucas@gmail.com>
40 lines
922 B
Go
40 lines
922 B
Go
package function
|
|
|
|
import (
|
|
"io/ioutil"
|
|
"log"
|
|
"os"
|
|
"strings"
|
|
)
|
|
|
|
func getAPISecret(secretName string) (secretBytes []byte, err error) {
|
|
// read from the openfaas secrets folder
|
|
secretBytes, err = ioutil.ReadFile("/var/openfaas/secrets/" + secretName)
|
|
if err != nil {
|
|
// read from the original location for backwards compatibility with openfaas <= 0.8.2
|
|
secretBytes, err = ioutil.ReadFile("/run/secrets/" + secretName)
|
|
}
|
|
|
|
return secretBytes, err
|
|
}
|
|
|
|
// Handle a serverless request
|
|
func Handle(req []byte) string {
|
|
|
|
key := os.Getenv("Http_X_Api_Key") // converted via the Header: X-Api-Key
|
|
|
|
secretBytes, err := getAPISecret("secret_api_key") // You must create a secret ahead of time named `secret_api_key`
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
|
|
secret := strings.TrimSpace(string(secretBytes))
|
|
|
|
message := "Access was denied."
|
|
if key == secret {
|
|
message = "You unlocked the function."
|
|
}
|
|
|
|
return message
|
|
}
|