mirror of
https://github.com/openfaas/faas.git
synced 2025-06-13 10:46:46 +00:00
41bda568a7
**What** - Update the documentation about secret management to note the changed file location - Remove the documentation on secret rotation, because this will not currently work - Update apikey-secret and ApiKeyProtected-Secrets to read secret values from both the old and the new locations **Why** - Recent updates to faas-swarm and faas-netes changed the mount location of secrets. These changes update the docs to reflect this change. Signed-off-by: Lucas Roesler <roesler.lucas@gmail.com>
43 lines
844 B
Go
43 lines
844 B
Go
package main
|
|
|
|
import (
|
|
"fmt"
|
|
"io/ioutil"
|
|
"log"
|
|
"os"
|
|
"strings"
|
|
)
|
|
|
|
func getAPISecret(secretName string) (secretBytes []byte, err error) {
|
|
// read from the openfaas secrets folder
|
|
secretBytes, err = ioutil.ReadFile("/var/openfaas/secrets/" + secretName)
|
|
if err != nil {
|
|
// read from the original location for backwards compatibility with openfaas <= 0.8.2
|
|
secretBytes, err = ioutil.ReadFile("/run/secrets/" + secretName)
|
|
}
|
|
|
|
return secretBytes, err
|
|
}
|
|
|
|
func handle(body []byte) {
|
|
key := os.Getenv("Http_X_Api_Key")
|
|
|
|
secretBytes, err := getAPISecret("secret_api_key")
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
|
|
secret := strings.TrimSpace(string(secretBytes))
|
|
|
|
if key == secret {
|
|
fmt.Println("Unlocked the function!")
|
|
} else {
|
|
fmt.Println("Access denied!")
|
|
}
|
|
}
|
|
|
|
func main() {
|
|
bytes, _ := ioutil.ReadAll(os.Stdin)
|
|
handle(bytes)
|
|
}
|