Merge pull request #59 from mittwald/task/config-inject-envs

inject environment variables to config
mittwald · Dec 8, 2020 · 5a308a8 · 5a308a8
2 parents 4538eff + d6431a0
commit 5a308a8
Show file tree

Hide file tree

Showing 7 changed files with 130 additions and 16 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -5,7 +5,7 @@ os: linux
 dist: xenial
 
 go:
-  - '1.14'
+  - '1.15'
 
 services:
   - docker
@@ -21,8 +21,8 @@ env:
   global:
     - GO111MODULE=on
     - CGO_ENABLED=0
-    - GO_VERSION=1.14
-    - HELM_VERSION=v3.0.2
+    - GO_VERSION=1.15
+    - HELM_VERSION=v3.4.1
     - GOLANG_LINT_VERSION=v1.23.7
 
 install:

diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM        alpine:3.10
+FROM        alpine:3.12
 LABEL       MAINTAINER="Martin Helmich <[email protected]>"
 COPY        servicegateway /usr/bin/servicegateway
 RUN         apk add --no-cache --upgrade ca-certificates && \

diff --git a/Makefile b/Makefile
@@ -1,4 +1,4 @@
-GOVERSION=1.12
+GO_VERSION=1.15
 PKG_LIST := $(shell go list ./... | grep -v /vendor/)
 
 all: dep build-static
@@ -13,7 +13,7 @@ build-static:
 	CGO_ENABLED=0 GOOS=linux go build -o servicegateway
 
 servicegateway:
-	docker run --rm -v $(PWD):/usr/src/github.com/mittwald/servicegateway -w /usr/src/github.com/mittwald/servicegateway golang:$(GOVERSION) make
+	docker run --rm -v $(PWD):/usr/src/github.com/mittwald/servicegateway -w /usr/src/github.com/mittwald/servicegateway golang:$(GO_VERSION) make
 
 docker:
 	make build-static

diff --git a/README.md b/README.md
@@ -48,6 +48,9 @@ The basic configuration is read from a configuration file that by default is
 expected to be located in `/etc/servicegateway.json`. However, you can override
 that location using the `-config` command line parameter.
 
+Upon startup the config is parsed as a `gotemplate`.
+It's therefore possible to inject sensitive information via env: `{{ .Env.SENSITIVE_PASSWORD }}`
+
 Check the [example-configs](example-configs) directory for example
 configurations.
 

diff --git a/example-configs/env.d/apis.json b/example-configs/env.d/apis.json
@@ -0,0 +1,75 @@
+{
+  "applications": {
+    "httpbin": {
+      "backend": {
+        "url": "https://httpbin.org"
+      },
+      "routing": {
+        "type": "path",
+        "path": "/bin"
+      }
+    }
+  },
+  "rate_limiting": {
+    "window": "15m",
+    "burst": 1000
+  },
+  "consul": {
+    "host": "consul.service.consul",
+    "port": 8500,
+    "datacenter": "dev"
+  },
+  "redis": {
+    "address": "redis:6379",
+    "database": 0
+  },
+  "proxy": {
+    "strip_res_headers": {
+      "Set-Cookie": true
+    },
+    "set_req_headers": {
+      "X-Mittwald-Sandbox": "1"
+    },
+    "set_res_headers": {
+      "Server": "Mittwald-API-Gateway/1.0"
+    },
+    "options": {
+      "enabled": true,
+      "cors": true
+    }
+  },
+  "authentication": {
+    "mode": "rest",
+    "writer": {
+      "mode": "header",
+      "name": "X-JWT"
+    },
+    "provider": {
+      "url": "http://identity.service.consul",
+      "allow_authentication": true,
+      "authentication_uri": "/v1/authenticate",
+      "parameter_format": "json",
+      "hook_pre_authentication": "./example-configs/api.d/auth_param_map.js",
+      "parameters": {
+        "ttl": 86400,
+        "providers": [
+          "public"
+        ]
+      }
+    },
+    "verification_key": null,
+    "verification_key_url": "http://identity.service.consul/key",
+    "key_cache_ttl": "5m"
+  },
+  "logging": [
+    {
+      "type": "apache",
+      "filename": "./access.log"
+    },
+    {
+      "type": "amqp",
+      "uri": "amqp://servicegateway:{{ .Env.RABBITMQ_PASSWORD }}@rabbitmq/",
+      "exchange": "audit_log"
+    }
+  ]
+}
diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module github.com/mittwald/servicegateway
 
-go 1.14
+go 1.15
 
 require (
 	github.com/bluele/gcache v0.0.0-20190301044115-79ae3b2d8680

diff --git a/main.go b/main.go
@@ -20,9 +20,18 @@ package main
  */
 
 import (
+	"bytes"
 	"encoding/json"
 	"flag"
 	"fmt"
+	"html/template"
+	"io/ioutil"
+	"net/http"
+	"os"
+	"os/signal"
+	"runtime/pprof"
+	"strings"
+
 	"github.com/braintree/manners"
 	"github.com/garyburd/redigo/redis"
 	"github.com/hashicorp/consul/api"
@@ -33,11 +42,6 @@ import (
 	"github.com/mittwald/servicegateway/monitoring"
 	"github.com/mittwald/servicegateway/proxy"
 	"github.com/op/go-logging"
-	"io/ioutil"
-	"net/http"
-	"os"
-	"os/signal"
-	"runtime/pprof"
 )
 
 func main() {
@@ -85,16 +89,48 @@ func main() {
 	logging.SetBackend(logging.NewBackendFormatter(backend, format))
 	logger.Info("Completed startup")
 
-	cfg := config.Configuration{}
-	data, err := ioutil.ReadFile(startup.ConfigFile)
+	// read in config file to get raw content
+	rawCfgContent, err := ioutil.ReadFile(startup.ConfigFile)
+	if err != nil {
+		logger.Fatal(err)
+	}
+
+	// create a new template from the raw content of our config file
+	var tpl *template.Template
+	tpl, err = template.New("").Parse(string(rawCfgContent))
+	if err != nil {
+		logger.Fatal(err)
+	}
+
+	// prepare template data
+	type templateData struct {
+		Env map[string]string
+	}
+
+	data := templateData{
+		Env: make(map[string]string),
+	}
+
+	// load all env-vars into template data
+	for _, e := range os.Environ() {
+		e := strings.SplitN(e, "=", 2)
+		if len(e) > 1 {
+			data.Env[e[0]] = e[1]
+		}
+	}
+
+	// render the raw config in order to replace env-variables (if given)
+	renderedCfgContent := new(bytes.Buffer)
+	err = tpl.Execute(renderedCfgContent, &data)
 	if err != nil {
 		logger.Fatal(err)
 	}
 
-	err = json.Unmarshal(data, &cfg)
+	// unmarshal rendered config to proper json
+	cfg := config.Configuration{}
+	err = json.Unmarshal(renderedCfgContent.Bytes(), &cfg)
 	if err != nil {
 		logger.Fatal(err)
-		panic(err)
 	}
 
 	logger.Debugf("%s", cfg)