From 1cdf6bac9abb2b895e0532a4502ccdff0183896b Mon Sep 17 00:00:00 2001 From: Alexander Rakoczy Date: Thu, 18 Nov 2021 15:10:47 -0500 Subject: instructions --- Dockerfile | 3 +-- cmd/server/main.go | 17 ++++++++++++----- readme.md | 42 ++++++++++++++++++++++++++++++++++++++++++ service.yaml | 35 ----------------------------------- 4 files changed, 55 insertions(+), 42 deletions(-) create mode 100644 readme.md delete mode 100644 service.yaml diff --git a/Dockerfile b/Dockerfile index d5efbfd..9c4a27a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,12 +23,11 @@ RUN $GOROOT_BOOTSTRAP/bin/go build -o /workdir/server ./cmd/server FROM marketplace.gcr.io/google/debian11 AS run -RUN apt-get update && apt-get install -y --no-install-recommends 'exiftool' +RUN apt-get update && apt-get install -y --no-install-recommends exiftool tini ENV PORT=8080 COPY --from=build /workdir/server /app/server RUN mkdir -p /app -#RUN mv /workdir/server /app ENTRYPOINT /app/server diff --git a/cmd/server/main.go b/cmd/server/main.go index 58dc87d..321cb88 100644 --- a/cmd/server/main.go +++ b/cmd/server/main.go @@ -9,6 +9,7 @@ import ( "encoding/base64" "encoding/hex" "errors" + "flag" "fmt" "io" "io/fs" @@ -33,7 +34,13 @@ import ( secretmanager2 "google.golang.org/genproto/googleapis/cloud/secretmanager/v1" ) +var ( + bucket = flag.String("bucket", "", "GCS bucket to store files") + secretName = flag.String("secret-name", "", "Secret manager secret name") +) + func main() { + flag.Parse() var host string port := os.Getenv("PORT") if port == "" { @@ -46,7 +53,7 @@ func main() { if err != nil { log.Fatalf("storage.NewClient() = _, %v", err) } - b := cl.Bucket("i-dis-band-east4") + b := cl.Bucket(*bucket) http.Handle("/upload", upload(b)) http.Handle("/", fileServerHandler(internal.Static, image(b, http.HandlerFunc(home)))) log.Printf("Listening on %s\n", net.JoinHostPort(host, port)) @@ -70,7 +77,7 @@ func secretKey() []byte { return } defer client.Close() - name := fmt.Sprintf("projects/%s/secrets/i-dis-band-sk/versions/latest", project) + name := fmt.Sprintf("projects/%s/secrets/%s/versions/latest", project, *secretName) resp, err := client.AccessSecretVersion(ctx, &secretmanager2.AccessSecretVersionRequest{Name: name}) if err != nil { log.Printf("client.AccessSecretVersion(%q) = %v", name, err) @@ -98,13 +105,13 @@ func ValidMAC(message, messageMAC, key []byte) bool { } const ( - Byte = 1 << (10*iota) + Byte = 1 << (10 * iota) KiB MiB GiB ) -const maxUpload = 100*MiB +const maxUpload = 100 * MiB func upload(b *storage.BucketHandle) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { @@ -198,7 +205,7 @@ func upload(b *storage.BucketHandle) http.Handler { return } n, err := io.Copy(fw, file) - if err != nil || n == 0{ + if err != nil || n == 0 { log.Printf("fw.Write(wand.GetImageBlob()) = %d, %v", n, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return diff --git a/readme.md b/readme.md new file mode 100644 index 0000000..e5df6ba --- /dev/null +++ b/readme.md @@ -0,0 +1,42 @@ +# i.dis.band + +## deploying + +### Flags: +Flags: +- --bucket= +- --secret-name= + +### Secret + +#### Creating: + +Create a secret with: + +```bash +openssl rand -hex 32 +``` + +Save that secret to a secret in GCS. + +#### Adding an account: + +```bash +gcloud secrets --project= versions access \ + --secret= latest | go run ./cmd/userkey/ +``` + +Provide username and above output as HTTPS basic auth. The password is verified using HMAC. + +### Cloud Run: + +```bash +gcloud run deploy --project= \ + --command="/usr/bin/tini","--","/app/server","--bucket=","--secret-name=" \ + +``` + +See cloud run documentation for associating with a domain name. + +Once your app is created, associate a service account with it, and grant that account read access to the secret, and +object owner to your bucket. diff --git a/service.yaml b/service.yaml deleted file mode 100644 index 819aac1..0000000 --- a/service.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: serving.knative.dev/v1 -kind: Service -metadata: - annotations: - client.knative.dev/user-image: us-east4-docker.pkg.dev/da-app-z0ne/cloud-run-source-deploy/i-dis-band - run.googleapis.com/ingress: all - run.googleapis.com/ingress-status: all - labels: - cloud.googleapis.com/location: us-east4 - name: i-dis-band - namespace: '596578887005' -spec: - template: - metadata: - annotations: - autoscaling.knative.dev/maxScale: '100' - client.knative.dev/user-image: us-east4-docker.pkg.dev/da-app-z0ne/cloud-run-source-deploy/i-dis-band - run.googleapis.com/client-name: cloud-console - name: i-dis-band-00005-lux - spec: - containerConcurrency: 80 - containers: - - image: us-east4-docker.pkg.dev/da-app-z0ne/cloud-run-source-deploy/i-dis-band - ports: - - containerPort: 8080 - name: h2c - resources: - limits: - cpu: 1000m - memory: 512Mi - serviceAccountName: i-dis-band@da-app-z0ne.iam.gserviceaccount.com - timeoutSeconds: 300 - traffic: - - latestRevision: true - percent: 100 -- cgit v1.2.3-73-g0e29